stackoom
  简体   繁体   中英

How to use bcrypt with php for password authentication?

 原文  2012-07-04 09:38:49       php/ bcrypt

Question

I tried the top solution post from How do you use bcrypt for hashing passwords in PHP? but can't seem to get an example working. I copied the Bcrypt class and added the following code at the bottom of it. 

$bcrypt = new Bcrypt(15);

// pw on server. Used $pwHash = $bcrypt->hash($formPassword); to get the hash from 'qwerty'.
$serverPw = '$2a$15$Ty6hIEEWFpUFHoKujvdmw.9kmyrwYip2s8TLdjDfNoVJuQx/TGgwu'; 

// user enters plain text pw...
$passAttempt = 'qwerty';

// attempt to check the attempted password against the server hashed pasword.
$pwVerify = $bcrypt->verify($serverPw, $passAttempt); 

if ( $pwVerify == 1 ) {echo "$pwVerify = true";} else {echo "$pwVerify = not true";}
// I also tried if ($pwVerify) and if ($bcrypt->verify($serverPw, $passAttempt))
// Output is "= not true"

What is wrong here?

1 answers

solution1
 2 ACCPTED  2012-07-04 09:57:50

You must store the password AND the salt used when you BCrypt, or you'll never get the same string. This class seems pretty broken to me, don't use it. See this example and the documentation to directly use PHP's crypt function.

Edit : You probably should use PHPPass , seems like a well tested and referenced library.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to use BCRYPT with password_hash() in PHP How to use bcrypt in mysql with php Phalcon PHP Password Bcrypt Ruby bcrypt password retrieval in PHP PHP password_hash() / bcrypt PHP: Using bcrypt for password encryption BCrypt of PHP cannot verify the password How do you verify a password with PHP/MySQL using BCRYPT How to store a password as BCRYPT in a database as '$2a$15' in PHP Bcrypt password_compat PHP library
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM