How to use the XOR algorithm in PHP + MySQL applications

Source: Internet
Author: User
This article introduces an easy-to-use encryption/decryption algorithm: using an exclusive or (XOR) operation. This algorithm is simple in principle and aims to give readers a more intuitive impression on the encryption/decryption of information.

This article introduces an easy-to-use encryption/decryption algorithm: using an exclusive or (XOR) operation. This algorithm is simple in principle and aims to give readers a more intuitive impression on the encryption/decryption of information.

XOR algorithm principle

From the main method of encryption, the location change method is too simple, especially when the amount of data is small, it is easy to guess the plaintext by the ciphertext, and the replacement method is an effective and simple algorithm.

According to the characteristics of various replacement operations, exclusive or operations are most suitable for simple encryption and decryption operations. The principle of this method is: when one number A and the other number B perform an exclusive or operation, the other number C is generated. if another number C and B are used for an exclusive or operation, C is restored to.

Compared with other simple encryption algorithms, the XOR algorithm has the following advantages.

(1) the algorithm is simple and can be easily implemented in advanced languages.

(2) it is fast and can be used anytime and anywhere.

(3) it is effective for any character. unlike some simple encryption algorithms, it is only valid for Spanish characters and cannot be restored to the original character after Chinese characters are encrypted.

XOR algorithm implementation

The previous section describes how to use the XOR operation to encrypt/decrypt user logon information. According to the principles of the XOR encryption algorithm described in the previous section, it is not difficult to write the following encryption and decryption functions. First, list the encryption algorithms.

1 <! -- Encrypy_xor: the encryption function for simple XOR operations --------------------->
2 <? Php
3 // encryption function
4 function myEncrypt ($ string, $ key)
5 {
6 for ($ I = 0; $ I <STRLEN ($ STRING); p $ I ++) <>
7 {
8 for ($ j = 0; $ j <STRLEN ($ KEY); p $ j ++) <>
9 {
10 $ string [$ I] = $ string [$ I] ^ $ key [$ j];
11}
12}
13 return $ string;
14}

Row 4th defines the encryption function myEncrypt (). the input parameter $ string is plain text, and $ key is the key. the output is the ciphertext generated by using $ key as the key and using XOR encryption algorithm.

6th ~ The outer for loop of 12 rows loops every character of the plaintext string, while the for loop of the inner layer (8th ~ 11 rows) returns an exclusive or operation between each character loop of the plaintext and each bit of the key. The principles are introduced in the previous section and will not be repeated.

Similarly, similar to the encryption function, you can write the following decryption function.

1 // decryption function
2 function myDecrypt ($ string, $ key)
3 {
4 for ($ I = 0; $ I <STRLEN ($ STRING); p $ I ++) <>
5 {
6 for ($ j = 0; $ j <STRLEN ($ KEY); p $ j ++) <>
7 {
8 $ string [$ I] = $ key [$ j] ^ $ string [$ I];
9}
10}
11 return $ string;
12}
13?>

Row 3 defines the decryption function myDecrypt (). the input parameter $ string is ciphertext, while $ key is the key. the output is the plaintext generated by using $ key as the key and using XOR decryption algorithm.

Next, we will use an application example to further describe the functions of the encryption function.

1 // example
2 $ my_password = "chair ";
3 echo "my_password = $ my_password ";
4$ my_key = "1234567890 ";
5 $ my_password_en = myEncrypt ($ my_password, $ my_key );
6 echo "my_password_en = $ my_password_en ";
7 $ my_password_de = myDecrypt ($ my_password_en, $ my_key );
8 echo "my_password_de = $ my_password_de ";

The first line defines a plaintext $ my_password, and then defines the key $ my_key in the second line.

Lines 1 and 6 call the encryption function to generate and output the ciphertext, and in turn decrypt the ciphertext on lines 2 and 8.

The running result of the preceding example is as follows.

My_password = chair

My_password_en = RYPXC

My_password_de = chair

Implement identity authentication using XOR algorithms

The previous two sections describe the principles and implementation of information encryption/decryption using XOR operations. Next, we will use this method to encrypt the user's logon password. In this example, the system wants to protect the user's password as follows.

· When a user registers, the user needs to add a user password form.

No one except the user himself can obtain the password information, including the system designer and database administrator.

The system can verify the validity of a user based on the password entered by the user.

To achieve the above purpose, you can select the user name as the plaintext when using the XOR algorithm, and the key is the user-defined password, and then the encrypted user name is stored in the database.

In addition, you can use either of the following methods to authenticate a valid user upon logon.

(1) re-encrypt the user name (plaintext) and password (key) information submitted by the user, and compare the encrypted information with the password information stored in the database. if the information is equal, the user is legal. Otherwise, the user is invalid.

(2) decrypt the password information (plaintext) stored in the database and the password (key) information entered by the user, and compare the encrypted information with the user name submitted by the user, if they are equal, the user is legal. Otherwise, the user is invalid.

Both methods can achieve 3rd goals. In this example, 2nd methods are used. The implementation code in this example can be implemented based on the implementation of "user login" in section 18.4.1 and "check user" in section 18.4.2. the "user login" page does not need to be changed, the implementation of "check users" is as follows.

1 <? Php
2 session_start (); // load the Session Library, which must be placed in the first line
3 $ user_name = $ _ POST ["user_name"];
4 session_register ("user_name"); // register the $ user_name variable. Note that the $ symbol does not exist.
5
6 require_once ("sys_conf.inc"); // system configuration file, including database configuration information
7 require_once ("encrypy_xor.php"); // contains the xor encryption function file
8
9 // connect to the database
10 $ link_id = mysql_connect ($ DBHOST, $ DBUSER, $ DBPWD );
11 mysql_select_db ($ DBNAME); // select the database my_chat
12
13 // query for logon user information
14 $ str = "select name, password from user where name = '$ user_name '";
15 $ result = mysql_query ($ str, $ link_id); // execute the query
16 @ $ rows = mysql_num_rows ($ result); // number of records obtained from the query result
17 $ user_name = $ _ SESSION ["user_name"];
18 $ password = $ _ POST ["password"];
19 $ password_en = myEncrypt ($ user_name, $ password); // encrypt user information
20
21 // for old users
22 if ($ rows! = 0)
23 {
24 list ($ name, $ pwd) = mysql_fetch_row ($ result );
25 $ password_de = myDecrypt ($ pwd, $ password); // decrypt user information
26
27 // if the password is entered correctly
28 if ($ user_name = $ password_de)
29 {
30 $ str = "update user set is_online = 1 where name = '$ user_name' and password = '$ password_en '";
31 $ result = mysql_query ($ str, $ link_id); // execute the query
32 require ("main. php"); // go to the chat page
33}
34 // incorrect password
35 else
36 {
37 require ("relogin. php ");
38}
39}
40 // for new users, write their information to the database
41 else
42 {
43 $ str = "insert into user (name, password, is_online) values ('$ user_name', '$ password_en', 1 )";
44 $ result = mysql_query ($ str, $ link_id); // execute the query
45 require ("main. php"); // go to the chat page
46}
47 // Close the database
48 mysql_close ($ link_id );
49?>

The encryption function file encrypy_xor.php is introduced in row 7th, including the two functions described in the previous section.

Row 3 uses the user name and password submitted by the user to obtain the encrypted password value. for new users, the encrypted value of row 3 is stored in the database.

In addition, for old users, 24th obtains the username and encrypted password information in the database, and decrypts the information using these two values in 25 rows, then, the user legality is checked by comparing the decrypted value with the user name information submitted by the user in row 3.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.