Difference between revisions of "PHP-and-MySQL/C4/MD5-Encryption/English-timed"
From Script | Spoken-Tutorial
(Created page with '{|Border=1 !Time !Narration |- |0:00 |Hello. If your concerned about php security, then this tutorial will take you through the MD5 function. |- |0:09 |Its a predefined function…') |
Sandhya.np14 (Talk | contribs) |
||
(4 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
{|Border=1 | {|Border=1 | ||
− | + | |'''Time''' | |
− | + | |'''Narration''' | |
|- | |- | ||
− | | | + | |00:00 |
− | |Hello. If your concerned about php security, then this tutorial will take you through the MD5 function. | + | |Hello. If your concerned about php security, then this tutorial will take you through the '''MD5 function'''. |
|- | |- | ||
− | | | + | |00:09 |
− | | | + | |It's a predefined function that converts a '''string''' to a '''MD5 hash''' and allows you to secure your data. |
|- | |- | ||
− | | | + | |00:16 |
− | |The MD5 hash uses a one way out rhythm so it cannot be decrypted | + | |The 'MD5 hash' uses a one way out rhythm so it cannot be decrypted; it can only be encrypted. |
|- | |- | ||
− | | | + | |00:21 |
− | |The only way to find out an MD5 hash is to convert a string to an MD5 hash as well and compare it to a string that has already been converted to a hash. | + | |The only way to find out an 'MD5 hash' is to convert a '''string''' to an 'MD5 hash' as well and compare it to a string that has already been converted to a hash. |
|- | |- | ||
− | | | + | |00:31 |
− | |If you don't know what | + | |If you don't know what I mean, I'll be going through it in this tutorial. |
|- | |- | ||
− | | | + | |00:38 |
− | |I'll start by predefining a string that's going to be my password. | + | |I'll start by predefining a '''string''' that's going to be my password. |
|- | |- | ||
− | | | + | |00:45 |
− | |I'll call it 'user password' and that will have the value | + | |I'll call it '''$user password''' and that will have the value "abc". |
|- | |- | ||
− | | | + | |00:55 |
− | |Next I'll create a new variable called 'user password e n c' which stands for encryption and I'll define my MD5 functions | + | |Next I'll create a new variable called '$user password e n c' which stands for encryption and I'll define my 'MD5' functions which is basically m,d and 5. |
|- | |- | ||
− | | | + | |01:09 |
− | |Anything can go in here so you can give anything that you want to encrypt in here | + | |Anything can go in here so you can give anything that you want to encrypt in here. |
|- | |- | ||
− | | | + | |01:13 |
− | |But for now I'll encrypt my user password variable that we defined up here. | + | |But for now I'll encrypt my '''$user password''' variable that we defined up here. |
|- | |- | ||
− | | | + | |01:18 |
− | |And if we just echo this out, you can see that we get our...., | + | |And if we just '''echo''' this out, you can see that we get our...., |
|- | |- | ||
− | | | + | |01:27 |
− | | | + | | value of our 'MD5' encrypted script which is this. |
|- | |- | ||
− | | | + | |01:32 |
− | |You can see that it starts with nine hundred and I think there are around 20 common characters here | + | |You can see that it starts with nine hundred and I think there are around 20 common characters here. |
|- | |- | ||
− | | | + | |01:39 |
|But whatever I change the value to, this is pretty much going to stay the same length. | |But whatever I change the value to, this is pretty much going to stay the same length. | ||
|- | |- | ||
− | | | + | |01:44 |
|The only thing that will change is the content. | |The only thing that will change is the content. | ||
|- | |- | ||
− | | | + | |01:52 |
− | |So we have an encrypted string whereby the hash you see here is equal to 'abc'. | + | |So, we have an encrypted '''string''' whereby the hash you see here is equal to 'abc'. |
|- | |- | ||
− | | | + | |02:00 |
|Now I'll make a program here quickly or a script that's going to take an input from the user and it will check to see if the password is 'abc'. | |Now I'll make a program here quickly or a script that's going to take an input from the user and it will check to see if the password is 'abc'. | ||
|- | |- | ||
− | | | + | |02:10 |
|Now the way we can do it traditionally is by taking out our encryption. | |Now the way we can do it traditionally is by taking out our encryption. | ||
|- | |- | ||
− | | | + | |02:17 |
− | |We can do a simple check to say if the | + | |We can do a simple check to say if the '''POST''' password is equal to our '''$user password''' then do something otherwise do something else. |
