Hàm Array_Intersect_Key() Trong Php

     

PHP: Computes the intersection of arrays using keys for comparison

The array_intersect_key() is used to create an array containing keys và values of the first array whose keys (i.e. From the first array) are present in all other arrays.

Version:

(PHP 4 và above)

Syntax:

array_intersect_key(array1, array2,....)Parameters:

Name DescriptionRequired /OptionalType
array1The first array. RequiredArray
array2An array to check keys against the first array.

Bạn đang xem: Hàm array_intersect_key() trong php

Bạn vẫn xem: Array_intersect_key

RequiredArray

Return value:

An associative array containing all the values of array1 which have matching keys that are present in all arguments.

Value Type: Array

Example:

1, "Apple" => 2, "Banana" => 3, "Chery" =>4);$array2 = array("Orange" => 5, "Banana" => 6, "Mango" =>7);var_dump(array_intersect_key($array1, $array2));?>Output:

array(2) => int(1) => int(3) Pictorial Presentation:


*

View the example in the browser

Practice here online :

See also

PHP Function Reference

Previous:array_intersect_ assocNext: array_intersect_ uassoc



PHP: Tips of the Day

Secure hash and salt for PHP passwords

Since then, PHP has given us password_hash and password_verify and, since their introduction, they are the recommended password hashing và checking method.

The theory of the answer is still a good read though.

TL;DR

Don"ts

Don"t limit what characters users can enter for passwords. Only idiots vì this.Don"t limit the length of a password. If your users want a sentence with supercalifragilisticexpialidocious in it, don"t prevent them from using it.Don"t strip or escape HTML and special characters in the password.Never store your user"s password in plain-text.Never email a password to your user except when they have lost theirs, and you sent a temporary one.Never, ever log passwords in any manner. Never hash passwords with SHA1 or MD5 or even SHA256! Modern crackers can exceed 60 and 180 billion hashes/second (respectively). Don"t phối bcrypt and with the raw output of hash(), either use hex output or base64_encode it. (This applies khổng lồ any input đầu vào that may have a rogue in it, which can seriously weaken security.)

Dos

Use scrypt when you can; bcrypt if you cannot.Use PBKDF2 if you cannot use either bcrypt or scrypt, with SHA2 hashes.Reset everyone"s passwords when the database is compromised.Implement a reasonable 8-10 character minimum length, plus require at least 1 upper case letter, 1 lower case letter, a number, và a symbol. This will improve the entropy of the password, in turn making it harder to lớn crack. (See the "What makes a good password?" section for some debate.)

Why hash passwords anyway?

The objective behind hashing passwords is simple: preventing malicious access lớn user accounts by compromising the database. So the goal of password hashing is lớn deter a tin tặc or cracker by costing them too much time or money to calculate the plain-text passwords. And time/cost are the best deterrents in your arsenal.

Another reason that you want a good, robust hash on a user accounts is to lớn give you enough time to change all the passwords in the system. If your database is compromised you will need enough time to lớn at least lock the system down, if not change every password in the database.

Jeremiah Grossman, CTO of Whitehat Security, stated on white Hat Security blog after a recent password recovery that required brute-force breaking of his password protection:

Interestingly, in living out this nightmare, I learned A LOT I didn�t know about password cracking, storage, & complexity. I�ve come lớn appreciate why password storage is ever so much more important than password complexity. If you don�t know how your password is stored, then all you really can depend upon is complexity. This might be common knowledge khổng lồ password & crypto pros, but for the average InfoSec or website Security expert, I highly doubt it.

(Emphasis mine.)

What makes a good password anyway?

Entropy. (Not that I fully subscribe khổng lồ Randall"s viewpoint.)

In short, entropy is how much variation is within the password. When a password is only lowercase roman letters, that"s only 26 characters. That isn"t much variation. Alpha-numeric passwords are better, with 36 characters. But allowing upper & lower case, with symbols, is roughly 96 characters. That"s a lot better than just letters. One problem is, to lớn make our passwords memorable we insert patterns�which reduces entropy. Oops!

