-1

我阅读了关于crypt()功能的 php.net 手册。这是我的代码:

#code.....
#we retrieve existing salt and password from database
$salt=$saltquery['salt'];
#$ex_password - existing password
$ex_password=$saltquery['pass'];
#$pass defined earlier. that's input
$password_hash=crypt($pass, '$2a$07$'.$salt.'');
if (crypt($password_hash, $ex_password)==$ex_password) {
 #everything is ok
} else {
 #username/password combination doesn't exists
 $msgText = "Oops! Check your username and password";
 $pass=NULL;
}

我仍然收到错误“糟糕!检查您的用户名和密码'。我检查数据库和输出$password_hash,它们匹配。也许像这样编码更好:

#.....
if ($password_hash==$ex_password){}
#.....
4

3 回答 3

2

为什么你加密 $password_hash 两次?

我认为您的比较会更像这样:

$password_hash=crypt($pass, '$2a$07$'.$salt);
$password_hash_check($ex_password, '$2a$07$' . $salt);
if ($password_hash === $password_hash_check) {
 #everything is ok
} else {
 #username/password combination doesn't exists
 $msgText = "Oops! Check your username and password";
 $pass=NULL;
}
于 2012-08-03T17:23:27.887 回答
2

检查密码时,您必须将用户输入传递给 crypt 函数(请参阅crypt文档):

if (crypt($user_input, $hashed_password) == $hashed_password) {
   echo "Password verified!";
}

您当前正在计算一个新的(不同的)密码哈希并将其与存储的密码进行比较。

于 2012-08-03T17:26:03.257 回答
1

我相信这就是你想要的:

$password_hash=crypt($pass, '$2a$07$'.$salt.''); // crypt input
if ($password_hash== $ex_password) // check against crypted 
                                   // password stored in the database
于 2012-08-03T17:30:22.617 回答