本文介绍了试图了解password_verify PHP的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我想了解password_verify如何使用它来重置密码。
我原以为这会奏效,但哈希似乎不匹配?

  p> 

用于将明文密码与哈希密码进行比较,而不是将两个哈希与e进行比较其他;使用password_verify()将 $ sUniqueCode 与您生成的任何散列进行比较

  if(password_verify($ sUniqueCode,$ sHash1)){...} 

编辑



与通过电子邮件发送密码散列(不会以任何方式使用)相比,发送nonce链接以进行初始帐户访问,或新密码生成


I am trying to understand how password_verify work to use it for resetting the password.I would've thought this would've worked, but the hashed don't seem to match?

$sUniqueCode = uniqid('1234', true);
$sHash1 = password_hash($sUniqueCode, PASSWORD_DEFAULT);
$sHash2 = password_hash($sUniqueCode, PASSWORD_DEFAULT);
$sHash3 = password_hash($sUniqueCode, PASSWORD_DEFAULT);

echo "Hash 1: ".$sHash1."<br>";
echo "Hash 2: ".$sHash2."<br>";
echo "Hash 3: ".$sHash3."<br>";

if(password_verify($sHash1, $sHash1)) {
    echo "Hash 1 = hash 2 <br>";
}

if(password_verify($sHash3, $sHash1)) {
    echo "Hash 1 = hash 3";
}

I don't get an echo of the last two conditions, what am I missing here?

Context

Why I want to understand this is because I want to generate one hash of the same unique_id to be stored in the database, and 1 to be send in an email as GET-variable.

If the example above does not work, the comparison of the two hashes on my website will not validate to true either, right?

解决方案

Every hash generated using password_hash() is salted with a different salt, so $sHash1, $sHash2 and $sHash3 will all be different

password_verify() is used to compare a plaintext password against a hashed password, not two hashes with each other; use password_verify() to compare $sUniqueCode with any of the hashes that you have generated

if (password_verify($sUniqueCode, $sHash1)) { ... }

EDIT

Rather than sending a password hash through email, which isn't useful in any way, send a nonce link for initial account access, or new password generation

这篇关于试图了解password_verify PHP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-18 13:00