Password entropy is approximated easily. Using the full range of ascii characters (roughly 96 typeable characters) yields an entropy of 6.6 per character, which at 8 characters for a password is still too low (52.679 bits of entropy) for future security. But the good news is: longer passwords, & passwords with unicode characters, really increase the entropy of a password và make it harder lớn crack.

There"s a longer discussion of password entropy on the Crypto StackExchange site. A good Google tìm kiếm will also turn up a lot of results.

Xem thêm: Tại Sao Không Tag Được Bạn Bè Trên Facebook Được? 7 Cách Khắc Phục

So far as I"ve been able khổng lồ tell, making the world"s best password is a Catch-22. Either its not memorable, too predictable, too short, too many unicode characters (hard lớn type on a Windows/Mobile device), too long, etc. No password is truly good enough for our purposes, so we must protect them as though they were in Fort Knox.

Best practices

Bcrypt & scrypt are the current best practices. Scrypt will be better than bcrypt in time, but it hasn"t seen adoption as a standard by Linux/Unix or by webservers, and hasn"t had in-depth đánh giá of its algorithm posted yet. But still, the future of the algorithm does look promising. If you are working with Ruby there is an scrypt gem that will help you out, and Node.js now has its own scrypt package.You can use Scrypt in PHP either via the Scrypt extension or the Libsodium extension (both are available in PECL).

I highly suggest reading the documentation for the crypt function if you want to understand how to lớn use bcrypt, or finding yourself a good wrapper or use something like PHPASS for a more legacy implementation. I recommend a minimum of 12 rounds of bcrypt, if not 15 to 18.

I changed my mind about using bcrypt when I learned that bcrypt only uses blowfish"s key schedule, with a variable cost mechanism. The latter lets you increase the cost to lớn brute-force a password by increasing blowfish"s already expensive key schedule.

Average practices

I almost can"t imagine this situation anymore. PHPASS supports PHP 3.0.18 through 5.3, so it is usable on almost every installation imaginable�and should be used if you don"t know for certain that your environment supports bcrypt.

But suppose that you cannot use bcrypt or PHPASS at all. What then?

Try an implementation of PDKBF2 with the maximum number of rounds that your environment/application/user-perception can tolerate. The lowest number I"d recommend is 2500 rounds. Also, make sure to use hash_hmac() if it is available to make the operation harder to lớn reproduce.

Future Practices

Coming in PHP 5.5 is a full password protection library that abstracts away any pains of working with bcrypt. While most of us are stuck with PHP 5.2 và 5.3 in most common environments, especially shared hosts, ircmaxell has built a compatibility layer for the coming API that is backward compatible to PHP 5.3.7.

Cryptography Recap & Disclaimer

The computational power nguồn required lớn actually crack a hashed password doesn"t exist. The only way for computers to lớn "crack" a password is lớn recreate it and simulate the hashing algorithm used to lớn secure it. The tốc độ of the hash is linearly related lớn its ability to be brute-forced. Worse still, most hash algorithms can be easily parallelized lớn perform even faster. This is why costly schemes lượt thích bcrypt và scrypt are so important.

You cannot possibly foresee all threats or avenues of attack, & so you must make your best effort to lớn protect your users up front. If you vị not, then you might even miss the fact that you were attacked until it"s too late... Và you"re liable. To lớn avoid that situation, act paranoid to begin with. Attack your own software (internally) và attempt khổng lồ steal user credentials, or modify other user"s accounts or access their data. If you don"t test the security of your system, then you cannot blame anyone but yourself.

Xem thêm: Cách Làm Gỏi Hoa Chuối Tai Heo Giòn Ngon, Tươi Mát Cả Nhà Đều Mê

Lastly: I am not a cryptographer. Whatever I"ve said is my opinion, but I happen to think it"s based on good ol" common sense ... Và lots of reading. Remember, be as paranoid as possible, make things as hard lớn intrude as possible, & then, if you are still worried, tương tác a white-hat tin tặc or cryptographer lớn see what they say about your code/system.