43: Hashing and de-hashing data using PHP | PHP tutorial | Learn PHP programming
Vložit
- čas přidán 5. 09. 2024
- Hashing and de-hashing data using PHP | PHP tutorial. In this lesson you will learn about database data security, and how to hash and dehash data using PHP. In PHP we have a hash function which uses bcrypt, in order to protect data provided by our users.
Login system tutorial (link starts at hashing part): • Video
➤ GET ACCESS TO MY LESSON MATERIAL HERE!
First of all, thank you for all the support you have given me!
I am really glad to have such an awesome community on my channel. It motivates me to continue creating and uploading content! So thank you!
I am now using Patreon to share improved and updated lesson material, and for a small fee you can access all the material. I have worked hard, and done my best to help you understand what I teach.
I hope you will find it helpful :)
Material for this lesson: / lesson-material-42361704
I have been watching the series so far and I learned a lot since. Thank you for doing such well done tutorial and putting it on the web for free. Technology is powerful and its effectiveness is enhanced by people like you sir.
De-hashing is imposible mathematicly that is why it is safe.
Hashing uses functions that can't be inverted so when u use the first parameter that is the actual pass and the second parameter that is the same pass just hashted it grabs the first parameter hashes it and compares it to the second parameter and if that is true it returns "1",that is how i think password_verify() works,since hashing is not an invertable function.
BTW still the greatest PHP tutorials on youtube.
You are absolutely right :) I explained the process wrong in this video.
Nice 😊
But how come the password_hash() gives different outputs for the exact same input?
It's not the same as using a sha1() function and then manually comparing it with the input.. Which is better? and why?
@@MrNsaysHi For security dear, if he can't give different in any second, hacker can have solution to hack
@@malloumjr
But isn't hashing a one way function that always gives the same output for the same input?
literally the best video out there explaining hash and dehash without spending more than 10 minutes
Active channel making php tutorials? Unheard of - and awesome
This is an amazingly simple, informative and pleasurable video to watch, thanks for making it so well!
You don't mean that you can actually DE-hash a hashed string right? If a hash can be de-hashed, it's not a hash anymore.
I'd recommend watching the video to the end.
No it doesnt dehash it at all. Theres a ”salt” at the beginning of gibberis marked with two dollar marks. It’s used on original hash (rest of the string) for making it more complex and random. Password_verify() uses that same salt for hashing now inputted password and combines it to hash picked from database, and if this matches - password was correct.
How can we apply hash when the quantum computer will be finished? So can we assume, that the password hashing will be only a temporary method of protection? Am I right if I say that a good method of protection, in this case, is to limit attempts to log in up to 3 times an hour to avoid brut force?
this is the best channel for learning front end and back end thank you for this
You are the best man .I suggest to make some project using all you learned to us such as inventory website or something like that .it will help us alot and you can make it payable and will buy it .
I understand every word you said in HTML/CSS curse,PHP and OOP PHP .
Please make it free..
in HTML/CSS *"CURSE"*
Completely worth to buy! Please make some project tutorials!!!
THANKS HARITH FOR SHARING
I don't think password_verify actually dehashes, instead it hashes the input and uses an algorithm to see if it corresponds to the given hash (giving all the necessary like salt and cost)
each time you hash something its always different, so how would the password_verify function know in which exact way to hash the inputted password then?
its not always different, for example, MD5 you see when you download a file, if you MD5 that file, you will get the MD5 result, otherwise its pointless. say SHA256("nihao") will always yield the same result.
Actually it is never different. From Wikipedia: "A hash procedure must be deterministic-meaning that for a given input value it must always generate the same hash value"
a function with the same input can not produce more than one output else it is not a function at least i think i learned that on a calculus class.
Hi Dani, thank you very much for all those tutorials! In regards to passwords, what is your opinion about salting passwords? I was told that certain companies add it to hashed passwords. Do you think it would be good idea? and if so... do you have a tutorial for it by any chance?
Is better use BCRYPT or password_Default ?
Can't find no.41 and 42 , are they missing?
czcams.com/play/PL0eyrZgxdwhwBToawjm9faF1ixePexft-.html
Your tutorials are very good and simple to understand thank you very much
i have questions:
1. so basically when i Password_Has the first input i have, it will encrypt the text....but whatever i input there(ex: Test123) it IS STILL "Test123"? just being randomize when you echo it?
