I have an input field where the users enter their username and password. Do I need to hash the password that they input or is it ok to leave it and just use it in password_verify against the hashed database password. I am using password_hash to hash them with PASSWORD_BCRYPT and don't know how to compare them if I have to hash the input as well as the stored password.
2条回答 默认 最新
- doubei5114 2017-10-01 07:03关注
No. When you use
password_hash
or similar functions to hash your passwords you should not hash the password before testing it withpassword_verify
. At least as long as you don't "double hash it" which is quite useless.The
password_hash
method will return a value which contains which hash it uses, the salt and the cost. So when it's passed to theverify_password
method the method will know what to do with the clear text password passed as first argument.You can read about all this at the PHP docs:
http://php.net/manual/en/function.password-verify.php
http://php.net/manual/en/function.password-hash.php本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏 举报
悬赏问题
- ¥15 lammps拉伸应力应变曲线分析
- ¥15 C++ 头文件/宏冲突问题解决
- ¥15 用comsol模拟大气湍流通过底部加热(温度不同)的腔体
- ¥50 安卓adb backup备份子用户应用数据失败
- ¥20 有人能用聚类分析帮我分析一下文本内容嘛
- ¥15 请问Lammps做复合材料拉伸模拟,应力应变曲线问题
- ¥30 python代码,帮调试,帮帮忙吧
- ¥15 #MATLAB仿真#车辆换道路径规划
- ¥15 java 操作 elasticsearch 8.1 实现 索引的重建
- ¥15 数据可视化Python