更新时间:2022-06-26 07:48:57
这不会:
$this->db->where('password',$password);
您正在检查数据库中的实际原始密码.
You're checking for the actual raw password inside the DB.
您应该从数据库中获取哈希,然后将其与用户密码进行比较:
You should get the hash from the database and then compare it to the user's password:
function getUserByLogin($login, $password) {
$this->db->where('login',$login);
$result = $this->getUsers($password);
if (!empty($result)) {
return $result;
} else {
return null;
}
}
function getUsers($password) {
$query = $this->db->get('users');
if ($query->num_rows() > 0) {
$result = $query->row_array();
if ($this->bcrypt->check_password($password, $result['password'])) {
//We're good
return $result;
} else {
//Wrong password
return array();
}
} else {
return array();
}
}