2. is Password_Verify() similar to If and AND comparison statement but it will decyper first the encrypted password?
like in If statement, you are trying to compare it like:
if($input == $hashedPwdInDb){ echo "1";}
but unlike a regular If Statement, it has the function to decyper the hashed password then compare it to the $input?
i hope i worded this correct. sorry english wasn't my first language. great tutorial!
Hie Daniel your teaching is amazing have you considered creating on lengthy tutorial that we can purchase in Udemy?
*Will you pls reply to tell which is the **_BEST_** and **_SAFEST_** method of hashing passwords? BCrypt, Hashing It Two Times, S256, etc.?*
No just use BCrypt once :) BCrypt is automatically updated if it becomes outdated, so it will always be safe.
hey hi dani the link you have given in your description is showing the video is private
simple and easy. Thanks bro
Hello Daniel! Can I ask you a quick question? What color syntax/theme you're using? Thanks for the answer and for the great tutorial!
Thanks! Used your video to learn how to do test assignment.
That doesn‘t work in my case. When I copy the hash and paste it into a variable, the verify method returns an invalid password 😢
Very helpful video. Thank you!
Thanks now i understand how to use this hash 😁
I really appreciate your great help. Thank you really much!
Is it also save to hash a password with sha512? And then for comparing them, instead of dehashing you hash the input and compare them with the database. Love this method as well tho :D
Nope, that is definitely not safe! Whenever a hackers steals the hashed passwords from your database, he can dehash it (with lookup tables) and get the full password from that one user.
Bcrypt adds a randomized 'salt' to it so that it is (almost) impossible for the hacker to retrieve the original value.
So, don't just hash passwords with sha or md5 and store them in a database.
For example, hash a password with sha512. Copy the value and paste it in the text area at this site: crackstation.net/
For simple passwords, you can get the value back. More complex passwords, however, may not be found.
what if you hash it like 3 times? using sha512, so you are hashing a hash?
King Otten you can, doesnt make it more secure. Can still be looked up in a rainbow table, hence why the salting process in bcrypt
name is absolutely right here. You should not use either md5, sha256 or sha512, since hackers figured out how to solve these algorithms long time ago. Thats why bcrypt is so awesome, because if hackers somehow (which is very unlikely) figure out how to bypass it, then bcrypt will just get updated and yet again be safe to continue using.
If two different users create the same user name and password, how does the correct user get verified when logging in? You said two different hashes would be produced when the user registers. Is there a magic trick to determine the correct user to validate?
Don't allow duplicate user names when accounts are created. ;)
Hello, your channel is fantastic. Did you know how many php classes you have?
You are wonderfull for me. I'm trying to make our website website with better inlog and more. All in php and mysqli.
Your lessons are very helpfull. (I'm 60 years old now. first I did this all in dramweaver.
grtGrrt
Please Dani Can you help me ? Code not work with me .I am using Atom.
I don't think that you can get someone to enter a password and then check it in the database? I think once you hash the new password, it will always be different from the database and won't work...
learned a lot from this video.
Please the password hash did not work when i type it, any help plz
video on link is not available bro
I forgot to ask.. do you still need to salt the password? I read somewhere that you still have to
So what is password_verify really doing? Could you test password_hash(input) with passwordinDb with an if statement?
Thank you very much for your videos!!!
When is the link to the login system tutorial? The link is not working for me?
Thank you, this help me alot.
HELLO SIR..
I M ASP.NET C# DEVELOPER. I LOVE UR TEACHING STYLE N CLAERLY I GET UR ALL PHP LECTURES. THANK YOU SOO MUCH FOR UR EFFORTS
PLZ UPLOAD THE 41 42 VIDEOS IN THS SERIES... :)
thanks so much
thanks so much
what is type of String after hashing (String , int or byte) ????
How can I hash with AES 256 bit encryption? Or is bCrypt already that strong?
You made the login video private so I can't view it.
Guys, I am a little confused ( : What is the difference between hashing, real_escape function and prepared statements?
The 43rd video is private...how can i get it pleas?
Great tutorial :) I'd just like to ask how can I use that encrypted password to send email in PHPMailer? Thank you.
what about random salt?
is it possible decode password hash
very informative, Thanks :)
How did you get that index.php file in the first place
Hey, video 44 is private, is this ok?
is this updated video? cuz, last time i checked is different from this one pls explain which parts you updated?
