关于php:crypt():未指定salt参数。必须使用随机生成的salt和强哈希函数生成安全哈希

crypt(): No salt parameter was specified. You must use a randomly generated salt and a strong hash function to produce a secure hash

本问题已经有最佳答案,请猛点这里访问。

我使用的是phpv5.6.16

尝试创建访问令牌时出现此错误

1
crypt(): No salt parameter was specified. You must use a randomly generated salt and a strong hash function to produce a secure hash

这是我正在使用的功能。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
    /**
     * Generate a token
     * @return string token
     */

   private function getToken()
    {
    $random_id_length = 15;

 //generate a random id encrypt it and store it in $rnd_id
    $rnd_id = crypt(uniqid(rand(), CRYPT_EXT_DES));

    //to remove any slashes that might have come
    $rnd_id = strip_tags(stripslashes($rnd_id));

    //Removing any . or / and reversing the string
    $rnd_id = str_replace(".","", $rnd_id);
    $rnd_id = strrev(str_replace("/","", $rnd_id));

    //finally I take the first 10 characters from the $rnd_id
    $rnd_id = substr($rnd_id, 0, $random_id_length);

    return urldecode($rnd_id);
}

如何修复?


I'm having this error while trying to create an access token

不要使用crypt()。拿一份paragonie/random_compat的拷贝,用random_bytes()代替。

1
2
3
4
5
6
7
8
9
10
11
12
13
function getToken($randomIdLength = 10)
{
    $token = '';
    do {
        $bytes = random_bytes($randomIdLength);
        $token .= str_replace(
            ['.','/','='],
            '',
            base64_encode($bytes)
        );
    } while (strlen($token) < $randomIdLength);
    return $token;
}