试图了解password_verify PHP [英] Trying to understand password_verify PHP

问题描述

我想了解password_verify如何使用它来重置密码。
我原以为这会奏效，但哈希似乎不匹配？

  $ sUniqueCode = uniqid（'1234'，true）; 
 $ sHash1 = password_hash（$ sUniqueCode，PASSWORD_DEFAULT）; 
 $ sHash2 = password_hash（$ sUniqueCode，PASSWORD_DEFAULT）; 
 $ sHash3 = password_hash（$ sUniqueCode，PASSWORD_DEFAULT）; 
 
 echoHash 1：。$ sHash1。< br>; 
 echoHash 2：。$ sHash2。< br>; 
 echoHash 3：。$ sHash3。< br>; 
 
 if（password_verify（$ sHash1，$ sHash1））{
 echoHash 1 = hash 2< br>; 
} 
 
 if（password_verify（$ sHash3，$ sHash1））{
 echoHash 1 = hash 3; 
} 
  

我没有得到最后两个条件的回应，我是什么在这里失踪？

上下文

为什么我想明白这是因为我想要生成一个相同unique_id的哈希值以存储在数据库中，并且将1作为GET变量发送到电子邮件中。

如果上面的示例没有工作，我的网站上的两个哈希值的比较将不会验证为true，对吗？

解决方案

一个href =http://www.php.net/manual/en/function.password-hash.php =nofollow> password_hash（）被不同的salt盐渍，所以 $ sHash1 ， $ sHash2 和 $ sHash3 将全部不同 p>

password_verify（）用于将明文密码与哈希密码进行比较，而不是将两个哈希与e进行比较其他;使用password_verify（）将 $ sUniqueCode 与您生成的任何散列进行比较

  if（password_verify（$ sUniqueCode，$ sHash1））{...} 
  

编辑

与通过电子邮件发送密码散列（不会以任何方式使用）相比，发送nonce链接以进行初始帐户访问，或新密码生成

I am trying to understand how password_verify work to use it for resetting the password. I would've thought this would've worked, but the hashed don't seem to match?

$sUniqueCode = uniqid('1234', true);
$sHash1 = password_hash($sUniqueCode, PASSWORD_DEFAULT);
$sHash2 = password_hash($sUniqueCode, PASSWORD_DEFAULT);
$sHash3 = password_hash($sUniqueCode, PASSWORD_DEFAULT);

echo "Hash 1: ".$sHash1."<br>";
echo "Hash 2: ".$sHash2."<br>";
echo "Hash 3: ".$sHash3."<br>";

if(password_verify($sHash1, $sHash1)) {
    echo "Hash 1 = hash 2 <br>";
}

if(password_verify($sHash3, $sHash1)) {
    echo "Hash 1 = hash 3";
}

I don't get an echo of the last two conditions, what am I missing here?

Context

Why I want to understand this is because I want to generate one hash of the same unique_id to be stored in the database, and 1 to be send in an email as GET-variable.

If the example above does not work, the comparison of the two hashes on my website will not validate to true either, right?

解决方案

Every hash generated using password_hash() is salted with a different salt, so $sHash1, $sHash2 and $sHash3 will all be different

password_verify() is used to compare a plaintext password against a hashed password, not two hashes with each other; use password_verify() to compare $sUniqueCode with any of the hashes that you have generated

if (password_verify($sUniqueCode, $sHash1)) { ... }

EDIT

Rather than sending a password hash through email, which isn't useful in any way, send a nonce link for initial account access, or new password generation

这篇关于试图了解password_verify PHP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！