如何使用php的password_hash()方法? [英] How to use php's password_hash() method..?

查看:213
本文介绍了如何使用php的password_hash()方法?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我在登录时遇到密码不匹配,
在用户注册时保存密码为

I'm getting password does not match when I login, when a user signup, I'm saving password as

$password = password_hash($this->input->post('password'), PASSWORD_BCRYPT);

当用户登录时我正在检查这样的密码,

when a user login I'm checking password like this,

    $hash = password_hash($password, PASSWORD_BCRYPT);
    $this->db->select('password');
    $this->db->from('usersdetails');
    $this->db->where('email', $email);
    $this->db->limit(1);
    $query = $this->db->get();
    $passwordcheck = $query->row()->password;
    if (password_verify($passwordcheck, $hash)) {
       return true;
    } else {
        return false;
    }

但它总是返回密码不匹配。
任何帮助是非常感谢...

BUT it always return password does not match..why????? Any help is much appreciated...

推荐答案

你应该检查生的unhashed密码, code> password_verify()使用创建哈希密码时使用的哈希例程重新哈希原始密码。

You are supposed to check the raw unhashed password, as the password_verify() does the re-hashing of the raw password using the hash routine used when creating the hashed password.

如果你看看 password_hash()的结果,就会得到存储在散列中的信息,它使用了哪个散列例程来创建这个散列,以及它是如何生成的

If you look at the result of the password_hash() there is information stored in the hash about which hash routine was used to create this hash, and how it was generated

$password = 'FredsTheMan';

$hash = password_hash($password, PASSWORD_BCRYPT);

if (password_verify($password, $hash)) { 
   return true;
} else {
    return false;
}

这个领域的另一个常见错误是没有给你在数据库上使用的列

Another common mistake in this area is not giving the column you use on the database table enough characters to hold the full result of the hash

使用PASSWORD_BCRYPT生成的哈希值为60个字符

The hash generated using PASSWORD_BCRYPT is 60 characters 

$2y$12$QjSH496pcT5CEbzjD/vtVeH03tfHKFy36d4J0Ltp3lRtee9HDxY3K

因此,你的代码应该是

$this->db->select('password');
$this->db->from('usersdetails');
$this->db->where('email', $email);
$this->db->limit(1);
$query = $this->db->get();
$pwd_from_db = $query->row()->password;

if (password_verify($this->input->post('password'), $pwd_from_db)) {
   return true;
} else {
    return false;
}

这篇关于如何使用php的password_hash()方法?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
PHP最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