|- | |- | ||
− | | | + | |02:29 |
− | |So for example you can have an error saying 'incorrect password' and here you can say 'your password has successfully matched the user password'. | + | |So, for example, you can have an '''error''' saying 'incorrect password' and here you can say 'your password has successfully matched the user password'. |
|- | |- | ||
− | | | + | |02:38 |
− | | | + | |So when we are taking into account data that we are either having in '''POST''' variables or are contained in the database,... |
|- | |- | ||
− | | | + | |02:45 |
− | | | + | |this value may have been instructed from the database and databases can be broken into unfortunately. |
|- | |- | ||
− | | | + | |02:51 |
− | |Therefore if a | + | |Therefore if a database can be broken into, you will want every password belonging to your users to be encrypted, so that they are much harder to find. |
|- | |- | ||
− | | | + | |03:04 |
|Obviously, 'abc' will be an easy one to break into as the turn goes because abc will be a common password. | |Obviously, 'abc' will be an easy one to break into as the turn goes because abc will be a common password. | ||
|- | |- | ||
− | | | + | |03:12 |
− | |By converting 'abc' to a MD5 hash you can compare it to a MD5 hash already stored in your | + | |By converting 'abc' to a '''MD5''' hash you can compare it to a MD5 hash already stored in your database and if these two hashes match then they'll know that the MD5 hash equals 'abc', as they had already hashed just to start with. |
|- | |- | ||
− | | | + | |03:29 |
− | |Anyway what we'll do is we'll be taking this value here - our user password encrypted - and we'll compare our posted password to our encrypted password. | + | |Anyway, what we'll do is we'll be taking this value here - our 'user password encrypted' - and we'll compare our posted password to our encrypted password. |
|- | |- | ||
− | | | + | |03:47 |
− | |Now what we actually need to do is to be able to compare 'user password enc' | + | |Now what we actually need to do is to be able to compare '''$user password enc''' |
|- | |- | ||
− | | | + | |03:55 |
− | |This as it stands is encrypted and this posted password as it stands is not encrypted. | + | |This, as it stands, is encrypted and this posted password as it stands is not encrypted. |
|- | |- | ||
− | | | + | |04:01 |
− | |So if you take the MD5 hash of the posted password and compare that to the MD5 hash of the stored password, we can let our user know if they've entered the correct or right password. | + | |So, if you take the MD5 hash of the posted password and compare that to the MD5 hash of the stored password, we can let our user know if they've entered the correct or right password. |
|- | |- | ||
− | | | + | |04:14 |
− | |So I'll say if the MD5 hash of a posted password is equal to the MD5 hash of the stored password, which is here, this is the variable we're using here, then we can display the correct message or we can display an error message. | + | |So I'll say, if the MD5 hash of a posted password is equal to the MD5 hash of the stored password, which is here, this is the variable we're using here, then we can display the correct message or we can display an error message. |
|- | |- | ||
− | | | + | |04:33 |
− | |And if they do match then I'll say clear this script and write | + | |And if they do match then I'll say clear this script and write "Correct" otherwise I'll just kill the script and say "Incorrect". |
|- | |- | ||
− | | | + | |04:48 |
− | |At the moment we can't compare these because we haven't posted any variables | + | |At the moment, we can't compare these because we haven't posted any variables. |
|- | |- | ||
− | | | + | |04:53 |
− | |Down here I'll create a form. | + | |Down here I'll create a '''form'''. |
|- | |- | ||
− | | | + | |04:57 |
− | |Method is also going to be POST because we're using the | + | |'''Method''' is also going to be '''POST''' because we're using the POST '''method''' up here. |
|- | |- | ||
− | | | + | |05:01 |
− | |And the action is going to be my page that is currently on which is ' | + | |And the '''action''' is going to be my page that is currently on which is 'md5 dot php'. |
|- | |- | ||
− | | | + | |05:08 |
− | |Next I'll just create two elements of this which is an input text box and I'll give the name of password. | + | |Next I'll just create two elements of this which is an '''input''' '''text box''' and I'll give the '''name''' of 'password'. |
|- | |- | ||
− | | | + | |05:14 |
− | |The only reason I'm using this as type text is | + | |The only reason I'm using this as '''type''' 'text' is - you can see the content otherwise you can give it a 'password' to blank out the characters. |
|- | |- | ||
− | | | + | |05:22 |
− | |Next, I'll have an input box and this will say, | + | |Next, I'll have an '''input box''' and this will say, let's just say, 'Login' for now because this is a typical use for an MD5 encryption which would be a log-in script. |
|- | |- | ||
− | | | + | |05:34 |
− | |When I refresh my page you can see ' | + | |When I refresh my page you can see '''Incorrect''' at the moment. |
|- | |- | ||
− | | | + | |05:38 |
− | |That's because we're not checking for our | + | |That's because we're not checking for our '''POST''' variable. |
|- | |- | ||
− | | | + | |05:41 |
− | |Here | + | |Here I could just say '''if''' 'password' exists then we can '''echo''' out all this '''code''' and we can '''indent''' this to make it more readable. Let me get this back here. |
|- | |- | ||
− | | | + | |06:00 |
− | |Okay so if our password has been submitted | + | |Okay, so if our 'password' has been submitted which means this '''form''' has been submitted with this value then we are saying "Does the MD5 hash of the encrypted password that is the password entered in the '''form''' which is our POST variable over here, equal the hash of the password stored"? |
|- | |- | ||
− | | | + | |06:18 |
− | |So we're dealing with encrypted data in this if statement here. | + | |So, we're dealing with encrypted data in this '''if''' statement here. |
|- | |- | ||
− | | | + | |06:23 |
− | |If it is matching then we can display this otherwise we can display | + | |If it is matching then we can display this, otherwise we can display "Incorrect". So let's refresh that again. |
|- | |- | ||
− | | | + | |06:29 |
− | |Now my password is 'abc' | + | |Now my password is 'abc'. So, if I type 'Alex' as my password, you can see we get an 'Incorrect' '''error''' message. |
|- | |- | ||
− | | | + | |06:37 |
− | |If we type 'abc' as our password, which is correct, you can see we get a | + | |If we type 'abc' as our password, which is correct, you can see we get a "Correct" message. |
|- | |- | ||
− | | | + | |06:43 |
− | |Just to give you an idea of the content what I can do here is I can say echo and I can say | + | |Just to give you an idea of the content what I can do here is I can say '''echo''' and I can say "compared" and let's take our '$user password' - in fact, NO - let's take our encrypted password. |
|- | |- | ||
− | | | + | |07:07 |
− | |So compare | + | |So compare "$user password enc to" - I'll just concatenate on that and the posted 'password'. |
|- | |- | ||
− | | | + | |07:14 |
− | |We want all of it to be encrypted so here I'll type | + | |We want all of it to be encrypted so here I'll type 'md5'. |
|- | |- | ||
− | | | + | |07:20 |
− | |The best way to do this is to create a new variable up here saying | + | |The best way to do this is to create a new variable up here saying 'md5' - cut this - so 'enc' or '$submitted enc' equals that. |
|- | |- | ||
− | | | + | |07:37 |
− | |Then we can just replace our | + | |Then we can just replace our variable in here so it makes it a bit more....,a bit more fluent. |
|- | |- | ||
− | | | + | |07:49 |
|It doesn't make it work any better or any less. | |It doesn't make it work any better or any less. | ||
|- | |- | ||
− | | | + | |07:56 |
− | |But here when we choose 'abc' and we click | + | |But here when we choose 'abc' and we click '''Login''' and we have got an '''error'''. |
|- | |- | ||
− | | | + | |08:01 |
− | | | + | |Let's come back and check..... and it's because we need to put these in curly brackets since we've got two lines of code here. |
|- | |- | ||
− | | | + | |08:16 |
− | | | + | |Let's go back, click back, choose 'abc' and we are comparing this here, to this here. |
|- | |- | ||
− | | | + | |08:26 |
− | | | + | |Let's just '''break''' it up here, so we can see what's going on. |
|- | |- | ||
− | | | + | |08:34 |
− | |Okay so we've compared this here to this here. | + | |Okay, so we've compared this here to this here. |
|- | |- | ||
− | | | + | |08:38 |
− | |You can see they're exactly the same MD5 hash, | + | |You can see they're exactly the same MD5 hash. However, this here is the stored password and this is the password that we've submitted. |
|- | |- | ||
− | | | + | |08:46 |
− | |So you can see that we're checking our submitted encrypted to our stored encrypted. | + | |So, you can see that we're checking our submitted encrypted to our stored encrypted. |
