Hey Ken, You have great videos to learn from. I'm not sure where I should post a question to you. I am trying to learn how to encrypt personally identifiable information for inserting into MySQL with PHP. Then, I would like to search that data and display it. Are you familiar with using Sodium and CipherSweet for encrypting/decrypting/searching a MySQL database? I am new to this and I cannot seem to get it to work. Thanks, Jim
@@ktm640lc4BGD I figured this out after doing some research: the salt and algorithm used for hashing are attached to the hash digest. the password_hash return value has all the information necessary for the validate function to verify the provided password.
If salt is random for each user, how is selected the right salt while retreving. Where is it coming from than? Especially if two same passwords have different salt?
@@ktm640lc4BGD Even attacker can see salt. He is still need to know the combination between user password and salt. It can be designed using PHP. and it is still very hard to crack. and we can design how many times tries to block attacker IP for certain period. so he must wait like every 30 mins to try another three times. so attacker is no way to find real combination. Because it will take forever to find the logic.
@@KelvinKMS you are a bit of the topic. the topic is: there is no point storing random salt in DB if attacker has access to it. Everything else is... everything else...
In the new version of PHP 7.4 it says that: PASSWORD_DEFAULT was int 1; now is NULL, so I'm getting this error: Notice: Trying to access array offset on value of type null. Please how could I fix this?
You go to great lengths to have 2 users with the same password to show, that a different hash is created. But the questions is if there are two users with the same username and password, how does verify know which hash to use?
Your best bet is to have a check to stop a 2nd or further users having the same username. Something along the lines of if($num == 1){ echo "Username Already Taken."; header( "refresh:3; url=register.php" ); }else{ $reg = "INSERT INTO users(username, email, password) values ('$newuser', '$newemail', '$pwd_hash')"; mysqli_query($con, $reg); echo "Registration Successful"; header( "refresh:3; url=login.php" ); }
$user is the record (row) I fetched from the table - pass is the name of a field (column) in the table. If you are having problems around that point, then the issue is likely the names of the fields in your underlying table not being the same as mine.
![ATEEZ(에이티즈) - [GOLDEN HOUR : Part.2] Preview](http://i.ytimg.com/vi/X4PfgRPBUVo/mqdefault.jpg)
This tutorial is exactly what I’ve been looking for, this should be soo much higher in the results
Same here!
Thank you for this video, it's really hard to find a video that the person can properly explain how to do this.
Simple and best explanation
Hey Ken, You have great videos to learn from. I'm not sure where I should post a question to you. I am trying to learn how to encrypt personally identifiable information for inserting into MySQL with PHP. Then, I would like to search that data and display it. Are you familiar with using Sodium and CipherSweet for encrypting/decrypting/searching a MySQL database? I am new to this and I cannot seem to get it to work. Thanks, Jim
Works beautifully, thanks! I'm building an app with React and PHP and it worked very well 💯💯
What wiil be auth method for database if I wanna use that? Normally for postgres is md5...
thank you this really helped me
Thank you! This is why I need
Thanks a lot. Works like charm.
Nice 🎉
Thanks man this video is great 🔥🔥🔥🔥
How does the verify function know the salt since it's a unique string that is not attached to the plain text password?
I think because you have to fill in your name verify function knows which salt to use.
@Minecraft Cososper & RXM Ahhhhhhhhhhhhhhhhhh, thanks to your explanation I got it. 🙂
But the name is not passed with the retreving code, so the question still stands. Where from is salt comming from while retreving the password?
@@ktm640lc4BGD I figured this out after doing some research: the salt and algorithm used for hashing are attached to the hash digest. the password_hash return value has all the information necessary for the validate function to verify the provided password.
@@dw0x so the salt key is in the hash it self? well ok, i guess that is secure enough.
i did the same method but it didn't work for me. Please i need your help!
If salt is random for each user, how is selected the right salt while retreving. Where is it coming from than? Especially if two same passwords have different salt?
Salt is registered at each specific user field. You can see in your database.
@@KelvinKMS in the beginning he described a problem as "if attacker has access to that table", so what is the point than storing them in the table?
@@ktm640lc4BGD Even attacker can see salt. He is still need to know the combination between user password and salt. It can be designed using PHP. and it is still very hard to crack. and we can design how many times tries to block attacker IP for certain period. so he must wait like every 30 mins to try another three times. so attacker is no way to find real combination. Because it will take forever to find the logic.
@@KelvinKMS you are a bit of the topic. the topic is: there is no point storing random salt in DB if attacker has access to it. Everything else is... everything else...
In the new version of PHP 7.4 it says that: PASSWORD_DEFAULT was int 1; now is NULL, so I'm getting this error: Notice: Trying to access array offset on value of type null. Please how could I fix this?
tengo el mismo error
Bonjour, Merci! je v savoir quel fonction à utilisée pour avoir: Entrée: 5792 et la Sortie: /AABKA.
Entrée: 5793 et la Sortie: /AAB6g
You go to great lengths to have 2 users with the same password to show, that a different hash is created. But the questions is if there are two users with the same username and password, how does verify know which hash to use?
Your best bet is to have a check to stop a 2nd or further users having the same username.
Something along the lines of
if($num == 1){
echo "Username Already Taken.";
header( "refresh:3; url=register.php" );
}else{
$reg = "INSERT INTO users(username, email, password) values ('$newuser', '$newemail', '$pwd_hash')";
mysqli_query($con, $reg);
echo "Registration Successful";
header( "refresh:3; url=login.php" );
}
You should set the username column in the database as unique, so that no more than a single user can have the same username.
thanks alot
Can someone explain where he's got the hash from $user['pass'] ?
$user is the record (row) I fetched from the table - pass is the name of a field (column) in the table. If you are having problems around that point, then the issue is likely the names of the fields in your underlying table not being the same as mine.
How to get the old password before changing to new password using password_verify?
NAIA pakistann
.,,
..,,,,
Baba
i did the same method but function password_verify didn t work with me !!!!
mine also
@@etheljoyluna7344 Its been time, but check that your sql varchar length is long enough (e.g. 255) to handle the hash length
@@nikolajancic7130 thanks for telling😂I was doing this mistake...
thanks
*shows database with plain text*
"that is what a lack of security looks like" DWL!!!!! 😂😂😂
No "salt" - in this video!
The password_hash function does that for you