Difference between revisions of "PHP-and-MySQL/C4/MD5-Encryption/English-timed"

From Script | Spoken-Tutorial
Jump to: navigation, search
 
(2 intermediate revisions by the same user not shown)
Line 4: Line 4:
 
|-
 
|-
 
|00:00
 
|00:00
|Hello.  If your concerned about php security, then this tutorial will take you through the MD5 function.
+
|Hello.  If your concerned about php security, then this tutorial will take you through the '''MD5 function'''.
 
|-
 
|-
 
|00:09
 
|00:09
|Its a predefined function that converts a string to a MD5 hash and allows you to secure your data.
+
|It's a predefined function that converts a '''string''' to a '''MD5 hash''' and allows you to secure your data.
 
|-
 
|-
 
|00:16
 
|00:16
|The MD5 hash uses a one way out rhythm so it cannot be decrypted - it can only be encrypted.
+
|The 'MD5 hash' uses a one way out rhythm so it cannot be decrypted; it can only be encrypted.
 
|-
 
|-
 
|00:21
 
|00:21
|The only way to find out an MD5 hash is to convert a string to an MD5 hash as well and compare it to a string that has already been converted to a hash.
+
|The only way to find out an 'MD5 hash' is to convert a '''string''' to an 'MD5 hash' as well and compare it to a string that has already been converted to a hash.
 
|-
 
|-
 
|00:31
 
|00:31
|If you don't know what i mean I'll be going through it in this tutorial.
+
|If you don't know what I mean, I'll be going through it in this tutorial.
 
|-
 
|-
 
|00:38
 
|00:38
|I'll start by predefining a string that's going to be my password.
+
|I'll start by predefining a '''string''' that's going to be my password.
 
|-
 
|-
 
|00:45
 
|00:45
|I'll call it 'user password' and that will have the value 'abc'.
+
|I'll call it '''$user password''' and that will have the value "abc".
 
|-
 
|-
 
|00:55
 
|00:55
|Next I'll create a new variable called 'user password e n c' which stands for encryption and I'll define my MD5 functions, which is basically m,d and 5.
+
|Next I'll create a new variable called '$user password e n c' which stands for encryption and I'll define my 'MD5' functions which is basically m,d and 5.
 
|-
 
|-
 
|01:09
 
|01:09
|Anything can go in here so you can give anything that you want to encrypt in here  
+
|Anything can go in here so you can give anything that you want to encrypt in here.
 
|-
 
|-
 
|01:13
 
|01:13
|But for now I'll encrypt my user password variable that we defined up here.
+
|But for now I'll encrypt my '''$user password''' variable that we defined up here.
 
|-
 
|-
 
|01:18
 
|01:18
|And if we just echo this out, you can see that we get our....,  
+
|And if we just '''echo''' this out, you can see that we get our....,  
 
|-
 
|-
 
|01:27
 
|01:27
|our value of our MD5 encrypted script which is this.
+
| value of our 'MD5' encrypted script which is this.
 
|-
 
|-
 
|01:32
 
|01:32
|You can see that it starts with nine hundred and I think there are around 20 common characters here
+
|You can see that it starts with nine hundred and I think there are around 20 common characters here.
 
|-
 
|-
 
|01:39
 
|01:39
Line 49: Line 49:
 
|-
 
|-
 
|01:52
 
|01:52
|So we have an encrypted string whereby the hash you see here is equal to 'abc'.
+
|So, we have an encrypted '''string''' whereby the hash you see here is equal to 'abc'.
 
|-
 
|-
 
|02:00
 
|02:00
Line 58: Line 58:
 
|-
 
|-
 
|02:17
 
|02:17
|We can do a simple check to say if the post password is equal to our user password then do something otherwise do something else.
+
|We can do a simple check to say if the '''POST''' password is equal to our '''$user password''' then do something otherwise do something else.
 
|-
 
|-
 
|02:29
 
|02:29
|So for example you can have an error saying 'incorrect password' and here you can say 'your password has successfully matched the user password'.
+
|So, for example, you can have an '''error''' saying 'incorrect password' and here you can say 'your password has successfully matched the user password'.
 
|-
 
|-
 
|02:38
 
|02:38
|But when we are taking into account data that we are either having in post variables or are contained in the data base,...
+
|So when we are taking into account data that we are either having in '''POST''' variables or are contained in the database,...
 
