如何使用bcrypt与php进行密码验证?
[英]How to use bcrypt with php for password authentication?
问题描述
I tried the top solution post from How do you use bcrypt for hashing passwords in PHP? 
我尝试了如何在PHP中使用bcrypt进行散列密码的顶级解决方案帖子? but can't seem to get an example working. 但似乎无法得到一个工作的例子。 I copied the Bcrypt class and added the following code at the bottom of it. 我复制了Bcrypt类,并在其底部添加了以下代码。
$bcrypt = new Bcrypt(15);
// pw on server. Used $pwHash = $bcrypt->hash($formPassword); to get the hash from 'qwerty'.
$serverPw = '$2a$15$Ty6hIEEWFpUFHoKujvdmw.9kmyrwYip2s8TLdjDfNoVJuQx/TGgwu';
// user enters plain text pw...
$passAttempt = 'qwerty';
// attempt to check the attempted password against the server hashed pasword.
$pwVerify = $bcrypt->verify($serverPw, $passAttempt);
if ( $pwVerify == 1 ) {echo "$pwVerify = true";} else {echo "$pwVerify = not true";}
// I also tried if ($pwVerify) and if ($bcrypt->verify($serverPw, $passAttempt))
// Output is "= not true"
What is wrong here? 这有什么不对?
1 个解决方案
解决方案1
2 已采纳 2012-07-04 09:57:50
You must store the password AND the salt used when you BCrypt, or you'll never get the same string. 您必须存储密码和BCrypt时使用的盐,否则您将永远不会获得相同的字符串。 This class seems pretty broken to me, don't use it. 这个课对我来说似乎很糟糕,不要使用它。 See this example and the documentation to directly use PHP's crypt function. 请参阅此示例和文档以直接使用PHP的crypt函数。
Edit : You probably should use PHPPass , seems like a well tested and referenced library. 编辑:您可能应该使用PHPPass ,看起来像一个经过良好测试和引用的库。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.