0

I have been reading up on password encrypting, hashing etc.

I saw this fantastic response https://stackoverflow.com/a/6337021/2823458 and have a couple of questions:

First: Do I need to have access to my web server root to install compatibility libraries? (I assume I do but only have access to PHP 5.3.12 through my host and want to use $password_hash to hash using bcrypt). Which brings me to:

Second: If I have to be root on web server (not happening!) then would I just include Andrew's bcrypt class ad refer to it using (to quote):

$bcrypt = new Bcrypt(15);

$hash = $bcrypt->hash('password');
$isGood = $bcrypt->verify('password', $hash);

Obviously using my password variable in place of 'password'?

Clearly I'm pretty new to developing PHP and trying to ask the right people the right questions, If I'm miles off please point me in the right direction!

Community
  • 1
  • 1
Wildcard27
  • 1,437
  • 18
  • 48

1 Answers1

1

bcrypt is not available for PHP 5.3.x. You need to use the library from ex. https://github.com/ircmaxell/password_compat

You don't need to install anything on the server and you don't need to have root access. Just install the package and start using the library :)

You can either use https://getcomposer.org (Dependency Manager for PHP) or just download and include it in your project.

When you upgrade your server to php 5.5 you can use crypt out of the box, as it has been implemented as part of the language.

Bjarke Brask Rubeksen
  • 402
  • 3
  • 10
  • Thank you for the link but how am I to install composer if I cant `$ curl -sS https://getcomposer.org/installer | php` – Wildcard27 Jan 31 '14 at 09:59
  • That's a completely different question :) Using composer is a commandline tool (Run it from Terminal/Command Prompt). You need to install it on your OS and include it in your project. there's a great tutorial on http://net.tutsplus.com/tutorials/php/easy-package-management-with-composer/ – Bjarke Brask Rubeksen Jan 31 '14 at 10:07
  • Should I add that I am using a paid web host and have no access to the system but through a control panel? – Wildcard27 Jan 31 '14 at 10:14
  • 1
    You can use composer on your local machine where you develop your project and then upload the files to your production server. It's a bit of a learning curve, but getting used to develop php with composer and ex. git (https://github.com) for version handling are gonna pay for itself in the long run. – Bjarke Brask Rubeksen Jan 31 '14 at 10:15
  • Great! Will have a read through it :-) One last question, was my question so stupid that I only had 6 views and you were the only decent person who took an interest? – Wildcard27 Jan 31 '14 at 10:19
  • As you can see, i'm fairly new to using stack overflow, so right now i just answer all the question in my field or knowledge to score some points :) – Bjarke Brask Rubeksen Jan 31 '14 at 10:24
  • 1
    One more thing. My favorite PHP framework is http://laravel.com It includes a lot of the modern workflows and security. You should look at it or some of the other frameworks like it. Their have integrated the composer workflow and package handling for easy deployment. Also you'll get an idea of how the modern workflow is now-a-days. Great start tutorial at http://net.tutsplus.com/tutorials/php/laravel-4-mastery/ – Bjarke Brask Rubeksen Jan 31 '14 at 10:26
  • You've been a fantastic help, the reason I joined this site. Thank you! – Wildcard27 Jan 31 '14 at 11:04