php - 密码验证无法将散列密码与用户输入的密码进行比较

Question

我正在尝试将散列密码与用户输入的密码进行比较，但它不验证并说密码不正确。我使用此代码对密码进行哈希处理:$hashed_pa​​ssword = password_hash($me, PASSWORD_DEFAULT);

下面的代码是登录检查页面

host=""; // Host name 
$username=""; // Mysql username 
$password=""; // Mysql password 
$db_name=""; // Database name 
$tbll_name="employees_table"; // Table name 
$tb2_name="system_users";
$tb3_name="managers_table";
// Connect to server and select databse.
$link = mysqli_connect("$host", "$username", "$password")or die("cannot connect"); 
mysqli_select_db($link,"$db_name")or die("cannot select DB");
$myusername=$_POST["myusername"];  
$mypassword=$_POST["mypassword"]; 

// To protect MySQL injection (more detail about MySQL injection )
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysqli_real_escape_string($link, $myusername);
$mypassword = mysqli_real_escape_string($link, $mypassword);


$statues = "active";

// from system table
if ($sql="SELECT * FROM $tb2_name WHERE User_id='".$myusername."' and statues='".$statues."'");
{

$wql="SELECT * FROM $tb2_name WHERE User_id='".$myusername."' ";
$result2 = mysqli_query($link, $wql);
$details = mysqli_fetch_array($result2, MYSQLI_BOTH);
$Name = $details["Company"];
$Surname = $details["First_name"];
$encrypted_password = $details["Password"];

上面的代码从数据库中获取散列函数，下面的代码比较它们。但它显示密码不正确，即使他们输入了正确的密码

if (password_verify($mypassword, $encrypted_password))
{ 

Answer 1

"i think the hashed password is greater than 30 characters so it just cut after 30. – Jerome"

您的查询“悄无声息”失败，因为密码列太短，您需要清除当前密码/散列并重新开始。

根据 password_hash() 函数的手册:

http://php.net/manual/en/function.password-hash.php

PASSWORD_DEFAULT - Use the bcrypt algorithm (default as of PHP 5.5.0). Note that this constant is designed to change over time as new and stronger algorithms are added to PHP. For that reason, the length of the result from using this identifier can change over time. Therefore, it is recommended to store the result in a database column that can expand beyond 60 characters (255 characters would be a good choice).