- Solution for Exercise 1.
- Solution for Exercise 2, and some explanations:
- First, we find the current user passwords using a simple Google search (1234, password, 123456, 123456) and hash them using password_hash.
- Then we change the action_login.php file to use password_verify.
- Each user has a different salt, forcing attackers to generate a different rainbow table per user.
- Solution for Exercise 3, and some decisions:
- Using htmlentities to encode any output and regex to filter any unwanted characters in the username.