Code _php tutorial using crypt () to implement user authentication in PHP

Source: Internet
Author: User
Tags crypt
Learn crypt ()

As long as there is a bit of experience with non-Windows platform readers can be quite familiar with crypt (), this function is called one-way encryption function, it can encrypt some plaintext, but not in turn, the password is converted to the original plaintext. The crypt () function is defined as follows.

String crypt (String input_string [, string salt])

Where the input_string parameter is a plaintext string that needs to be encrypted, the second optional salt is a bit string that can affect the cryptographic cipher, further eliminating the possibility of being cracked. By default, PHP uses a 2-character des interference string, and if the system uses MD5 (refer to the next section), PHP uses a 12-character interference string. You can find the length of the interfering string that the system will use by executing the following command.

Print "My system salt size is:". Crypt_salt_length;

Crypt () supports 4 encryption algorithms, and table 19.1 shows the supported algorithms and the length of the corresponding salt parameters.

Table crypt () supports four kinds of encryption algorithms
Algorithm Salt length
Crypt_std_des 2-character (Default)
Crypt_ext_des 9-character
Crypt_md5 12-character beginning with $1$
Crypt_blowfish 16-character beginning with $2$

On the surface, the function of crypt () does not seem useful, but the function is widely used to ensure the integrity of the system's passwords. Because a one-way encrypted password, even if it falls into the hands of a third party, is not very useful because it cannot be reverted to plaintext.
Implementing user authentication with crypt ()
The previous section briefly describes the function of the crypt () function, which is used to implement the user's authentication, and the goal to achieve is the same as that described in 19.2.3.
Copy CodeThe code is as follows:

$user _name=$_post["user_name"];
Require_once ("Sys_conf.inc"); System configuration files, including database configuration information
Connecting to a database
$link _id=mysql_connect ($DBHOST, $DBUSER, $DBPWD);
mysql_select_db ($DBNAME); Select Database My_chat
Querying for the presence of logged-in user information
$str = "Select Name,password from user where name = ' $user _name '";
$result =mysql_query ($str, $link _id); Execute Query
@ $rows =mysql_num_rows ($result); Number of records to get the results of the query
$user _name=$_session["user_name"];
$password =$_post["Password"];
$salt = substr ($password, 0, 2);
$password _en=crypt ($password, $salt); Encrypt a user's password using crypt ()
For old users
if ($rows!=0)
{
List ($name, $pwd) =mysql_fetch_row ($result);
If the password is entered correctly
if ($pwd = = $password _en)
{
$STR = "Update user set Is_online =1 where name = ' $user _name ' and password= ' $password _en '";
$result =mysql_query ($str, $link _id);//Execute Query
Require ("main.php"); Go to the chat page
}
Password input Error
Else
{
Require ("relogin.php");
}
}
For new users, write their information to the database
Else
{
$str = "INSERT into user (Name,password,is_online) VALUES (' $user _ name ', ' $password _en ', 1)";
$result =mysql_query ($str, $link _id); Execute Query
Require ("main.php"); Go to the chat page
}
Close the database
Mysql_close ($link _id);
?>


The example is very similar to the use of the XOR encryption algorithm to protect user information, as described in the previous section, and its core part is that the 16th, 17 rows use the crypt () function to obtain the encrypted password, and check whether the user is legitimate by comparing the password in the database with the encrypted password in line 25th.

Here's an example of what the encrypted password will look like.

For example, if the user name is rock and the password is 123456, the encrypted password is:

12tir.zibwq3c

A simple user authentication system is implemented. When using crypt () to protect critical confidential information, it is important to note that using crypt () in the default state is not the safest and can only be used in systems with lower security requirements.

http://www.bkjia.com/PHPjc/325865.html www.bkjia.com true http://www.bkjia.com/PHPjc/325865.html techarticle Learn crypt () as long as there is a bit of experience with non-Windows platform readers can be quite familiar with crypt (), this function is called one-way encryption function, it can encrypt some plaintext, but ...

  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.