PHP Data Encryption

Data Encryption has become more and more important in our lives, especially considering the large amount of data that has been traded and transmitted over the Internet. If you are interested in using security measures, you will be interested in learning a series of security functions provided by PHP. In this article, we will introduce these features and provide some basic usage so that you can add security features to your application software.
Prerequisites
Before giving a detailed introduction to PHP's security functions, we need to spend some time introducing some basic cryptographic knowledge to those who have never been familiar with this aspect, if you are familiar with the basic concepts of cryptography, you can skip this part.
Cryptography can be widely described as the research and experiment on encryption/Decryption. encryption is a process of converting easy-to-understand data into easy-to-understand data, decryption is the process of converting obscure data into original understandable data. An obscure document is called a password, and an easy-to-understand document is called a plaintext.
Data Encryption/Decryption requires certain algorithms. These algorithms can be very simple, such as the famous Caesar Code. However, the current encryption algorithm is much more complex, some of these methods cannot be decrypted even by using the existing methods.
PHP Encryption
Anyone who has experience using a non-Windows platform may be familiar with crypt (). This function is called one-way encryption and can encrypt some plain codes, however, the password cannot be converted to the original plaintext. Although on the surface this seems useless, it is indeed widely used to ensure the integrity of the system password. Because, once a one-way encryption password falls into the hands of a third party, it is useless because it cannot be restored to plain text. When verifying the user's entered password, the user's input is also a one-way algorithm. If the input matches the stored encrypted password, the entered message must be correct.
PHP also provides the possibility of using its crypt () function to implement one-way encryption. Here I will briefly introduce this function:
String crypt (string input_string [, string salt])
The input_string parameter is the string to be encrypted, and the second available salt is a single-digit string. It can affect the encrypted password and further eliminate the possibility of a pre-computing attack. By default, PHP uses a two-character DES interference string. If your system uses MD5 (I will introduce the MD5 Algorithm later ), it uses a 12-character interference string. By the way, you can run the following command to find the length of the interference string to be used by the system:
Print "My system salt size is:". CRYPT_SALT_LENGTH;
The system may also support other encryption algorithms. Crypt () supports the following algorithms and the length of the corresponding salt parameter:
Algorithm Salt Length
CRYPT_STD_DES 2-character (Default)
CRYPT_EXT_DES 9-character
CRYPT_MD5 12-character beginning with $
CRYPT_BLOWFISH 16-character beginning with $
Use crypt () for User Authentication
As an example of the crypt () function, you want to create a PHP script to restrict access to a directory, only users with the correct username and password can access this directory. I will store materials in a table in my favorite MySQL database. The following is an example of creating a table called members:
Mysql> create table members (
-> Username CHAR (14) not null,
-> Password CHAR (32) not null,
-> Primary key (username)
-> );
Then, we assume that the following data has been stored in the table:
Username and password
Clark keloD1C377lKE
Bruce ba1T7vnz9AWgk
Peter paLUvRWsRLZ4U
The encrypted passwords correspond to kent, banner, and parker. Note the first two letters of each password. This is because I used the following code to create an interference string based on the first two letters of the password:
$ EnteredPassword.
$ Salt = substr ($ enteredPassword, 0, 2 );
$ UserPswd = crypt ($ enteredPassword, $ salt );
// $ UserPswd is stored in MySQL together with the user name
I will use Apache password-Response Authentication configuration to prompt the user to enter the user name and password. A little-known information about PHP is, it recognizes the username and password entered by the Apache password-response system as $ PHP_AUTH_USER and $ PHP_AUTH_PW. I will use these two variables in the authentication script. Take some time to carefully read the following script and pay more attention to the explanation to better understand the following code:
