开发者

How can I load a function just once and store the return in a variable?

问答 作者:

I'm currently going over my user registration code. The part I'm focusing on right now is the password hashing part.

What I do is get a static_salt from a config file, and use mt_rand() to generate a dynamic_salt. What I want to do is have this dynamic_salt stored in my database.

But if I pass the dynamic_salt() method to the create method in order to send it to the salt column of a table in my database it will just run the method again and create a different result from the one produced in my hashed() method.

What would be the best way to achieve what I'm trying to achieve, could you show me an example if possible?

public function create() {

                $dbcolumn->password = $this->hashed();
                $dbcolumn->salt = $this->dynamic_salt;
                $this->db->insert('users', $dbcolumn);

    }

public function dynamic_salt() {

            $get_dynamic_salt = mt_rand();
            return $get_dynamic_salt;
}

public function hashed() { //hashing method, that also makes
            // sha1 and salt password
            $static_salt = $this->config->item('encryption_key'); //grab static salt from config file
            $开发者_如何学Pythondynamic_salt = $this->dynamic_salt();

        $password = $this->encrypt->sha1($this->input->post('password')); //encrypt user password
            $hashed = sha1($dynamic_salt . $password . $static_salt);

            return $hashed;
}

I recommend that you don't use a dynamic salt, as it will reduce your applications flexibility and is likely not to work in it's current form.

The purpose of a salt is to prevent against dictionary attacks that someone could do if they obtained your user database. In that regard, a static salt is definitely a good idea to implement in your application.

Adding a dynamic salt to each user would mean that you will have to hit a datastore to retrieve the dynamic salt and the hashed version of the user's password, then you will have to perform the CPU intensive hash function (in your code, twice -- you are hashing a hash which is less secure and more likely to have collisions).

Having a simple known, static salt, and a hashed password will allow you to use key/value storage systems like memcache should you application grow. Store the userid as the key and the users hashed password as the value and you will have a lightening fast authentication system.

Try this:

public function dynamic_salt() {
    if(!isset($this->dyn_salt))
       $this->dyn_salt = mt_rand();
    return $this->dyn_salt;
}

If the dyn_salt instance variable doesn't already exist, it will assign it the result of mt_rand(), else it will just return the previous value.

继续阅读:classcodeigniterfunctionphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9