Confusion Between date/gmdate

[Irap]

Bloody phpfreaks.com is annoying with it's insistance on having a password with "a mixture of upper and lowercase letters" etc. Because of this I've had to reset my password every time I've posted here. My password is nice and secure with only lowercase letters (I use my secure password for things I really care about keeping secure). Password requirements is a stupid move on any site.

 

 

Anyway, I'm from the UK and I find this date/gmdate thing very odd. As far as I'm aware, I'm in GMT. When I use gmdate, everything is fine... but apparently gmdate doesn't change to reflect daylight savings...

 

However, date() is off by an hour most of the time. So what the hell do I use? Do I have to manually get whether daylight savings is in effect and then choose which one to use?

 

I'd probably be able to figure it out myself.. but it'd take a year

[Psycho]

First off, if you don't like the password requirements here you don't have to come here. There are very good reasons to require a strong password.

 

As to your question, GMDate (aka Greenwich Mean Time, Zulu time, etc. is the "base" time upon which all other timezones are based. Daylight Savings time is a man-made adjustment to shift daylight during the summer months. not every country (or even all regions in a country) observe DST. You should be using the correct timezone for your location and use the appropriate functions to get DST as appropriate.

 

http://php.net/manual/en/function.date-default-timezone-set.php

[Irap]

Hey, it was nothing personal. Why wouldn't I want to come here (not that I come here much anyway)? The problem is, I'm having difficulty coming here. The requirements only act as an accessibility problem for me. But as we all should know, mixed capitalisation and numbers does not equate to a good password. My "normal websites" password has never failed me. But that's not something I expect you to need to understand, it not being your password and such.

 

Thanks for the help, anyways.

[Psycho]

But as we all should know, mixed capitalisation and numbers does not equate to a good password.

 

Yes, mixed case, number and special characters DO equate to a strong password. It's not just a matter of a person trying to guess your password, you have to guard against someone trying to brute force your password, which is done using using the most probable combinations first. Even if you assume a site hashes your password, which you shouldn't, you have no way of knowing if they apply a salt and whether the salt is unique to each user. The recent intrusion into the PS Network is a prime example of why people need strong passwords.

 

But, back to the issue at hand, did I answer your question?

[Irap]

I always assume a site doesn't hash my password, which is why I don't go posting my ultra-secure password on any old site and use my normal password on other things. Mixed case and numbers don't equate to a good password:

0bv10us
1337King
B008s
Abc123
Area51
Area69
Fiesty1
Link182
Error404
Password1
P455w0rd
Sims3

Etc.. Not that I've ever tried any such thing and it worked, ehem It's just a personal thought. I can't imagine that constant password resetting is exactly a good thing.

 

Anyway, I meant "Thanks for the help, anyways." to be a confirmation of the question being answered

[xyph]

Why not just allow phpfreaks to set a cookie?

[gizmola]

I always assume a site doesn't hash my password, which is why I don't go posting my ultra-secure password on any old site and use my normal password on other things. Mixed case and numbers don't equate to a good password:

 

Most websites do use hashes.  Sites that either encrypt/decrypt or store a plaintext version of the orignal password are few and far between in my experience.    It's far preferable to store a hash exactly because it can not be reversed.

 

The attack against hashes then, IS based on either brute force,  educated guessing, or dictionary/rainbow attacks.  One of 2 things can happen:

 

1. The site allows brute force attacks:

--I may not notice that you have a bot that repeatedly tries to login to an account name using a file comprised of words and phrases and minor variations of those words.

2. The site has a vulnerability that discloses the actual stored hash value.

--While this is a bad situation, it's not actually catastrophic with a hashed password, and assuming a salt was used, renders the disclosure virtually irrelevant.

--However, if not salted, this is where people using common passwords becomes a substantial problem because the cracker can be assumed to have a rainbow table that will match any number of poorly constructured passwords.

 

This site and most forums on the web utilizes open source software, so the details of their security are available for inspection.

 

It seems that your argument boils down to the fact that you can not be bothered to keep track of a password you use for it on an intermittent basis.  There are keychain like tools built into browsers, not to mention addons that allow you to keep track of those, if you want to avail yourself of them.

 

[Irap]

Don't worry, I fixed it by changing my password to "Password1".