php password_verify()哈希和传递不匹配 [英] php password_verify() hash and pass won't match
问题描述
我将密码存储在用password_hash()散列的数据库中,并且尝试使用password_verify()登录时验证密码.由于某些原因,password_verify()始终返回false.
I store my passwords in my database hashed with password_hash(), and I am trying to verify the passwords on login with password_verify(). For some reason password_verify() keeps returning false.
我阅读了有关此函数的文档,并说要确保该函数中使用的哈希在单引号'之间,否则它将读取哈希,因为它是三个变量,因为有$,所以我尝试了像这样的"$ valid"写$ valid.但这是行不通的.
I read the documentation on this function and it said to make sure that the hash used in the function is between single quotes ' ' otherwise it will read the hash like it is three variables because of the $'s, so i tried writing $valid like this '$valid'. But that didn't work.
当我回显$ valid时,输出为$ 2y $ 10 $ zzZCN7UlukvY2skb3ELVp.4y3Oc7NJTEsFyqdstqYxT
When I echo $valid the output is $2y$10$zzZCN7UlukvY2skb3ELVp.4y3Oc7NJTEsFyqdstqYxT
当我回显$ check时,输出为123,这是用于创建帐户的密码.
When I echo $check the output is 123, which is the password used to create the account.
这是我login.php的一部分,这是我感到问题所在的地方.
This is the part of my login.php, and this is where I feel the problem is.
$emailLogin = mysqli_real_escape_string($con, $_POST['emailLogin']);
$passLogin = mysqli_real_escape_string($con, $_POST['passLogin']);
$query = "SELECT `pass` FROM `user` WHERE `email`='$emailLogin'";
$result = mysqli_query($con, $query);
$row = mysqli_fetch_array($result);
$pass = $row['pass'];
$key = VUP($passLogin, $pass);
这是我的verify.php的一部分
This is part of my verify.php
function VUP($check, $valid){
if (password_verify($check, $valid)) {
$key = 1;
} else {
echo 'Invalid password.';
$key = 0;
die();
}
return $key;
}
verify.php的一部分
Also part of verify.php
function SHP($password){
$hash = password_hash('$password', PASSWORD_BCRYPT);
return $hash;
}
任何建议都会很有帮助.
Any advice would be very helpful.
推荐答案
当我回显$ valid时,输出为$ 2y $ 10 $ zzZCN7UlukvY2skb3ELVp.4y3Oc7NJTEsFyqdstqYxT"
$2y$10$zzZCN7UlukvY2skb3ELVp.4y3Oc7NJTEsFyqdstqYxT散列只有50个长度,并且无效/太短,正如我所说的,MySQL将无声地失败.错误报告/检查不会在这里有所帮助.
$2y$10$zzZCN7UlukvY2skb3ELVp.4y3Oc7NJTEsFyqdstqYxT the hash is only 50 in length and is invalid/too short and as I said, MySQL will fail silently; error reporting/checking would not have helped here.
密码的列长度应为60(建议为255),因此最初存储的密码不正确.
The password's column length should be 60 (255 is suggested), so it wasn't stored correctly originally.
您将需要清除密码列/表,增加密码列的长度,然后重新开始.
You will need to clear your password column/or table, increase your column's length, and start over again.
参考:
因此,建议将结果存储在数据库列中,该列可以扩展到超过60个字符(255个字符是一个不错的选择)."
您还可以将查询修改为:
You can also modify your query to read as:
$con = new mysqli("xxx", "xxx", "xxx", "xxx");
if ($con->connect_error) {
die('Connect Error (' . $con->connect_errno . ') '
. $con->connect_error);
}
$query = "SELECT `pass` FROM `user` WHERE `email`='$emailLogin'";
$result = $con->query($query);
// error checking on the query
if (!$result) {
echo "<p>There was an error in query: $query</p>";
echo $con->error;
}
$row_hash = $result->fetch_array();
if (password_verify($passLogin, $row_hash['pass'])) {
echo "Success!";
}
添加评论后,我留给了OP:
Adding from a comment I left to the OP:
您的验证功能需要与您的数据库建立连接,这就是我在这里正在发生的事情(可变范围).因此,您需要使用global $con;或将连接(变量)传递给函数(在大多数情况下更好).
Your verify function needs to have a connection made to your database, that is what I feel is happening here (variable scope). So you'll need to either use global $con; or pass the connection (variable) to your function (which is better in most cases).
我不知道您是否对该功能执行包含"操作,如果是,那么这就是另一个问题.
I don't know if you're doing an "include" for the function, and if so, then that's what the other problem is.
即:function VUP($con, $check, $valid){或function VUP($check, $valid){ global $con;-两者都尝试.使用$result = mysqli_query($con, $query) or die(mysqli_error($con));而不是您现在拥有的那个.
I.e.: function VUP($con, $check, $valid){ or function VUP($check, $valid){ global $con; - Try both. Use $result = mysqli_query($con, $query) or die(mysqli_error($con)); instead of the one you have now.
这篇关于php password_verify()哈希和传递不匹配的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
