password_verify 无法使用 Bcrypt 验证 password_hash

password_verify can't verify password_hash with Bcrypt

我在 password_verify 确认我的散列密码时遇到了一些问题。 这是我的登录名:

if (isset($_POST["login-button-front"]))
{
    // IF VALUE IS GIVEN
    if (isset($_POST["user-password"]) && ($_POST["user-email"])){
        $user_email = $_POST["user-email"];

        // QUERY DATABASE TO VERIFY LOGIN INFORMATION
        $query_password = $db->prepare("SELECT password, user_session FROM login WHERE email = :user_email");
        $query_password->execute(array(':user_email' => $user_email));
        $password_row = $query_password->fetchAll();

        // CHECK PASSWORD
        $password = $_POST["user-password"];
        $password_hash = $password_row[0]["password"];

        if(password_verify($password, $password_hash)){
            $_SESSION['user'] = $password_row['user_session'];
            require 'members.php';
        }
        // RESPOND IF WRONG INFORMATION GIVEN
        else{
            $login_wrong = "The username and/or password you entered is incorrect. Please try again.";
            require 'front_page.php';
        }
    }
    // RESPOND IF NO INFORMATION GIVEN
    else{
        $login_wrong = "You must enter a valid username and password to login. Need an account? Register below.";
        require 'front_page.php';
    }
}

这是我的注册:

$password = password_hash($_POST['password1'], PASSWORD_DEFAULT);

我查看了所有详细信息,删除了单引号和双引号。以及确保没有提取错误。这是我的工作代码:

if (isset($_POST["login-button-front"]))
{
    // IF VALUE IS GIVEN
    if (isset($_POST["user-password"]) && ($_POST["user-email"])){
        $user_email = $_POST["user-email"];

        // QUERY DATABASE TO VERIFY LOGIN INFORMATION
        $query_password = $db->prepare("SELECT password, user_session FROM login WHERE email = :user_email");
        $query_password->execute(array(':user_email' => $user_email));
        $password_row = $query_password->fetchAll();

        // CHECK PASSWORD
        $password = $_POST["user-password"];
        $password_hash = $password_row[0]["password"];

        if(password_verify($password, $password_hash)){
            $_SESSION['user'] = $password_row[0]['user_session'];
            require 'members.php';
        }
        // RESPOND IF WRONG INFORMATION GIVEN
        else{
            $login_wrong = "The username and/or password you entered is incorrect. Please try again.";
            require 'front_page.php';
        }
    }
    // RESPOND IF NO INFORMATION GIVEN
    else{
        $login_wrong = "You must enter a valid username and password to login. Need an account? Register below.";
        require 'front_page.php';
    }
}

我最终使用这个散列:

$password_options = ['cost' => 11,'salt' => mcrypt_create_iv(22,MCRYPT_DEV_URANDOM),];
$password = password_hash($_POST['password1'], PASSWORD_BCRYPT, $password_options);