我有使用此tutorial 为登录应用程序编写的fallowing类:
class passHash{
private static $algo='$2y$';
private static $cost ='12$';
private function generateSalt(){
$salt=substr(sha1(mt_rand()),0,22);
return $salt;
}
public function hashPassword($password){
$hashpassword=crypt($password,self::$algo.self::$cost.self::generateSalt());
return $hashpassword;
}
public function checkPassword($hash, $password){
$fullsalt=substr($hash,0,29);
$newhash=crypt($password,$fullsalt);
if ($newhash==$password){
return true;
}else{
return false;
}
}
}
我认为代码是自我解释的,我发现有很多关于此登录类的问题 我遇到的问题是检查密码。如果我这样做:
$a=passHash::hashPassword('1234');
$b=passHash::checkPassword($a,'1234');
var_dump($b);
我选择bool(false)的结果
此代码的问题在哪里?
编辑1 如果我像这样修改checkPassword:
public function checkPassword($hash, $password){
$fullsalt=substr($hash,0,29);
$newhash=crypt($password,$fullsalt).'<br>';
return $newhash;
}
然后我做:
$a=passHash::hashPassword('1234');
echo 'hashPassword: '.$a.'<br>';
$b=passHash::checkPassword($a,'1234');
echo 'checkPassword: '.$b.'<br>';
它们是相同的......所以问题在哪里?
答案 0 :(得分:1)
测试应该是这样的:
if ($newhash==$hash){
return true;
}else{
return false;
}
答案 1 :(得分:0)
完整的工作代码是:
class passHash{
private static $algo='$2y$';
private static $cost ='12$';
private function generateSalt(){
$salt=substr(sha1(mt_rand()),0,22);
return $salt;
}
/**
@param string $password
*/
public function hashPassword($password){
$hashpassword=crypt($password,self::$algo.self::$cost.self::generateSalt());
return $hashpassword;
}
/**
* @param string $hashpassword
* @param string $password
*/
public function checkPassword($hashpassword, $password){
$fullsalt=substr($hashpassword,0,29);
$newhash=crypt($password,$fullsalt);
return ($newhash==$hashpassword);
}
}