[英]Bcrypt hash check not working
I have tried using two different wrappers, namely password_compat and Bcrypt , to encrypt my passwords. 我尝试使用两种不同的包装器,即password_compat和Bcrypt来加密我的密码。 The hash saves fine but the check comparison never matches.
哈希保存得很好,但是检查比较永远不会匹配。
I use the following code to store the hashed password: 我使用以下代码存储哈希密码:
//include ( "Bcrypt.php" );
include ( "password_compat-master/lib/password.php" );
if ( isset ( $_POST["username"] ) and isset ( $_POST["email"] ) and isset ( $_POST["password"] ) )
{
$username = $_POST["username"];
$password = $_POST["password"];
$email = $_POST["email"];
//$hash = Bcrypt::hash( $password );
$hash = password_hash( $password , PASSWORD_BCRYPT ); //password_compat function
$connect = mysqli_connect( "server" , "user", "pass" , "database" );
//Code to generate next database key ($next)
$sql_insert = "INSERT INTO `use_users` (`UserID`,`Username`,`Password`,`EmailAddress`) VALUES('$next','$username','$hash','$email');";
$res_insert = $connect -> query( $sql_insert );
}
And I use the following code to verify the password (I am aware of possible SQL injection!): 并且我使用以下代码来验证密码(我知道可能的SQL注入!):
//include ( "Bcrypt.php" );
include ( "password_compat-master/lib/password.php" );
if ( isset ( $_POST["username"] ) and isset ( $_POST["password"] ) )
{
$username = $_POST["username"];
$password = $_POST["password"];
$connect = mysqli_connect( "server" , "user", "pass" , "database" );
$sql_verify = "SELECT * FROM `use_users` WHERE `Username`='$username';";
$res_verify = $connect -> query( $sql_verify );
while ( $exe_verify = mysqli_fetch_array( $res_verify ) )
{
$hash = $exe_verify["Password"];
//$check = Bcrypt::check( $password , $hash );
$check = password_verify( $password , $hash ); //password_compat function
if ( $check ) echo "Pass.";
else if ( ! $check ) echo "Fail.";
}
}
When I code my own hash check ( crypt( $password, $hash)
) it returns the same hash as the stored one, but with additional characters appended to it. 当我编写自己的哈希检查代码(
crypt( $password, $hash)
)时,它返回的哈希值与存储的哈希值相同,但附加了附加字符。
What am I doing wrong? 我究竟做错了什么? Is it a MySQL thing?
这是MySQL吗?
I think that your field could store less characters than generated hash length. 我认为您的字段可以存储的字符少于生成的哈希长度。 So hash has been truncated before instert.
因此,哈希在插入之前已被截断。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.