password_verify php不匹配 [英] password_verify php not match

查看：165 发布时间：2018/6/1 18:38:39 php mysql hash passwords verify

本文介绍了password_verify php不匹配的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

首先，我如何生成密码和哈希：

我试图用函数password_verify检查发布的用户密码和数据库中的哈希值。 / p>

  $ user_password = $ this-> generate_password（）; 
 
 private function generate_password（$ length = 8）
 {
 $ chars =abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789！@＃$％^& *（）_- = +;：，，。 ？; 
 $ password = substr（str_shuffle（$ chars），0，$ length）; 
返回$ password; 
} 
 
 define（HASH_COST_FACTOR，10）; 
 $ hash_cost_factor =（defined（'HASH_COST_FACTOR'）？HASH_COST_FACTOR：null）; 
 $ user_password_hash = password_hash（$ user_password，PASSWORD_DEFAULT，array（'cost'=&$; $ hash_cost_factor））; 
 
 $ b $ sql =INSERT INTO users（user_name，user_password_hash，user_email，user_creation_timestamp）
 VALUES（：user_name，：user_password_hash，：user_email，：user_creation_timestamp）; 
 $ query = $ this-> db-> prepare（$ sql）; 
 $ query-> execute（array（'：user_name'=> $ user_name，
'：user_password_hash'=> $ user_password_hash，
'：user_email'=> $ user_email ，
'：user_creation_timestamp'=> $ user_creation_timestamp））; 
 $ count = $ query-> rowCount（）; 
 if（$ count！= 1）{
 $ _SESSION [feedback_negative] [] = FEEDBACK_ACCOUNT_CREATION_FAILED; 
返回false; 
} 
 
 if（$ this-> sendUserpassword（$ user_email，$ user_password））{
 $ _SESSION [feedback_positive] [] = FEEDBACK_ACCOUNT_SUCCESSFULLY_CREATED; 
返回true; 
} else {
 $ query = $ this-> db-> prepare（DELETE FROM users WHERE user_id =：last_inserted_id）; 
 $ query-> execute（array（'：last_inserted_id'=> $ user_id））; 
 $ _SESSION [feedback_negative] [] = FEEDBACK_PASSWORD_MAIL_SENDING_FAILED; 
返回false; 
 
私钥函数sendUserpassword（$ user_email，$ user_password）
 {
 $ mail = new PHPMailer; （EMAIL_USE_SMTP）{
 $ mail-> IsSMTP（）; 
 
 if 
 $ mail-> SMTPDebug = PHPMAILER_DEBUG_MODE; 
 $ mail-> SMTPAuth = EMAIL_SMTP_AUTH; 
 if（defined（EMAIL_SMTP_ENCRYPTION））{
 $ mail-> SMTPSecure = EMAIL_SMTP_ENCRYPTION; 
} 
 $ mail-> Host = EMAIL_SMTP_HOST; 
 $ mail->用户名= EMAIL_SMTP_USERNAME; 
 $ mail->密码= EMAIL_SMTP_PASSWORD; 
 $ mail-> Port = EMAIL_SMTP_PORT; 
} else {
 $ mail-> IsMail（）; 
} 
 
 $ mail->自= EMAIL_PASSWORD_FROM_EMAIL; 
 $ mail-> FromName = EMAIL_PASSWORD_FROM_NAME; 
 $ mail-> AddAddress（$ user_email）; 
 $ mail->主题= EMAIL_PASSWORD_SUBJECT; 
 $ mail->正文= EMAIL_PASSWORD_CONTENT。 '/'。 $ USER_PASSWORD; （$ mail-> Send（））{
 $ _SESSION [feedback_positive] [] = FEEDBACK_PASSWORD_MAIL_SENDING_SUCCESSFUL; 
 
 if 
返回true; 
} else {
 $ _SESSION [feedback_negative] [] = FEEDBACK_PASSWORD_MAIL_SENDING_ERROR。 $ MAIL-> ERRORINFO; 
返回false; 
 
 
 $ / code>

登录验证：

  if（！isset（$ _ POST ['user_name']）OR empty（$ _ POST ['user_name']））{
 $ _SESSION [ feedback_negative] [] = FEEDBACK_USERNAME_FIELD_EMPTY; 
返回false; 
 
 $ b $ if（！isset（$ _ POST ['user_password']）或空（$ _ POST ['user_password']））{
 $ _SESSION [feedback_negative] [] = FEEDBACK_PASSWORD_FIELD_EMPTY; 
返回false; 
 
