dtrt2368 2018-04-16 13:04
浏览 46
已采纳

如果我使用损坏的参数调用password_verify()会发生什么?

According to its documentation PHP's password_verify() function

Returns TRUE if the password and hash match, or FALSE otherwise. [highlight added by me]

The documentation also indicates that the functions parameters are:

password The user's password.

hash A hash created by password_hash().

The documentation does not provide any insight about errors/exceptions/warning with respect to cases in which those parameters are "corrupted" or invalid.

Some quick testing showed me that the question is rather tolerant with regard to "garbage" being passed in (especiallty in the hash parameter). My question is if I can rely on this behavior, as it would be somewhat implied in the "Returns[...]or FALSE otherwise" part?

  • 写回答

1条回答 默认 最新

  • doumingo04696 2018-04-16 13:17
    关注

    For PHP document: if no exception/error/warning is mentioned, then there will be no exception/error/warning. If you meet an exception without any document, it is a BUG in the document, and you can report it to the PHP team to fix it. So writing a clean if (!password_verify(...)) is OK.

    For password_verify: it is meaningless to distinguish invalid hash or wrong password for password verification, so password_verify just returns false if the hash doesn't match the password. Such behavior makes programming easier.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 使用ue5插件narrative时如何切换关卡也保存叙事任务记录
  • ¥20 软件测试决策法疑问求解答
  • ¥15 win11 23H2删除推荐的项目,支持注册表等
  • ¥15 matlab 用yalmip搭建模型,cplex求解,线性化处理的方法
  • ¥15 qt6.6.3 基于百度云的语音识别 不会改
  • ¥15 关于#目标检测#的问题:大概就是类似后台自动检测某下架商品的库存,在他监测到该商品上架并且可以购买的瞬间点击立即购买下单
  • ¥15 神经网络怎么把隐含层变量融合到损失函数中?
  • ¥15 lingo18勾选global solver求解使用的算法
  • ¥15 全部备份安卓app数据包括密码,可以复制到另一手机上运行
  • ¥20 测距传感器数据手册i2c