newb PHP question re: salted passwords and encryption (basic stuff)

[Turbonium]

So I'm finally learning PHP, and I'm already running into problems.

Step 7 (part 2) of this tutorial makes no sense to me. It basically says nothing about salting/hashes or password files. As such, it's assuming a lot of prior knowledge,. Also, it possibly has errors in the provided code, according to the user comments at the bottom of the page.

Can someone who knows PHP take a quick look at it and tell me if the provided script/code is at least flawless? I want to narrow down my problem solving efforts.

So far, all I get my script doing is echoing the following: Your password was incorrect.

The format of my password text file (which I created manually) is:

usernameassword

I have also tried other combinations with no luck.

 

[Graze]

Look at this line. It uses the php crypt function to harsh and salt

if ($arr[1] == crypt($this->passwd, $arr[1])) {

$this->_resultCode = 1;

break;

}

 

[Graze]

If your password isn't hashed in your file then it would not work because this script hashes the user entered password to compare it with the hash in the file.

 

[Turbonium]

So I take it I need to look into basic hashing techniques, then put the following in the text file?:

username:hashedpassword

How do I tell the script which hashing technique I used?

Sorry, it clearly hasn't "clicked" yet. Once it does, I'm sure the answer will be obvious.

 

[Graze]

Use the Crypt function to create a hashed password to save in your file. You would have to create you own little script to do this.

Read up on the Crypt function http://php.net/manual/en/function.crypt.php

 

[Ken g6]

How do I tell the script which hashing technique I used?

I looked up crypt - the PHP documentation is generally top-notch - but this confused me as well. Google finally found the answer:

You specify the algorithm as part of the salt string. For example, starting with $2a$ gives you a Blowfish cypher.

 

[Turbonium]

Yea I tried looking it up as well, don't get me wrong. It's just I really didn't find a concrete answer, and the tutorial doesn't explain salting at all. Rather, it seems to assume prior knowledge. So much for PHP for the absolute beginner...

 

[Graze]

I looked up crypt - the PHP documentation is generally top-notch - but this confused me as well. Google finally found the answer:

The information the person quoted in the Stackoverflow post came from the exact php manual I posted(and you).

All the information is there.

Yea I tried looking it up as well, don't get me wrong. It's just I really didn't find a concrete answer, and the tutorial doesn't explain salting at all. Rather, it seems to assume prior knowledge. So much for PHP for the absolute beginner...

I am a php beginner myself. I only started messing with it little over a year ago.
I only began seriously using it about 4 months ago when someone offered to pay me to write a web for them.

You need to read things more carefully.

Sometimes I have to read several documents just to understand one seeming simple thing.
Hell I just started working with ASP.NET and just trying to figure out something in Entity Frame Work I to do a bunch of reading in my C# reference book and watching seven Youtube tutorials; one being an AppDev video an hour and a half long.

 

[Turbonium]

You need to read things more carefully.

Indeed. Thing is, I've been out of school for so long that I'm out of practice, and I might have some mild ADHD or whatnot, so reading things over without fidgeting at the very least can be difficult for me. It gets especially difficult when you're constantly scrolling up and down comparing stuff, and flowing through the logic of some code/script, and storing it in your own memory and referring to it later. Seriously, I find it difficult as of late.

Thanks though.