 $ b $ sth = $ this-> db-> prepare（SELECT user_id，
 user_name，
 user_email，
 user_password_hash，
 user_active，
 user_account_type 
 FROM users 
 WHERE（user_name =：user_name或user_email =：user_name））; 
 $ b $ sth-> execute（array（'：user_name'=> $ _POST ['user_name']，'：provider_type'=>'DEFAULT'））; 
 $ count = $ sth-> rowCount（）; 
 
 if（$ count！= 1）{
 $ _SESSION [feedback_negative] [] = FEEDBACK_LOGIN_FAILED; 
返回false; 
} 
 
 $ result = $ sth-> fetch（）; 
 $ b $ //通过password_verify检查
 if（password_verify（$ _ POST ['user_password']，$ result-> user_password_hash））{
 ... 
 return真正; 
} else {
 $ _SESSION [feedback_negative] [] = FEEDBACK_PASSWORD_WRONG; 
返回false; 
}

总是得到密码错误的信息。我阅读了这个 php password_hash和password_verify问题没有匹配但是我手工测试了哈希字符串以验证字符串。

 
 
 哈希字符串：
 $ 2y $ 10 $ SwSq7OukPpN / QJ8YOdKgquJQ28fQbNY1Q3JdTFnoe.2VxD / D2RXBS 
 > 
 
 通过电子邮件发送密码：
 / f）1c（-JG

手工测试： $ $ $ $ $ $ $ $ $ $ $ $ $ $ SwSq7OukPpN / QJ8YOdKgquJQ28fQbNY1Q3JdTFnoe.2VxD / D2RXBS'; $ password ='/ f） 1c（-JG'; if（password_verify（$ password，$ hash））{ echo'Password is valid！'; } else { echo '密码无效'; }

打印密码无效。

解决方案

您的测试用例中的$ hash变量无效，并且不对应于密码

  $ hash ='$ 2y $ 10 $ SwSq7OukPpN / QJ8YOdKgquJQ28 fQbNY1Q3JdTFnoe.2VxD / D2RXBS; 
 $ password ='/ f）1c（-JG'; 
 
 if（password_verify（$ password，$ hash））{
 echo'Password is valid！'; 
} else {
 echo'密码无效'; 
}

当我使用这段代码时，一切都正常工作

  $ password ='/ f）1c（-JG'; 
 $ hash = password_hash（$ password，PASSWORD_DEFAULT，array（cost=> 10））; 
 
 if（password_verify（$ password，$ hash））{
 echo'Password '; 
} else {
 echo'无效的密码'; 
}

我使用php 5.5.10

I try to check the password with the function password_verify with the posted user password and the hash from database.

First, how I generate the password and hash:

$user_password = $this->generate_password();

private function generate_password($length = 8)
{
 $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_-=+;:,.?";
 $password = substr( str_shuffle( $chars ), 0, $length );
 return $password;
}

define("HASH_COST_FACTOR", "10");
$hash_cost_factor = (defined('HASH_COST_FACTOR') ? HASH_COST_FACTOR : null);
$user_password_hash = password_hash($user_password, PASSWORD_DEFAULT, array('cost' => $hash_cost_factor));


$sql = "INSERT INTO users (user_name, user_password_hash, user_email, user_creation_timestamp)
VALUES (:user_name, :user_password_hash, :user_email, :user_creation_timestamp)";
$query = $this->db->prepare($sql);
$query->execute(array(':user_name' => $user_name,
                      ':user_password_hash' => $user_password_hash,
                      ':user_email' => $user_email,
                      ':user_creation_timestamp' => $user_creation_timestamp));
$count =  $query->rowCount();
if ($count != 1) {
   $_SESSION["feedback_negative"][] = FEEDBACK_ACCOUNT_CREATION_FAILED;
 return false;
}

  if ($this->sendUserpassword($user_email, $user_password)) {
      $_SESSION["feedback_positive"][] = FEEDBACK_ACCOUNT_SUCCESSFULLY_CREATED;
      return true;
  } else {
      $query = $this->db->prepare("DELETE FROM users WHERE user_id = :last_inserted_id");
      $query->execute(array(':last_inserted_id' => $user_id));
      $_SESSION["feedback_negative"][] = FEEDBACK_PASSWORD_MAIL_SENDING_FAILED;
      return false;
  }
private function sendUserpassword($user_email, $user_password)
{
  $mail = new PHPMailer;

