The Blog of a Programmer
Development
MD5 with Dynamic Salt Class
Sep 25th
Remember my post about MD5 Hashing and Salt? Well I’ve taken some time to develop a PHP class which helps very easily implement dynamic salt when using MD5. This class can be easily expanded or modified to use a different hash function. Take a look at it and let me know if it becomes useful to anyone!
You can download the PasswordWithSalt.class.php file here. Also I setup a VERY simple demo of how this works. I’m still working on developing this but comments and advice will definately be useful here.
The following is the rough text and instructions I’ve written for my “readme.txt” file.
The only thing you need to do in order to properly configure this class is set the location you want to store your salts at. For example in the class set $storageLocation = “/home/user/salts/”; and give permissions for your server to write to that folder (777 will work). I recommend the folder to be one outside your normal webroot.
The following demonstrates how to store salt for your user, then generate the hash using those salts. Don’t forget to store the final hash so you can compare against it later!
<?php
require(“PasswordWithSalt.class.php”);//Init the class
$SaltPlease = new PasswordWithSalt();//Store generated salts for user “admin”
$SaltPlease->storeSalt(“admin”);//Get hash for user admin, password is “password”
$hash = $SaltPlease->createHash(“admin”, “password”);
?>
The following demonstrates how to duplicate the hash for a user who already has salt. $dbhash should be filled with the hash you have stored before.
<?php
require(“PasswordWithSalt.class.php”);//Init the class
$SaltPlease = new PasswordWithSalt();//Get hash for user admin, password is “password”
$hash = $SaltPlease->createHash(“admin”, “password”);//Check to see if the generated hash match.
if($dbhash == $hash) {
echo “Password Hashes Match.”;
} else {
echo “Password Hashes DO NOT Match”;
}
?>
MD5 Hashing and Salt
Sep 13th
I just read a great post by Marcel Oelke who runs http://md5.rednoize.com/. He’s got a great way to access his webservice and then check if a user’s password is insecure. Even if you are using MD5 before storing the password, I certianly hope people aren’t storing passwords in cleartext, it may not be secure. More >
Image Resizing Using PHP and the GD library
Nov 26th
I’m developing a new system core, can’t really say what it’s about but I’m having some fun doing it. Coding it is interesting, I’m getting to pull out and update some of my php code. Below is some code for image resizing, I use config files to set some default information like directories to save to and max width/height requirements. Also the entire system uses language files so I don’t output the text directly either, except for what I’m going to remove which is the uploaded file information.
Resize JPG images using the GD library and PHP.
function get_image_information($key) {
global $thumbnail_dest, $image_dest, $thumb_max_height, $thumb_max_width, $image_max_height, $image_max_width;
$filename = $_FILES[$key]["name"];
$file_type = $_FILES[$key]["type"];
$file_tmpname = $_FILES[$key]["tmp_name"];
$file_error = $_FILES[$key]["error"];
$file_size = $_FILES[$key]["size"];if($file_error == 0 && $file_size > 0) {
if($file_type == “image/pjpeg” $file_type == “image/jpeg” $file_type == “image/jpg”) {
$image_name = md5(time() . rand(1001,10000)) . “.jpg”;
$thumb_dest = $thumbnail_dest . $image_name;
$image_dest = $image_dest . $image_name;
create_image($file_tmpname, $thumb_max_height, $thumb_max_width, $thumb_dest);
create_image($file_tmpname, $image_max_height, $image_max_width, $image_dest);
return “thumbs/” . $image_name;
} else {
$success .= file_upload_success_1 . $filename . file_upload_success_2 . “
“;
$success .= “We can only accept jpg uploads. Upload Failed.”;
return $success;
}
} else {
if($file_error == 1) {
echo $file_upload_fail_1;
} elseif($file_error == 2) {
echo $file_upload_fail_2;
} elseif($file_error == 3) {
echo $file_upload_fail_3;
} elseif($file_error == 4) {
echo $file_upload_fail_4;
} elseif($file_error == 6) {
echo $file_upload_fail_6;
}
return false;
}
}
function create_image($image, $max_width, $max_height, $dest) {
$image = imagecreatefromjpeg($image);
if ($image === false) {
die (‘Unable to open image’);
}$width = imagesx($image);
$height = imagesy($image);if($width < $max_width && $height < $max_height) {
$new_width = $width;
$new_height = $height;
} else {
$scale = min($max_width/$width, $max_height/$height);
$new_width = floor($scale * $width);
$new_height = floor($scale * $height);
}$image_resized = imagecreatetruecolor($new_width, $new_height);
imagecopyresampled($image_resized, $image, 0, 0, 0, 0, $new_width, $new_height, $width, $height);
imagejpeg($image_resized, $dest, 90);
}
API’s Gone Wild
Jul 13th
Google, Amazon, Ebay
For all those developers interested in making some seriously interesting or possibly revenue generating programs the google, amazon, and ebay api’s may be a good place to start. I’ve used them in the past always to make something small for a client.
Now it’s my turn, and although the programs I would like to make may be small they’ll be a great learning experience and my own! It’s just that special little feeling of accomplishment when that first XML transaction goes through and you recieve something other than an error code! Ah, yes that’s a good feeling indeed!
So yeah I went a little overboard today and signed up for every major API at the three.
If you’re interested take a look!
Google Maps API (This one is just fun.)
Google Ajax Search API (Might be interesting.)
Google Adwords API (Maybe make some money off this.)
Google Checkout API (Sign up for sandbox if developing. Looks great in my opinion.)
Amazon Web Services (You can make some interesting things out of this!)
Ebay API (Hmmm webservices with ebay… definately could build something interesting!)
Enjoy!
Recent Comments