Skip to content

Month: February 2011

Family Road Trip

My wife and I have been talking about doing a cross-country road trip when I get out of the Army. I haven’t seen a lot of the country and figured that, since I’d have the time, it’d be fun to do.

Well, being the technologically-minded family that we are, we created a Google Site (I’d have made my own Wiki, but its just easier for her to WYSIWYG every page) to start our planning. As I literally created the site an hour ago, I can’t say that much about it yet, but will update as time goes on.

PHP Upload Script

I wrote a quick and dirty PHP upload script so I could host a few images. I figured that I could adjust the script to be modified via a configuration script and make it usable in a number of different situations. Nothing real fancy.

In sc_uploader.inc.php, modify the $SC_RELATIVE_PATH variable to point to the directory where you want to place your uploads, relative to the location of the uploader script. Also, modify $SC_BASE_URL to be the web-accessable URL for the directory where your uploads are located.

For example, if I had my uploader script located at http://www.example.com/upload/ and I wanted my images to be uploaded to http://www.example.com/images/, I would set $SC_RELATIVE_PATH to “../images/” and $SC_BASE_URL to “http://www.example.com/images/”.

It is licensed under the GNU General Public License v.2. You can download it here. (ZIP, 4KB)

Dealing with Passwords the Right Way

At some point in time, every web developer is going to have to deal with user’s logging into their application. This means storing the user’s username and password in a database, right? Wrong. There is absolutely no need to store a password. Ever. End of story.

So how do we verify that the user has entered the correct password? It’s actually very simple. Instead of storing the user’s password, one should store the SHA-2 or MD5 hash of their password. Hashes are a form of one-way encryption that produce unique output for different inputs. That is, “Red123” would produce a different hash than “red123”, or even “R ed123”. By comparing the hashes, you can ensure that your user is entering the right password, while protecting their password in the case that your database is stolen.

In PHP, these hashes are really easy to produce. For MD5, its as simple as:

$hash = md5($input);

For SHA-2 (technically SHA-256), there’s a little more typing, but not much.

$hash = hash("sha256", $input);

Using $hash in your SELECT and INSERT SQL statements, instead of $input, will secure your data and keep users happy.

Plus its just good form.