如何在 yii2 中添加散列密码

使用 Yii 2 basic 不是高级版本.

我有一个 crud 管理员身份验证系统.它只在数据库中存储一个 id、用户名和密码.当用户登录时,如果用户名和密码正确,他们就登录了.


第 1 部分:我有一个与我的用户模型 Create.php 页面一起使用的 AdminController.第 2 部分:我有一个 siteController,它与 LoginForm 模型和 login.php 页面一起登录.



公共函数actionCreate(){$model = 新用户();if ($model->load(Yii::$app->request->post()) && $model->save()) {返回 $this->redirect(['view', 'id' => $model->id]);} 别的 {返回 $this->render('create', ['模型' =>$模型,]);}}


 $查询,]);返回 $dataProvider;}/*** @inheritdoc*/公共静态函数 findIdentity($id){return static::findOne(['id' => $id]);}/*** @inheritdoc*/公共静态函数 findIdentityByAccessToken($token, $type = null){throw new NotSupportedException('"findIdentityByAccessToken" 未实现.');}/*** 通过用户名查找用户** @param string $username* @return 静态|null*/公共静态函数 findByUsername($username){return static::findOne(['username' => $username]);}/*** @inheritdoc*/公共函数 getId(){返回 $this->id;}/*** @inheritdoc*/公共函数 getAuthKey(){return static::findOne('AuthKey');}/*** @inheritdoc*/公共函数 validateAuthKey($authKey){return static::findOne(['AuthKey' => $authKey]);}/*** 验证密码** @param string $password 密码验证* @return boolean 如果提供的密码对当前用户有效*/公共函数validatePassword($password){返回 $this->password === $password;}}

问题??:所以正如你在这个模型中看到的,我只有来自数据库的 ID、用户名和密码,所以我认为我需要为数据库中的字段创建一个名为hashed_pa​​ssword"的字段?


<?php $form = ActiveForm::begin();?><?= $form->field($model, 'username')->textInput(['maxlength' => 50]) ?><?= $form->field($model, 'password')->passwordInput(['maxlength' => 50]) ?><div class="form-group"><?= Html::submitButton($model->isNewRecord ?'Create' : 'Update', ['class' => $model->isNewRecord ? 'btn btn-success' : 'btn btn-primary']) ?>

<?php ActiveForm::end();?>

对,这就是第 1 部分,需要生成散列密码并将其保存到数据库中的实际位,我该如何实现?

好的,继续第 2 部分:


公共函数 actionLogin(){如果 (!Yii::$app->user->isGuest) {返回 $this->goHome();}$model = new LoginForm();if ($model->load(Yii::$app->request->post()) && $model->login()) {返回 $this->goBack();} 别的 {返回 $this->render('登录', ['模型' =>$模型,]);}}


class LoginForm 扩展模型{公共 $ 用户名;公共 $password;公共 $rememberMe = true;私人 $_user = false;/*** @return 数组验证规则.*/公共函数规则(){返回 [//用户名和密码都需要[['用户名','密码'],'必需'],//rememberMe 必须是一个布尔值['rememberMe', 'boolean'],//密码由validatePassword() 验证['密码','验证密码'],];}/*** 验证密码.* 此方法用作密码的内联验证.** @param string $attribute 当前正在验证的属性* @param array $params 规则中给出的附加名称-值对*/公共函数validatePassword($attribute, $params){如果 (!$this->hasErrors()) {$user = $this->getUser();if (!$user || !$user->validatePassword($this->password)) {$this->addError($attribute, '用户名或密码不正确.');}}}/*** 使用提供的用户名和密码登录用户.* @return boolean 用户是否登录成功*/公共函数登录(){如果 ($this->validate()) {return Yii::$app->user->login($this->getUser(), $this->rememberMe ? 3600*24*30 : 0);} 别的 {返回假;}}/*** 通过 [[username]] 查找用户** @return 用户|null*/公共函数 getUser(){if ($this->_user === false) {$this->_user = User::findByUsername($this->username);}返回 $this->_user;}}


<?php $form = ActiveForm::begin();?><?= $form->field($model, 'username');?><?= $form->field($model, 'password')->passwordInput();?><div class="form-group"><div class="col-lg-offset-1 col-lg-11"><?= Html::submitButton('Login', ['class' => 'btn btn-primary', 'name' => 'login-button']) ?>

就是这样,我如何在每个用户创建时为每个用户集成一个 hashed_pa​​ssword,然后在登录时验证它?





要在登录时检查它,请更改实现 UserIdentity 的用户模型

/*** 验证密码** @param string $password 密码验证* @return boolean 如果提供的密码对当前用户有效*/公共函数validatePassword($password){return Yii::$app->getSecurity()->validatePassword($password, $this->password_hash);}

使用 db 中的字段代替 password_hash.

using Yii 2 basic Not the advanced version.

I have a crud admin authentication system. Which stores just an id, username and password in the database. When the user goes to log in if the username and password are correct they are logged in.

However i now want to make these passwords secure so i want to salt and hash them. This is the part i am finding hard to do Or more so where to put things.

