Geschafft!

Hinweis

Fehler

Session expiration Your session is going to expireClick here to extend

Budget:

Kleines Projekt <800

Geposted am

19.02.19 15:13

Die Angebotsphase ist beendet

Schreiben Sie ein ähnliches Projekt aus und erhalten Sie Angebote von Freelancern. Unverbindlich. Kostenlos. Schnell.

Jetzt ähnliches Projekt einstellen

Beschreibung:

What we already have:

+ Landing pages in html & php for the website ready

+ Designs ready

+ Hosting ready

+ HTaccess + Admin Access


What we need:

+ Help to create a MySQL Database for our login tool with users informations


+ Help to create the code parts in MySQL and PHP to:

a) store

b) verify datas when user click on login button created on our /login.php, /register.php / pages before to give access to the member zone


+ sha256 hashing method instead of md5.php to create and store username and password in our database


+ high-quality and future proof password hashing subsystem based on a reliable random salt and multiple rounds of Rijndael / AES encryption


+ rehash passwords to make them harder to crack


+ Admin Panel for managing the members on 5 various membership levels


+ Collaboration for integration and testing of the login section


+ Creation of a template for navigation.php for the member section of our website

The hashing section should look something like this:


When a user first provides a password you can hash it like this:


 $pass = 'whatever the user typed in';

 $hashed_password = password_hash( "secret pass phrase", PASSWORD_DEFAULT );

Then, store $hashed_password in a varchar(255) column in MySQL. Later, when the user wants to log in, you can retrieve the hashed password from MySQL and compare it to the password the user offered to log in.


 $pass = 'whatever the user typed in';

 $hashed_password = 'what you retrieved from MySQL for this user';

 if ( password_verify ( $pass , $hashed_password )) {

    /* future proof the password */

    if ( password_needs_rehash($hashed_password , PASSWORD_DEFAULT)) {

       /* recreate the hash */

       $rehashed_password = password_hash($pass, PASSWORD_DEFAULT );

       /* store the rehashed password in MySQL */

     }

     /* password verified, let the user in */

 }

 else {

     /* password not verified, tell the intruder to get lost */

 }

How does this future-proofing work? Future releases of PHP will adapt to match faster and easier to crack encryption. If it's necessary to rehash passwords to make them harder to crack, the future implementation of the password_needs_rehash() function will detect that.


Source of information:

https://stackoverflow.com/questions/6781931/how-do-i-create-and-store-md5-passwords-in-mysql