问题描述
我想了解password_verify如何使用它来重置密码。
我原以为这会奏效,但哈希似乎不匹配?
p>
用于将明文密码与哈希密码进行比较,而不是将两个哈希与e进行比较其他;使用password_verify()将 $ sUniqueCode 与您生成的任何散列进行比较
if(password_verify($ sUniqueCode,$ sHash1)){...}
编辑
与通过电子邮件发送密码散列(不会以任何方式使用)相比,发送nonce链接以进行初始帐户访问,或新密码生成
I am trying to understand how password_verify work to use it for resetting the password.I would've thought this would've worked, but the hashed don't seem to match?
$sUniqueCode = uniqid('1234', true); $sHash1 = password_hash($sUniqueCode, PASSWORD_DEFAULT); $sHash2 = password_hash($sUniqueCode, PASSWORD_DEFAULT); $sHash3 = password_hash($sUniqueCode, PASSWORD_DEFAULT); echo "Hash 1: ".$sHash1."<br>"; echo "Hash 2: ".$sHash2."<br>"; echo "Hash 3: ".$sHash3."<br>"; if(password_verify($sHash1, $sHash1)) { echo "Hash 1 = hash 2 <br>"; } if(password_verify($sHash3, $sHash1)) { echo "Hash 1 = hash 3"; }I don't get an echo of the last two conditions, what am I missing here?
Context
Why I want to understand this is because I want to generate one hash of the same unique_id to be stored in the database, and 1 to be send in an email as GET-variable.
If the example above does not work, the comparison of the two hashes on my website will not validate to true either, right?
解决方案Every hash generated using password_hash() is salted with a different salt, so $sHash1, $sHash2 and $sHash3 will all be different
password_verify() is used to compare a plaintext password against a hashed password, not two hashes with each other; use password_verify() to compare $sUniqueCode with any of the hashes that you have generated
if (password_verify($sUniqueCode, $sHash1)) { ... }EDIT
Rather than sending a password hash through email, which isn't useful in any way, send a nonce link for initial account access, or new password generation
这篇关于试图了解password_verify PHP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!