一,使用bcrypt实现加密和验证的php代码:
class Auth extends BaseController { /* *测试用bcrypt方式难证密码 * *@return \think\Response * */ public function testPass() { //原始密码 $origPass = "123456"; echo "origPass:".$origPass.":<br/>”; //加密 $bcryptPass = password_hash($origPass, PASSWORD_DEFAULT); echo "password:".$bcryptPass.":<br/>"; //判断密码是否匹配 if (password_verify($origPass,$bcryptPass)) { echo "密码正确"; } else { echo "密码错误"; } echo "<br/>"; if (password_verify("123321",$bcryptPass)) { echo "密码正确"; } else { echo "密码错误"; } } }
说明:刘宏缔的架构森林是一个专注架构的博客,地址:https://www.cnblogs.com/architectforest
对应的源码可以访问这里获取: https://github.com/liuhongdi/
或: https://gitee.com/liuhongdi
说明:作者:刘宏缔 邮箱: 371125307@qq.com
二,测试bcrypt效果
访问:http://192.168.219.6:8000/auth/testpass
返回:
刷新: 多刷新两次,可以发现每次加密后的密文都不一样,这样就加大了破解和碰撞的难度三,查看php和thinkphp的版本:
php:liuhongdi@lhdpc:/data/php/admapi$ php --version PHP 8.1.1 (cli) (built: Dec 20 2021 16:12:16) (NTS) Copyright (c) The PHP Group Zend Engine v4.1.1, Copyright (c) Zend Technologies with Zend OPcache v8.1.1, Copyright (c), by Zend Technologiesthinkphp:
liuhongdi@lhdpc:/var/www/html$ cd /data/php/admapi/ liuhongdi@lhdpc:/data/php/admapi$ php think version v6.0.10LTS