php password_verify() hash 和 pass 不匹配 [英] php password_verify() hash and pass won't match
问题描述
我将我的密码存储在我用 password_hash() 散列的数据库中,并且我试图在登录时使用 password_verify() 验证密码.出于某种原因,password_verify() 一直返回 false.
I store my passwords in my database hashed with password_hash(), and I am trying to verify the passwords on login with password_verify(). For some reason password_verify() keeps returning false.
我阅读了关于这个函数的文档,它说要确保函数中使用的哈希值在单引号 ' ' 之间,否则它会读取哈希值,因为 $ 是三个变量,所以我试过了像这样写 $valid '$valid'.但这没有用.
I read the documentation on this function and it said to make sure that the hash used in the function is between single quotes ' ' otherwise it will read the hash like it is three variables because of the $'s, so i tried writing $valid like this '$valid'. But that didn't work.
当我回显 $valid 时,输出为 $2y$10$zzZCN7UlukvY2skb3ELVp.4y3Oc7NJTEsFyqdstqYxT
When I echo $valid the output is $2y$10$zzZCN7UlukvY2skb3ELVp.4y3Oc7NJTEsFyqdstqYxT
当我回显 $check 时,输出是 123,这是用于创建帐户的密码.
When I echo $check the output is 123, which is the password used to create the account.
这是我的 login.php 的一部分,这就是我觉得有问题的地方.
This is the part of my login.php, and this is where I feel the problem is.
$emailLogin = mysqli_real_escape_string($con, $_POST['emailLogin']);
$passLogin = mysqli_real_escape_string($con, $_POST['passLogin']);
$query = "SELECT `pass` FROM `user` WHERE `email`='$emailLogin'";
$result = mysqli_query($con, $query);
$row = mysqli_fetch_array($result);
$pass = $row['pass'];
$key = VUP($passLogin, $pass);
这是我的verify.php的一部分
This is part of my verify.php
function VUP($check, $valid){
if (password_verify($check, $valid)) {
$key = 1;
} else {
echo 'Invalid password.';
$key = 0;
die();
}
return $key;
}
也是verify.php的一部分
Also part of verify.php
function SHP($password){
$hash = password_hash('$password', PASSWORD_BCRYPT);
return $hash;
}
任何建议都会非常有帮助.
Any advice would be very helpful.
推荐答案
当我回显 $valid 时,输出为 $2y$10$zzZCN7UlukvY2skb3ELVp.4y3Oc7NJTEsFyqdstqYxT"
$2y$10$zzZCN7UlukvY2skb3ELVp.4y3Oc7NJTEsFyqdstqYxT
哈希长度只有 50 并且无效/太短,正如我所说,MySQL 将静默失败;错误报告/检查在这里没有帮助.
$2y$10$zzZCN7UlukvY2skb3ELVp.4y3Oc7NJTEsFyqdstqYxT
the hash is only 50 in length and is invalid/too short and as I said, MySQL will fail silently; error reporting/checking would not have helped here.
密码的列长度应该是 60(建议 255),所以它最初没有正确存储.
The password's column length should be 60 (255 is suggested), so it wasn't stored correctly originally.
您需要清除密码列/或表,增加列的长度,然后重新开始.
You will need to clear your password column/or table, increase your column's length, and start over again.
参考:
因此,建议将结果存储在可以扩展到 60 个字符以上的数据库列中(255 个字符是一个不错的选择)."
<小时>
您还可以将查询修改为:
You can also modify your query to read as:
$con = new mysqli("xxx", "xxx", "xxx", "xxx");
if ($con->connect_error) {
die('Connect Error (' . $con->connect_errno . ') '
. $con->connect_error);
}
$query = "SELECT `pass` FROM `user` WHERE `email`='$emailLogin'";
$result = $con->query($query);
// error checking on the query
if (!$result) {
echo "<p>There was an error in query: $query</p>";
echo $con->error;
}
$row_hash = $result->fetch_array();
if (password_verify($passLogin, $row_hash['pass'])) {
echo "Success!";
}
<小时>
从我留给 OP 的评论中添加:
Adding from a comment I left to the OP:
您的验证功能需要与您的数据库建立连接,这就是我觉得这里发生的事情(变量范围).因此,您需要使用 global $con;
或将连接(变量)传递给您的函数(在大多数情况下更好).
Your verify function needs to have a connection made to your database, that is what I feel is happening here (variable scope). So you'll need to either use global $con;
or pass the connection (variable) to your function (which is better in most cases).
我不知道您是否正在为该函数执行包含",如果是,那么这就是另一个问题.
I don't know if you're doing an "include" for the function, and if so, then that's what the other problem is.
即:function VUP($con, $check, $valid){
或 function VUP($check, $valid){ global $con;
- 两者都试试.使用 $result = mysqli_query($con, $query) 或 die(mysqli_error($con));
而不是你现在拥有的那个.
I.e.: function VUP($con, $check, $valid){
or function VUP($check, $valid){ global $con;
- Try both. Use $result = mysqli_query($con, $query) or die(mysqli_error($con));
instead of the one you have now.
这篇关于php password_verify() hash 和 pass 不匹配的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!