Just a small information for those who wanted to test the creation of notes at the end of this episode and got a blank page: if you deleted all users from your database in a previous episode and created a new user (id other than 1), you need to edit some files where the user_id is still hardcoded. The files are in the controllers/notes folder. Also the maximum characters of the 'body' are set to 10 in the update.php
Come on Jeff. You're amazing. You must have been sipping PHP since a thousand years. Thanks Buddy. I was at the Github repo. Struggled to relate with the scripts. Not commented. But, thanks Buddy. Deeply appreciate.
I have a question: Why pulling a user from the db and then verifying the password separately? Wouldn't it be more efficient if you e.g.: SELECT * FROM users WHERE username= variable AND password = hashed password. If any data is retrieved that there is a match if nothing is provided then an error msg of incorrect user-password pair has been provided. Is there a security concern doing it this way?
When using the password_hash function in PHP, the resulting hashed strings include a unique salt, which is essentially random data added to the password before hashing. This salt is crucial for enhancing security by preventing attackers from using precomputed tables (rainbow tables) to crack passwords. Therefore, if you hash the same password using password_hash multiple times, you will get different results each time due to the inclusion of a different salt. To compare passwords, you should use the password_verify function. This function not only checks if the provided password matches the hashed value but also extracts the salt and cost information from the stored hash. It then uses this information to perform a comparison, ensuring that the correct salt and cost are used during the verification process.
Hi, Jeff, am sorry to be a bother. I saw this in the urlIs($value) definition in the functions.php: return $_SERVER['REQUEST_URI'] === $value; It looks like a comparison? Is it? Or should the operator be a single = ?
@@TheofilosIntzoglou Apparently. True. I appreciate. I always thought that 'comparisons' take place in 'if', & similar blocks only. Thank you very much. Learned a little something here. I am asking myself what determines where to apply this?
Just a small information for those who wanted to test the creation of notes at the end of this episode and got a blank page: if you deleted all users from your database in a previous episode and created a new user (id other than 1), you need to edit some files where the user_id is still hardcoded. The files are in the controllers/notes folder. Also the maximum characters of the 'body' are set to 10 in the update.php
Thank you for continuing this series.. It is help me a lot 😢
You doing great tutorials, thanks a lot
Come on Jeff. You're amazing. You must have been sipping PHP since a thousand years.
Thanks Buddy.
I was at the Github repo. Struggled to relate with the scripts. Not commented.
But, thanks Buddy.
Deeply appreciate.
❤ nice series, thanks. Maybe in the future you will records video about Symfony framework
Best tutorial ever
it will be very helpfull, to user route group, and group middileware. please create a video wtih this topic
I have a question: Why pulling a user from the db and then verifying the password separately? Wouldn't it be more efficient if you e.g.:
SELECT * FROM users WHERE username= variable AND password = hashed password.
If any data is retrieved that there is a match if nothing is provided then an error msg of incorrect user-password pair has been provided. Is there a security concern doing it this way?
When using the password_hash function in PHP, the resulting hashed strings include a unique salt, which is essentially random data added to the password before hashing. This salt is crucial for enhancing security by preventing attackers from using precomputed tables (rainbow tables) to crack passwords.
Therefore, if you hash the same password using password_hash multiple times, you will get different results each time due to the inclusion of a different salt.
To compare passwords, you should use the password_verify function. This function not only checks if the provided password matches the hashed value but also extracts the salt and cost information from the stored hash. It then uses this information to perform a comparison, ensuring that the correct salt and cost are used during the verification process.
👍
Hi, Jeff, am sorry to be a bother.
I saw this in the urlIs($value) definition in the functions.php:
return $_SERVER['REQUEST_URI'] === $value;
It looks like a comparison? Is it? Or should the operator be a single = ?
It is indeed a comparison. The function returns the result of the comparison (true or false).
@@TheofilosIntzoglou
Apparently. True. I appreciate.
I always thought that 'comparisons' take place in 'if', & similar blocks only.
Thank you very much. Learned a little something here. I am asking myself what determines where to apply this?
What happened?
The title is a bit deceiving those should be named Laravel for beginners or PHP for Beginners in Laravel...
This is not Laravel. It's in pure PHP.
The setup for everything is in the past 40 episodes.