Jump to content
Larry Ullman's Book Forums
Sign in to follow this  
Guest Deleted

How Does A Php Programmer Learn To Code For Hire?

Recommended Posts

Guest Deleted

Did any of you guys code sites so that they will rehash a user's password every time they login? I could swear I read about that somewhere, but I can't find it now.

Share this post


Link to post
Share on other sites

I don't think what you're talking about are each-time password hashing but rather single use passwords. A more secure approach some sites are using is to authorize user access for each session, with no password storage at all.

Share this post


Link to post
Share on other sites
Guest Deleted

Well, I'm not sure how it works, but when I make hashes with PHP's new password_hash() function, PHP's new password_verify() function doesn't seem to have any problem verifying them, no matter what the salt is.

 

Here I have password_hash() making hashes with a random salt. password_verify() is checking it just fine.

 

 

$hash = password_hash("22bubbles", PASSWORD_BCRYPT);
print $hash.'<br />';
if (password_verify('22bubbles', $hash)) {
    echo 'Password is valid!!!!!!!!!!!!!!!';
} else {
    echo 'Invalid password.';
}

It also works when I manually pick a salt:

 

$options = array(
'salt' => 'BCRYPT22CharSaltHere!!'
);
$hash = password_hash("22bubbles", PASSWORD_BCRYPT, $options);
print $hash.'<br />';
if (password_verify('22bubbles', $hash)) {
    echo 'Password is valid!!!!!!!!!!!!!!!';
} else {
    echo 'Invalid password.';
}

I'm guessing that password_verify() can somehow determine the salt by looking at the hash.

 

Anyway, I don't know where on earth I heard somebody say that they re-hash user's passwords every time they login, but the way I picture it working is they just run the plain text password through password_hash(), let it give it a random salt, and update the database with the new hash.

 

If you want to play with password_hash() and password_verify(), get this code: https://github.com/ircmaxell/password_compat/blob/master/lib/password.php

 

Or you can get PHP 5.5 but it's still in alpha, I think.

Share this post


Link to post
Share on other sites

Been busy for a bit there & away for the computer so getting to this thread rather late.

Thoroughly enjoyed reading some of the posts on this thread.

I'm way off the "entry stage" yet but it is something I regularly think about.

Apart from pure programming power, it seems to me like patience, good-timing and perhaps a dash of luck are also useful.

Share this post


Link to post
Share on other sites

Yes, I agree. Naturally, it's good to have programming prowess, but I agree that that's not all there is to it. If you work hard, have a portfolio and keep trying though, I think it will happen (or at least, I hope it will happen, as I continue to look for work myself).

Share this post


Link to post
Share on other sites

Yes, I agree. Naturally, it's good to have programming prowess, but I agree that that's not all there is to it. If you work hard, have a portfolio and keep trying though, I think it will happen (or at least, I hope it will happen, as I continue to look for work myself).

 

echo "If you work hard, have a portfolio and keep trying though, I think it will happen";

Exactly how I think.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...