Understanding Crypt ()
As long as you have a bit of experience with a non-Windows platform may be familiar to crypt (), this function is called one-way encryption function, it can encrypt some of the code, but can not reverse the password back to the original plaintext. The crypt () function is defined as follows.
String crypt (String input_string [, string salt])
Where the input_string parameter is a plaintext string that needs to be encrypted, the second optional salt is a bit string that can affect the encrypted cipher and further eliminate the possibility of being cracked. By default, PHP uses a 2-character des jamming string, and if the system is using MD5 (refer to the next section), PHP uses a 12-character jamming string. You can discover the length of the jamming string that the system will use by executing the following command.
Print "My system salt size is:". Crypt_salt_length;
Crypt () supports 4 encryption algorithms, and table 19.1 shows the algorithm supported and the length of the corresponding salt parameter.
Table crypt () supports four encryption algorithms
| Algorithm |
Salt length |
| Crypt_std_des |
2-character (Default) |
| Crypt_ext_des |
9-character |
| Crypt_md5 |
12-character beginning with $1$ |
| Crypt_blowfish |
16-character beginning with $2$ |
On the surface, the crypt () function does not seem to be useful, but the function is indeed widely used to guarantee the integrity of the system's passwords. Because the one-way encrypted password even falls into the hands of a third party, because it can not be restored to plaintext, it is not very useful.
Implementing user authentication with crypt ()
The previous section briefly describes the functionality of the Crypt () function, which is used to implement user authentication, and is intended to achieve the same goal as described in section 19.2.3.
Copy Code code as follows:
<!--check_user_crypt.php: Use the Crypt () function to authenticate users---------------->
<?php
$user _name=$_post["user_name"];
Require_once ("Sys_conf.inc"); System configuration files, including database configuration information
Connecting to a database
$link _id=mysql_connect ($DBHOST, $DBUSER, $DBPWD);
mysql_select_db ($DBNAME); Select Database My_chat
Query for logon user information
$str = "Select Name,password from user where name = ' $user _name '";
$result =mysql_query ($str, $link _id); Execute Query
@ $rows =mysql_num_rows ($result); Number of record pens to get query results
$user _name=$_session["user_name"];
$password =$_post["Password"];
$salt = substr ($password, 0, 2);
$password _en=crypt ($password, $salt); Use crypt () to encrypt a user's password
For old users
if ($rows!=0)
{
List ($name, $pwd) =mysql_fetch_row ($result);
If the password is entered correctly
if ($pwd = = $password _en)
{
$STR = "Update user set Is_online =1 where name = ' $user _name ' and password= ' $password _en '";
$result =mysql_query ($str, $link _id);//Execute Query
Require ("main.php"); Go to chat page
}
Password input Error
Else
{
Require ("relogin.php");
}
}
For new users, write their information to the database
Else
{
$str = "INSERT into user (Name,password,is_online) VALUES (' $user _ name ', ' $password _en ', 1)";
$result =mysql_query ($str, $link _id); Execute Query
Require ("main.php"); Go to chat page
}
Close Database
Mysql_close ($link _id);
?>
The example is very similar to the use of the XOR encryption algorithm described in the previous section to protect user information. The core is that lines 16th and 17 use the crypt () function to get the encrypted password, and check the legality of the user by comparing the password in the database on line 25th with the encrypted password.
Here's an example of what the encrypted password will look like.
For example, if the user name is rock and the password is 123456, the encrypted password is:
12tir.zibwq3c
The above implementation of a simple user authentication system. When using crypt () to protect critical confidential information, it is important to note that the use of crypt () in the default state is not the safest and can only be used in systems with lower security requirements.
