Small, short code snippets that other people may find useful. Do you have a good regex that you would like to share? Share it! Even better, the code can be commented on, and improved.
Roja wrote:
The sha256 library posted works fine on PHP5.
But using PHP5's syntax?
What about public, private etc?
OH, you mean "Will you make a version that won't work on php4, just to avoid E_STRICT warnings".
Because thats what using public/private accomplishes, and little else.
No, and I didn't ask you to get cocky either
What about the use of __construct rather than the class name, which is the standard practice in PHP5.. I'm referring more to standards than anything else.
You have spaces before the <?PHP tag and/or after the ?> tag (located at the beginning and the end of the file, respectively). Remove them, and all will be well
okay so Im trying to use this on passwords, and im at a loss on how to implement it =/
obviously i include the file, then I don't know what to do.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
given the recent flaws in md5 security, would SHA256::hash(md5($_POST['value']),'hex'); make this any less secure?
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
hashing an already hashed string increases the chance of a collision. It is possible to migrate to a new hash, you add a new field to your database that will store the sha256 hashs when users log in, and then proceed to authenticate on the md5 like usuall. once everyone has logged in once (or the majority of users) you switch your login sequence to check the sha256 values intead, after that works remove the md5 field. For users that did not login, you reset their password to a random string and email it to them. Much more secure.
Well, I really don't want to do that seeing as a bunch of people get their inboxes flooded with junk, close their accounts, get new ones, or don't check it.
$pass = md5($_POST['pass']); // md5()'d pass
$sha256hash = SHA256::hash($pass,'hex'); // this is the sha256'd pass of the md5 hash
$password = $pass.$sha256hash; // this is the two values combined
if($password != $passindatabase) { die(); }
Now, I realize this would be a 96 character string, but it would let me avoid resetting people's passwords. What are your thoughts on this?
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.