-
Notifications
You must be signed in to change notification settings - Fork 103
/
password-verify.xml
125 lines (118 loc) · 3.64 KB
/
password-verify.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
<?xml version="1.0" encoding="utf-8"?>
<!-- $Revision$ -->
<!-- EN-Revision: 5bc68add3da3cd18c40f851e944b15095d3a26aa Maintainer: daijie Status: ready -->
<!-- CREDITS: mowangjuanzi, Luffy -->
<refentry xml:id="function.password-verify" xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink">
<refnamediv>
<refname>password_verify</refname>
<refpurpose>验证密码是否和散列值匹配</refpurpose>
</refnamediv>
<refsect1 role="description">
&reftitle.description;
<methodsynopsis>
<type>bool</type><methodname>password_verify</methodname>
<methodparam><modifier role="attribute">#[\SensitiveParameter]</modifier><type>string</type><parameter>password</parameter></methodparam>
<methodparam><type>string</type><parameter>hash</parameter></methodparam>
</methodsynopsis>
<para>
验证密码是否和指定的散列值匹配。<function>password_verify</function> 与 <function>crypt</function>
兼容。因此,由 <function>crypt</function> 创建的密码散列可以用于 <function>password_verify</function>
一起使用。
</para>
<para>
注意 <function>password_hash</function> 返回的散列包含了算法、 cost 和盐值。
因此,所有需要的信息都包含内。使得验证函数不需要储存额外盐值等信息即可验证散列。
</para>
<para>
时序攻击(timing attacks)对此函数不起作用。
</para>
</refsect1>
<refsect1 role="parameters">
&reftitle.parameters;
<variablelist>
<varlistentry>
<term><parameter>password</parameter></term>
<listitem>
<para>
&password.parameter.password;
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><parameter>hash</parameter></term>
<listitem>
<para>
&password.parameter.hash;
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 role="returnvalues">
&reftitle.returnvalues;
<para>
如果密码和散列值匹配则返回 &true;,否则返回 &false;。
</para>
</refsect1>
<refsect1 role="examples">
&reftitle.examples;
<para>
<example>
<title><function>password_verify</function> 示例</title>
<para>
这只是简单的示例,如果需要,建议重新生成正确的密码;请参见 <function>password_needs_rehash</function> 示例。
</para>
<programlisting role="php">
<![CDATA[
<?php
// 想知道以下字符从哪里来,可参见 password_hash() 示例
$hash = '$2y$10$.vGA1O9wmRjrwAVXD98HNOgsNpDczlqm3Jq7KnEd1rVAGv3Fykk1a';
if (password_verify('rasmuslerdorf', $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
?>
]]>
</programlisting>
&example.outputs;
<screen>
<![CDATA[
Password is valid!
]]>
</screen>
</example>
</para>
</refsect1>
<refsect1 role="seealso">
&reftitle.seealso;
<para>
<simplelist>
<member><function>password_needs_rehash</function></member>
<member><function>password_hash</function></member>
<member><link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="&url.password.compat;">用户级实现</link></member>
<member><function>sodium_crypto_pwhash_str_verify</function></member>
</simplelist>
</para>
</refsect1>
</refentry>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"~/.phpdoc/manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->