PHP& MYSQL：使用bcrypt hash和数据库验证密码 [英] PHP & MYSQL: using bcrypt hash and verifying password with database

问题描述

我使用安德鲁摩尔先生的方法（你如何使用bcrypt在PHP中对哈希密码进行哈希处理？）对用户密码进行哈希处理。我所做的是我有一个注册页面，它使用

  $ bcrypt = new Bcrypt（12）; 
 $ pass = $ _POST ['password']; //注册密码字段
 $ hash = $ bcrypt-> hash（$ pass）; 
 
 //然后将$ hash插入数​​据库并注册用户（我已经检查了我的mysql数据库，它确实有一个哈希项
  

然后我有一个登录页面，其中包含电子邮件和密码字段，我认为电子邮件地址在我的数据库中是独一无二的，所以考虑到这一点，我制作了一个脚本在那里它首先检查用户的电子邮件地址，然后如果有现有的邮件地址，用这个

  $ bcrypt = new Bcrypt（12）; 
 
 $ email = $ _POST ['email']; //从登录电子邮件字段
 $ pass_l = $ _POST ['password']; //从登录密码字段
 $ hash_1 = $ bcrypt-> hash（$ pass_1）; 
 
 $ chk_email = $ dbh-> prepare（SELECT password FROM table WHERE email =？）; $ （$ row = $ chk_email-> fetch（PDO :: FETCH_ASSOC））{
 $ chk_pass = $ row ['password']; //在一个while循环中获取密码
 $ pass_isGood = $ bcrypt - > verify（$ hash_1，$ chk_pass）; 
 var_dump（$ pass_isGood）; //我得到了错误
 
} 
  

我不确定我做错了什么，我应该变成真实的。我已经将我的表字段设置为 text 甚至 varchar（256）

Andrew Moore的课程，您需要致电课程 verify（）方法来验证用户的密码是否与散列匹配。您传递给它的两个参数是用户输入的明文密码和您存储在数据库中的散列。

看起来您已将第二个哈希密码传递给 verify（）来代替，这就是为什么它不起作用。作为第一个参数传入纯文本密码。

I'm using Mr. Andrew Moore's method (How do you use bcrypt for hashing passwords in PHP?) of hashing user's password. What I did is I have a registration page and it uses

$bcrypt = new Bcrypt(12);
$pass = $_POST['password']; //register password field
$hash= $bcrypt->hash($pass);

// then inserts $hash into database with users registered email (I've checked my mysql database and it indeed has an hashed item

Then I have a login page, consisting of email and password fields. My thought is that email addresses are unique in my database. So with that in mind, I made a script where it check's users email address first, then if there is an existing one, verify the hash password with this

$bcrypt = new Bcrypt(12);

$email = $_POST['email']; //from login email field
$pass_l = $_POST['password']; // from login password field
$hash_1= $bcrypt->hash($pass_1);

$chk_email= $dbh->prepare("SELECT password FROM table WHERE email = ?");
$chk_email -> execute(array($email));

while($row = $chk_email->fetch(PDO::FETCH_ASSOC)){
    $chk_pass = $row['password']; //inside a while loop to get the password
    $pass_isGood = $bcrypt->verify($hash_1, $chk_pass);
    var_dump($pass_isGood); // I'm getting false

}

I'm not sure what I'm doing wrong, I'm supposed to get true. And I have set my tablefield to text or even varchar(256)

解决方案

Using Andrew Moore's class, you need to call the class verify() method to verify that the user's password matches the hash. The two parameters you pass to it are the plaintext password the user entered and the hash that you stored in the database.

It seems you passed a second hashed password to verify() instead, which is why it's not working. Pass in the plaintext password as the first argument.

这篇关于PHP& MYSQL：使用bcrypt hash和数据库验证密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！