堆栈内存溢出
  简体   繁体   English

Bcrypt哈希检查不起作用

[英]Bcrypt hash check not working

 原文  2014-08-06 15:13:42       php/ mysql/ hash/ mysqli/ bcrypt

问题描述

I have tried using two different wrappers, namely password_compat and Bcrypt , to encrypt my passwords. 我尝试使用两种不同的包装器,即password_compatBcrypt来加密我的密码。 The hash saves fine but the check comparison never matches. 哈希保存得很好,但是检查比较永远不会匹配。

I use the following code to store the hashed password: 我使用以下代码存储哈希密码: 

//include ( "Bcrypt.php" );
include ( "password_compat-master/lib/password.php" );

if ( isset ( $_POST["username"] ) and isset ( $_POST["email"] ) and isset ( $_POST["password"] ) )
{

$username = $_POST["username"];
$password = $_POST["password"];
$email = $_POST["email"];

//$hash = Bcrypt::hash( $password );
$hash = password_hash( $password , PASSWORD_BCRYPT ); //password_compat function

$connect = mysqli_connect( "server" , "user", "pass" , "database" );

//Code to generate next database key ($next)

$sql_insert = "INSERT INTO `use_users` (`UserID`,`Username`,`Password`,`EmailAddress`) VALUES('$next','$username','$hash','$email');";
$res_insert = $connect -> query( $sql_insert );

}

And I use the following code to verify the password (I am aware of possible SQL injection!): 并且我使用以下代码来验证密码(我知道可能的SQL注入!): 

//include ( "Bcrypt.php" );
include ( "password_compat-master/lib/password.php" );

if ( isset ( $_POST["username"] ) and isset ( $_POST["password"] ) )
{

$username = $_POST["username"];
$password = $_POST["password"];

$connect = mysqli_connect( "server" , "user", "pass" , "database" );

$sql_verify = "SELECT * FROM `use_users` WHERE `Username`='$username';";
$res_verify = $connect -> query( $sql_verify );

while ( $exe_verify = mysqli_fetch_array( $res_verify ) )
{

$hash = $exe_verify["Password"];

//$check = Bcrypt::check( $password , $hash );
$check = password_verify( $password , $hash ); //password_compat function

if ( $check ) echo "Pass.";
else if ( ! $check ) echo "Fail.";

}

}

When I code my own hash check ( crypt( $password, $hash) ) it returns the same hash as the stored one, but with additional characters appended to it. 当我编写自己的哈希检查代码( crypt( $password, $hash) )时,它返回的哈希值与存储的哈希值相同,但附加了附加字符。

What am I doing wrong? 我究竟做错了什么? Is it a MySQL thing? 这是MySQL吗?

1 个解决方案

解决方案1
 4 已采纳  2014-08-06 15:18:03

I think that your field could store less characters than generated hash length. 我认为您的字段可以存储的字符少于生成的哈希长度。 So hash has been truncated before instert. 因此,哈希在插入之前已被截断。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 密码验证不适用于密码哈希 BCRYPT - Password verify not working with password hash BCRYPT 检查字符串是否为bcrypt哈希的最简单,最快捷的方法是什么? - What's the easiest and quickest way to check if a string is a bcrypt hash? 将BCrypt哈希与Bcrypt哈希PHP进行比较 - Compare BCrypt hash to Bcrypt hash PHP laravel 5 哈希::检查不起作用 - laravel 5 Hash::check not working Bcrypt vs Hash in laravel - Bcrypt vs Hash in laravel laravel 5哈希检查和重定向不起作用 - laravel 5 hash check and redirect not working PHP password_hash()/ bcrypt - PHP password_hash() / bcrypt 类使用bcrypt哈希密码 - Class to hash password using bcrypt 将password_hash更改为bcrypt - Change password_hash to bcrypt PHP bcrypt哈希存储盐 - PHP bcrypt hash store the salt
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM