How secure? PHP, probably not

Question

HI,
I was wondering about this (https://teamtreehouse.com/forum/php-authentication-problem) code here, to use for my website.
I know, its probably not really secure, or probably not at all.
I would probably look for better hash system then md5 . I would read a lot of blogs , and i probably would look in treehouse as well .
So, could i use thath code in my webiste if i upgrade the security? .
First of all i would do a test site, like treehouse site . Users, profiles, categories, news feeds ( forum)  . And then if it goes well, clean,i would upgrade it and use it as production site? i wont have any credit cards info etc.. in the first few months, but later one, i would liek to implement a paying option as well plus location as the site will be about something to do with location, paying etc..but ofc, i want it to be secure, so no one can , get in , meaning it needs to be secure as thats the first step i believe to making a good business or even anything. Safety first : p

Michalis Efstathiou · Answer

i think md5 is not very secure, i think php now uses bcrypt so you can do something like]
$password = bcrypt($_POST['password']);
you can do the treehouse build a simple php site, that shows you how to accept payment through credit car using paypal. if you want a more serious system you can check the workshop on using the stripe api 
in general, building such a complex site like treehouse from scratch will drive you mad, look into using a framework like laravel, it provides you with all the scaffolding for your website, plus a registration, log in system out of the box, and a nice interface to your database
if you do decide to use laravel, be sure to check out laracasts

Welcome to the Treehouse Community

Looking to learn something new?

Konrad Pilch

Konrad Pilch

How secure? PHP, probably not

1 Answer

Michalis Efstathiou

Michalis Efstathiou