Code _php techniques to implement user authentication using crypt () in PHP

Source: Internet
Author: User
Tags crypt
Understanding Crypt ()

As long as you have a bit of experience with a non-Windows platform may be familiar to crypt (), this function is called one-way encryption function, it can encrypt some of the code, but can not reverse the password back to the original plaintext. The crypt () function is defined as follows.

String crypt (String input_string [, string salt])

Where the input_string parameter is a plaintext string that needs to be encrypted, the second optional salt is a bit string that can affect the encrypted cipher and further eliminate the possibility of being cracked. By default, PHP uses a 2-character des jamming string, and if the system is using MD5 (refer to the next section), PHP uses a 12-character jamming string. You can discover the length of the jamming string that the system will use by executing the following command.

Print "My system salt size is:". Crypt_salt_length;

Crypt () supports 4 encryption algorithms, and table 19.1 shows the algorithm supported and the length of the corresponding salt parameter.

Table crypt () supports four encryption algorithms
Algorithm Salt length
Crypt_std_des 2-character (Default)
Crypt_ext_des 9-character
Crypt_md5 12-character beginning with $1$
Crypt_blowfish 16-character beginning with $2$

On the surface, the crypt () function does not seem to be useful, but the function is indeed widely used to guarantee the integrity of the system's passwords. Because the one-way encrypted password even falls into the hands of a third party, because it can not be restored to plaintext, it is not very useful.
Implementing user authentication with crypt ()
The previous section briefly describes the functionality of the Crypt () function, which is used to implement user authentication, and is intended to achieve the same goal as described in section 19.2.3.
Copy Code code as follows:

<!--check_user_crypt.php: Use the Crypt () function to authenticate users---------------->
<?php
$user _name=$_post["user_name"];
Require_once ("Sys_conf.inc"); System configuration files, including database configuration information
Connecting to a database
$link _id=mysql_connect ($DBHOST, $DBUSER, $DBPWD);
mysql_select_db ($DBNAME); Select Database My_chat
Query for logon user information
$str = "Select Name,password from user where name = ' $user _name '";
$result =mysql_query ($str, $link _id); Execute Query
@ $rows =mysql_num_rows ($result); Number of record pens to get query results
$user _name=$_session["user_name"];
$password =$_post["Password"];
$salt = substr ($password, 0, 2);
$password _en=crypt ($password, $salt); Use crypt () to encrypt a user's password
For old users
if ($rows!=0)
{
List ($name, $pwd) =mysql_fetch_row ($result);
If the password is entered correctly
if ($pwd = = $password _en)
{
$STR = "Update user set Is_online =1 where name = ' $user _name ' and password= ' $password _en '";
$result =mysql_query ($str, $link _id);//Execute Query
Require ("main.php"); Go to chat page
}
Password input Error
Else
{
Require ("relogin.php");
}
}
For new users, write their information to the database
Else
{
$str = "INSERT into user (Name,password,is_online) VALUES (' $user _ name ', ' $password _en ', 1)";
$result =mysql_query ($str, $link _id); Execute Query
Require ("main.php"); Go to chat page
}
Close Database
Mysql_close ($link _id);
?>


The example is very similar to the use of the XOR encryption algorithm described in the previous section to protect user information. The core is that lines 16th and 17 use the crypt () function to get the encrypted password, and check the legality of the user by comparing the password in the database on line 25th with the encrypted password.

Here's an example of what the encrypted password will look like.

For example, if the user name is rock and the password is 123456, the encrypted password is:

12tir.zibwq3c

The above implementation of a simple user authentication system. When using crypt () to protect critical confidential information, it is important to note that the use of crypt () in the default state is not the safest and can only be used in systems with lower security requirements.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.