  if (EMAIL_USE_SMTP) {
      $mail->IsSMTP();
      $mail->SMTPDebug = PHPMAILER_DEBUG_MODE;
      $mail->SMTPAuth = EMAIL_SMTP_AUTH;
      if (defined(EMAIL_SMTP_ENCRYPTION)) {
          $mail->SMTPSecure = EMAIL_SMTP_ENCRYPTION;
      }
      $mail->Host = EMAIL_SMTP_HOST;
      $mail->Username = EMAIL_SMTP_USERNAME;
      $mail->Password = EMAIL_SMTP_PASSWORD;
      $mail->Port = EMAIL_SMTP_PORT;
      } else {
        $mail->IsMail();
      }

  $mail->From = EMAIL_PASSWORD_FROM_EMAIL;
  $mail->FromName = EMAIL_PASSWORD_FROM_NAME;
  $mail->AddAddress($user_email);
  $mail->Subject = EMAIL_PASSWORD_SUBJECT;
  $mail->Body = EMAIL_PASSWORD_CONTENT . '/' . $user_password;

  if($mail->Send()) {
    $_SESSION["feedback_positive"][] = FEEDBACK_PASSWORD_MAIL_SENDING_SUCCESSFUL;
    return true;
  } else {
    $_SESSION["feedback_negative"][] = FEEDBACK_PASSWORD_MAIL_SENDING_ERROR . $mail->ErrorInfo;
    return false;
  }
}

Validate on login:

if (!isset($_POST['user_name']) OR empty($_POST['user_name'])) {
  $_SESSION["feedback_negative"][] = FEEDBACK_USERNAME_FIELD_EMPTY;
  return false;
}

if (!isset($_POST['user_password']) OR empty($_POST['user_password'])) {
  $_SESSION["feedback_negative"][] = FEEDBACK_PASSWORD_FIELD_EMPTY;
  return false;
}

$sth = $this->db->prepare("SELECT user_id,
                           user_name,
                           user_email,
                           user_password_hash,
                           user_active,
                           user_account_type
                           FROM   users
                           WHERE  (user_name = :user_name OR user_email = :user_name)");

$sth->execute(array(':user_name' => $_POST['user_name'], ':provider_type' => 'DEFAULT'));
$count =  $sth->rowCount();

if ($count != 1) {
  $_SESSION["feedback_negative"][] = FEEDBACK_LOGIN_FAILED;
  return false;
}    

$result = $sth->fetch();

//check via password_verify
if (password_verify($_POST['user_password'], $result->user_password_hash)) {
  ...
  return true;
} else {
  $_SESSION["feedback_negative"][] = FEEDBACK_PASSWORD_WRONG;
  return false;
}

get always the password wrong message. I read this php password_hash and password_verify issues no match but I tested the hash string by hand to verify with literal string.

The hashstring: $2y$10$SwSq7OukPpN/QJ8YOdKgquJQ28fQbNY1Q3JdTFnoe.2VxD/D2RXBS

The password send by email: /f)1c(-JG

tested by hand:

$hash = '$2y$10$SwSq7OukPpN/QJ8YOdKgquJQ28fQbNY1Q3JdTFnoe.2VxD/D2RXBS';
$password = '/f)1c(-JG';

if (password_verify($password, $hash)) {
    echo 'Password is valid!';
} else {
    echo 'Invalid password.';
}

prints Invalid password.

解决方案

Your $hash variable in your test case is invalid, and doesn't correspond to password

$hash = '$2y$10$SwSq7OukPpN/QJ8YOdKgquJQ28fQbNY1Q3JdTFnoe.2VxD/D2RXBS';
$password = '/f)1c(-JG';

if (password_verify($password, $hash)) {
echo 'Password is valid!';
} else {
    echo 'Invalid password.';
}

When I used this code, everything works properly

$password = '/f)1c(-JG';
$hash = password_hash($password, PASSWORD_DEFAULT, array("cost" => 10));

if (password_verify($password, $hash)) {
    echo 'Password is valid!';
} else {
     echo 'Invalid password.';
}

I use php 5.5.10

这篇关于password_verify php不匹配的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

password_verify php不匹配 [英] password_verify php not match

问题描述

相关文章

PHP最新文章

热门教程

热门工具

登录关闭

password_verify php不匹配 [英] password_verify php not match

问题描述

相关文章

PHP最新文章

热门教程

热门工具

登录 关闭

登录关闭