如何使用php的password_hash()方法? [英] How to use php's password_hash() method..?
问题描述
我在登录时遇到密码不匹配,
在用户注册时保存密码为
I'm getting password does not match when I login, when a user signup, I'm saving password as
$password = password_hash($this->input->post('password'), PASSWORD_BCRYPT);
当用户登录时我正在检查这样的密码,
when a user login I'm checking password like this,
$hash = password_hash($password, PASSWORD_BCRYPT);
$this->db->select('password');
$this->db->from('usersdetails');
$this->db->where('email', $email);
$this->db->limit(1);
$query = $this->db->get();
$passwordcheck = $query->row()->password;
if (password_verify($passwordcheck, $hash)) {
return true;
} else {
return false;
}
但它总是返回密码不匹配。
任何帮助是非常感谢...
BUT it always return password does not match..why????? Any help is much appreciated...
推荐答案
你应该检查生的unhashed密码, code> password_verify()使用创建哈希密码时使用的哈希例程重新哈希原始密码。
You are supposed to check the raw unhashed password, as the password_verify()
does the re-hashing of the raw password using the hash routine used when creating the hashed password.
如果你看看 password_hash()
的结果,就会得到存储在散列中的信息,它使用了哪个散列例程来创建这个散列,以及它是如何生成的
If you look at the result of the password_hash()
there is information stored in the hash about which hash routine was used to create this hash, and how it was generated
$password = 'FredsTheMan';
$hash = password_hash($password, PASSWORD_BCRYPT);
if (password_verify($password, $hash)) {
return true;
} else {
return false;
}
这个领域的另一个常见错误是没有给你在数据库上使用的列
Another common mistake in this area is not giving the column you use on the database table enough characters to hold the full result of the hash
使用PASSWORD_BCRYPT生成的哈希值为60个字符
The hash generated using PASSWORD_BCRYPT is 60 characters
$2y$12$QjSH496pcT5CEbzjD/vtVeH03tfHKFy36d4J0Ltp3lRtee9HDxY3K
因此,你的代码应该是
$this->db->select('password');
$this->db->from('usersdetails');
$this->db->where('email', $email);
$this->db->limit(1);
$query = $this->db->get();
$pwd_from_db = $query->row()->password;
if (password_verify($this->input->post('password'), $pwd_from_db)) {
return true;
} else {
return false;
}
这篇关于如何使用php的password_hash()方法?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!