QJ8YOdKgquJQ28fQbNY1Q3JdTFnoe

QJ8YOdKgquJQ28fQbNY1Q3JdTFnoe

本文介绍了password_verify php不匹配的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述



首先,我如何生成密码和哈希:

我试图用函数password_verify检查发布的用户密码和数据库中的哈希值。 / p>

  $ user_password = $ this-> generate_password(); 

private function generate_password($ length = 8)
{
$ chars =abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^& *()_- = +;:,,。 ?;
$ password = substr(str_shuffle($ chars),0,$ length);
返回$ password;
}

define(HASH_COST_FACTOR,10);
$ hash_cost_factor =(defined('HASH_COST_FACTOR')?HASH_COST_FACTOR:null);
$ user_password_hash = password_hash($ user_password,PASSWORD_DEFAULT,array('cost'=&$; $ hash_cost_factor));

$ b $ sql =INSERT INTO users(user_name,user_password_hash,user_email,user_creation_timestamp)
VALUES(:user_name,:user_password_hash,:user_email,:user_creation_timestamp);
$ query = $ this-> db-> prepare($ sql);
$ query-> execute(array(':user_name'=> $ user_name,
':user_password_hash'=> $ user_password_hash,
':user_email'=> $ user_email ,
':user_creation_timestamp'=> $ user_creation_timestamp));
$ count = $ query-> rowCount();
if($ count!= 1){
$ _SESSION [feedback_negative] [] = FEEDBACK_ACCOUNT_CREATION_FAILED;
返回false;
}

if($ this-> sendUserpassword($ user_email,$ user_password)){
$ _SESSION [feedback_positive] [] = FEEDBACK_ACCOUNT_SUCCESSFULLY_CREATED;
返回true;
} else {
$ query = $ this-> db-> prepare(DELETE FROM users WHERE user_id =:last_inserted_id);
$ query-> execute(array(':last_inserted_id'=> $ user_id));
$ _SESSION [feedback_negative] [] = FEEDBACK_PASSWORD_MAIL_SENDING_FAILED;
返回false;

私钥函数sendUserpassword($ user_email,$ user_password)
{
$ mail = new PHPMailer; (EMAIL_USE_SMTP){
$ mail-> IsSMTP();

if
$ mail-> SMTPDebug = PHPMAILER_DEBUG_MODE;
$ mail-> SMTPAuth = EMAIL_SMTP_AUTH;
if(defined(EMAIL_SMTP_ENCRYPTION)){
$ mail-> SMTPSecure = EMAIL_SMTP_ENCRYPTION;
}
$ mail-> Host = EMAIL_SMTP_HOST;
$ mail->用户名= EMAIL_SMTP_USERNAME;
$ mail->密码= EMAIL_SMTP_PASSWORD;
$ mail-> Port = EMAIL_SMTP_PORT;
} else {
$ mail-> IsMail();
}

$ mail->自= EMAIL_PASSWORD_FROM_EMAIL;
$ mail-> FromName = EMAIL_PASSWORD_FROM_NAME;
$ mail-> AddAddress($ user_email);
$ mail->主题= EMAIL_PASSWORD_SUBJECT;
$ mail->正文= EMAIL_PASSWORD_CONTENT。 '/'。 $ USER_PASSWORD; ($ mail-> Send()){
$ _SESSION [feedback_positive] [] = FEEDBACK_PASSWORD_MAIL_SENDING_SUCCESSFUL;

if
返回true;
} else {
$ _SESSION [feedback_negative] [] = FEEDBACK_PASSWORD_MAIL_SENDING_ERROR。 $ MAIL-> ERRORINFO;
返回false;


$ / code>

登录验证:

  if(!isset($ _ POST ['user_name'])OR empty($ _ POST ['user_name'])){
$ _SESSION [ feedback_negative] [] = FEEDBACK_USERNAME_FIELD_EMPTY;
返回false;

$ b $ if(!isset($ _ POST ['user_password'])或空($ _ POST ['user_password'])){
$ _SESSION [feedback_negative] [] = FEEDBACK_PASSWORD_FIELD_EMPTY;
返回false;

