密码加密

/*
     * 注册账号密码加密
     * */
    function custom_function_for_salt(){
        return $salt = '$2y$11$' . substr(md5(uniqid(rand(), true)), 0, 22);
    }

    public function generateHashWithSalt($password) {
        $options = [
            'salt' => self::custom_function_for_salt(), //write your own code to generate a suitable salt
            'cost' => 12 // the default cost is 10
        ];
        $str = password_hash($password, PASSWORD_DEFAULT, $options);
        $res = array();
        $res['password'] = $str;
        $res['salt'] = $options['salt'];
        return $res;
    }

 

这个时候返回的password和salt是要入库的

 

那么我们在登录的时候先获取到数据库的password和salt，把salt传入到登录的密码验证方法里面，最后判断是不是和数据库的密码一致，见下图

/*
     * 登录密码验证
     * */
    public function LogingenerateHashWithSalt($password,$salt) {
        $options = [
            'salt' => $salt,
            'cost' => 12 // the default cost is 10
        ];
        $str = password_hash($password, PASSWORD_DEFAULT, $options);
        return $str;
    }