问题
This is actually two questions:
1) My understanding is you determine what type of encryption crypt() uses by how many characters you use in the salt. For instance:
crypt('mypassword', someStringThatIs33CharsLong); // This would be blowfish?
2) Once I get this data, how do I verify it against user input at a future date? The following doesn't appear to work:
if (crypt($user_input, $encryptedinfo) == $encryptedinfo) {
echo "Password verified!";
}
What am I missing here?
回答1:
When you are using crypt the Salt (someStringThatIs33CharsLong) needs to be the same in order for you to encrypt something else and have the value the same. I have used this for username/password logins where the password is called with
crypt('password', 'aCrt45xaCrt45xaCrt45xaCrt45xaCrt4');
When you re encrypt you will need to use the same salt to make sure it is the same. This can be done by storing in the database or statically.
So your check would turn into
if (crypt($user_input, someStringThatIs33CharsLong) == $encryptedinfo) {
echo "Password verified!";
}
回答2:
To store, you will need to put $encryptedinfo in either an xml page, an sql database, or a $_COOKIE['encryptedinfo'] (I do not advise the last one, or the first one)
回答3:
You should be using:
<?php
$crypt_pass = crypt('mypassword', 'salt');
?>
and
<?php
if(crypt('mypassword', 'salt') == $crypt_pass){
echo 'Correct Pass';
}
?>
Hope this helps!
回答4:
PHP's crypt() does use the salt argument to determine which algorithm to use, but it's not the length of the argument - it's the format. For example, Blowfish is selected by giving the salt in the format $2a$12$... where ... is 22 characters of salt.
Given that $encryptedinfo was created earlier using:
$encryptedinfo = crypt(...);
then the method you have shown for verifying the password is correct. For example, the following script prints "Password verified!":
$encryptedinfo = crypt('mypassword', '$2a$12$t4cmBQx3na8EAeNuWLwiN1');
if (crypt('mypassword', $encryptedinfo) == $encryptedinfo) {
echo "Password verified!\n";
}
来源:https://stackoverflow.com/questions/8199244/using-crypt-and-verifying-not-sure-how-it-works