如何使用BCRYPT使用PHP / MySQL验证密码
[英]How do you verify a password with PHP/MySQL using BCRYPT
问题描述
I don't understand how this works 
我不明白这是怎么回事
$hash = $bcrypt->hash($_POST['password']); //this string is stored in mysql
Then when a user logs in, 然后,当用户登录时,
//get hash string from above from mysql, then
if ($bcrypt->verify($_POST['password'], $row['password'])) {
echo "Logged in.";
}
A.) Am I doing this correctly? 答:)我这样做正确吗?
B.) If so, how does bcrypt remember the salt if it's not stored in the database? B.)如果是这样,那么bcrypt如何将未存储在盐中的盐记起来?
1 个解决方案
解决方案1
1 已采纳 2012-10-04 00:28:53
The salt is prepended to the hash, and so the the function pulls the salt out of the hash from the database. 盐是加在哈希之前的,因此该函数将盐从数据库中拉出哈希。 This is why you have to pass the hash from the database to the verification function, instead of just rehashing the password and comparing them. 这就是为什么您必须将哈希从数据库传递到验证功能,而不仅仅是重新哈希密码并进行比较。
And yeah, it does look like you are doing it correctly. 是的,看起来您的做法确实正确。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.