$ b $ sth = $ this-> db-> prepare(SELECT user_id,
user_name,
user_email,
user_password_hash,
user_active,
user_account_type
FROM users
WHERE(user_name =:user_name或user_email =:user_name));
$ b $ sth-> execute(array(':user_name'=> $ _POST ['user_name'],':provider_type'=>'DEFAULT'));
$ count = $ sth-> rowCount();

if($ count!= 1){
$ _SESSION [feedback_negative] [] = FEEDBACK_LOGIN_FAILED;
返回false;
}

$ result = $ sth-> fetch();
$ b $ //通过password_verify检查
if(password_verify($ _ POST ['user_password'],$ result-> user_password_hash)){
...
return真正;
} else {
$ _SESSION [feedback_negative] [] = FEEDBACK_PASSWORD_WRONG;
返回false;
}

总是得到密码错误的信息。我阅读了这个但是我手工测试了哈希字符串以验证字符串。



哈希字符串:
$ 2y $ 10 $ SwSq7OukPpN / QJ8YOdKgquJQ28fQbNY1Q3JdTFnoe.2VxD / D2RXBS

>

通过电子邮件发送密码:
/ f)1c(-JG

手工测试:

$ $ $ $ $ $ $ $ $ $ $ $ $ $ SwSq7OukPpN / QJ8YOdKgquJQ28fQbNY1Q3JdTFnoe.2VxD / D2RXBS';
$ password ='/ f) 1c(-JG';

if(password_verify($ password,$ hash)){
echo'Password is valid!';
} else {
echo '密码无效';
}

打印密码无效。

解决方案

您的测试用例中的$ hash变量无效,并且不对应于密码

  $ hash ='$ 2y $ 10 $ SwSq7OukPpN / QJ8YOdKgquJQ28 fQbNY1Q3JdTFnoe.2VxD / D2RXBS; 
$ password ='/ f)1c(-JG';

if(password_verify($ password,$ hash)){
echo'Password is valid!';
} else {
echo'密码无效';
}

当我使用这段代码时,一切都正常工作

  $ password ='/ f)1c(-JG'; 
$ hash = password_hash($ password,PASSWORD_DEFAULT,array(cost=> 10));

if(password_verify($ password,$ hash)){
echo'Password ';
} else {
echo'无效的密码';
}

我使用php 5.5.10


I try to check the password with the function password_verify with the posted user password and the hash from database.

First, how I generate the password and hash:

$user_password = $this->generate_password();

private function generate_password($length = 8)
{
 $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_-=+;:,.?";
 $password = substr( str_shuffle( $chars ), 0, $length );
 return $password;
}

define("HASH_COST_FACTOR", "10");
$hash_cost_factor = (defined('HASH_COST_FACTOR') ? HASH_COST_FACTOR : null);
$user_password_hash = password_hash($user_password, PASSWORD_DEFAULT, array('cost' => $hash_cost_factor));


$sql = "INSERT INTO users (user_name, user_password_hash, user_email, user_creation_timestamp)
VALUES (:user_name, :user_password_hash, :user_email, :user_creation_timestamp)";
$query = $this->db->prepare($sql);
$query->execute(array(':user_name' => $user_name,
                      ':user_password_hash' => $user_password_hash,
                      ':user_email' => $user_email,
                      ':user_creation_timestamp' => $user_creation_timestamp));
$count =  $query->rowCount();
if ($count != 1) {
   $_SESSION["feedback_negative"][] = FEEDBACK_ACCOUNT_CREATION_FAILED;
 return false;
}

  if ($this->sendUserpassword($user_email, $user_password)) {
      $_SESSION["feedback_positive"][] = FEEDBACK_ACCOUNT_SUCCESSFULLY_CREATED;
      return true;
  } else {
      $query = $this->db->prepare("DELETE FROM users WHERE user_id = :last_inserted_id");
      $query->execute(array(':last_inserted_id' => $user_id));
      $_SESSION["feedback_negative"][] = FEEDBACK_PASSWORD_MAIL_SENDING_FAILED;
      return false;
  }
private function sendUserpassword($user_email, $user_password)
{
  $mail = new PHPMailer;

