Scribd
Upload
69 views6 pages

PHP Security and Session Guide

This document discusses three topics related to PHP development: including files, secure password storage, and state management with sessions. It explains that PHP can include external files using functions like include and require. It emphasizes the importance of securely storing passwords using the Password Hashing API rather than outdated hashing mechanisms. It also outlines how sessions allow data to be stored on the server across requests by using cookies to identify users.

Uploaded by

Neven Vuckovic
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
69 views6 pages

PHP Security and Session Guide

This document discusses three topics related to PHP development: including files, secure password storage, and state management with sessions. It explains that PHP can include external files using functions like include and require. It emphasizes the importance of securely storing passwords using the Password Hashing API rather than outdated hashing mechanisms. It also outlines how sessions allow data to be stored on the server across requests by using cookies to identify users.

Uploaded by

Neven Vuckovic
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Conclusion

Christian Wenz
@chwenz
Agenda

 Including Files

 Secure Password Storage

 State Management with Sessions


Include Files

 PHP can include external PHP files


 include
 include_once
 require
 require_once

 To include HTML files, use readfile()


Secure Password Storage

 Do not store unencrypted passwords!

 Do not use outdated hashing mechanisms like MD5 or SHA1!

 PHP 5.5 offers the Password Hashing API

// hash a password
$p = password_hash('t0ps€cr3t', PASSWORD_DEFAULT);

/* $p ===
'$2y$10$O4crd4crz/jMbL6ByC2YhOxDHXACtXwr/cei.1tr.j
hWHTuCqn322‚ */

// verify a password
$ok = password_verify('t0ps€cr3t', $p);
State Management

 Mechanism to store data across requests

 Uses cookies with a unique ID to identify/remember users

// start session support

session_start();

// write to session

$_SESSION['key'] = 'value';
Summary

 PHP can include PHP and HTML files (and other formats, too)

 The Password Hashing API makes storing one-way encrypted


passwords easy

 Sessions are used to store data on the server between requests

 Happy PHP’ing!

You might also like