|- | |- | ||
− | | | + | |08:51 |
− | |This has many uses, you can use it in | + | |This has many uses, you can use it in databases when you are registering a user in a data base, encrypt the password then store it. |
|- | |- | ||
− | | | + | |08:59 |
− | |If | + | |If you are checking in a '''log-in form''' for a password, encrypt the password the users entered in the '''log-in form''' and check that to the encrypted password at the database. |
|- | |- | ||
− | | | + | |09:08 |
− | |So you can see that this has lots | + | |So, you can see that this has lots of uses and it's really easy to declare. You just need have an '''md5()''' function here. |
|- | |- | ||
− | | | + | |09:16 |
− | |That's all you really need to know now on | + | |That's all you really need to know now on '''MD5''' functions and how to use them and how to apply them to your '''forms'''. |
|- | |- | ||
− | | | + | |09:23 |
− | |Okay thanks for watching. | + | |Okay, thanks for watching. |
|- | |- | ||
− | | | + | |09:26 |
− | |I have some other security tutorials that are coming up so look out for those. Bye. | + | |I have some other security tutorials that are coming up; so look out for those. Bye. |
|- | |- | ||
− | | | + | |09:29 |
− | |This is Joshua Mathew dubbing for the Spoken Tutorial Project. | + | |This is Joshua Mathew, dubbing for the Spoken Tutorial Project. |
Latest revision as of 17:25, 5 June 2015
Time | Narration |
00:00 | Hello. If your concerned about php security, then this tutorial will take you through the MD5 function. |
00:09 | It's a predefined function that converts a string to a MD5 hash and allows you to secure your data. |
00:16 | The 'MD5 hash' uses a one way out rhythm so it cannot be decrypted; it can only be encrypted. |
00:21 | The only way to find out an 'MD5 hash' is to convert a string to an 'MD5 hash' as well and compare it to a string that has already been converted to a hash. |
00:31 | If you don't know what I mean, I'll be going through it in this tutorial. |
00:38 | I'll start by predefining a string that's going to be my password. |
00:45 | I'll call it $user password and that will have the value "abc". |
00:55 | Next I'll create a new variable called '$user password e n c' which stands for encryption and I'll define my 'MD5' functions which is basically m,d and 5. |
01:09 | Anything can go in here so you can give anything that you want to encrypt in here. |
01:13 | But for now I'll encrypt my $user password variable that we defined up here. |
01:18 | And if we just echo this out, you can see that we get our...., |
01:27 | value of our 'MD5' encrypted script which is this. |
01:32 | You can see that it starts with nine hundred and I think there are around 20 common characters here. |
01:39 | But whatever I change the value to, this is pretty much going to stay the same length. |
01:44 | The only thing that will change is the content. |
01:52 | So, we have an encrypted string whereby the hash you see here is equal to 'abc'. |
02:00 | Now I'll make a program here quickly or a script that's going to take an input from the user and it will check to see if the password is 'abc'. |
02:10 | Now the way we can do it traditionally is by taking out our encryption. |
02:17 | We can do a simple check to say if the POST password is equal to our $user password then do something otherwise do something else. |
02:29 | So, for example, you can have an error saying 'incorrect password' and here you can say 'your password has successfully matched the user password'. |
02:38 | So when we are taking into account data that we are either having in POST variables or are contained in the database,... |
02:45 | this value may have been instructed from the database and databases can be broken into unfortunately. |
02:51 | Therefore if a database can be broken into, you will want every password belonging to your users to be encrypted, so that they are much harder to find. |
03:04 | Obviously, 'abc' will be an easy one to break into as the turn goes because abc will be a common password. |
03:12 | By converting 'abc' to a MD5 hash you can compare it to a MD5 hash already stored in your database and if these two hashes match then they'll know that the MD5 hash equals 'abc', as they had already hashed just to start with. |
03:29 | Anyway, what we'll do is we'll be taking this value here - our 'user password encrypted' - and we'll compare our posted password to our encrypted password. |
03:47 | Now what we actually need to do is to be able to compare $user password enc |