|-
 
|-
 
|02:45
 
|02:45
|This value may have been instructed from the data base and data bases can be broken into unfortunately.
+
|this value may have been instructed from the database and databases can be broken into unfortunately.
 
|-
 
|-
 
|02:51
 
|02:51
|Therefore if a data base can be broken into you will want every password belonging to your users to be encrypted,  so that they are much harder to find.
+
|Therefore if a database can be broken into, you will want every password belonging to your users to be encrypted,  so that they are much harder to find.
 
|-
 
|-
 
|03:04
 
|03:04
Line 76: Line 76:
 
|-
 
|-
 
|03:12
 
|03:12
|By converting 'abc' to a MD5 hash you can compare it to a MD5 hash already stored in your data base and if these two hashes match then they'll know that the MD5 hash equals 'abc', as they had already hashed just to start with.
+
|By converting 'abc' to a '''MD5''' hash you can compare it to a MD5 hash already stored in your database and if these two hashes match then they'll know that the MD5 hash equals 'abc', as they had already hashed just to start with.
 
|-
 
|-
 
|03:29
 
|03:29
|Anyway what we'll do is we'll be taking this value here - our user password encrypted - and we'll compare our posted password to our encrypted password.
+
|Anyway, what we'll do is we'll be taking this value here - our 'user password encrypted' - and we'll compare our posted password to our encrypted password.
 
|-
 
|-
 
|03:47
 
|03:47
|Now what we actually need to do is to be able to compare 'user password enc'
+
|Now what we actually need to do is to be able to compare '''$user password enc'''
 
|-
 
|-
 
|03:55
 
|03:55
|This as it stands is encrypted and this posted password as it stands is not encrypted.
+
|This, as it stands, is encrypted and this posted password as it stands is not encrypted.
 
|-
 
|-
 
|04:01
 
|04:01
|So if you take the MD5 hash of the posted password and compare that to the MD5 hash of the stored password, we can let our user know if they've entered the correct or right password.
+
|So, if you take the MD5 hash of the posted password and compare that to the MD5 hash of the stored password, we can let our user know if they've entered the correct or right password.
 
|-
 
|-
 
|04:14
 
|04:14
|So I'll say if the MD5 hash of a posted password is equal to the MD5 hash of the stored password, which is here, this is the variable we're using here, then we can display the correct message or we can display an error message.
+
|So I'll say, if the MD5 hash of a posted password is equal to the MD5 hash of the stored password, which is here, this is the variable we're using here, then we can display the correct message or we can display an error message.
 
|-
 
|-
 
|04:33
 
|04:33
|And if they do match then I'll say clear this script and write 'correct' otherwise I'll just kill the script and say 'incorrect'.
+
|And if they do match then I'll say clear this script and write "Correct" otherwise I'll just kill the script and say "Incorrect".
 
|-
 
|-
 
|04:48
 
|04:48
|At the moment we can't compare these because we haven't posted any variables
+
|At the moment, we can't compare these because we haven't posted any variables.
 
|-
 
|-
 
|04:53
 
|04:53
|Down here I'll create a form.
+
|Down here I'll create a '''form'''.
 
|-
 
|-
 
|04:57
 
|04:57
|Method is also going to be POST because we're using the post method up here
+
|'''Method''' is also going to be '''POST''' because we're using the POST '''method''' up here.
 
|-
 
|-
 
|05:01
 
|05:01
|And the action is going to be my page that is currently on which is 'MD5 dot php'.
+
|And the '''action''' is going to be my page that is currently on which is 'md5 dot php'.
 
|-
 
|-
 
|05:08
 
|05:08
|Next I'll just create two elements of this which is an input text box and I'll give the name of password.
+
|Next I'll just create two elements of this which is an '''input''' '''text box''' and I'll give the '''name''' of 'password'.
 
|-
 
|-
 
|05:14
 
|05:14
|The only reason I'm using this as type text is so you can see the content otherwise you can give it a password to blank out the characters.
+
|The only reason I'm using this as '''type''' 'text' is - you can see the content otherwise you can give it a 'password' to blank out the characters.
 
|-
 
|-
 
|05:22
 
|05:22
|Next, I'll have an input box and this will say, lets just say log in for now because this is a typical use for an MD5 encryption which would be a log-in script.
+
|Next, I'll have an '''input box''' and this will say, let's just say, 'Login' for now because this is a typical use for an MD5 encryption which would be a log-in script.
 