  if (EMAIL_USE_SMTP) {
      $mail->IsSMTP();
      $mail->SMTPDebug = PHPMAILER_DEBUG_MODE;
      $mail->SMTPAuth = EMAIL_SMTP_AUTH;
      if (defined(EMAIL_SMTP_ENCRYPTION)) {
          $mail->SMTPSecure = EMAIL_SMTP_ENCRYPTION;
      }
      $mail->Host = EMAIL_SMTP_HOST;
      $mail->Username = EMAIL_SMTP_USERNAME;
      $mail->Password = EMAIL_SMTP_PASSWORD;
      $mail->Port = EMAIL_SMTP_PORT;
      } else {
        $mail->IsMail();
      }

  $mail->From = EMAIL_PASSWORD_FROM_EMAIL;
  $mail->FromName = EMAIL_PASSWORD_FROM_NAME;
  $mail->AddAddress($user_email);
  $mail->Subject = EMAIL_PASSWORD_SUBJECT;
  $mail->Body = EMAIL_PASSWORD_CONTENT . '/' . $user_password;

  if($mail->Send()) {
    $_SESSION["feedback_positive"][] = FEEDBACK_PASSWORD_MAIL_SENDING_SUCCESSFUL;
    return true;
  } else {
    $_SESSION["feedback_negative"][] = FEEDBACK_PASSWORD_MAIL_SENDING_ERROR . $mail->ErrorInfo;
    return false;
  }
}

Validate on login:

if (!isset($_POST['user_name']) OR empty($_POST['user_name'])) {
  $_SESSION["feedback_negative"][] = FEEDBACK_USERNAME_FIELD_EMPTY;
  return false;
}

if (!isset($_POST['user_password']) OR empty($_POST['user_password'])) {
  $_SESSION["feedback_negative"][] = FEEDBACK_PASSWORD_FIELD_EMPTY;
  return false;
}

$sth = $this->db->prepare("SELECT user_id,
                           user_name,
                           user_email,
                           user_password_hash,
                           user_active,
                           user_account_type
                           FROM   users
                           WHERE  (user_name = :user_name OR user_email = :user_name)");

$sth->execute(array(':user_name' => $_POST['user_name'], ':provider_type' => 'DEFAULT'));
$count =  $sth->rowCount();

if ($count != 1) {
  $_SESSION["feedback_negative"][] = FEEDBACK_LOGIN_FAILED;
  return false;
}

$result = $sth->fetch();

//check via password_verify
if (password_verify($_POST['user_password'], $result->user_password_hash)) {
  ...
  return true;
} else {
  $_SESSION["feedback_negative"][] = FEEDBACK_PASSWORD_WRONG;
  return false;
}

get always the password wrong message. I read this php password_hash and password_verify issues no match but I tested the hash string by hand to verify with literal string.

The hashstring:$2y$10$SwSq7OukPpN/QJ8YOdKgquJQ28fQbNY1Q3JdTFnoe.2VxD/D2RXBS

The password send by email:/f)1c(-JG

tested by hand:

$hash = '$2y$10$SwSq7OukPpN/QJ8YOdKgquJQ28fQbNY1Q3JdTFnoe.2VxD/D2RXBS';
$password = '/f)1c(-JG';

if (password_verify($password, $hash)) {
    echo 'Password is valid!';
} else {
    echo 'Invalid password.';
}

prints Invalid password.

解决方案

Your $hash variable in your test case is invalid, and doesn't correspond to password

$hash = '$2y$10$SwSq7OukPpN/QJ8YOdKgquJQ28fQbNY1Q3JdTFnoe.2VxD/D2RXBS';
$password = '/f)1c(-JG';

if (password_verify($password, $hash)) {
echo 'Password is valid!';
} else {
    echo 'Invalid password.';
}

When I used this code, everything works properly

$password = '/f)1c(-JG';
$hash = password_hash($password, PASSWORD_DEFAULT, array("cost" => 10));

if (password_verify($password, $hash)) {
    echo 'Password is valid!';
} else {
     echo 'Invalid password.';
}

I use php 5.5.10

这篇关于password_verify php不匹配的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-18 12:59