Inserting username password to database n validating them in php
Finally, some of the more recent blog posts, forum comments, and the like have started to recommend phpass, the password/passphrase hashing framework for PHP that I wrote, and which has already been integrated into many popular "web applications" including php BB3, Word Press, and Drupal 7. However, I was not aware of an existing step-by-step guide on integrating phpass into a PHP application, and password security is not only about password hashing anyway.
In this article/tutorial, I will guide you through the steps needed to introduce proper (in my opinion at least) user/password management into a new PHP application.
Almost all large PHP applications, as well as many small ones, have a notion of user accounts, and, whether we like it or not, they typically use passwords (or at best passphrases) to authenticate the users. There have been many short articles, blog posts, even book chapters that try/claim to show you how to properly compute and use password hashes.
How do they store the passwords (to authenticate against)? Older ones will tell you to use the md5() function.
- "Why bother with password hashing when I use (or don't use) SSL (https URLs) anyway?
" (Surprisingly, this question is really being asked both ways.
Another common approach in Java Script-intensive web database applications is to write two sites: one that uses Internet Explorer Java Script and another that uses Netscape Navigator Java Script.
Java Script highlights annoying differences in support of standard features by different browsers.Newer ones will tell you to use sha1() or hash() (SHA-256, etc.), add salting (but "forget" to add stretching, which is equally important), and use mysql_real_escape_string() on the username.