发表新帖
发表新帖

php password_verify() hash and pass won't match

前端 未结
关注
1 1726
予麋鹿
予麋鹿 2020-12-02 02:31

I store my passwords in my database hashed with password_hash(), and I am trying to verify the passwords on login with password_verify(). For some reason password_verify() k

相关标签:
1条回答
  • 北海茫月
    2020-12-02 03:14

    "When I echo $valid the output is $2y$10$zzZCN7UlukvY2skb3ELVp.4y3Oc7NJTEsFyqdstqYxT"

    $2y$10$zzZCN7UlukvY2skb3ELVp.4y3Oc7NJTEsFyqdstqYxT the hash is only 50 in length and is invalid/too short and as I said, MySQL will fail silently; error reporting/checking would not have helped here.

    The password's column length should be 60 (255 is suggested), so it wasn't stored correctly originally.

    You will need to clear your password column/or table, increase your column's length, and start over again.

    Reference:

    • http://php.net/manual/en/function.password-hash.php

    "Therefore, it is recommended to store the result in a database column that can expand beyond 60 characters (255 characters would be a good choice)."

    You can also modify your query to read as:

    $con = new mysqli("xxx", "xxx", "xxx", "xxx");
if ($con->connect_error) {
    die('Connect Error (' . $con->connect_errno . ') '
            . $con->connect_error);
}

$query = "SELECT `pass` FROM `user` WHERE `email`='$emailLogin'";
$result = $con->query($query);

// error checking on the query
if (!$result) {
    echo "<p>There was an error in query: $query</p>";
    echo $con->error;
}

$row_hash = $result->fetch_array();
if (password_verify($passLogin, $row_hash['pass'])) {
    echo "Success!";
}

    Edit:

    Adding from a comment I left to the OP:

    Your verify function needs to have a connection made to your database, that is what I feel is happening here (variable scope). So you'll need to either use global $con; or pass the connection (variable) to your function (which is better in most cases).

    I don't know if you're doing an "include" for the function, and if so, then that's what the other problem is.

    I.e.: function VUP($con, $check, $valid){ or function VUP($check, $valid){ global $con; - Try both. Use $result = mysqli_query($con, $query) or die(mysqli_error($con)); instead of the one you have now.

    0 讨论(0)
 看不清?
提交回复
热议问题