duanbichou4942 2017-03-22 07:28
浏览 609
已采纳

password_verify总是无效的密码,虽然密码是正确的

I don't have idea what is the trouble in my code hash.php(insert bycryp password)

**<?php
$con = new mysqli("localhost", "root", "", "hast") or die(mysqli_error());
if (array_key_exists("f5", $_GET)) {
    $w5 = $_GET['f5'];//pass
}
if (array_key_exists("f6", $_GET)) {
    $w6 = $_GET['f6'];//pass
}
$salt = md5(uniqid(rand()));
$options = [
  'cost' =>11,
  'salt' => $salt
];
$hash_password = password_hash($w6, PASSWORD_BCRYPT, $options)."
";
 $sql = mysqli_query($con, "INSERT INTO `pass`(`nama`, `hash_password`, `salt`) VALUES ('$w5','$hash_password','$salt')")or die(mysqli_error($con));
    if ($sql) {
        echo $hash_password;
    } else {
        echo "gagal";
    }
?>**

hashlog.php

**<?php
$con = new mysqli("localhost", "root", "", "hast") or die(mysqli_error());
if (array_key_exists("f5", $_GET)) {
    $w5 = $_GET['f5'];//user
}
if (array_key_exists("f6", $_GET)) {
    $w6 = $_GET['f6'];//pass
}
$sql = mysqli_query($con, "select hash_password from pass where nama='$w5'")or die(mysqli_error($con));
$row = mysqli_fetch_assoc($sql);
$hash = $row['hash_password'];
$hash = $row['hash_password'];
//$hash ='$2y$11$0be5c43957cd3df608521u4PiYrUUyK/dQRSlc/g5UVdDdKk1WChy';
if (password_verify($w6, $hash)) {
    echo 'Password is valid!';
} else {
    echo 'Invalid password.';
}
?>**

in my case always invalid password although password is correct please help me

  • 写回答

1条回答 默认 最新

  • dro44817 2017-03-22 07:54
    关注

    The problem is that you specify an invalid salt value. You should not specify the salt yourself, just leave the library generate one for you. If you really want to specify a salt, the use a code like this to do it:

    $salt = mcrypt_create_iv(22, MCRYPT_DEV_URANDOM);

    Also, I think that your problem is an appended at the hashed password; you must remove it:

    $hash_password = password_hash($w6, PASSWORD_BCRYPT, $options)."
"; //remove this "
"
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?