PHP password_verify始终返回false
[英]PHP password_verify always returning false
问题描述
Hi there I am trying to hash my passwords with password_hash() in PHP. 
嗨,我试图用PHP中的password_hash()来哈希密码。 This part is fine but to compare the hash is returning false no matter what. 这部分很好,但是无论如何,散列返回的都是假。 To log in I check the user account database and grab the password hash then compare it to the password typed in. My code looks like this: 要登录,我检查用户帐户数据库并获取密码哈希,然后将其与输入的密码进行比较。我的代码如下所示:
$password = $_SERVER["PHP_AUTH_PW"];
$hash = $row["password"];
if (password_verify($password, $hash)) {
// CREATE SESSION VARIABLES //
}
else{
header("HTTP/1.1 404 Not Found");
}
As you can see the password that is typed in is brought over in the HTTP header. 如您所见,输入的密码将被传递到HTTP标头中。 I didn't think this would mess with the password string as I can compare this directly to the password in the database (without hashing). 我认为这不会与密码字符串混淆,因为我可以将其直接与数据库中的密码进行比较(不使用散列)。 Any ideas? 有任何想法吗? I have triple checked my version of PHP and I can hash the password so that's not it. 我已经三重检查了我的PHP版本,可以对密码进行哈希处理,不是这样。
1 个解决方案
解决方案1
2 2013-08-07 11:01:22
So nothing wrong with the password_verify() function. 因此password_verify()函数没有问题。 There was an added bit of string in the password_hash() function. password_hash()函数中增加了一些字符串。 I copy and pasted this function from the official documentation: 我从官方文档中复制并粘贴了此功能:
echo password_hash("rasmuslerdorf", PASSWORD_DEFAULT)."\n";
The ."\\n" bit at the end was not being accounted for at the verify function. 验证功能未考虑末尾的“。\\ n”位。 This was only here due to the coping and pasting so once I removed it, it was fine. 这只是在这里是由于应对和粘贴,所以一旦我将其删除,就很好了。 Hope this helps others in the future. 希望这对将来有帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.