問題描述
我正在使用 Andrew Moore 先生的方法 (您如何在 PHP 中使用 bcrypt 對密碼進行散列處理?) 的散列用戶密碼.我所做的是我有一個注冊頁面,它使用
I'm using Mr. Andrew Moore's method (How do you use bcrypt for hashing passwords in PHP?) of hashing user's password. What I did is I have a registration page and it uses
$bcrypt = new Bcrypt(12);
$pass = $_POST['password']; //register password field
$hash= $bcrypt->hash($pass);
// then inserts $hash into database with users registered email (I've checked my mysql database and it indeed has an hashed item
然后我有一個登錄頁面,由電子郵件和密碼字段組成.我的想法是電子郵件地址在我的數據庫中是唯一的.因此,考慮到這一點,我制作了一個腳本,它首先檢查用戶的電子郵件地址,然后如果存在現有的電子郵件地址,請使用此驗證哈希密碼
Then I have a login page, consisting of email and password fields. My thought is that email addresses are unique in my database. So with that in mind, I made a script where it check's users email address first, then if there is an existing one, verify the hash password with this
$bcrypt = new Bcrypt(12);
$email = $_POST['email']; //from login email field
$pass_l = $_POST['password']; // from login password field
$hash_1= $bcrypt->hash($pass_1);
$chk_email= $dbh->prepare("SELECT password FROM table WHERE email = ?");
$chk_email -> execute(array($email));
while($row = $chk_email->fetch(PDO::FETCH_ASSOC)){
$chk_pass = $row['password']; //inside a while loop to get the password
$pass_isGood = $bcrypt->verify($hash_1, $chk_pass);
var_dump($pass_isGood); // I'm getting false
}
我不確定我做錯了什么,我應該說實話.我已經將我的 tablefield 設置為 text 甚至 varchar(256)
I'm not sure what I'm doing wrong, I'm supposed to get true. And I have set my tablefield to text or even varchar(256)
推薦答案
使用Andrew Moore的課,需要調用類 verify() 方法來驗證用戶的密碼是否與哈希匹配.您傳遞給它的兩個參數是用戶輸入的明文密碼和您存儲在數據庫中的哈希值.
Using Andrew Moore's class, you need to call the class verify() method to verify that the user's password matches the hash. The two parameters you pass to it are the plaintext password the user entered and the hash that you stored in the database.
您似乎向 verify() 傳遞了第二個散列密碼,這就是它不起作用的原因.將明文密碼作為第一個參數傳入.
It seems you passed a second hashed password to verify() instead, which is why it's not working. Pass in the plaintext password as the first argument.
這篇關于PHP &MYSQL:使用 bcrypt 哈希并使用數據庫驗證密碼的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網!