PHP &MYSQL:使用 bcrypt 哈希并使用数据库验证密码
我正在使用 Andrew Moore 先生的方法 (您如何在 PHP 中使用 bcrypt 对密码进行散列处理?) 的散列用户密码.我所做的是我有一个注册页面,它使用
I'm using Mr. Andrew Moore's method (How do you use bcrypt for hashing passwords in PHP?) of hashing user's password. What I did is I have a registration page and it uses
$bcrypt = new Bcrypt(12);
$pass = $_POST['password']; //register password field
$hash= $bcrypt->hash($pass);
// then inserts $hash into database with users registered email (I've checked my mysql database and it indeed has an hashed item
然后我有一个登录页面,由电子邮件和密码字段组成.我的想法是电子邮件地址在我的数据库中是唯一的.因此,考虑到这一点,我制作了一个脚本,它首先检查用户的电子邮件地址,然后如果存在现有的电子邮件地址,请使用此验证哈希密码
Then I have a login page, consisting of email and password fields. My thought is that email addresses are unique in my database. So with that in mind, I made a script where it check's users email address first, then if there is an existing one, verify the hash password with this
$bcrypt = new Bcrypt(12);
$email = $_POST['email']; //from login email field
$pass_l = $_POST['password']; // from login password field
$hash_1= $bcrypt->hash($pass_1);
$chk_email= $dbh->prepare("SELECT password FROM table WHERE email = ?");
$chk_email -> execute(array($email));
while($row = $chk_email->fetch(PDO::FETCH_ASSOC)){
$chk_pass = $row['password']; //inside a while loop to get the password
$pass_isGood = $bcrypt->verify($hash_1, $chk_pass);
var_dump($pass_isGood); // I'm getting false
}
我不确定我做错了什么,我应该说实话.我已经将我的 tablefield 设置为 text
甚至 varchar(256)
I'm not sure what I'm doing wrong, I'm supposed to get true. And I have set my tablefield to text
or even varchar(256)
推荐答案
使用Andrew Moore的课,需要调用类 verify()
方法来验证用户的密码是否与哈希匹配.您传递给它的两个参数是用户输入的明文密码和您存储在数据库中的哈希值.
Using Andrew Moore's class, you need to call the class verify()
method to verify that the user's password matches the hash. The two parameters you pass to it are the plaintext password the user entered and the hash that you stored in the database.
您似乎向 verify()
传递了第二个散列密码,这就是它不起作用的原因.将明文密码作为第一个参数传入.
It seems you passed a second hashed password to verify()
instead, which is why it's not working. Pass in the plaintext password as the first argument.
相关文章