尽管密码正确,但password_verify始终是无效密码 [英] password_verify always invalid password although password is correct
本文介绍了尽管密码正确,但password_verify始终是无效密码的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我不知道我的代码有什么问题 hash.php(插入bycryp密码)
I don't have idea what is the trouble in my code hash.php(insert bycryp password)
**<?php
$con = new mysqli("localhost", "root", "", "hast") or die(mysqli_error());
if (array_key_exists("f5", $_GET)) {
$w5 = $_GET['f5'];//pass
}
if (array_key_exists("f6", $_GET)) {
$w6 = $_GET['f6'];//pass
}
$salt = md5(uniqid(rand()));
$options = [
'cost' =>11,
'salt' => $salt
];
$hash_password = password_hash($w6, PASSWORD_BCRYPT, $options)."\n";
$sql = mysqli_query($con, "INSERT INTO `pass`(`nama`, `hash_password`, `salt`) VALUES ('$w5','$hash_password','$salt')")or die(mysqli_error($con));
if ($sql) {
echo $hash_password;
} else {
echo "gagal";
}
?>**
hashlog.php
hashlog.php
**<?php
$con = new mysqli("localhost", "root", "", "hast") or die(mysqli_error());
if (array_key_exists("f5", $_GET)) {
$w5 = $_GET['f5'];//user
}
if (array_key_exists("f6", $_GET)) {
$w6 = $_GET['f6'];//pass
}
$sql = mysqli_query($con, "select hash_password from pass where nama='$w5'")or die(mysqli_error($con));
$row = mysqli_fetch_assoc($sql);
$hash = $row['hash_password'];
$hash = $row['hash_password'];
//$hash ='$2y$11$0be5c43957cd3df608521u4PiYrUUyK/dQRSlc/g5UVdDdKk1WChy';
if (password_verify($w6, $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
?>**
在我的情况下,
尽管密码正确,但总是无效密码 请帮助我
in my case always invalid password although password is correct please help me
推荐答案
问题是您指定了无效的salt值.您不应该自己指定salt,只需让库为您生成一个即可.如果您确实要指定salt,请使用如下代码进行操作:
The problem is that you specify an invalid salt value. You should not specify the salt yourself, just leave the library generate one for you. If you really want to specify a salt, the use a code like this to do it:
$salt = mcrypt_create_iv(22, MCRYPT_DEV_URANDOM);
此外,我认为您的问题是在哈希密码后面附加了\n;您必须将其删除:
Also, I think that your problem is an appended \n at the hashed password; you must remove it:
$hash_password = password_hash($w6, PASSWORD_BCRYPT, $options)."\n"; //remove this "\n"
这篇关于尽管密码正确,但password_verify始终是无效密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
