password_verify无法使用Bcrypt验证password_hash
[英]password_verify can't verify password_hash with Bcrypt
问题描述
I am having some problems getting password_verify to confirm my hashed password. 
我在获取password_verify确认我的哈希密码时遇到一些问题。 This is my login: 这是我的登录名:
if (isset($_POST["login-button-front"]))
{
// IF VALUE IS GIVEN
if (isset($_POST["user-password"]) && ($_POST["user-email"])){
$user_email = $_POST["user-email"];
// QUERY DATABASE TO VERIFY LOGIN INFORMATION
$query_password = $db->prepare("SELECT password, user_session FROM login WHERE email = :user_email");
$query_password->execute(array(':user_email' => $user_email));
$password_row = $query_password->fetchAll();
// CHECK PASSWORD
$password = $_POST["user-password"];
$password_hash = $password_row[0]["password"];
if(password_verify($password, $password_hash)){
$_SESSION['user'] = $password_row['user_session'];
require 'members.php';
}
// RESPOND IF WRONG INFORMATION GIVEN
else{
$login_wrong = "The username and/or password you entered is incorrect. Please try again.";
require 'front_page.php';
}
}
// RESPOND IF NO INFORMATION GIVEN
else{
$login_wrong = "You must enter a valid username and password to login. Need an account? Register below.";
require 'front_page.php';
}
}
And this is my registration: 这是我的注册:
$password = password_hash($_POST['password1'], PASSWORD_DEFAULT);
1 个解决方案
解决方案1
0 已采纳 2015-05-02 20:02:58
I looked over all my details, removed single and double quotes. 我查看了所有详细信息,删除了单引号和双引号。 Aswell as made sure there was no fetching errors. 还要确保没有获取错误。 This was my working code: 这是我的工作代码:
if (isset($_POST["login-button-front"]))
{
// IF VALUE IS GIVEN
if (isset($_POST["user-password"]) && ($_POST["user-email"])){
$user_email = $_POST["user-email"];
// QUERY DATABASE TO VERIFY LOGIN INFORMATION
$query_password = $db->prepare("SELECT password, user_session FROM login WHERE email = :user_email");
$query_password->execute(array(':user_email' => $user_email));
$password_row = $query_password->fetchAll();
// CHECK PASSWORD
$password = $_POST["user-password"];
$password_hash = $password_row[0]["password"];
if(password_verify($password, $password_hash)){
$_SESSION['user'] = $password_row[0]['user_session'];
require 'members.php';
}
// RESPOND IF WRONG INFORMATION GIVEN
else{
$login_wrong = "The username and/or password you entered is incorrect. Please try again.";
require 'front_page.php';
}
}
// RESPOND IF NO INFORMATION GIVEN
else{
$login_wrong = "You must enter a valid username and password to login. Need an account? Register below.";
require 'front_page.php';
}
}
I ended up hashing using this: 我最终使用此哈希:
$password_options = ['cost' => 11,'salt' => mcrypt_create_iv(22,MCRYPT_DEV_URANDOM),];
$password = password_hash($_POST['password1'], PASSWORD_BCRYPT, $password_options);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
PHP中的password_verify和password_hash - password_verify and password_hash in php
PHP password_hash(),password_verify() - PHP password_hash(), password_verify()
PHP password_hash() password_verify() 最大密码长度? - PHP password_hash() password_verify() maximum password length?
Password_hash和Password_verify,也存储密码吗? - Password_hash and Password_verify, store password too?
password_hash和password_verify的密码哈希问题 - Password Hashing issue with password_hash & password_verify
PHP使用password_verify和password_hash验证密码 - PHP Verifying passwords using password_verify and password_hash
password_hash,password_verify,MySQL误会? - password_hash, password_verify, MySQL misunderstanding?
使用password_hash()和password_verify()的问题 - Issues using password_hash() and password_verify()
php password_hash和password_verify问题 - php password_hash and password_verify issue
password_hash和password_verify返回false - password_hash and password_verify returns false
相关标签