PHP Security And Password Hashing Tutorial - Register & Login Form

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

in this video tutorial I will talk about PHP password hashing techniques and also how to securely create store and verify those PHP password hash so let's do it hey what's up guys it's Senaid here from Codingpassiveincome.com the place where I help others to become a web developer much easier and faster than they will do it on their own so if that is something that interests you consider subscribing so in order to show you how to create PHP password hashes first thing that we need to do is to create some database where we are going to store those hashes so I'll just open my PHP my admin' and then I will create a new database i will use utf-8 okay and hit create and then i will just simply create one table let's say users and I will don't have any special informations I will have one ID I will set auto increment okay let's have one name 50 I will set one email let's say varchar 50 again and then I will set password the important thing to notice here is now that we need to know how big the length should be so later I will show the different types on how to create a hash so probably the best way for you is to use 255 which is a maximum for varchar and this length will just be enough for any length of the password hash that you are going to create and that's it I will just hit go now so say and that's it and now we have one table with the four columns nothing special so now let's create a very simple registration form so that we are able to create and store those hashes so I will just create a HTML document I will hearsay PHP password hashing register okay and then I will just include the bootstrap library okay it was the latest one so I will just use a CDN link from here okay based just before closing head tag and that's it so we will have one container now I will set margin top 200 pixels for this container and inside this container we are going to have one row and inside this row I will put all the content to the center and inside this row we will have just one column so I will set called md6 and maybe let's set offset to the three and I will align everything to the center okay cool so at the top I will include one image which is my logo I will set to noon wise and I'm going to create one for so let's say we lose method post and action will be this current file okay so of course we need to have soft inputs so first one I will say it will be the name placeholder I will set name and that's it nothing special the next one I will set email maybe I should set time to the email okay and then the next one will be password and maybe let's see I will set this one tied to the password and then we will have also confirm password okay and the last thing that we need to have is submit button Sal said this to the value okay that will be submitted and let's say name will be submit okay and also maybe let's set for each of those inputs I will set class to the form control okay so all those classes are directly from the booster so let's quickly see what we have created okay fresh and here we go so we have name email password confirm password maybe this register which was set to the class BTN and maybe btn-primary okay so like this okay cool so now let's create some functionality so now when someone press this button actually nothing happens so I will just write some PHP code like you already know so I'll set here if isset post and then let's say I will trade for this submit which means if someone pressed this submit button we will accept the name the same thing is for email for the password and of course we have confirm password - okay so we can do some basic checking off if each of those need to be m2 so maybe we can say minimum like for this one is three and let's say for this one minimum length is five and the same thing is for this one and maybe let's just verify here if password different then confirm password we will say echo please check your passwords and maybe it's really not important what is the message let's say like this and here up top let's see I mean all those things probably you already know how to do so this is really nothing special maybe one say here we will display if there is some message do it here so I'll sit here echo message maybe if you maybe if they all say this echo okay so here else if passwords match and also we have some name and email now the next thing that we need to do is to actually create a hash for this password so now before we even do password hashing I want that you take your own server type so at the top I will say here echo PHP info which means that we want to get all informations about our current server so as you can see my version is seven point zero point nine and the hashing technique that I'm going to show needs to have at least five point six so just make sure that you run that server type and if you don't probably you are going to have some errors and you won't be able to use this so now how am I going to create hash so I'll say here hash equal and now I'm going to use the one function that is password hash and this function requires from us to put two inputs two parameters so first one is the password that passed that the person has entered and the next one is the type of the algorithm that we are going to use to create this hash so we can use different as you can see I have suggested he bcrypt or default the difference between those two is that if we use bcrypt it means that our hash length will always be 60 characters and that will always be the same but if we use password default that means that with the time and with the different versions of PHP there will be trains probably in the length of that hash so that's why I said that in our table we need to say it has 255 characters just to make sure that this will never that we will always have enough space to store the password so for you is to decide are we going to use bcrypt or default for this tutorial I'll just use B grip of course there are some other