PHP Security And Password Hashing Tutorial - Register & Login Form - Alok tv


This website about affiliate marketing keyword research and crome extension tool for wordpress website builder and website theme tutorial

Saturday, July 4, 2020

PHP Security And Password Hashing Tutorial - Register & Login Form

PHP Security And Password Hashing Tutorial - Register & Login Form

 in this video tutorial I will talk aboutPHP password hashing techniques and also how to securely create store and verifythose PHP password hash so let's do it hey what's up guys it's Senaid here the place where I help others to become a webdeveloper much easier and faster than they will do it on their own so if thatis something that interests you consider subscribing so in order to show you how to create PHP password hashes first thing that we need to do is to createsome database where we are going to store those hashes so I'll just open myPHP my admin' and then I will create a new database i will use utf-8 okay andhit create and then i will just simply create one table let's say users and Iwill don't have any special informations I will have one ID I will set auto  increment okay let's have one name 50 I will set one email let's say varchar 50

again and then I will set password the important thing to notice here is nowthat we need to know how big the length should be so later I will show thedifferent types on how to create a hash so probably the best way for you is touse 255 which is a maximum for varchar and this length will just be enough for anylength of the password hash that you are going to create and that's it I willjust hit go now so say and that's it and now we have one table with the fourcolumns nothing special so now let's create a very simple registration formso that we are able to create and store those hashes so I will just create aHTML document I will hearsay PHP password hashingregister okay and then I will just include the bootstrap library okayit was the latest one so I will just use a CDN link from here okay based justbefore closing head tag and that's it so we will have one container now I willset margin top 200 pixels for this 

container and inside this container weare going to have one row and inside this row I will put all the content tothe center and inside this row we will have just one column so I will set calledmd6 and maybe let's set offset to the threeand I will align everything to the center okay cool so at the top I willinclude one image which is my logo I will set to noon wise and I'm going tocreate one for so let's say we lose method post and action will be thiscurrent file okay so of course we need to have soft inputs so first one I willsay it will be the name placeholder I will set name and that's it nothing special the next one I will set email maybe I shouldset time to the email okay and then the next one will be password and maybelet's see I will set this one tied to the password and then we will have also confirm password okay and the last thing that we need tohave is submit button Sal said this to the value okay that will be 

submittedand let's say name will be submit okay and also maybe let's set for each ofthose inputs I will set class to the form control okay so all those classesare directly from the booster so let's quickly see what we have created okayfresh and here we go so we have name email password confirm password maybethis register which was set to the class BTN and maybe btn-primary okay solike this okay cool so now let's create some functionality so now when someonepress this button actually nothing happens so I will just write some PHPcode like you already know so I'll set here if isset  post and thenlet's say I will trade for this submit which means if someone pressed this submit button we will accept the name the same thing is for emailfor the password and of course we have confirm password - okay so we can dosome basic checking off if each of those need to be m2 so maybe we can sayminimum like for this one is three and let's say for this one minimum length isfive and the same thing is for this one and maybe let's just verify here ifpassword different then confirm password we will say echo please check your passwords and maybe it's really notimportant what is the message let's say like this and here up top let's see Imean all those things probably you already know how to do so this is reallynothing 

special maybe one say here we will display ifthere is some message do it here so I'll sit hereecho message maybe if you maybe if they all say this echo okayso here else if passwords match and also we have some name and email now the nextthing that we need to do is to actually create a hash for this password so nowbefore we even do password hashing I want that you take your own server typeso at the top I will say here echo PHP info which means that we want to get allinformations about our current server so as you can see my version is seven pointzero point nine and the hashing technique that I'm going to show needsto have at least five point six so just make sure that you run that server typeand if you don't probably you are going to have some errors and you won't beable to use this so now how am I going to create hash so I'll say here hashequal and now I'm going to use the one function that is password hash and thisfunction requires from us to put two inputs two parameters so first one isthe password that passed that the person has entered and the next one is the typeof the algorithm that we are going to use to create this hash so we can usedifferent as you can see I have suggested he bcryptor default the difference between those two is that if we use bcryptit means that our hash length will always be 60 characters and that willalways be the same but if we use password default that means that withthe time and with the different versions of PHPthere will be trains probably in the

