Mysql (MariaDB) with PDO

From wikiluntti
Revision as of 17:41, 18 September 2021 by Mol (talk | contribs) (→‎Log a user)

Introduction

Some of my database stuff is shown.


Establishing connection to the server

Store the password into a secure place, thus outside the the www folder. Php can access that.

Log a user

SSL connection. Hash and salt. Php password hashing functions. password_hash.


Php's hash function includes multiple algorithms, and the well known hash functions MD5 and SHA1 should be avoided in new applications. . . It is rather safe to assume that the SHA2 family with its most prominent members SHA-256 und SHA-512, is better than SHA1. . . it is a good idea to prefix a salt to the password before hashing, to avoid the same passwords to hash to the same values and to avoid the use of rainbow tables for password recovery.

the salt should be random string with at least as many variable bits, as there are bits in the hash result. In the user database, store username, the randomly generated salt for that user, and the result of hashing the salt-password-string. Access authentication is then done by looking up the entry for the user, calculating the hash of the salt found in the database and the password provided by the user, and comparing the result with the one stored in the database.

https://makitweb.com/login-page-with-remember-me-using-pdo-and-php/

Retrieved from "https://wiki.luntti.net/index.php?title=Mysql_(MariaDB)_with_PDO&oldid=5711"