|-
 
|-
 
|05:34
 
|05:34
|When I refresh my page you can see 'incorrect' at the moment.
+
|When I refresh my page you can see '''Incorrect''' at the moment.
 
|-
 
|-
 
|05:38
 
|05:38
|That's because we're not checking for our post variable.
+
|That's because we're not checking for our '''POST''' variable.
 
|-
 
|-
 
|05:41
 
|05:41
|Here i could just say if password exists then we can echo out all this code and we can indent this to make it more readable.   Let me get this back here.
+
|Here I could just say '''if''' 'password' exists then we can '''echo''' out all this '''code''' and we can '''indent''' this to make it more readable. Let me get this back here.
 
|-
 
|-
 
|06:00
 
|06:00
|Okay so if our password has been submitted,which means this form has been submitted with this value then we are saying "Does the MD5 hash of the encrypted password that is the password entered in the form, which is our post variable over here, equal the hash of the password stored?"
+
|Okay, so if our 'password' has been submitted which means this '''form''' has been submitted with this value then we are saying "Does the MD5 hash of the encrypted password that is the password entered in the '''form''' which is our POST variable over here, equal the hash of the password stored"?
 
|-
 
|-
 
|06:18
 
|06:18
|So we're dealing with encrypted data in this if statement here.
+
|So, we're dealing with encrypted data in this '''if''' statement here.
 
|-
 
|-
 
|06:23
 
|06:23
|If it is matching then we can display this otherwise we can display 'incorrect'.  So lets refresh that again.
+
|If it is matching then we can display this, otherwise we can display "Incorrect".  So let's refresh that again.
 
|-
 
|-
 
|06:29
 
|06:29
|Now my password is 'abc' so if I type 'Alex' as my password, you can see we get an 'incorrect' error message.
+
|Now my password is 'abc'. So, if I type 'Alex' as my password, you can see we get an 'Incorrect' '''error''' message.
 
|-
 
|-
 
|06:37
 
|06:37
|If we type 'abc' as our password, which is correct, you can see we get a 'correct' message  
+
|If we type 'abc' as our password, which is correct, you can see we get a "Correct" message.
 
|-
 
|-
 
|06:43
 
|06:43
|Just to give you an idea of the content what I can do here is I can say echo and I can say 'compared' and lets take our user password - in fact, NO - lets take our encrypted password.
+
|Just to give you an idea of the content what I can do here is I can say '''echo''' and I can say "compared" and let's take our '$user password' - in fact, NO - let's take our encrypted password.
 
|-
 
|-
 
|07:07
 
|07:07
|So compare 'user password enc' to - I'll just concatenate on that and the posted password
+
|So compare "$user password enc to" - I'll just concatenate on that and the posted 'password'.
 
|-
 
|-
 
|07:14
 
|07:14
|We want all of it to be encrypted so here I'll type MD5.
+
|We want all of it to be encrypted so here I'll type 'md5'.
 
|-
 
|-
 
|07:20
 
|07:20
|The best way to do this is to create a new variable up here saying, MD5 - cut this - so 'enc' or 'submitted enc' equals that.
+
|The best way to do this is to create a new variable up here saying 'md5' - cut this - so 'enc' or '$submitted enc' equals that.
 
|-
 
|-
 
|07:37
 
|07:37
|Then we can just replace our variables in here so it makes it a bit more....,a bit more fluent.
+
|Then we can just replace our variable in here so it makes it a bit more....,a bit more fluent.
 
|-
 
|-
 
|07:49
 
|07:49
Line 160: Line 160:
 
|-
 
|-
 
|07:56
 
|07:56
|But here when we choose 'abc' and we click log in and we have got an error.
+
|But here when we choose 'abc' and we click '''Login''' and we have got an '''error'''.
 
|-
 
|-
 
|08:01
 
|08:01
|Lets come back and check.....  and it's because we need to put these in curly brackets since we've got two lines of code here.
+
|Let's come back and check.....  and it's because we need to put these in curly brackets since we've got two lines of code here.
 
|-
 
|-
 
|08:16
 
|08:16
|Lets go back, click back, choose 'abc' and we are comparing this here to this here.
+
|Let's go back, click back, choose 'abc' and we are comparing this here, to this here.
 
