1 00:00:00,000 --> 00:00:03,982 [MUSIC] 2 00:00:03,982 --> 00:00:06,960 Hey everyone, Alena here. 3 00:00:06,960 --> 00:00:10,360 Practice is vital to becoming a proficient developer. 4 00:00:10,360 --> 00:00:14,990 It solidifies what you've learned, causing it to stick in your memory. 5 00:00:14,990 --> 00:00:18,180 With deliberate practice it becomes quicker and 6 00:00:18,180 --> 00:00:21,457 easier to solve the challenges you'll face every day. 7 00:00:22,570 --> 00:00:26,480 This session covers hashing passwords with bcrypt. 8 00:00:26,480 --> 00:00:30,390 This practice session is intended to follow the Introduction 9 00:00:30,390 --> 00:00:33,080 to Application Security course. 10 00:00:33,080 --> 00:00:37,050 If you haven't taken that course already, make sure you jump over and 11 00:00:37,050 --> 00:00:38,900 review that course. 12 00:00:38,900 --> 00:00:42,503 There's a link in the Teacher's notes attached to this video, 13 00:00:42,503 --> 00:00:44,450 as well as additional resources. 14 00:00:44,450 --> 00:00:50,260 Step one, compare the string password with the password from the database. 15 00:00:51,310 --> 00:00:56,390 I've included a database, the connection, and even grabbed the password for you. 16 00:00:56,390 --> 00:00:58,535 All you need to do is compare the variable, 17 00:00:58,535 --> 00:01:02,630 $dbPassword, with the string, password. 18 00:01:02,630 --> 00:01:06,830 Take note that these should not match. 19 00:01:06,830 --> 00:01:13,100 Step two, hash the string password with the bcrypt algorithm. 20 00:01:13,100 --> 00:01:18,600 PHP includes built-in functionality for you to work with hashed passwords. 21 00:01:18,600 --> 00:01:23,250 I've included links to the documentation for the functions you'll be using. 22 00:01:23,250 --> 00:01:29,080 Step three, compare the hashed password with the password from the database. 23 00:01:29,080 --> 00:01:34,350 Take note again that these again should not pass, 24 00:01:34,350 --> 00:01:39,340 even though they are both the same password and they have both been hashed. 25 00:01:39,340 --> 00:01:43,979 Step four, use the built-in function to verify the string 26 00:01:43,979 --> 00:01:48,740 password matches the password from the database. 27 00:01:48,740 --> 00:01:51,748 Step five, this is a bonus. 28 00:01:51,748 --> 00:01:55,400 Use the saveUser function that I've included and 29 00:01:55,400 --> 00:01:57,760 add a new user to the database. 30 00:01:57,760 --> 00:02:02,150 Remember to always store the hashed password. 31 00:02:02,150 --> 00:02:06,030 It's okay to make multiple attempts before coming to a solution. 32 00:02:06,030 --> 00:02:08,470 That struggle to remember what you've learned and 33 00:02:08,470 --> 00:02:13,170 apply it to the situation is what causes the knowledge to take root. 34 00:02:13,170 --> 00:02:14,195 If you do get stuck, 35 00:02:14,195 --> 00:02:19,240 I've included additional resources in the notes associated with this video. 36 00:02:19,240 --> 00:02:23,430 Go ahead and give it a try, and I'll show you my solution in the next video.