Php 密码\u验证无法使用Bcrypt验证密码\u哈希
我在获取密码验证以确认哈希密码时遇到一些问题。 这是我的登录名:Php 密码\u验证无法使用Bcrypt验证密码\u哈希,php,hash,passwords,bcrypt,Php,Hash,Passwords,Bcrypt,我在获取密码验证以确认哈希密码时遇到一些问题。 这是我的登录名: if (isset($_POST["login-button-front"])) { // IF VALUE IS GIVEN if (isset($_POST["user-password"]) && ($_POST["user-email"])){ $user_email = $_POST["user-email"]; // QUERY DATABASE TO
if (isset($_POST["login-button-front"]))
{
// IF VALUE IS GIVEN
if (isset($_POST["user-password"]) && ($_POST["user-email"])){
$user_email = $_POST["user-email"];
// QUERY DATABASE TO VERIFY LOGIN INFORMATION
$query_password = $db->prepare("SELECT password, user_session FROM login WHERE email = :user_email");
$query_password->execute(array(':user_email' => $user_email));
$password_row = $query_password->fetchAll();
// CHECK PASSWORD
$password = $_POST["user-password"];
$password_hash = $password_row[0]["password"];
if(password_verify($password, $password_hash)){
$_SESSION['user'] = $password_row['user_session'];
require 'members.php';
}
// RESPOND IF WRONG INFORMATION GIVEN
else{
$login_wrong = "The username and/or password you entered is incorrect. Please try again.";
require 'front_page.php';
}
}
// RESPOND IF NO INFORMATION GIVEN
else{
$login_wrong = "You must enter a valid username and password to login. Need an account? Register below.";
require 'front_page.php';
}
}
这是我的注册:
$password = password_hash($_POST['password1'], PASSWORD_DEFAULT);
我查看了所有的细节,删除了单引号和双引号。并确保没有抓取错误。这是我的工作代码:
if (isset($_POST["login-button-front"]))
{
// IF VALUE IS GIVEN
if (isset($_POST["user-password"]) && ($_POST["user-email"])){
$user_email = $_POST["user-email"];
// QUERY DATABASE TO VERIFY LOGIN INFORMATION
$query_password = $db->prepare("SELECT password, user_session FROM login WHERE email = :user_email");
$query_password->execute(array(':user_email' => $user_email));
$password_row = $query_password->fetchAll();
// CHECK PASSWORD
$password = $_POST["user-password"];
$password_hash = $password_row[0]["password"];
if(password_verify($password, $password_hash)){
$_SESSION['user'] = $password_row[0]['user_session'];
require 'members.php';
}
// RESPOND IF WRONG INFORMATION GIVEN
else{
$login_wrong = "The username and/or password you entered is incorrect. Please try again.";
require 'front_page.php';
}
}
// RESPOND IF NO INFORMATION GIVEN
else{
$login_wrong = "You must enter a valid username and password to login. Need an account? Register below.";
require 'front_page.php';
}
}
我最终使用以下方法进行哈希运算:
$password_options = ['cost' => 11,'salt' => mcrypt_create_iv(22,MCRYPT_DEV_URANDOM),];
$password = password_hash($_POST['password1'], PASSWORD_BCRYPT, $password_options);
什么是“$\u POST[用户密码]”?回显$password并查看它包含的内容。。。和“$password_行[0][password]”。Echo$password\u散列。你为什么要自己制作盐呢?这是完全没有必要的。$\u POST[用户密码]正在回响,成为密码。这也是登录中设置的正确密码。另外两个是:$2y$11$IFQ2XDQK14ERPGQ70KOWOONEZ1O7LMH2CKAERDOQITR569EWX9W2和$2y$11$IFQ2XDQK14ERPGQ70KOWOONEZ1O7LMH2CKAERDOQITR569EWX9W2数据库中存储的密码也是:$2y$11$IFQ2XDQK14ERPGQ70KOWOONEZ1O7LMH2CKAERDOQITR569EW2NO。检查变量包含的内容,而不是您认为它们包含的内容!$password变量是一个包含$\u POST[user password]的字符串,$password\u哈希变量包含$password\u row[0][password]。您使用的是不插入变量的单引号。第二个变量也是无效的,需要包装在{}中,即{$password_row[0][password]}。你也可以不用字符串,反正也没必要。再说一遍,为什么你要把变量放在单引号里$password\u hash'只会给您“$password\u hash”…正如Sverry已经提到的,最好省略salt参数:$password\u options=['cost'=>11];,函数password_hash将更好地解决这个问题。