Application of password-response verification system for crypt () and Apache
$ Host = "localhost ";
$ User = "zorro ";
$ Pswd = "hell odolly ";
$ Db = "users ";
// Set authorization to False
$ Authorization = 0;
// Verify that user has entered username and password
If (isset ($ PHP_AUTH_USER) & isset ($ PHP_AUTH_PW )):
Mysql_pconnect ($ host, $ user, $ pswd) or die ("Can't connect to MySQL
Server! ");
Mysql_select_db ($ db) or die ("Can't select database! ");
// Perform the encryption
$ Salt = substr ($ PHP_AUTH_PW, 0, 2 );
$ Encrypted_pswd = crypt ($ PHP_AUTH_PW, $ salt );
// Build the query
$ Query = "SELECT username FROM members WHERE
Username = '$ PHP_AUTH_USER' AND
Password = '$ encrypted_pswd '";
// Execute the query
If (mysql_numrows (mysql_query ($ query) = 1 ):
$ Authorization = 1;
Endif;
Endif;
// Confirm authorization
If (! $ Authorization ):
Header ('www-Authenticate: Basic realm = "Private "');
Header ('HTTP/1.0 401 unauthorized ');
Print "You are unauthorized to enter this area .";
Exit;
Else:
Print "This is the secret data! ";
Endif;
?>
The above is a simple authentication system that verifies user access permissions. When using crypt () to protect important confidential information, remember that the crypt () used by default is not the safest and can only be used in systems with low security requirements, if you need high security performance, you need the algorithms I will introduce later in this article.
Next, I will introduce another function supported by PHP, namely, Handler digest md5 (). This function uses the MD5 hash algorithm. It has several interesting usage values:
Hybrid editing
A mixed-length function can convert a variable-length information into an output with fixed-length mixed-length, also known as "information digest ". This is useful because a fixed-length string can be used to check file integrity and verify digital signatures and user identity authentication. Because it is suitable for PHP, the built-in md5 () Mixed encoding function of PHP converts a variable-length information to a 128-bit (32 characters) information digest. An interesting feature of mixed encoding is that the original plaintext cannot be obtained by analyzing the information after the mixed encoding, because the result after the mixed compilation is not dependent on the original plaintext content. Even if you change only one character in a string, the MD5 mixed encoding algorithm calculates two completely different results. First, let's look at the table content and the corresponding results:
　
Use md5 () to mix strings
$ Msg = "This is some message that I just wrote ";
$ Enc_msg = md5 ($ msg );
Print "hash: $ enc_msg ";
?>
Result:
Hash: 81ea092649ca32b5ba375e81d8f4972c
Note that the result length is 32 characters. Let's take a look at the table below the values, where the value of $ msg has a slight change:
Use md5 () to mix a slightly changed string
// Note that one s is missing in the message
$ Msg = "This is some mesage that I just wrote ";
$ Enc_msg = md5 ($ msg );
Print "hash2: $ enc_msg

";
?>
Result:
Hash2: e86cf1_bd5490d46d5cd61738c82c0c

It can be found that although the length of the two results is 32 characters, a slight change in the text makes a great change in the results. Therefore, mixed encoding and md5 () function is a good tool for checking small changes in data.
Both crypt () and md5 () are useful, but both are limited in functionality. In the following section, we will introduce two very useful PHP extensions called Mcrypt and Mhash, which will greatly expand the encryption options of PHP users.
Although we have explained the importance of one-way encryption in the above section, sometimes we may need to restore the password data to the original data after encryption. Fortunately, PHP provides this possibility through the Mcrypt extension library.
Mcrypt
Mcrypt 2.5.7 Unix | Win32
Mcrypt 2.4.7 is a powerful extension library for encryption algorithms. It includes 22 algorithms, including the following algorithms:
Blowfish RC2 Safer-sk64 xtea
Cast-256 RC4 Safer-sk128
DES RC4-iv Serpent
Enigma Rijndael-128 Threeway
Gost Rijndael-192 TripleDES
LOKI97 Rijndael-256 (Twofish)
PanamaSaferplus Wake

Installation:
Mcrypt is not included in the standard PHP package, so you need to download it: