如何在 Symfony 上验证密码？

发布于 2025-01-11 05:53:53 字数 323 浏览 0 评论 0 原文

我想验证用户的现有密码（以允许他们更改密码）。

我想走以下路线，但遇到了散列密码总是显示为不同散列的问题。我正在使用UserPasswordHasherInterface。

$hashedOldPassword = $passwordHasher->hashPassword(
        $user,
        $data['oldPassword']
    );

if ($hashedOldPassword === $user->getPassword()) {
    setNewPassword();
}

原文

I want verify the existing password for a user (to allow them to change their password).

I thought to go the following route but ran into the problem that the hashed password always shows up as a different hash. I am using UserPasswordHasherInterface.

$hashedOldPassword = $passwordHasher->hashPassword(
        $user,
        $data['oldPassword']
    );

if ($hashedOldPassword === $user->getPassword()) {
    setNewPassword();
}

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

梦忆晨望 2025-01-18 05:53:53

要验证密码，您无需重新哈希它。每次调用 hashPassword() 时，您都会得到不同的哈希值，因为哈希算法引入了随机 salt 以确保安全。

但该接口包含一个更方便的 isPasswordValid() 方法。

function isPasswordValid(PasswordAuthenticatedUserInterface $user, string $plainPassword): bool

所以简单地做：

if (!$passwordHasher->isPasswordValid($user, $oldPassword)) {
   // error, you can't change your password 
   // throw exception or return, etc.
}

// no error, let them continue.

To verify a password you do not rehash it. Each time you call hashPassword() you'll get a different hash, because the hashing algorithm introduces a random salt for security.

But that interface includes a much more convenient isPasswordValid() method.

function isPasswordValid(PasswordAuthenticatedUserInterface $user, string $plainPassword): bool

So simply do:

if (!$passwordHasher->isPasswordValid($user, $oldPassword)) {
   // error, you can't change your password 
   // throw exception or return, etc.
}

// no error, let them continue.

回复收藏 0 原文

~没有更多了~