This video is updated and the most recent version of data hashing.
link is broken
Tnx bro
Can I ask where is the full version of Login system tutorial? I remember you had it before in the tutorial.
yap..link isn't working. Would be useful to see hashing in action
It's been set to private. Probably the creator was catching a lot of heat for making it procedural instead object-oriented? I dunno. Maybe he wants to monetize it?
@@Venezuelangel no it's just on another channel @ZbII
Me it's always saying login=error in the url help how can it fix?
are you uploading again videos that you posted in 2015?
super cool!!
This is lesson 43.. how can I get from lesson 1 to the end.. please 😭
5:45 dehash
Link to login-Tutorial isn‘t working
respected sir, i get a lot of knowledge from your lessons: now i have a problem, when i practice of password_hash function i receive this error message in chrome browser: {{{{{{Fatal error: Call to undefined function PASSWORD_HASH}}}} kindly help me.
it dose not work when stored in database
Superb
Suppose i have to store chat messages in my database in a secure and hashed format how can I dehash those text messages whenever it is displayed back to the user??
Can someone tell me a better way to encrypt text messages in php and MySQL database
You'll have to encrypt them instead of hash them. Encrypt means it uses a key and so they can be decrypted. It's less safe than hashing of course because if someone gets hold of the key then they can access everything.
I'm getting an error says 'call to undefined function password_hash()' Idk why I did exactly what you does, any thoughts about it?
Edit:I'm using 1.8.2 version of xampp and 5.4.22 Php Version does it affect my program?
Yes, you should definitely upgrade. A lot of changes were made since then. PHP is all the way at 7.0+ in its version now. It should fix your undefined error.
@@Dani_Krossing yep thank you very much. That's exactly what I did, coz back on your tutorial I saw the version of your Xampp was compiled on 2015 while mine is 2013, didn't notice that I was using an old version of xampp hehe, Thank you sir, I'm almost finish with this tutorial, have a good day.
so how do i hash the username with the same method like with the password?
method is the same but why would you hash the username? Username is public in most scenarios
link does not work!!!
Yes it does!
Sir is there any chance to view the normal password ni phpmyadmin coz i don't know to view the normal password in database.it will be hard especially when I forgot the password :( thanks in advance sir
No that would defeat the purpose of hashing it hehe. The point is that we SHOULD NOT be able to see the password in the database in case a hacker gains access.
Password verify always returning false
42 is miss bro.
can you make a video on how to create a sub-domain dynamically through PHP i have done the same it is creating domain too but in root folder it is creating problem
following is the code
but in root folder it is creating not creating the folder of same name as entered by user it is creating folder named as'$domain.example.in'.
Please help
Thanks in advance.
Please make a tutorial on how to create a contact form using php
Marshal Hembram I already did ;)
Kindly provide the link please :)
The login video in the description of this video is broken T_T
czcams.com/video/LC9GaXkdxF8/video.html
So about this Login system tutorial (link starts at hashing part): czcams.com/video/xb8aad4MRx8/video.htmlm42s - the movie is private, is this will be avaible?
good
OMG it worked but sequence is "This video is private".
czcams.com/video/LC9GaXkdxF8/video.html
2:00
44: vidoe on pvt whyyyyyyyy came so far
czcams.com/video/LC9GaXkdxF8/video.html
It thought the whole point of hashing was you can never "de-hash" it? You can only re-hash new information and compare with the saved/old hash... I thought it was encryption and decryption where you could get the information back
Connor Gaunt it doesn't. It just hashes the password with the same salt and compares it to the one given.
The title is rather misleading. You don't "de-hash" with password_verify()
when iam logging it takes any password and logging me in
You talk way too fast as if the words are stitched together. Still, I thank for you these free tutorial videos.
You can turn on the subtitle and change the playback speed to 0.75. That should make it clearer for you
Greate tutorial, but next please talk slow, cause some of your words are unhearable.
I tried to crack the password. Did it in 3 seconds
How
You talk funny
This Video is Private
PAYWALLED Correct way ??? BS... CZcams money isn't enough for you? You really need to fish for a buck a month on Patreon?
Stop using the term "DE-HASH". It is invalid. You can't DE-HASH.