Bcrypt哈希檢查不起作用
[英]Bcrypt hash check not working
問題描述
我嘗試使用兩種不同的包裝器,即password_compat和Bcrypt來加密我的密碼。 哈希保存得很好,但是檢查比較永遠不會匹配。
我使用以下代碼存儲哈希密碼:
//include ( "Bcrypt.php" );
include ( "password_compat-master/lib/password.php" );
if ( isset ( $_POST["username"] ) and isset ( $_POST["email"] ) and isset ( $_POST["password"] ) )
{
$username = $_POST["username"];
$password = $_POST["password"];
$email = $_POST["email"];
//$hash = Bcrypt::hash( $password );
$hash = password_hash( $password , PASSWORD_BCRYPT ); //password_compat function
$connect = mysqli_connect( "server" , "user", "pass" , "database" );
//Code to generate next database key ($next)
$sql_insert = "INSERT INTO `use_users` (`UserID`,`Username`,`Password`,`EmailAddress`) VALUES('$next','$username','$hash','$email');";
$res_insert = $connect -> query( $sql_insert );
}
並且我使用以下代碼來驗證密碼(我知道可能的SQL注入!):
//include ( "Bcrypt.php" );
include ( "password_compat-master/lib/password.php" );
if ( isset ( $_POST["username"] ) and isset ( $_POST["password"] ) )
{
$username = $_POST["username"];
$password = $_POST["password"];
$connect = mysqli_connect( "server" , "user", "pass" , "database" );
$sql_verify = "SELECT * FROM `use_users` WHERE `Username`='$username';";
$res_verify = $connect -> query( $sql_verify );
while ( $exe_verify = mysqli_fetch_array( $res_verify ) )
{
$hash = $exe_verify["Password"];
//$check = Bcrypt::check( $password , $hash );
$check = password_verify( $password , $hash ); //password_compat function
if ( $check ) echo "Pass.";
else if ( ! $check ) echo "Fail.";
}
}
當我編寫自己的哈希檢查代碼( crypt( $password, $hash) )時,它返回的哈希值與存儲的哈希值相同,但附加了附加字符。
我究竟做錯了什么? 這是MySQL嗎?
1 個解決方案
解決方案1
4 已采納 2014-08-06 15:18:03
我認為您的字段可以存儲的字符少於生成的哈希長度。 因此,哈希在插入之前已被截斷。
檢查字符串是否為bcrypt哈希的最簡單,最快捷的方法是什么?
[英]What's the easiest and quickest way to check if a string is a bcrypt hash?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.