|-
 
|-
 
|08:26
 
|08:26
|Lets just beak it up here so we can see  whats going on.
+
|Let's just '''break''' it up here, so we can see  what's going on.
 
|-
 
|-
 
|08:34
 
|08:34
|Okay so we've compared this here to this here.
+
|Okay, so we've compared this here to this here.
 
|-
 
|-
 
|08:38
 
|08:38
|You can see they're exactly the same MD5 hash, however this here is the stored password and this is the password that we've submitted.
+
|You can see they're exactly the same MD5 hash. However, this here is the stored password and this is the password that we've submitted.
 
|-
 
|-
 
|08:46
 
|08:46
|So you can see that we're checking our submitted encrypted to our stored encrypted.
+
|So, you can see that we're checking our submitted encrypted to our stored encrypted.
 
|-
 
|-
 
|08:51
 
|08:51
|This has many uses, you can use it in data bases when you are registering a user in a data base, encrypt the password then store it.  
+
|This has many uses, you can use it in databases when you are registering a user in a data base, encrypt the password then store it.  
 
|-
 
|-
 
|08:59
 
|08:59
|If your checking in a log in form for a password, encrypt the password the users entered in the log in form and check that to the encrypted password at the data base.
+
|If you are checking in a '''log-in form''' for a password, encrypt the password the users entered in the '''log-in form''' and check that to the encrypted password at the database.
 
|-
 
|-
 
|09:08
 
|09:08
|So you can see that this has lots if uses and it's really easy to declare.  You just need have an MD5 function here.
+
|So, you can see that this has lots of uses and it's really easy to declare.  You just need have an '''md5()''' function here.
 
|-
 
|-
 
|09:16
 
|09:16
|That's all you really need to know now on MD functions and how to use them and how to apply them to your forms.
+
|That's all you really need to know now on '''MD5''' functions and how to use them and how to apply them to your '''forms'''.
 
|-
 
|-
 
|09:23
 
|09:23
|Okay thanks for watching.
+
|Okay, thanks for watching.
 
|-
 
|-
 
|09:26
 
|09:26
|I have some other security tutorials that are coming up so look out for those.  Bye.  
+
|I have some other security tutorials that are coming up; so look out for those.  Bye.  
 
|-
 
|-
 
|09:29
 
|09:29
|This is Joshua Mathew dubbing for the Spoken Tutorial Project.
+
|This is Joshua Mathew, dubbing for the Spoken Tutorial Project.

