Jump to content
Larry Ullman's Book Forums

How Does A Php Programmer Learn To Code For Hire?


Guest Deleted
 Share

Recommended Posts

Guest Deleted

Did any of you guys code sites so that they will rehash a user's password every time they login? I could swear I read about that somewhere, but I can't find it now.

Link to comment
Share on other sites

I don't think what you're talking about are each-time password hashing but rather single use passwords. A more secure approach some sites are using is to authorize user access for each session, with no password storage at all.

Link to comment
Share on other sites

Guest Deleted

Well, I'm not sure how it works, but when I make hashes with PHP's new password_hash() function, PHP's new password_verify() function doesn't seem to have any problem verifying them, no matter what the salt is.

 

Here I have password_hash() making hashes with a random salt. password_verify() is checking it just fine.

 

 

$hash = password_hash("22bubbles", PASSWORD_BCRYPT);
print $hash.'<br />';
if (password_verify('22bubbles', $hash)) {
    echo 'Password is valid!!!!!!!!!!!!!!!';
} else {
    echo 'Invalid password.';
}

It also works when I manually pick a salt:

 

$options = array(
'salt' => 'BCRYPT22CharSaltHere!!'
);
$hash = password_hash("22bubbles", PASSWORD_BCRYPT, $options);
print $hash.'<br />';
if (password_verify('22bubbles', $hash)) {
    echo 'Password is valid!!!!!!!!!!!!!!!';
} else {
    echo 'Invalid password.';
}

I'm guessing that password_verify() can somehow determine the salt by looking at the hash.

 

Anyway, I don't know where on earth I heard somebody say that they re-hash user's passwords every time they login, but the way I picture it working is they just run the plain text password through password_hash(), let it give it a random salt, and update the database with the new hash.

 

If you want to play with password_hash() and password_verify(), get this code: https://github.com/ircmaxell/password_compat/blob/master/lib/password.php

 

Or you can get PHP 5.5 but it's still in alpha, I think.

Link to comment
Share on other sites

  • 4 weeks later...

Been busy for a bit there & away for the computer so getting to this thread rather late.

Thoroughly enjoyed reading some of the posts on this thread.

I'm way off the "entry stage" yet but it is something I regularly think about.

Apart from pure programming power, it seems to me like patience, good-timing and perhaps a dash of luck are also useful.

Link to comment
Share on other sites

Yes, I agree. Naturally, it's good to have programming prowess, but I agree that that's not all there is to it. If you work hard, have a portfolio and keep trying though, I think it will happen (or at least, I hope it will happen, as I continue to look for work myself).

Link to comment
Share on other sites

Yes, I agree. Naturally, it's good to have programming prowess, but I agree that that's not all there is to it. If you work hard, have a portfolio and keep trying though, I think it will happen (or at least, I hope it will happen, as I continue to look for work myself).

 

echo "If you work hard, have a portfolio and keep trying though, I think it will happen";

Exactly how I think.

Link to comment
Share on other sites

 Share

×
×
  • Create New...