options that you are able to do for example you can choose the cost on how strong your hash will be you can also define the salt that will be used but from the version 7 of PHP most of those things are depreciated and you shouldn't put those here so that's why I'm not going to show you and I'm not going to put anything here as an option okay so for you to create securely hash it's just enough to create it this way and now the next thing that we need to do is of course to store this hash in the users table that we have created so before we do that I will here create a new connection so I'll say new mysqli and then my host is localhost my username is root password is m2 and then I need to choose database name so I'll say password hashing I think that was the name of our database yeah it is okay so now here I will first escape all those inputs now say connection real escape string and then I will go here and do this just to make sure that we have some protection okay and now you can do some verifications if the password already exists in the database if it's not what you are going to do etc etc but let's say that we are going to keep things simple and I will just insert this new person to the database shall say connection query and then I will say insert into users and then I will specify name email and password and the values are the name so the email and the password okay and our message sorry our password should be hash not okay and then we will say here you have been registered so the message really is not important so let's now try to execute this register okay and let's say my name is name P email okay and let's say this will be test 1 2 3 and I will go to register and says please check your passwords ok test 1 2 3 test 1 2 3 register okay and since you have been registered so let's check now our table and as you can see here the one new user has been inserted but the what is interesting for us is the password so let's check this password how it looks like so I'll just paste it here so my test123 is now this and as you can see now this is really hard to read or decrypt or whatever so this is just the latest best ways on how to pass your password and you really should in older applications that already use in md5 or any other that weak hashing algorithm you should really change that okay so now once we have in our database some user and some hash let us see how to verify those hash and so on try to log in so what am I going to do I will just duplicate this register file to the volume PHP because almost everything is going to be the same you don't need to spend so much time on this so let's say like this okay and let's just delete this and down below I will delete name delete comfort password and that's it so the design will be the same I will sit here alone and it's not important okay and that should be fine let's see hello PHP okay here we go we need just to change the name of the button okay that's it so now when someone press this and send all informations to our law in PHP we have accepted here on email and password and now we need to check inside the database do we have any users with this email so how we are going to do this I will create new sql and say connection query and I will say select let's see ID and password from users where email=email okay and now here let's check do we have any ropes I'll see if as well number of rows so you can leave it as is but I prefer to do it this way so it's really clear what I'm trying to do shall say here else message people please check your ankles okay and here now we need to say data equal as well fetch array so that inside the variable Delta we are going to say store this ID and password that we have inside the database and now I need to verify the hash with this password so how am I going to do this there is a function that is password verified saozi if password verify and then first parameter is the current password that the person has entered inside this form so I will say here password okay and then the next parameter is the hash that we have stored inside the database so I will say data password okay so now if this is true it means that the password and the hash inside the database is same and I will say here message equal you have been loggin and probably here you you you will create some session you will store the user ID into the session etc etc but in this tutorial that really is not important so I'll just save and that's it so let's now try to log in okay Oh just and let's see okay enough if I put a wrong password probably won't get any message maybe this should do here the same thing okay let's try again it says now please check your inputs but let's say put you will put the correct password test one two three login and now it says you have been logged in so guys as you can see there isn't really a lot to remember in order to securely create store and verify the password hash all you need to remember is that in order to create you need to use password hash function first parameter is password and the second one is the algorithm that you want to use and then when we want to retrieve and verify just get it from the database and use password verified functions so pretty much guys that's it if you liked this video please like it and share with your friends and also if you have any questions be sure to comment below and I will answer all of them take care

Info

Channel: Coding Passive Income

Views: 43,617

Rating: undefined out of 5

Keywords: password hashing, password, hashing, hash function, security, web development, php password_hash, php password_verify, php password_verify tutorial, php, encryption, php tutorial, how to, php password hashing, php security, salt, php bcrypt, tutorial, bcrypt, senaid bacinovic, latest secure login techniques, password protected login and registration form in php, password protected login registration form in php, php secure registration, php registration and login form

Id: 3bGDe0rbImY

Channel Id: undefined

Length: 21min 47sec (1307 seconds)

Published: Sat Oct 14 2017