堆栈内存溢出
  简体   繁体   English

password_verify不验证哈希

[英]password_verify doesn't verify hash

 原文  2014-11-03 19:42:34       php/ hash/ verification/ password-encryption

问题描述

I hash my inserted passwords via password_hash. 我通过password_hash对插入的密码进行哈希处理。 I verify them by using password_verify. 我使用password_verify验证了它们。

However when I insert a hashed password in my database and I try to verify it, both outputs always differ from eachother. 但是,当我在数据库中插入哈希密码并尝试对其进行验证时,两个输出始终彼此不同。

my pages are as following, 我的页面如下

main_login.php (form): main_login.php(窗体): 

<?php include 'header.php';?>
<body>
<form role="form" method="post" action="login.php">
  <div class="form-group">
    <label for="usrname">Username:</label>
    <input type="text" class="form-control" name="usrname" placeholder="Enter username">
  </div>
  <div class="form-group">
    <label for="passwrd">Password:</label>
  </div>
    <input type="password" class="form-control" name="passwrd" placeholder="Enter password">
    <br>
  <input type="checkbox">Remember Me
  <br>
  <br>
  <button type="submit" class="btn btn-default">Submit</button>
</form>
</body>
</html>

login.php (handler): login.php(处理程序): 

<?php
include 'vars.php';
include 'header.php';
$sql="SELECT * FROM members WHERE usrname='$usrname'";
$result=mysqli_query($con,$sql);
$count=mysqli_num_rows($result);
$row=mysqli_fetch_row($result);
$verify=password_verify($hash,$row[2]);
if($verify){
    $_SESSION["usrname"]=$usrname;
    echo "Correct";
}
else {
    echo "user: " . $usrname. "<br>";
    echo "pass: " . $hash. "<br>";
    echo "db: " . $row[2]."<br>";
    echo "Wrong Username or Password";
}
?>

vars.php: vars.php: 

<?php
$h='localhost';$u='caelin';$p='****';$d='ombouwnh';
$con=mysqli_connect($h,$u,$p,$d);
$usrname=$_POST['usrname'];
$passwrd=$_POST['passwrd'];
$hash=password_hash($passwrd, PASSWORD_DEFAULT);
?>

when i try to login using username 'caca' and password 'caca' I get a different output for both, everytime i retry. 当我尝试使用用户名“ caca”和密码“ caca”登录时,每次重试时,两者都会得到不同的输出。 I can't find this particular problem on stackoverflow. 我在stackoverflow上找不到此特定问题。

TIA TIA

PS. PS。 If you need more details, ask for them 如果您需要更多详细信息,请询问他们

2 个解决方案

解决方案1
 13 已采纳  2014-11-03 20:02:04

The function password_verify(); 函数password_verify(); takes two parameters; 有两个参数; a non-hashed input, and a stored hash to compare it to. 非哈希输入,以及与其进行比较的存储哈希。 It hashes the non-hashed input automatically to compared it to the stored version. 它会自动对未哈希的输入进行哈希处理,以将其与存储的版本进行比较。 So your initial code was re-hashing an already hashed password. 因此,您的初始代码是重新哈希一个已经哈希的密码。 Should look like this: 应该看起来像这样: 

$verify=password_verify($_POST['passwrd'],$row[2]);

if($verify){
    $_SESSION["usrname"]=$usrname;
    echo "Correct";
}
else {
    echo "user: " . $usrname. "<br>";
    echo "pass: " . $hash. "<br>";
    echo "db: " . $row[2]."<br>";
    echo "Wrong Username or Password";
}

解决方案2
 3  2014-11-03 20:22:46

您重新设置了密码-只需将纯文本密码和哈希(来自db)传递给password_verify即可。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 password_verify - 密码与 hash 不匹配 - password_verify - password doesn't matches the hash password_verify无法使用Bcrypt验证password_hash - password_verify can't verify password_hash with Bcrypt Password_verify检查不正确 - Password_verify doesn't check correctly php密码_hash和密码_verify看起来仍然无法正常工作 - php password_hash and password_verify looked all over still doesn't work 即使具有哈希值和用户密码,password_verify也不起作用 - password_verify doesn't work, even though it has the hash and the user's password 无法使用password_verify($ password,$ hash) - Unable to use password_verify($password, $hash) PHP password_hash(),password_verify() - PHP password_hash(), password_verify() php password_verify() hash 和 pass 不匹配 - php password_verify() hash and pass won't match PHP中的password_verify和password_hash - password_verify and password_hash in php PHP password_verify不匹配哈希 - PHP password_verify not matching hash
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM