refactor(auth): upgrade password hashing to PHP's password_hash

- Replace custom password hashing function with PHP's built-in password_hash - Update password verification to use password_verify - Adjust database schema to accommodate new password hash length - Modify installation and login controllers to use new hashing method
2025-06-18 11:51:12 +08:00
parent 216ca6e697
commit 4ed8237a00
4 changed files with 7 additions and 7 deletions
--- a/app/index/controller/Install.php
+++ b/app/index/controller/Install.php
@@ -105,12 +105,12 @@ class Install extends BaseController
            foreach ($sqlArray as $sql) {
                $pdo->query($sql);
            }
-            $_password = password($password);
-            $tableName = 'system_admin';
-            $update    = [
+            $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
+            $tableName      = 'system_admin';
+            $update         = [
                'username'    => $username,
                'head_img'    => '/static/admin/images/head.jpg',
-                'password'    => $_password,
+                'password'    => $hashedPassword,
                'create_time' => time(),
                'update_time' => time()
            ];