Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll

Preview

Start a free Courses trial
to watch this video

Sign up for Treehouse

Introducing the Practice

2:24 with Alena Holligan

This video introduces the challenge that you'll be working to complete.

Courses

Introduction to Application Security

PHP User Authentication: Securing Passwords

Resources

password_hash — Creates a new password hash using a strong one-way hashing algorithm.

password_verify — Verifies that the given hash matches the given password.

For Step 5 bonus, you could also setup the password hash to be part of the saveUser function. Either way, you need to make sure you're passing the correct information and actually hashing the password before saving it to the database.

[MUSIC] 0:00
Hey everyone, Alena here. 0:03
Practice is vital to becoming a proficient developer. 0:06
It solidifies what you've learned, causing it to stick in your memory. 0:10
With deliberate practice it becomes quicker and 0:14
easier to solve the challenges you'll face every day. 0:18
This session covers hashing passwords with bcrypt. 0:22
This practice session is intended to follow the Introduction 0:26
to Application Security course. 0:30
If you haven't taken that course already, make sure you jump over and 0:33
review that course. 0:37
There's a link in the Teacher's notes attached to this video, 0:38
as well as additional resources. 0:42
Step one, compare the string password with the password from the database. 0:44
I've included a database, the connection, and even grabbed the password for you. 0:51
All you need to do is compare the variable, 0:56
$dbPassword, with the string, password. 0:58
Take note that these should not match. 1:02
Step two, hash the string password with the bcrypt algorithm. 1:06
PHP includes built-in functionality for you to work with hashed passwords. 1:13
I've included links to the documentation for the functions you'll be using. 1:18
Step three, compare the hashed password with the password from the database. 1:23
Take note again that these again should not pass, 1:29
even though they are both the same password and they have both been hashed. 1:34
Step four, use the built-in function to verify the string 1:39
password matches the password from the database. 1:43
Step five, this is a bonus. 1:48
Use the saveUser function that I've included and 1:51
add a new user to the database. 1:55
Remember to always store the hashed password. 1:57
It's okay to make multiple attempts before coming to a solution. 2:02
That struggle to remember what you've learned and 2:06
apply it to the situation is what causes the knowledge to take root. 2:08
If you do get stuck, 2:13
I've included additional resources in the notes associated with this video. 2:14
Go ahead and give it a try, and I'll show you my solution in the next video. 2:19

You need to sign up for Treehouse in order to download course files.

Sign up