length of that hash so that's why I saidthat in our table we need to say it has 255 characters just to make sure thatthis will never that we will always have enough space to store the password sofor you is to decide are we going to use bcrypt or default for this tutorial I'lljust use B grip of course there are some other options that you are able to dofor example you can choose the cost on how strong your hash will be you canalso define the salt that will be used but from the version 7 of PHP most ofthose things are depreciated and you shouldn't put those here so that's whyI'm not going to show you and I'm not going to put anything here as an optionokay so for you to create securely hash it's just enough to create it this wayand now the next thing that we need to do is of course to store this hash inthe users table that we have created so before we do that I will here create anew connection so I'll say new mysqli and then my host is localhostmy username is root password is m2 and then I need to choose database name soI'll say

password hashing I think that was the name of our database yeah it isokay so now here I will first escape all those inputs now say connection realescape string and then I will go here and do this just to make sure that wehave some protection okay and now you can do some verifications if thepassword already exists in the database if it's not what you are going to do etcetc but let's say that we are going to keep things simple and I will justinsert this new person to the database shall say connection query and then Iwill say insert into users and then I will specify name email and password andthe values are the name so the email and the password okay and our message sorryour password should be hash not okay and then we will say here you have beenregistered so the message really is not important so let's now try to executethis register okay and let's say my name is nameP email okay and let's say this will be test 1 2 3 and I will go to register andsays please check your passwords ok test 1 2 3test 1 2 3 register okay

 \and since you have been registered so let's check nowour table and as you can see here the one new user has been inserted but thewhat is interesting for us is the password so let's check this passwordhow it looks like so I'll just paste it hereso my test123 is now this and as you can see now this is really hard to read ordecrypt or whatever so this is just the latest best ways on how to pass yourpassword and you really should in older applications that already use in md5 orany other that weak hashing algorithm you should really change that okay sonow once we have in our database some user and some hash let us see how toverify those hash and so on try to log in so what am I going to do I will justduplicate this register file to the volume PHP because almost everything isgoing to be the same you don't need to spend so much time on this so let's saylike this okay and let's just delete this and downbelow I will delete name delete comfort password and that's it so the designwill be the same I will sit here alone and it's not important okay and thatshould be fine let's see hello PHP okay here we go we need justto change the 

name of the button okay that's it so now when someone press thisand send all informations to our law in PHP we have accepted here on email andpassword and now we need to check inside the database do we have any users withthis email so how we are going to do this I will create new sql and sayconnection query and I will say select let's see ID and password from userswhere email=email okay and now here let's check do we have any ropesI'll see if as well number of rows so you can leave it as is but I prefer todo it this way so it's really clear what I'm trying to do shall say here elsemessage people please check your ankles okay and here now we need to say dataequal as well fetch array so that inside the variable Delta we are going to saystore this ID and password that we have inside

 the database and now I need toverify the hash with this password so how am I going to do this there is afunction that is password verified saozi if password verify and then firstparameter is the current password that the person has entered inside this formso I will say here password okay and then the next parameter is the hash thatwe have stored inside the database so I will say data password okayso now if this is true it means that the password and the hash inside thedatabase is same and I will say here message equalyou have been loggin and probably here you you you will create some session youwill store the user ID into the session etc etc but in this tutorial that reallyis not important so I'll just save and that's it so let's now try to log inokay Oh just and let's see okay enough if I put a wrong password probably won'tget any message maybe this should do here the same thing okay let's try againit says now please check your inputs but let's say put you will put the correctpassword test one two three login and now it says you

have been logged in soguys as you can see there isn't really a lot to remember in order to securelycreate store and verify the password hash all you need to remember is that inorder to create you need to use password hash function first parameter ispassword and the second one is the algorithm that you want to use and thenwhen we want to retrieve and verify just get it from the database and usepassword verified functions so pretty much guys that's it if youliked this video please like it and share with your friends and also if youhave any questions be sure to comment below and I will answer all of them take care 

No comments: