Diferencia entre revisiones de «Usuario:Lmorillas/desarrollo web servidor/php/passwords»
De WikiEducator
| Línea 25: | Línea 25: | ||
|Title=Tutoriales}} | |Title=Tutoriales}} | ||
| + | == Cifrado de contraseñas == | ||
| + | <source lang="php"> | ||
| + | <?php | ||
| + | $username = $_POST["username"]; | ||
| + | $password = $_POST["password"]; | ||
| + | |||
| + | // conexión a la base de datos | ||
| + | // ... | ||
| + | |||
| + | // limpieza de los inputs | ||
| + | // ... | ||
| + | |||
| + | // crear hash de la password | ||
| + | $password = hash("sha256", $password); | ||
| + | |||
| + | |||
| + | // guardar valores en la base de datos | ||
| + | $sql = "INSERT INTO users (username, password) VALUES (:username, :password)"; | ||
| + | |||
| + | $stmt = $db->prepare($sql); | ||
| + | |||
| + | $stmt->execute(array( | ||
| + | ":username" => $username, | ||
| + | ":password" => $password | ||
| + | )); | ||
| + | </source> | ||
| + | |||
| + | === con salt === | ||
| + | <source lang="php"> | ||
| + | <?php | ||
| + | define("MAX_LENGTH", 6); | ||
| + | |||
| + | function generateHashWithSalt($password) { | ||
| + | $intermediateSalt = md5(uniqid(rand(), true)); | ||
| + | $salt = substr($intermediateSalt, 0, MAX_LENGTH); | ||
| + | return hash("sha256", $password . $salt); | ||
| + | } | ||
| + | </source> | ||
| + | |||
| + | === Uso de Bcrypt === | ||
| + | <source lang="php"> | ||
| + | <?php | ||
| + | function generateHash($password) { | ||
| + | if (defined("CRYPT_BLOWFISH") && CRYPT_BLOWFISH) { | ||
| + | $salt = '$2y$11$' . substr(md5(uniqid(rand(), true)), 0, 22); | ||
| + | return crypt($password, $salt); | ||
| + | } | ||
| + | } | ||
| + | |||
| + | </source> | ||
| + | |||
| + | === Autentificar usuarios === | ||
| + | <source lang="php"> | ||
| + | <?php | ||
| + | function verificar($password, $hashedPassword) { | ||
| + | return crypt($password, $hashedPassword) == $hashedPassword; | ||
| + | } | ||
| + | </source> | ||
{{Actividad| | {{Actividad| | ||
Revisión de 09:44 28 ene 2014
PHP >= 5.5
$hashed_password = password_hash("mipassword", PASSWORD_DEFAULT)
boolean password_verify ( string $password , string $hash )
Todos $hashed_password = crypt('mypassword');
|
|
Cifrado de contraseñas
<?php $username = $_POST["username"]; $password = $_POST["password"]; // conexión a la base de datos // ... // limpieza de los inputs // ... // crear hash de la password $password = hash("sha256", $password); // guardar valores en la base de datos $sql = "INSERT INTO users (username, password) VALUES (:username, :password)"; $stmt = $db->prepare($sql); $stmt->execute(array( ":username" => $username, ":password" => $password ));
con salt
<?php define("MAX_LENGTH", 6); function generateHashWithSalt($password) { $intermediateSalt = md5(uniqid(rand(), true)); $salt = substr($intermediateSalt, 0, MAX_LENGTH); return hash("sha256", $password . $salt); }
Uso de Bcrypt
<?php function generateHash($password) { if (defined("CRYPT_BLOWFISH") && CRYPT_BLOWFISH) { $salt = '$2y$11$' . substr(md5(uniqid(rand(), true)), 0, 22); return crypt($password, $salt); } }
Autentificar usuarios
<?php function verificar($password, $hashedPassword) { return crypt($password, $hashedPassword) == $hashedPassword; }
|
Echa un vistazo a http://www.php-login.net/
|
