问题
I'm making a login system, and I want to hash the passwords to make them more secure, but it returns a different hash every time, and can't even be verified using password_verify(), here is my code:
$password = password_hash($password4, PASSWORD_DEFAULT);
and here is my code for verifying:
if(password_verify($password4, $dbpassword))
回答1:
So let's take it one part at a time
but it returns a different hash every time
That's the idea. password_hash is designed to generate a random salt every time. This means you have to break each hash individually instead of guessing one salt used for everything and having a huge leg up.
There's no need to MD5 or do any other hashing. If you want to raise the security of password_hash you pass a higher cost (default cost is 10)
$password = password_hash($password4, PASSWORD_DEFAULT, ['cost' => 15]);
As to verify
if(password_verify($password4, $dbpassword))
So $password4 should be your unhashed password and $dbpassword should be the hash you've stored in your database
来源:https://stackoverflow.com/questions/33108720/password-hash-returns-different-value-every-time