堆栈内存溢出
  简体   繁体   English

Phalcon PHP密码Bcrypt

[英]Phalcon PHP Password Bcrypt

 原文  2014-01-30 21:03:29       php/ phalcon

问题描述

So, I have setup in my di, the security component, as such... 所以,我已经在我的di安装组件中设置了...... 

--services.php--
$di->set('security', function(){
    $security = new Phalcon\Security();
    //Set the password hashing factor to 11 rounds
    $security->setWorkFactor(11);
    return $security;
}, true);

--Custom Auth Library (auth.php)--
    $user = Users::findFirstByEmail($login);
    if ($user) {
        if ($this->security->checkHash($password, $user->password)) {
           return true;
        }
    }
    return false;

but, for some reason, this always returns false...so, to debug, I tried using PHP's password_verify function, the following code is in my view directly: 但是,由于某种原因,这总是返回false ...所以,为了调试,我尝试使用PHP的password_verify函数,以下代码直接在我的视图中: 

//Returns false
var_dump($this->security->checkHash('password', '$2a$12$aSa7zLEd24zjh2aoUasxd.hbxIm8IQ0/vMf/8p4LTYI3VtZMJ62Pe'));
//Returns True
var_dump(password_verify('password', '$2a$12$aSa7zLEd24zjh2aoUasxd.hbxIm8IQ0/vMf/8p4LTYI3VtZMJ62Pe'));

What am I missing??? 我错过了什么?

3 个解决方案

解决方案1
 2 已采纳  2014-01-31 00:16:09

Okay, so it seems that if I set both the hash, and the password to a variable, it parses both statements correctly. 好吧,似乎如果我将哈希值和密码都设置为变量,它会正确解析这两个语句。

I appreciate all of the help, but this was the final solution. 我很感谢所有的帮助,但这是最终的解决方案。 

$password = $pass;
$hash = '$2a$12$lDL2eQ1GLJsJhKgPvU6agOnHpwNSBYPtWHF/O/aTvyISzI.ugjyLC';

var_dump($this->security->checkHash($password, $hash));
var_dump(password_verify($password, $hash));

解决方案2
 1  2014-01-30 23:10:18

This might be related to Security::checkHash returns true when using with a non-bcrypt hash , which has been fixed a few days ago. 这可能与Security :: checkHash有关, 当使用非bcrypt哈希时返回true ,该哈希几天前已经修复。

Looking at the code, the problem might be within this block, can you verify that the user model gets loaded, so does his hashed password? 查看代码,问题可能在此块中,您是否可以验证用户模型是否已加载,他的哈希密码也是如此? 

$user = Users::findFirstByEmail($login);
if ($user) {
    if ($this->security->checkHash($password, $user->password)) {
       return true;
    }
}
return false;

解决方案3
 1  2015-10-28 23:25:03

In case someone gets here and none of the answers above seem to help, and you keep feeling more and more dumb, check the password column length in your users table!! 如果有人来到这里并且上面的答案都没有帮助,并且你感觉越来越笨, 请检查用户表中的密码列长度! . In my case it was a varchar(50) and the hash gives you 60 chars. 在我的例子中,它是一个varchar(50),哈希给你60个字符。

Doing this (pointed above) http://pastebin.com/6tNRgyXg , helped me realise that something other than the code was wrong. 这样做(上面提到) http://pastebin.com/6tNRgyXg ,帮助我意识到除了代码之外的其他东西是错误的。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 检查bcrypt密码总是失败Phalcon php - Check bcrypt passwords always fails Phalcon php PHP password_hash()/ bcrypt - PHP password_hash() / bcrypt PHP:使用bcrypt进行密码加密 - PHP: Using bcrypt for password encryption PHP的BCrypt无法验证密码 - BCrypt of PHP cannot verify the password PHP中的Ruby bcrypt密码检索 - Ruby bcrypt password retrieval in PHP bCrypt从数据库中获取密码(PDO,PHP) - bCrypt fetch password from database ( PDO, PHP ) 包含“ require” PHP后更改BCRYPT密码 - BCRYPT password changing after including with 'require' PHP php mysql bcrypt和密码不匹配 - php mysql bcrypt and password doesn't match 如何使用bcrypt与php进行密码验证? - How to use bcrypt with php for password authentication? 如何在 PHP 中使用带有 password_hash() 的 BCRYPT - How to use BCRYPT with password_hash() in PHP
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM