问题
I don't have idea what is the trouble in my code hash.php(insert bycryp password)
**<?php
$con = new mysqli("localhost", "root", "", "hast") or die(mysqli_error());
if (array_key_exists("f5", $_GET)) {
$w5 = $_GET['f5'];//pass
}
if (array_key_exists("f6", $_GET)) {
$w6 = $_GET['f6'];//pass
}
$salt = md5(uniqid(rand()));
$options = [
'cost' =>11,
'salt' => $salt
];
$hash_password = password_hash($w6, PASSWORD_BCRYPT, $options)."\n";
$sql = mysqli_query($con, "INSERT INTO `pass`(`nama`, `hash_password`, `salt`) VALUES ('$w5','$hash_password','$salt')")or die(mysqli_error($con));
if ($sql) {
echo $hash_password;
} else {
echo "gagal";
}
?>**
hashlog.php
**<?php
$con = new mysqli("localhost", "root", "", "hast") or die(mysqli_error());
if (array_key_exists("f5", $_GET)) {
$w5 = $_GET['f5'];//user
}
if (array_key_exists("f6", $_GET)) {
$w6 = $_GET['f6'];//pass
}
$sql = mysqli_query($con, "select hash_password from pass where nama='$w5'")or die(mysqli_error($con));
$row = mysqli_fetch_assoc($sql);
$hash = $row['hash_password'];
$hash = $row['hash_password'];
//$hash ='$2y$11$0be5c43957cd3df608521u4PiYrUUyK/dQRSlc/g5UVdDdKk1WChy';
if (password_verify($w6, $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
?>**
in my case always invalid password although password is correct please help me
回答1:
The problem is that you specify an invalid salt value. You should not specify the salt yourself, just leave the library generate one for you. If you really want to specify a salt, the use a code like this to do it:
$salt = mcrypt_create_iv(22, MCRYPT_DEV_URANDOM);
Also, I think that your problem is an appended \n at the hashed password; you must remove it:
$hash_password = password_hash($w6, PASSWORD_BCRYPT, $options)."\n"; //remove this "\n"
来源:https://stackoverflow.com/questions/42945269/password-verify-always-invalid-password-although-password-is-correct