Code - Koopman.ME

Storing weak passwords stronger

January 28, 2008September 5, 2005 by Dave Koopman

PostPosted: Wed Aug 24, 2005 12:18 am Post subject: Reply with quote
We store our passwords in an md5 style password hash that the PHP crypt function provides. It takes a 13 character salt.

My friend and co-worker brought up a good discussion with me. The discussion was what if the database was to be compromised. Could the passwords be cracked? The answer: yes, a dictionary/brute force cracker, like John the Ripper, could be used to crack as many passwords as possible. In a database with over 1 million passwords, a percentage of them are crackable, probably a large percent.

So, the idea of using a different algorithm to store passwords came up. What if we used:

class Util – a handy thing to have around

February 6, 2008August 31, 2005 by Dave Koopman

I have a Util class that is in my library of tools. I find myself using these functions often, thought I would share….

I like keeping my functions in a class, that way I don’t worry about redefining functions.

Using Curl 101

October 24, 2011August 13, 2005 by Dave Koopman

To use Curl in PHP, you must have the Curl extension compiled in –with-curl, and you’ll want –with-openssl, if you need to be able to hit https pages.

Once you get PHP working with Curl (I could explain how to do that, but for this article, I am focusing on how to use it).

The code below is for PHP5, but I’m sure you could modify it to work with PHP4, just have to change the syntax a bit.

PHP Sessions using MySQL

April 12, 2013August 12, 2005 by Dave Koopman

MySQL sessions are “gotta have it” thing if your site ever grows beyond single server. If you have multiple servers behind a load balancer, you could keep session data on a shared SAN, but MySQL makes for a better session store.

Create a file called MySession.php and put this code in it, replace the definitions to match your database. Also, it requires the PEAR DB.php module, make sure you have pear DB installed: pear install DB.

Third party cookies not saved in IE, problem resolved

February 6, 2008July 27, 2005 by Dave Koopman

There was a problem when you logged into the admin panel with IE using default Privacy settings. Because the site is running in a frame under a different site, IE would not save your SESSION cookie, so you would be logged out on the next click.

Bookmark a page that auto-posts your login

January 27, 2008May 28, 2005 by Dave Koopman

The idea is this: I am tired of logging into the same site over and over again. This is a simple GET to POST converter. The page helps you create a URL that you can bookmark. When you use this link, your data to POST is sent to your server in the form of GET. Your webserver then translates the GET parameters into a form and POSTS to the server you’re trying to login to. So, the sensative data is kept on your computer in the bookmark (the URL). Since you don’t want anybody to be able to just read your username and password, this script will encrypt the data in the URL so your bookmark contains nothing but encrypted data.

PHP5 Autoload classes

May 28, 2005 by Dave Koopman

This is really handy for medium to large size projects. You don’t have to remember to put a set of require_once functions in every file. I usually put this in a config file that’s loaded early and on every page.

<?php
function __autoload($class_name) {
require_once $class_name . ‘.php’;
}

$obj = new MyClass1();
$obj2 = new MyClass2();
?>

See http://us2.php.net/manual/en/language.oop5.autoload.php for more information.