mirror of
https://github.com/sigmasternchen/php-doc-en
synced 2025-03-15 08:28:54 +00:00
Remove obsolete info from security.database.storage page
This commit is contained in:
parent
b2b73a1550
commit
fa6c013865
1 changed files with 1 additions and 35 deletions
|
@ -105,10 +105,8 @@
|
|||
password in a database, instead of the password itself.
|
||||
</simpara>
|
||||
<simpara>
|
||||
In PHP 5.5 or newer <link linkend="ref.password">password</link> functions
|
||||
The <link linkend="ref.password">password</link> functions
|
||||
provide a convenient way to hash sensitive data and work with these hashes.
|
||||
In PHP 5.3.7+ <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="&url.password.compat;">
|
||||
password_compat</link> library can also be used.
|
||||
</simpara>
|
||||
<simpara>
|
||||
<function>password_hash</function> is used to hash a given string using the
|
||||
|
@ -138,38 +136,6 @@ if ($row && password_verify($password, $row['pwd'])) {
|
|||
echo 'Authentication failed for ' . htmlspecialchars($username) . '.';
|
||||
}
|
||||
|
||||
?>
|
||||
]]>
|
||||
</programlisting>
|
||||
</example>
|
||||
<simpara>
|
||||
In older versions of PHP this can be achieved using <function>crypt</function>
|
||||
function.
|
||||
</simpara>
|
||||
<example>
|
||||
<title>Hashing password using <function>crypt</function>s</title>
|
||||
<programlisting role="php">
|
||||
<![CDATA[
|
||||
<?php
|
||||
|
||||
// storing password hash
|
||||
// $random_chars retrieved e.g. using /dev/random
|
||||
$query = sprintf("INSERT INTO users(name,pwd) VALUES('%s','%s');",
|
||||
pg_escape_string($username),
|
||||
pg_escape_string(crypt($password, '$2a$07$' . $random_chars . '$')));
|
||||
$result = pg_query($connection, $query);
|
||||
|
||||
// querying if user submitted the right password
|
||||
$query = sprintf("SELECT pwd FROM users WHERE name='%s';",
|
||||
pg_escape_string($username));
|
||||
$row = pg_fetch_assoc(pg_query($connection, $query));
|
||||
|
||||
if ($row && crypt($password, $row['pwd']) == $row['pwd']) {
|
||||
echo 'Welcome, ' . htmlspecialchars($username) . '!';
|
||||
} else {
|
||||
echo 'Authentication failed for ' . htmlspecialchars($username) . '.';
|
||||
}
|
||||
|
||||
?>
|
||||
]]>
|
||||
</programlisting>
|
||||
|
|
Loading…
Reference in a new issue