uwenhao2008
- uwenhao2008 2015-09-29 已签到连续签到1天,获得了5个金钱
- uwenhao2008 赞了回答
问题找到了,但是是个很奇怪的问题,调用类下的函数时返回的是false,但是在调用的这个函数内部返回的确实true...不解
public function validatePassword($password, $hash) { if (!is_string($password) || $password === '') { throw new InvalidParamException('Password must be a string and cannot be empty.'); } if (!preg_match('/^\$2[axy]\$(\d\d)\$[\.\/0-9A-Za-z]{22}/', $hash, $matches) || $matches[1] < 4 || $matches[1] > 30) { throw new InvalidParamException('Hash is invalid.'); } switch ($this->passwordHashStrategy) { case 'password_hash': if (!function_exists('password_verify')) { throw new InvalidConfigException('Password hash key strategy "password_hash" requires PHP >= 5.5.0, either upgrade your environment or use another strategy.'); } return password_verify($password, $hash); case 'crypt': $test = crypt($password, $hash); $n = strlen($test); if ($n !== 60) { return false; } var_dump($this->compareString($test, $hash));//false die(); return $this->compareString($test, $hash); default: throw new InvalidConfigException("Unknown password hash strategy '{$this->passwordHashStrategy}'"); } }
public function compareString($expected, $actual) { $expected .= "\0"; $actual .= "\0"; $expectedLength = StringHelper::byteLength($expected); $actualLength = StringHelper::byteLength($actual); $diff = $expectedLength - $actualLength; for ($i = 0; $i < $actualLength; $i++) { $diff |= (ord($actual[$i]) ^ ord($expected[$i % $expectedLength])); } return $diff === 0;//true }
Security这个类里面,很郁闷