03:55 | This, as it stands, is encrypted and this posted password as it stands is not encrypted. |
04:01 | So, if you take the MD5 hash of the posted password and compare that to the MD5 hash of the stored password, we can let our user know if they've entered the correct or right password. |
04:14 | So I'll say, if the MD5 hash of a posted password is equal to the MD5 hash of the stored password, which is here, this is the variable we're using here, then we can display the correct message or we can display an error message. |
04:33 | And if they do match then I'll say clear this script and write "Correct" otherwise I'll just kill the script and say "Incorrect". |
04:48 | At the moment, we can't compare these because we haven't posted any variables. |
04:53 | Down here I'll create a form. |
04:57 | Method is also going to be POST because we're using the POST method up here. |
05:01 | And the action is going to be my page that is currently on which is 'md5 dot php'. |
05:08 | Next I'll just create two elements of this which is an input text box and I'll give the name of 'password'. |
05:14 | The only reason I'm using this as type 'text' is - you can see the content otherwise you can give it a 'password' to blank out the characters. |
05:22 | Next, I'll have an input box and this will say, let's just say, 'Login' for now because this is a typical use for an MD5 encryption which would be a log-in script. |
05:34 | When I refresh my page you can see Incorrect at the moment. |
05:38 | That's because we're not checking for our POST variable. |
05:41 | Here I could just say if 'password' exists then we can echo out all this code and we can indent this to make it more readable. Let me get this back here. |
06:00 | Okay, so if our 'password' has been submitted which means this form has been submitted with this value then we are saying "Does the MD5 hash of the encrypted password that is the password entered in the form which is our POST variable over here, equal the hash of the password stored"? |
06:18 | So, we're dealing with encrypted data in this if statement here. |
06:23 | If it is matching then we can display this, otherwise we can display "Incorrect". So let's refresh that again. |
06:29 | Now my password is 'abc'. So, if I type 'Alex' as my password, you can see we get an 'Incorrect' error message. |
06:37 | If we type 'abc' as our password, which is correct, you can see we get a "Correct" message. |
06:43 | Just to give you an idea of the content what I can do here is I can say echo and I can say "compared" and let's take our '$user password' - in fact, NO - let's take our encrypted password. |
07:07 | So compare "$user password enc to" - I'll just concatenate on that and the posted 'password'. |
07:14 | We want all of it to be encrypted so here I'll type 'md5'. |
07:20 | The best way to do this is to create a new variable up here saying 'md5' - cut this - so 'enc' or '$submitted enc' equals that. |
07:37 | Then we can just replace our variable in here so it makes it a bit more....,a bit more fluent. |
07:49 | It doesn't make it work any better or any less. |
07:56 | But here when we choose 'abc' and we click Login and we have got an error. |
08:01 | Let's come back and check..... and it's because we need to put these in curly brackets since we've got two lines of code here. |
08:16 | Let's go back, click back, choose 'abc' and we are comparing this here, to this here. |
08:26 | Let's just break it up here, so we can see what's going on. |
08:34 | Okay, so we've compared this here to this here. |
08:38 | You can see they're exactly the same MD5 hash. However, this here is the stored password and this is the password that we've submitted. |
08:46 | So, you can see that we're checking our submitted encrypted to our stored encrypted. |
08:51 | This has many uses, you can use it in databases when you are registering a user in a data base, encrypt the password then store it. |
08:59 | If you are checking in a log-in form for a password, encrypt the password the users entered in the log-in form and check that to the encrypted password at the database. |
09:08 | So, you can see that this has lots of uses and it's really easy to declare. You just need have an md5() function here. |
09:16 | That's all you really need to know now on MD5 functions and how to use them and how to apply them to your forms. |
09:23 | Okay, thanks for watching. |
09:26 | I have some other security tutorials that are coming up; so look out for those. Bye. |
09:29 | This is Joshua Mathew, dubbing for the Spoken Tutorial Project. |