變量$ hash。 PHP 7

Question

此登錄代碼有效，但'$ hashedpass'是如何通過散列傳遞「$ 2y $ 10 $ ...」變量的？

再次。 我需要變量函數'$ hashedpass'。 如何從數據庫中給'$ hashedpass'？每個用戶都有可變的傳遞/散列。

<?php 
$data['error_message'] = $lang['error_empty_login']; 

$loginId = $escapeObj->stringEscape($_POST['login_id']); 

$hash = password_hash($_POST['login_password'], PASSWORD_DEFAULT); 
$hashedpass='$2y$10$.............'; 
$crypto_pass = password_verify($hash, $hashedpass); 

$userId = getUserId($conn, $loginId); 

if ($userId) 
{ 
$query = $conn->query("SELECT id,username,email_verified FROM " . DB_ACCOUNTS . " WHERE id=$userId AND password='$hashedpass' AND type='user' AND active=1"); 
$data['error_message'] = $lang['error_bad_login']; 

if ($query->num_rows == 1) 
{ 
$fetch = $query->fetch_array(MYSQLI_ASSOC); 
$continue = true; 

if ($config['email_verification'] == 1 && $fetch['email_verified'] == 0) 
{ 
    $continue = false; 
    $data['error_message'] = $lang['error_verify_email']; 
} 

if ($continue == true) 
{ 
    $_SESSION['user_id'] = $fetch['id']; 
    $_SESSION['user_pass'] = $hashedpass; 

    if (isset($_POST['keep_logged_in']) && $_POST['keep_logged_in'] == true) 
    { 
     setcookie('sk_u_i', $_SESSION['user_id'], time() + (60 * 60 * 24 * 7)); 
     setcookie('sk_u_p', $_SESSION['user_pass'], time() + (60 * 60 * 24 * 7)); 
    } 

    $data['status'] = 200; 
    $data['redirect_url'] = smoothLink('index.php?tab1=home'); 
} 
} 
else 
{ 
$data['error_message'] = $lang['incorrect_password']; 
} 
} 
else 
{ 
$data['error_message'] = $lang['no_user_found']; 
} 

header("Content-type: application/json; charset=utf-8"); 
echo json_encode($data); 
$conn->close(); 
exit(); 

謝謝。

Answer 1

你做錯了。 password_verify()預計用戶輸入的原始密碼字符串作爲其第一個參數，例如

$pw = $_POST['password']; 
$user = $_POST['username']; 

$info = get_user_information_from_database($user); 

if(password_verify($pw, $info['storedhash'])) { 
    ... password matched hash ... 
} else { 
    ... incorrect pw/user 
} 

換句話說，在創建用戶記錄時，你保存password_hash()產生的哈希值。當你去驗證/登錄用戶，你檢索散列，然後使用散列和輸入的密碼password_verify()。