password_verify 无法使用 Bcrypt 验证 password_hash
password_verify can't verify password_hash with Bcrypt
我在 password_verify 确认我的散列密码时遇到了一些问题。
这是我的登录名:
if (isset($_POST["login-button-front"]))
{
// IF VALUE IS GIVEN
if (isset($_POST["user-password"]) && ($_POST["user-email"])){
$user_email = $_POST["user-email"];
// QUERY DATABASE TO VERIFY LOGIN INFORMATION
$query_password = $db->prepare("SELECT password, user_session FROM login WHERE email = :user_email");
$query_password->execute(array(':user_email' => $user_email));
$password_row = $query_password->fetchAll();
// CHECK PASSWORD
$password = $_POST["user-password"];
$password_hash = $password_row[0]["password"];
if(password_verify($password, $password_hash)){
$_SESSION['user'] = $password_row['user_session'];
require 'members.php';
}
// RESPOND IF WRONG INFORMATION GIVEN
else{
$login_wrong = "The username and/or password you entered is incorrect. Please try again.";
require 'front_page.php';
}
}
// RESPOND IF NO INFORMATION GIVEN
else{
$login_wrong = "You must enter a valid username and password to login. Need an account? Register below.";
require 'front_page.php';
}
}
这是我的注册:
$password = password_hash($_POST['password1'], PASSWORD_DEFAULT);
我查看了所有详细信息,删除了单引号和双引号。以及确保没有提取错误。这是我的工作代码:
if (isset($_POST["login-button-front"]))
{
// IF VALUE IS GIVEN
if (isset($_POST["user-password"]) && ($_POST["user-email"])){
$user_email = $_POST["user-email"];
// QUERY DATABASE TO VERIFY LOGIN INFORMATION
$query_password = $db->prepare("SELECT password, user_session FROM login WHERE email = :user_email");
$query_password->execute(array(':user_email' => $user_email));
$password_row = $query_password->fetchAll();
// CHECK PASSWORD
$password = $_POST["user-password"];
$password_hash = $password_row[0]["password"];
if(password_verify($password, $password_hash)){
$_SESSION['user'] = $password_row[0]['user_session'];
require 'members.php';
}
// RESPOND IF WRONG INFORMATION GIVEN
else{
$login_wrong = "The username and/or password you entered is incorrect. Please try again.";
require 'front_page.php';
}
}
// RESPOND IF NO INFORMATION GIVEN
else{
$login_wrong = "You must enter a valid username and password to login. Need an account? Register below.";
require 'front_page.php';
}
}
我最终使用这个散列:
$password_options = ['cost' => 11,'salt' => mcrypt_create_iv(22,MCRYPT_DEV_URANDOM),];
$password = password_hash($_POST['password1'], PASSWORD_BCRYPT, $password_options);
我在 password_verify 确认我的散列密码时遇到了一些问题。
这是我的登录名:
if (isset($_POST["login-button-front"]))
{
// IF VALUE IS GIVEN
if (isset($_POST["user-password"]) && ($_POST["user-email"])){
$user_email = $_POST["user-email"];
// QUERY DATABASE TO VERIFY LOGIN INFORMATION
$query_password = $db->prepare("SELECT password, user_session FROM login WHERE email = :user_email");
$query_password->execute(array(':user_email' => $user_email));
$password_row = $query_password->fetchAll();
// CHECK PASSWORD
$password = $_POST["user-password"];
$password_hash = $password_row[0]["password"];
if(password_verify($password, $password_hash)){
$_SESSION['user'] = $password_row['user_session'];
require 'members.php';
}
// RESPOND IF WRONG INFORMATION GIVEN
else{
$login_wrong = "The username and/or password you entered is incorrect. Please try again.";
require 'front_page.php';
}
}
// RESPOND IF NO INFORMATION GIVEN
else{
$login_wrong = "You must enter a valid username and password to login. Need an account? Register below.";
require 'front_page.php';
}
}
这是我的注册:
$password = password_hash($_POST['password1'], PASSWORD_DEFAULT);
我查看了所有详细信息,删除了单引号和双引号。以及确保没有提取错误。这是我的工作代码:
if (isset($_POST["login-button-front"]))
{
// IF VALUE IS GIVEN
if (isset($_POST["user-password"]) && ($_POST["user-email"])){
$user_email = $_POST["user-email"];
// QUERY DATABASE TO VERIFY LOGIN INFORMATION
$query_password = $db->prepare("SELECT password, user_session FROM login WHERE email = :user_email");
$query_password->execute(array(':user_email' => $user_email));
$password_row = $query_password->fetchAll();
// CHECK PASSWORD
$password = $_POST["user-password"];
$password_hash = $password_row[0]["password"];
if(password_verify($password, $password_hash)){
$_SESSION['user'] = $password_row[0]['user_session'];
require 'members.php';
}
// RESPOND IF WRONG INFORMATION GIVEN
else{
$login_wrong = "The username and/or password you entered is incorrect. Please try again.";
require 'front_page.php';
}
}
// RESPOND IF NO INFORMATION GIVEN
else{
$login_wrong = "You must enter a valid username and password to login. Need an account? Register below.";
require 'front_page.php';
}
}
我最终使用这个散列:
$password_options = ['cost' => 11,'salt' => mcrypt_create_iv(22,MCRYPT_DEV_URANDOM),];
$password = password_hash($_POST['password1'], PASSWORD_BCRYPT, $password_options);