I am testing the new php encryption algorithm (Argon2) and it gives me problems when I collect the data from the database. I am showing the code below, password_verify ()
always returns false.
setpass:
function setpass($pass, $cryp){
global $conn;
$qry="UPDATE users SET pass=:pass WHERE cryp LIKE :cryp";
$result=$conn->prepare($qry);
$password=password_hash($pass, PASSWORD_ARGON2I);
$result->bindParam(':pass', $password);
$result->bindParam(':cryp', $cryp);
$result->execute();
header("Location: http://localhost/intranet/login.php");
}
login:
function login($nick, $pass){
global $conn;
$qry="SELECT id, pass FROM users WHERE nick LIKE :nick";
$result=$conn->prepare($qry);
$result->bindParam(':nick', $nick);
$result->execute();
$user=$result->fetch();
if(password_verify($pass, $user['pass'])){
setcookie("user_id", $user['id'], time()+432000);
setcookie("user_nick", $user['nick'], time()+432000);
header("Location: xxxx");
}
else{
var_dump("ERROR");
}
}
The only thing that fails is the password_verify
function. The hash is inserted well in the database and if I try to do the hash and password_verify
on the same page with a test string if it works well. The coding is like utf-8
in the database and in my .php
答案 0 :(得分:0)
我遇到了同样的问题,为我解决的问题是在password_hash函数中添加了选项
像这样
$options = $options = [
'memory_cost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST,
'time_cost' => PASSWORD_ARGON2_DEFAULT_TIME_COST,
'threads' => PASSWORD_ARGON2_DEFAULT_THREADS,
];
$password2 = password_hash('1234567890', PASSWORD_ARGON2I, $options);
之后,它运行完美