Snippets
Password salting
For a long time most PHP developers protected passwords only with the md5() function. Then people started using salting to protect their users passwords from rainbow tables and other naughty stuff.
The way salting works is that you generate a random string of data, and add this to the password before you pass it to the md5() function. The salt is stored in the database, and when you want to verify a password you fetch the salt and add it to the supplied password.
The most common way to add the salt to the password is something like this:
$hash = md5($salt.$password);
Changing PHPs User-Agent using stream_context_create()
While working on a Yubikey integration for my PHP security library (phpSec) i stumbled upon the stream_context_create() function. While changing the user-agent isn't the primary goal for this function it's possible do to, as I have done in phpSec.
Here is an example on how I did it.
PHP hash tool
I often find myself in the need to create a md5/sha256 hash for various reasons. Most of the time I use Google to find a javascript tool that i can use. This is fine, but a bit inconvenient, so i decided to create a little script that can create all sorts of hashes from a string.
Handling user input with PHP 5.2
One of the new wonders in PHP 5.2 is the filter extension. This extension has just seven function, but still provides an extremely powerful way of handling user input.
Regenerate PHP session id
One of my most popular posts is one from 2005 about regenerating session id's in PHP.
Because of this I thought it was about time I wrote an updated post about this topic.
Why should I regenerate the session ID?
One reason. To prevent session hijacking.
Session hijacking is when a hacker get to know a user's session ID, and uses it to pretend he is that user.
Printing the alphabet in PHP
I was wondering of there was an smarter way to print the whole alphabet in PHP than just creating an array containing all off the letters by my self.
I present to you, the range() function.
Creating XML files with PHP
Creating XML files with PHP using SimpleXML is really easy, and elegant.
To create a SimpleXML object from a string, I use the following code.
$xml = simplexml_load_string("<?xml version='1.0'?>\n<phpsysinfo></phpsysinfo>");
From there it's really easy to expand.
$xml = simplexml_load_string("<?xml version='1.0'?>\n<phpsysinfo></phpsysinfo>");
$generation = $xml->addChild('Generation');
$generation->addAttribute('version', PSI_VERSION);
$generation->addAttribute('timestamp', time());
PHP zip file class
I'm working on a Drupal module (can't say what) that needs to create a archive. I landed on ZIP, because it's the easiest to implement without requiring any external libs.
I searched around and found this, and with a few improvements I ended up with this: http://xqus.com/tools/class.zipfile.phps
The following changes were made:
- Changed the name of the output method to save
- Added some error checking in the save method
- Made the save method return boolean
PHP cookie stealer
Here is a simple proof of concept cookie stealer.
To use it you have to exploit a XSS vulerability and insert (for example) the following code.
Search
Archive
- December 2011 (5)
- August 2011 (1)
- July 2011 (2)
- March 2011 (1)
- February 2011 (2)
- January 2011 (1)
- August 2009 (3)
- January 2009 (3)
- December 2008 (3)
- September 2008 (1)
User login
