这是crypt() 的 PHP 手册页中的示例:
<?php
$password = crypt('mypassword'); // let the salt be automatically generated
/* You should pass the entire results of crypt() as the salt for comparing a
password, to avoid problems when different hashing algorithms are used. (As
it says above, standard DES-based password hashing uses a 2-character salt,
but MD5-based hashing uses 12.) */
if (crypt($user_input, $password) == $password) {
echo "Password verified!";
}
?>
为什么这行得通?我认为这'mypassword'
是我希望实际管理员使用的密码。所以我先将其加密,并将其设置为$password
. 显然,我必须将其存储在数据库中。但在接下来的几行中,它被用作盐和我正在比较的东西,我不明白怎么可能crypt($user_input, $password)
等于到. 如果最后一行是$password
$user_input
$password
$password
if (crypt($user_input) == $password) {
echo "Password verified!";
}
我不明白什么?