Whats the proper way to use password_verify with PDO?

前端未结

关注

 2  1284

南方客 2021-01-21 16:54

I can\'t seem to get password_verify to work w/in my php PDO code. My pass field is stored as varchar(255). I\'ve been reading similar questions, but from what I can tell I hav

2条回答

长发绾君心 (楼主)

2021-01-21 17:23
RTM? http://php.net/password_verify
```
boolean password_verify ( string $password , string $hash )
```
You pass in the PLAINTEXT password for $password. You don't hash it yourself. That'll just generate a NEW hash with a DIFFERENT salt, making comparisons both pointless and impossible.

password_verify will extract the proper salt from $hash, use that to hash $password itself, then compare the hash strings.

e.g. password_verify is basically just this:
```
function password_verify($pw, $hash) {
    $salt = get_salt_from($hash);
    $temp = password_hash($pw, $salt);

    return ($temp == $hash);
}
```
0 讨论(0)

查看其它2个回答
发布评论:

提交评论
- 加载中...