我阅读了关于crypt()功能的php.net手册。这是我的代码:
#code.....
#we retrieve existing salt and password from database
$salt=$saltquery['salt'];
#$ex_password - existing password
$ex_password=$saltquery['pass'];
#$pass defined earlier. that's input
$password_hash=crypt($pass, '$2a$07$'.$salt.'');
if (crypt($password_hash, $ex_password)==$ex_password) {
#everything is ok
} else {
#username/password combination doesn't exists
$msgText = "Oops! Check your username and password";
$pass=NULL;
}
我仍然收到错误'哎呀!检查您的用户名和密码'。我检查了$password_hash的数据库和输出,它们匹配。
也许这样编码更好:
#.....
if ($password_hash==$ex_password){}
#.....
答案 0 :(得分:2)
为什么加密$ password_hash两次?
我认为你的比较更像是这样:
$password_hash=crypt($pass, '$2a$07$'.$salt);
$password_hash_check($ex_password, '$2a$07$' . $salt);
if ($password_hash === $password_hash_check) {
#everything is ok
} else {
#username/password combination doesn't exists
$msgText = "Oops! Check your username and password";
$pass=NULL;
}
答案 1 :(得分:2)
检查密码时,您必须将用户输入传递给crypt函数(请参阅crypt docs):
if (crypt($user_input, $hashed_password) == $hashed_password) {
echo "Password verified!";
}
您当前正在计算新的(不同的)密码哈希,并将其与存储的密码进行比较。
答案 2 :(得分:1)
我相信这就是你想要的:
$password_hash=crypt($pass, '$2a$07$'.$salt.''); // crypt input
if ($password_hash== $ex_password) // check against crypted
// password stored in the database