password_verify php не совпадает
Я пытаюсь проверить пароль с помощью функции password_verify с отправленным паролем пользователя и хэшем из базы данных.
Во-первых, как я генерирую пароль и хэш:
$user_password = $this->generate_password();
private function generate_password($length = 8)
{
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_-=+;:,.?";
$password = substr( str_shuffle( $chars ), 0, $length );
return $password;
}
define("HASH_COST_FACTOR", "10");
$hash_cost_factor = (defined('HASH_COST_FACTOR') ? HASH_COST_FACTOR : null);
$user_password_hash = password_hash($user_password, PASSWORD_DEFAULT, array('cost' => $hash_cost_factor));
$sql = "INSERT INTO users (user_name, user_password_hash, user_email, user_creation_timestamp)
VALUES (:user_name, :user_password_hash, :user_email, :user_creation_timestamp)";
$query = $this->db->prepare($sql);
$query->execute(array(':user_name' => $user_name,
':user_password_hash' => $user_password_hash,
':user_email' => $user_email,
':user_creation_timestamp' => $user_creation_timestamp));
$count = $query->rowCount();
if ($count != 1) {
$_SESSION["feedback_negative"][] = FEEDBACK_ACCOUNT_CREATION_FAILED;
return false;
}
if ($this->sendUserpassword($user_email, $user_password)) {
$_SESSION["feedback_positive"][] = FEEDBACK_ACCOUNT_SUCCESSFULLY_CREATED;
return true;
} else {
$query = $this->db->prepare("DELETE FROM users WHERE user_id = :last_inserted_id");
$query->execute(array(':last_inserted_id' => $user_id));
$_SESSION["feedback_negative"][] = FEEDBACK_PASSWORD_MAIL_SENDING_FAILED;
return false;
}
private function sendUserpassword($user_email, $user_password)
{
$mail = new PHPMailer;
if (EMAIL_USE_SMTP) {
$mail->IsSMTP();
$mail->SMTPDebug = PHPMAILER_DEBUG_MODE;
$mail->SMTPAuth = EMAIL_SMTP_AUTH;
if (defined(EMAIL_SMTP_ENCRYPTION)) {
$mail->SMTPSecure = EMAIL_SMTP_ENCRYPTION;
}
$mail->Host = EMAIL_SMTP_HOST;
$mail->Username = EMAIL_SMTP_USERNAME;
$mail->Password = EMAIL_SMTP_PASSWORD;
$mail->Port = EMAIL_SMTP_PORT;
} else {
$mail->IsMail();
}
$mail->From = EMAIL_PASSWORD_FROM_EMAIL;
$mail->FromName = EMAIL_PASSWORD_FROM_NAME;
$mail->AddAddress($user_email);
$mail->Subject = EMAIL_PASSWORD_SUBJECT;
$mail->Body = EMAIL_PASSWORD_CONTENT . '/' . $user_password;
if($mail->Send()) {
$_SESSION["feedback_positive"][] = FEEDBACK_PASSWORD_MAIL_SENDING_SUCCESSFUL;
return true;
} else {
$_SESSION["feedback_negative"][] = FEEDBACK_PASSWORD_MAIL_SENDING_ERROR . $mail->ErrorInfo;
return false;
}
}
Подтвердить при входе в систему:
if (!isset($_POST['user_name']) OR empty($_POST['user_name'])) {
$_SESSION["feedback_negative"][] = FEEDBACK_USERNAME_FIELD_EMPTY;
return false;
}
if (!isset($_POST['user_password']) OR empty($_POST['user_password'])) {
$_SESSION["feedback_negative"][] = FEEDBACK_PASSWORD_FIELD_EMPTY;
return false;
}
$sth = $this->db->prepare("SELECT user_id,
user_name,
user_email,
user_password_hash,
user_active,
user_account_type
FROM users
WHERE (user_name = :user_name OR user_email = :user_name)");
$sth->execute(array(':user_name' => $_POST['user_name'], ':provider_type' => 'DEFAULT'));
$count = $sth->rowCount();
if ($count != 1) {
$_SESSION["feedback_negative"][] = FEEDBACK_LOGIN_FAILED;
return false;
}
$result = $sth->fetch();
//check via password_verify
if (password_verify($_POST['user_password'], $result->user_password_hash)) {
...
return true;
} else {
$_SESSION["feedback_negative"][] = FEEDBACK_PASSWORD_WRONG;
return false;
}
получить всегда пароль неверное сообщение. Я читаю этоphp password_hash и password_verify не совпадают но я проверил хеш-строку вручную, чтобы проверить с литеральной строкой.
Хеш-строка: $ 2y $ 10 $ SwSq7OukPpN / QJ8YOdKgquJQ28fQbNY1Q3JdTFnoe.2VxD / D2RXBS
Пароль отправьте по электронной почте: / f) 1c (-JG
проверено вручную:
$hash = '$2yДостаточно ли длинен столбец вашей базы данных, чтобы хранить весь хеш без обработки?SwSq7OukPpN/QJ8YOdKgquJQ28fQbNY1Q3JdTFnoe.2VxD/D2RXBS';
$password = '/f)1c(-JG';
if (password_verify($password, $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
печатает неверный пароль.