php password_verify()哈希和传递不匹配 [英] php password_verify() hash and pass won't match

查看:73
本文介绍了php password_verify()哈希和传递不匹配的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我将密码存储在用password_hash()散列的数据库中,并且尝试使用password_verify()登录时验证密码.由于某些原因,password_verify()始终返回false.

I store my passwords in my database hashed with password_hash(), and I am trying to verify the passwords on login with password_verify(). For some reason password_verify() keeps returning false.

我阅读了有关此函数的文档,并说要确保该函数中使用的哈希在单引号'之间,否则它将读取哈希,因为它是三个变量,因为有$,所以我尝试了像这样的"$ valid"写$ valid.但这是行不通的.

I read the documentation on this function and it said to make sure that the hash used in the function is between single quotes ' ' otherwise it will read the hash like it is three variables because of the $'s, so i tried writing $valid like this '$valid'. But that didn't work.

当我回显$ valid时,输出为$ 2y $ 10 $ zzZCN7UlukvY2skb3ELVp.4y3Oc7NJTEsFyqdstqYxT

When I echo $valid the output is $2y$10$zzZCN7UlukvY2skb3ELVp.4y3Oc7NJTEsFyqdstqYxT

当我回显$ check时,输出为123,这是用于创建帐户的密码.

When I echo $check the output is 123, which is the password used to create the account.

这是我login.php的一部分,这是我感到问题所在的地方.

This is the part of my login.php, and this is where I feel the problem is.

$emailLogin = mysqli_real_escape_string($con, $_POST['emailLogin']);

$passLogin = mysqli_real_escape_string($con, $_POST['passLogin']);

$query = "SELECT `pass` FROM `user` WHERE `email`='$emailLogin'";

$result = mysqli_query($con, $query);

$row = mysqli_fetch_array($result);

$pass = $row['pass']; 

$key = VUP($passLogin, $pass);

这是我的verify.php的一部分

This is part of my verify.php

function VUP($check, $valid){

if (password_verify($check, $valid)) {
$key = 1;

} else {
echo 'Invalid password.';
$key = 0;
die();
}
return $key;

}

verify.php的一部分

Also part of verify.php

function SHP($password){

$hash = password_hash('$password', PASSWORD_BCRYPT);

return $hash;

}

任何建议都会很有帮助.

Any advice would be very helpful.

推荐答案

当我回显$ valid时,输出为$ 2y $ 10 $ zzZCN7UlukvY2skb3ELVp.4y3Oc7NJTEsFyqdstqYxT"

$2y$10$zzZCN7UlukvY2skb3ELVp.4y3Oc7NJTEsFyqdstqYxT散列只有50个长度,并且无效/太短,正如我所说的,MySQL将无声地失败.错误报告/检查不会在这里有所帮助.

$2y$10$zzZCN7UlukvY2skb3ELVp.4y3Oc7NJTEsFyqdstqYxT the hash is only 50 in length and is invalid/too short and as I said, MySQL will fail silently; error reporting/checking would not have helped here.

密码的列长度应为60(建议为255),因此最初存储的密码不正确.

The password's column length should be 60 (255 is suggested), so it wasn't stored correctly originally.

您将需要清除密码列/表,增加密码列的长度,然后重新开始.

You will need to clear your password column/or table, increase your column's length, and start over again.

参考:

因此,建议将结果存储在数据库列中,该列可以扩展到超过60个字符(255个字符是一个不错的选择)."


您还可以将查询修改为:


You can also modify your query to read as:

$con = new mysqli("xxx", "xxx", "xxx", "xxx");
if ($con->connect_error) {
    die('Connect Error (' . $con->connect_errno . ') '
            . $con->connect_error);
}

$query = "SELECT `pass` FROM `user` WHERE `email`='$emailLogin'";
$result = $con->query($query);

// error checking on the query
if (!$result) {
    echo "<p>There was an error in query: $query</p>";
    echo $con->error;
}

$row_hash = $result->fetch_array();
if (password_verify($passLogin, $row_hash['pass'])) {
    echo "Success!";
}



添加评论后,我留给了OP:

Adding from a comment I left to the OP:

您的验证功能需要与您的数据库建立连接,这就是我在这里正在发生的事情(可变范围).因此,您需要使用global $con;或将连接(变量)传递给函数(在大多数情况下更好).

Your verify function needs to have a connection made to your database, that is what I feel is happening here (variable scope). So you'll need to either use global $con; or pass the connection (variable) to your function (which is better in most cases).

我不知道您是否对该功能执行包含"操作,如果是,那么这就是另一个问题.

I don't know if you're doing an "include" for the function, and if so, then that's what the other problem is.

即:function VUP($con, $check, $valid){function VUP($check, $valid){ global $con;-两者都尝试.使用$result = mysqli_query($con, $query) or die(mysqli_error($con));而不是您现在拥有的那个.

I.e.: function VUP($con, $check, $valid){ or function VUP($check, $valid){ global $con; - Try both. Use $result = mysqli_query($con, $query) or die(mysqli_error($con)); instead of the one you have now.

这篇关于php password_verify()哈希和传递不匹配的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