Use crypt () in PHP to implement user authentication. read the instructions in PHP to use crypt () for user authentication. if you do not want to develop new encryption algorithms in PHP applications, you can also use the crypt () function provided by PHP to complete one-way encryption. If you understand crypt (), anyone who has experience using non-Windows platforms may be familiar with crypt (), "> <LINKhr does not want to develop new encryption algorithms in PHP applications, you can also use the crypt () function provided by PHP to complete one-way encryption.
Understanding crypt ()
Anyone who has experience using a non-Windows platform may be familiar with crypt (). This function is called one-way encryption and can encrypt some plain codes, however, the password cannot be converted to the original plaintext. The crypt () function is defined as follows.
String crypt (string input_string [, string salt])
Here, the input_string parameter is the plaintext string to be encrypted, and the second available salt is a single-digit string, which can affect the encrypted password and further eliminate the possibility of cracking. By default, PHP uses a two-character DES interference string. if the system uses MD5 (refer to the next section ), PHP uses a 12-character interference string. You can run the following command to find the length of the interference string to be used by the system.
Print "My system salt size is:". CRYPT_SALT_LENGTH;
Crypt () supports four encryption algorithms. Table 19.1 shows the supported algorithms and the length of corresponding salt parameters.
Table crypt () supports four encryption algorithms
Algorithm |
Salt length |
CRYPT_STD_DES |
2-character (Default) |
CRYPT_EXT_DES |
9-character |
CRYPT_MD5 |
12-character beginning with $1 $ |
CRYPT_BLOWFISH |
16-character beginning with $2 $ |
On the surface, the crypt () function seems useless, but it is indeed widely used to ensure the integrity of the system password. Because, even if the one-way encryption password falls into the hands of a third party, it is useless because it cannot be restored to plain text.
Use crypt () for user authentication
The previous section briefly introduces the functions of the crypt () function. The following describes how to use the function to authenticate a user's identity. The goal is the same as that described in section 19.2.3.
1 <! -- Check_user_crypt.php: Use the crypt () function to verify the user --------------> 2 <? Php 3 $ user_name = $ _ POST ["user_name"]; 4 require_once ("sys_conf.inc"); // system configuration file, including database configuration information 5 6 // connect to the database 7 $ link_id = mysql_connect ($ DBHOST, $ DBUSER, $ DBPWD ); 8 mysql_select_db ($ DBNAME); // select the database my_chat 9 10 // query for logon user information 11 $ str = "select name, password from user where name = '$ user_name '"; 12 $ result = mysql_query ($ str, $ link_id); // execute the query 13 @ $ rows = mysql_num_rows ($ result); // number of records obtained from the query result 14 $ user_name = $ _ SESSION ["user_name"]; 15 $ password = $ _ POST ["password"]; 16 $ salt = substr ($ password, 0, 2 ); 17 $ password_en = crypt ($ password, $ salt); // use crypt () to encrypt the user password 18 19 // for old users 20 if ($ rows! = 0) 21 { 22 list ($ name, $ pwd) = mysql_fetch_row ($ result ); 23 24 // if the password is entered correctly 25 if ($ pwd = $ password_en) 26 { 27 $ str = "update user set is_online = 1 where name = '$ user_name' and password = '$ password_en '"; 28 $ result = mysql_query ($ str, $ link_id); // execute the query 29 require ("main. php"); // go to the chat page 30} 31 // incorrect password 32 else 33 { 34 require ("relogin. php "); 35} 36 37} 38 // for new users, write their information to the database 39 else 40 { 41 $ str = "insert into user (name, password, is_online) values ('$ user _ name',' $ password_en ', 1 )"; 42 $ result = mysql_query ($ str, $ link_id); // execute the query 43 require ("main. php"); // go to the chat page 44} 45 // Close the database 46 mysql_close ($ link_id ); 47?> |
The example is very similar to the XOR encryption algorithm used in the previous section to protect user information. The core part of the example is that lines 16th and 17 use the crypt () function to obtain the encrypted password, check whether the user is valid by comparing the password in the database with the encrypted password in row 3.
Next, let's take an instance to see what the encrypted password looks like.
For example, if the username is rock and the password is 123456, the encrypted password is:
12tio. zIbWQ3c
A simple user authentication system is implemented above. When using crypt () to protect important confidential information, note that using crypt () by default is not the safest, it can only be used in systems with low security requirements.