I have the code
echo password_hash( 'i=badatphp', PASSWORD_BCRYPT, [ 'cost' => 10 ] );
Every time I run the script the password changes
I'm using PHP 7, and in PHP 5 I used to be able to set a salt, but now I can't
How am I supposed to overcome not knowing what the salt is?
分享 The reason you may see a new hash each time your run password_hash this way is because it will automatically generate a new random salt, which will result in a different hash even if the input password is the same.
While, as of PHP 7 the salt option is deprecated, it is definitely not removed from password_hash. Though, you should note that the reason it is deprecated is because it is planned for removal (probably in the next minor release of PHP). The reason it is planned for removal is because it discourages people from using inferior means of generating their salt. Since the function can generate good random salts for you automatically there's really very little reason to want to provide your own.
In any case, password_hash is just a thin wrapper over crypt, which exposes more of the primitives of the underlying API. So if you wanted to provide your own salt through crypt you still could. Though I highly discourage it when PHP can just do it for you with password_hash and in a manner which is not likely to result in error.
分享
