Easy-to-follow video tutorials help you learn software, creative, and business skills.Become a member
Starting in PHP 5.5, the PHP developers have planned to add a few new functions to make password hashing easier. Now, as I'm recording this, version 5.4 is out. But 5.5 isn't too far off. So you may actually be using that, or something even later, by the time you're watching this. Now, it's common knowledge that you should be hashing passwords using secure algorithms like Blowfish. But a surprising number of developers are using less secure algorithms, like MD5 or SHA-1, for their hashing. One of the reasons for this is that as you probably saw, using the crypt function can be a little bit difficult to use, and it's easy to make mistakes. It's much easier for someone just to call the function MD5 on a plain text password and be done with it, and skip learning about salting and hashing costs, and everything else that we've been talking about.
The PHP developers are hoping that by making process easier, it will cause more developers to adopt best practices in their password systems. These are the exact same best practices that you've already been learning in the last few movies. We're just going to have it built into PHP instead of having to create it for ourselves. So scheduled in PHP 5.5, there's going to be a new function called password_hash (). And you'll pass into it the password, just like we passed into our password_encrypt function. But you'll also then pass in another argument, which is PASSWORD_DEFAULT. And that will take all of the default settings for the password and will apply those.
At the start, that's going to be Blowfish with a cost of 10, the exact same thing that we were just doing. Now, if you don't want to rely on the password default, because that value can change in the future, even though it may not happen any time soon. You could instead actually be explicit about it and say password_bcrypt, bcrypt is a nickname for Blowfish, with a cost of 10. Both of these at the start will do exactly the same thing that we've done in our code. The other new function that's going to be added is password verify. It's going to work the same way that our password check did.
We're going to pass in a password and an existing hash, and it will use those to come up with a comparison to find out whether it matches or not. So when I created our version, I actually did it with PHP 5.5 in mind. Our password encrypt is what's going to become password hash when it's built into PHP. And our passeord check is going to be called password verify. I didn't want them to have the same names, because I don't want them to conflict later. But I want it to be easy for you to switch over from one to the other. So if you decide you want to switch from password encrypt to password hash, they're going to work almost exactly the same.
Now, this code is also already available as a library. So if you want to use those built in PHP functions, you just have to use the library that you can find at this address on Gethub. So you go to Gethub, you can download the code for password compatibility. It has some information about how you install it, and get it running. And then you can just use those PHP functions today even though PHP 5.5 isn't out. So, it's up to you. You can use our version, or you can use this library, or you can wait for the PHP5 version that's built-in.
Any of those three are going to do the exact same thing. The main thing is to make sure that you do have a good password scheme that uses best practices.
Get unlimited access to all courses for just $25/month.Become a member
82 Video lessons · 101231 Viewers
61 Video lessons · 87993 Viewers
71 Video lessons · 71866 Viewers
56 Video lessons · 103711 Viewers
Access exercise files from a button right under the course name.
Search within course videos and transcripts, and jump right to the results.
Remove icons showing you already watched videos if you want to start over.
Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.
Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.
Your file was successfully uploaded.