password_verify不验证哈希 [英] password_verify doesn't verify hash

查看:205
本文介绍了password_verify不验证哈希的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我通过password_hash对插入的密码进行哈希处理.我通过使用password_verify来验证它们.

I hash my inserted passwords via password_hash. I verify them by using password_verify.

但是,当我在数据库中插入一个哈希密码并尝试对其进行验证时,两个输出总是彼此不同的.

However when I insert a hashed password in my database and I try to verify it, both outputs always differ from eachother.

我的页面如下,

main_login.php(窗体):

main_login.php (form):

<?php include 'header.php';?>
<body>
<form role="form" method="post" action="login.php">
  <div class="form-group">
    <label for="usrname">Username:</label>
    <input type="text" class="form-control" name="usrname" placeholder="Enter username">
  </div>
  <div class="form-group">
    <label for="passwrd">Password:</label>
  </div>
    <input type="password" class="form-control" name="passwrd" placeholder="Enter password">
    <br>
  <input type="checkbox">Remember Me
  <br>
  <br>
  <button type="submit" class="btn btn-default">Submit</button>
</form>
</body>
</html>

login.php(处理程序):

login.php (handler):

<?php
include 'vars.php';
include 'header.php';
$sql="SELECT * FROM members WHERE usrname='$usrname'";
$result=mysqli_query($con,$sql);
$count=mysqli_num_rows($result);
$row=mysqli_fetch_row($result);
$verify=password_verify($hash,$row[2]);
if($verify){
    $_SESSION["usrname"]=$usrname;
    echo "Correct";
}
else {
    echo "user: " . $usrname. "<br>";
    echo "pass: " . $hash. "<br>";
    echo "db: " . $row[2]."<br>";
    echo "Wrong Username or Password";
}
?>

vars.php:

<?php
$h='localhost';$u='caelin';$p='****';$d='ombouwnh';
$con=mysqli_connect($h,$u,$p,$d);
$usrname=$_POST['usrname'];
$passwrd=$_POST['passwrd'];
$hash=password_hash($passwrd, PASSWORD_DEFAULT);
?>

当我尝试使用用户名"caca"和密码"caca"登录时,每次重试时,两者都会得到不同的输出. 我在stackoverflow上找不到这个特殊的问题.

when i try to login using username 'caca' and password 'caca' I get a different output for both, everytime i retry. I can't find this particular problem on stackoverflow.

TIA

PS.如果您需要更多详细信息,请询问他们

PS. If you need more details, ask for them

推荐答案

函数password_verify();具有两个参数.非哈希输入,以及与其进行比较的存储哈希.它会自动对未哈希的输入进行哈希处理,以将其与存储的版本进行比较.因此,您的初始代码是重新哈希一个已经哈希的密码.应该看起来像这样:

The function password_verify(); takes two parameters; a non-hashed input, and a stored hash to compare it to. It hashes the non-hashed input automatically to compared it to the stored version. So your initial code was re-hashing an already hashed password. Should look like this:

$verify=password_verify($_POST['passwrd'],$row[2]);

if($verify){
    $_SESSION["usrname"]=$usrname;
    echo "Correct";
}
else {
    echo "user: " . $usrname. "<br>";
    echo "pass: " . $hash. "<br>";
    echo "db: " . $row[2]."<br>";
    echo "Wrong Username or Password";
}

这篇关于password_verify不验证哈希的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
PHP最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