PrestaShop 1.7.x 现在使用bcrypt作为首选哈希方法(但仍支持 md5)。
为了更好地了解 PrestaShop v1.6.x 与 1.7.x 之间检查密码的行为,让我们看一下getByEmail()
Customer 类中的方法:
/**
* Return customer instance from its e-mail (optionally check password).
*
* @param string $email e-mail
* @param string $plaintextPassword Password is also checked if specified
* @param bool $ignoreGuest
*
* @return bool|Customer|CustomerCore Customer instance
*/
public function getByEmail($email, $plaintextPassword = null, $ignoreGuest = true)
If $plaintextPassword
提供通过以下方式检索密码的加密版本:
$this->passwd = $crypto->hash($plaintextPassword);
可以通过执行以下操作来实例化 Hashing 类:
$crypto = ServiceLocator::get('\\PrestaShop\\PrestaShop\\Core\\Crypto\\Hashing');
使用 PrestaShop 1.7 类/方法的示例解决方案:
<?php
namespace PrestaShop\PrestaShop\Core\Crypto;
include('config/config.inc.php');
$plaintextPassword = '123456';
$crypto = new Hashing;
$encryptedPassword = $crypto->hash($plaintextPassword, _COOKIE_KEY_);
echo 'Clear: '.$plaintextPassword.'<br />Encrypted: '.$encryptedPassword;
/* Result (example)
Clear: 123456
Encrypted: $2y$10$6b460aRLklgWblz75NAMteYXLJwjfV6a/uN8GJKgJgPDBuNhHs.ym */
替代解决方案,无需包含任何 PrestaShop 文件/方法:
<?php
$plaintextPassword = '123456';
$encryptedPassword = password_hash($plaintextPassword, PASSWORD_BCRYPT);
echo var_dump(password_verify($plaintextPassword, $encryptedPassword)); // True if encryption is matching
我希望这有帮助。