Home arrow PHP arrow Page 4 - User Management Explained: Overview

Password Encryption Methods - PHP

In this article we will look at how to create a secure user management module. No user authentication or user management script can ever be one hundred percent secure, but we can try to use the tools that are available to us to their maximum, and thereby make it difficult for malicious users to hack our scripts.

TABLE OF CONTENTS:
  1. User Management Explained: Overview
  2. Form Explained
  3. Script Explained
  4. Password Encryption Methods
By: David Web
Rating: starstarstarstarstar / 7
November 17, 2008

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

You should never store user passwords in plain text, because once a hacker accesses your database, it will make it easy for him or her to get hold of your user data. You are encouraged to scramble or encrypt your passwords before sending them to your database.

PHP offers a couple of methods that you can use to scramble a userís password. One of them is one-way encryption. This basically means that a password cannot be decrypted once it is hashed. The other is to encrypt when sending them to the database, and to decrypt when retrieving them from the database. Of the two, the first one is the most secure, because hashed values are usually forty characters long and not easy to remember. PHP provides us with a function called SHA1() that calculates the hash of a string. This function takes a string parameter and has the following syntax:


SHA1(Stringparameter)


An example script might look something like this:


<?php

$string ='mystring';

echo "The hashed value for <b>".$string."</b> is: ".SHA1($string);

?>


Below is a screen shot of the results for the above script:


 

Now, letís write the code that checks to see if a given value matches a hash string:


<?php

$string ='mystring';

echo "The hashed value for <b>".$string."</b> is: ".SHA1($string);


$hashedval = SHA1($string);


if(SHA1($hashedval) === '9ce3ea4d6fac2165933b3971e6d5a13753c7d878') {

echo "The string matches the hash value";

}else{

echo "The string does not match the hashed value";

}

?>


The newly calculated value for the $string variable is stored in another variable called $hashedval. The second part of the code then tests the given hash value with the given string (mystring):


$hashedval = SHA1($string);


if($hashedval=== '9ce3ea4d6fac2165933b3971e6d5a13753c7d878') {

echo "The string matches the hash value";

}else{

echo "The string does not match the hashed value";

}


In our next article, we will build a login system that will put into practice the topics we just discussed.



 
 
>>> More PHP Articles          >>> More By David Web
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: