dr5648 2016-04-10 18:31
浏览 18
已采纳

注册和登录时,PHP密码哈希不一样[关闭]

When a user registers and logs in, I use the same password_hash function to hash the plain-text password.

password_hash($password, PASSWORD_DEFAULT)

However the password is not the same.

I can prove this another way by simply registering two users with the same password.

For example "admin" turns into "$2y$10$SyqILazLbo4jJVYvxYfwW.WgHUnSi.cRMETWoMjZXwMNa4H4tYELK"

on one user, and "$2y$10$gXfVz6oH4afxAL.7ytFJseZV3VERxbSYXqN7FYsRzH4IrjJw9uyO6" on another. This means the password_hash will never be the same, so user cann ever log in.

What am I doing wrong?

  • 写回答

2条回答 默认 最新

  • dongtou2016 2016-04-10 18:45
    关注

    You need to use password_verify for verifying if password is correct or not. Something like this

    <?php
    
    $password = "rasmuslerdorf";
    
    $hash =  password_hash($password, PASSWORD_DEFAULT);
    
    if (password_verify($password, $hash)) {
      echo 'Password is valid!';
    } else {
      echo 'Invalid password.';
    }
    
    ?>
    

    reference page

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 在不同的执行界面调用同一个页面
  • ¥20 基于51单片机的数字频率计
  • ¥50 M3T长焦相机如何标定以及正射影像拼接问题
  • ¥15 keepalived的虚拟VIP地址 ping -s 发包测试,只能通过1472字节以下的数据包(相关搜索:静态路由)
  • ¥20 关于#stm32#的问题:STM32串口发送问题,偶校验(even),发送5A 41 FB 20.烧录程序后发现串口助手读到的是5A 41 7B A0
  • ¥15 C++map释放不掉
  • ¥15 Mabatis查询数据
  • ¥15 想知道lingo目标函数中求和公式上标是变量情况如何求解
  • ¥15 关于E22-400T22S的LORA模块的通信问题
  • ¥15 求用二阶有源低通滤波将3khz方波转为正弦波的电路