Latest revision as of 17:25, 5 June 2015

Time Narration
00:00 Hello. If your concerned about php security, then this tutorial will take you through the MD5 function.
00:09 It's a predefined function that converts a string to a MD5 hash and allows you to secure your data.
00:16 The 'MD5 hash' uses a one way out rhythm so it cannot be decrypted; it can only be encrypted.
00:21 The only way to find out an 'MD5 hash' is to convert a string to an 'MD5 hash' as well and compare it to a string that has already been converted to a hash.
00:31 If you don't know what I mean, I'll be going through it in this tutorial.
00:38 I'll start by predefining a string that's going to be my password.
00:45 I'll call it $user password and that will have the value "abc".
00:55 Next I'll create a new variable called '$user password e n c' which stands for encryption and I'll define my 'MD5' functions which is basically m,d and 5.
01:09 Anything can go in here so you can give anything that you want to encrypt in here.
01:13 But for now I'll encrypt my $user password variable that we defined up here.
01:18 And if we just echo this out, you can see that we get our....,
01:27 value of our 'MD5' encrypted script which is this.
01:32 You can see that it starts with nine hundred and I think there are around 20 common characters here.
01:39 But whatever I change the value to, this is pretty much going to stay the same length.
01:44 The only thing that will change is the content.
01:52 So, we have an encrypted string whereby the hash you see here is equal to 'abc'.
02:00 Now I'll make a program here quickly or a script that's going to take an input from the user and it will check to see if the password is 'abc'.
02:10 Now the way we can do it traditionally is by taking out our encryption.
02:17 We can do a simple check to say if the POST password is equal to our $user password then do something otherwise do something else.
02:29 So, for example, you can have an error saying 'incorrect password' and here you can say 'your password has successfully matched the user password'.
02:38 So when we are taking into account data that we are either having in POST variables or are contained in the database,...
02:45 this value may have been instructed from the database and databases can be broken into unfortunately.
02:51 Therefore if a database can be broken into, you will want every password belonging to your users to be encrypted, so that they are much harder to find.
03:04 Obviously, 'abc' will be an easy one to break into as the turn goes because abc will be a common password.
03:12 By converting 'abc' to a MD5 hash you can compare it to a MD5 hash already stored in your database and if these two hashes match then they'll know that the MD5 hash equals 'abc', as they had already hashed just to start with.
03:29 Anyway, what we'll do is we'll be taking this value here - our 'user password encrypted' - and we'll compare our posted password to our encrypted password.
03:47 Now what we actually need to do is to be able to compare $user password enc
03:55 This, as it stands, is encrypted and this posted password as it stands is not encrypted.
04:01 So, if you take the MD5 hash of the posted password and compare that to the MD5 hash of the stored password, we can let our user know if they've entered the correct or right password.
04:14 So I'll say, if the MD5 hash of a posted password is equal to the MD5 hash of the stored password, which is here, this is the variable we're using here, then we can display the correct message or we can display an error message.
04:33 And if they do match then I'll say clear this script and write "Correct" otherwise I'll just kill the script and say "Incorrect".
04:48 At the moment, we can't compare these because we haven't posted any variables.
04:53 Down here I'll create a form.
04:57 Method is also going to be POST because we're using the POST method up here.
05:01 And the action is going to be my page that is currently on which is 'md5 dot php'.
05:08 Next I'll just create two elements of this which is an input text box and I'll give the name of 'password'.
05:14 The only reason I'm using this as type 'text' is - you can see the content otherwise you can give it a 'password' to blank out the characters.
05:22 Next, I'll have an input box and this will say, let's just say, 'Login' for now because this is a typical use for an MD5 encryption which would be a log-in script.
05:34 When I refresh my page you can see Incorrect at the moment.
05:38 That's because we're not checking for our POST variable.
05:41 Here I could just say if 'password' exists then we can echo out all this code and we can indent this to make it more readable. Let me get this back here.
06:00 Okay, so if our 'password' has been submitted which means this form has been submitted with this value then we are saying "Does the MD5 hash of the encrypted password that is the password entered in the form which is our POST variable over here, equal the hash of the password stored"?
06:18 So, we're dealing with encrypted data in this if statement here.
06:23 If it is matching then we can display this, otherwise we can display "Incorrect". So let's refresh that again.
06:29 Now my password is 'abc'. So, if I type 'Alex' as my password, you can see we get an 'Incorrect' error message.
06:37 If we type 'abc' as our password, which is correct, you can see we get a "Correct" message.
06:43 Just to give you an idea of the content what I can do here is I can say echo and I can say "compared" and let's take our '$user password' - in fact, NO - let's take our encrypted password.
07:07 So compare "$user password enc to" - I'll just concatenate on that and the posted 'password'.
07:14 We want all of it to be encrypted so here I'll type 'md5'.
07:20 The best way to do this is to create a new variable up here saying 'md5' - cut this - so 'enc' or '$submitted enc' equals that.
07:37 Then we can just replace our variable in here so it makes it a bit more....,a bit more fluent.
07:49 It doesn't make it work any better or any less.
07:56 But here when we choose 'abc' and we click Login and we have got an error.
08:01 Let's come back and check..... and it's because we need to put these in curly brackets since we've got two lines of code here.
08:16 Let's go back, click back, choose 'abc' and we are comparing this here, to this here.
08:26 Let's just break it up here, so we can see what's going on.
08:34 Okay, so we've compared this here to this here.
08:38 You can see they're exactly the same MD5 hash. However, this here is the stored password and this is the password that we've submitted.
08:46 So, you can see that we're checking our submitted encrypted to our stored encrypted.
08:51 This has many uses, you can use it in databases when you are registering a user in a data base, encrypt the password then store it.
08:59 If you are checking in a log-in form for a password, encrypt the password the users entered in the log-in form and check that to the encrypted password at the database.
09:08 So, you can see that this has lots of uses and it's really easy to declare. You just need have an md5() function here.
09:16 That's all you really need to know now on MD5 functions and how to use them and how to apply them to your forms.
09:23 Okay, thanks for watching.
09:26 I have some other security tutorials that are coming up; so look out for those. Bye.
09:29 This is Joshua Mathew, dubbing for the Spoken Tutorial Project.

Contributors and Content Editors

Gyan, Pratik kamble, Sandhya.np14