Part 1: I have an AdminController which goes along with my User Model Create.php page. Part 2: I have a siteController which goes along with the LoginForm model and the login.php page to log in.

I will go over part one first as it will obviously have to actually generate a hashed password here.


public function actionCreate()
    $model = new User();

    if ($model->load(Yii::$app->request->post()) && $model->save()) {
        return $this->redirect(['view', 'id' => $model->id]);
    } else {
        return $this->render('create', [
            'model' => $model,



    namespace appmodels;
    use yiiaseNotSupportedException;
    use yiidbActiveRecord;
    use yiiwebIdentityInterface;
    use yiidataActiveDataProvider;
     * User model
     * @property integer $id
     * @property string $username
     * @property string $password
class User extends ActiveRecord implements IdentityInterface

 * @inheritdoc
public static function tableName()
    return 'Users';

public function rules(){
        return [
            [['username','password'], 'required']

public static function findAdmins(){
    $query = self::find();

    $dataProvider = new ActiveDataProvider([
        'query' => $query,

    return $dataProvider;


 * @inheritdoc
public static function findIdentity($id)
    return static::findOne(['id' => $id]);

 * @inheritdoc
public static function findIdentityByAccessToken($token, $type = null)
    throw new NotSupportedException('"findIdentityByAccessToken" is not implemented.');

 * Finds user by username
 * @param  string      $username
 * @return static|null
public static function findByUsername($username)
    return static::findOne(['username' => $username]);

 * @inheritdoc
public function getId()
    return $this->id;

 * @inheritdoc
public function getAuthKey()
    return static::findOne('AuthKey');

 * @inheritdoc
public function validateAuthKey($authKey)
    return static::findOne(['AuthKey' => $authKey]);

 * Validates password
 * @param  string  $password password to validate
 * @return boolean if password provided is valid for current user
public function validatePassword($password)
    return $this->password === $password;

Question??: So as you can see in this model i only have id, username and password coming from the database, so i take i will need to create one for field in db called "hashed_password"?


<?php $form = ActiveForm::begin(); ?>

<?= $form->field($model, 'username')->textInput(['maxlength' => 50]) ?>

<?= $form->field($model, 'password')->passwordInput(['maxlength' => 50]) ?>

<div class="form-group">
    <?= Html::submitButton($model->isNewRecord ? 'Create' : 'Update', ['class' => $model->isNewRecord ? 'btn btn-success' : 'btn btn-primary']) ?>

<?php ActiveForm::end(); ?>

Right so that was part 1, the actual bit where the hashed password needs to be generated and saved into the database, how can i achieve this?

Okay moving on the Part2:


public function actionLogin()
    if (!Yii::$app->user->isGuest) {
        return $this->goHome();

    $model = new LoginForm();

    if ($model->load(Yii::$app->request->post()) && $model->login()) {
        return $this->goBack();
    } else {
        return $this->render('login', [
            'model' => $model,

LoginForm.php (model):

class LoginForm extends Model
public $username;
public $password;
public $rememberMe = true;

private $_user = false;

 * @return array the validation rules.
public function rules()
    return [
        // username and password are both required
        [['username', 'password'], 'required'],
        // rememberMe must be a boolean value
        ['rememberMe', 'boolean'],
        // password is validated by validatePassword()
        ['password', 'validatePassword'],

 * Validates the password.
 * This method serves as the inline validation for password.
 * @param string $attribute the attribute currently being validated
 * @param array $params the additional name-value pairs given in the rule
public function validatePassword($attribute, $params)
    if (!$this->hasErrors()) {
        $user = $this->getUser();

        if (!$user || !$user->validatePassword($this->password)) {
            $this->addError($attribute, 'Incorrect username or password.');

 * Logs in a user using the provided username and password.
 * @return boolean whether the user is logged in successfully
public function login()
    if ($this->validate()) {
        return Yii::$app->user->login($this->getUser(), $this->rememberMe ? 3600*24*30 : 0);
    } else {
        return false;

 * Finds user by [[username]]
 * @return User|null
public function getUser()
    if ($this->_user === false) {
        $this->_user = User::findByUsername($this->username);

    return $this->_user;


<?php $form = ActiveForm::begin(); ?>

<?= $form->field($model, 'username'); ?> 
<?= $form->field($model, 'password')->passwordInput(); ?> 

<div class="form-group">
    <div class="col-lg-offset-1 col-lg-11">
        <?= Html::submitButton('Login', ['class' => 'btn btn-primary', 'name' => 'login-button']) ?>

So thats it, how do i integrate a hashed_password for each user when they create and then validate this upon login?

I have been reading this on the documentation but just cant get this to work http://www.yiiframework.com/doc-2.0/guide-security-passwords.html


When you creating user, you should generate and save password hash. To generate it


To check it on login, change your User model which implements UserIdentity

     * Validates password
     * @param  string $password password to validate
     * @return boolean if password provided is valid for current user
    public function validatePassword($password)
        return Yii::$app->getSecurity()->validatePassword($password, $this->password_hash);

Instead of password_hash use your field from db.
