In the development of PHP applications, if you do not want to develop new encryption algorithms, you can also use the crypt () function of PHP to complete the one-way encryption function.
Understanding Crypt ()
As long as you have a bit of experience with a non-Windows platform may be familiar to crypt (), this function is called one-way encryption function, it can encrypt some of the code, but can not reverse the password back to the original plaintext. The crypt () function is defined as follows.
String crypt (String input_string [, string salt])
Where the input_string parameter is a plaintext string that needs to be encrypted, the second optional salt is a bit string that can affect the encrypted cipher and further eliminate the possibility of being cracked. By default, PHP uses a 2-character des jamming string, and if the system is using MD5 (refer to the next section), PHP uses a 12-character jamming string. You can discover the length of the jamming string that the system will use by executing the following command.
Print "My system salt size is:". Crypt_salt_length;
Crypt () supports 4 encryption algorithms, and table 19.1 shows the algorithm supported and the length of the corresponding salt parameter.
Table crypt () supports four encryption algorithms
Algorithm |
Salt length |
Crypt_std_des |
2-character (Default) |
Crypt_ext_des |
9-character |
Crypt_md5 |
12-character beginning with $1$ |
Crypt_blowfish |
16-character beginning with $2$ |
On the surface, the crypt () function does not seem to be useful, but the function is indeed widely used to guarantee the integrity of the system's passwords. Because the one-way encrypted password even falls into the hands of a third party, because it can not be restored to plaintext, it is not very useful.
implementing user authentication with crypt ()
The previous section briefly describes the functionality of the Crypt () function, which is used to implement user authentication, and is intended to achieve the same goal as described in section 19.2.3.
1!--check_user_crypt.php: Verifying user----------------using the crypt () function
2 <?php
3 $user _name=$_post["user_name"];
4 require_once ("Sys_conf.inc"); System configuration files, including database configuration information
5
6//Connection database
7 $link _id=mysql_connect ($DBHOST, $DBUSER, $DBPWD);
8 mysql_select_db ($DBNAME); Select Database My_chat
9
10//Query for login user information
One $str = "Select Name,password from user where name = ' $user _name '";
$result =mysql_query ($str, $link _id); Execute Query
@ $rows =mysql_num_rows ($result); Number of record pens to get query results
$user _name=$_session["user_name"];
$password =$_post["Password"];
$salt = substr ($password, 0, 2);
$password _en=crypt ($password, $salt); Use crypt () to encrypt a user's password
18
19//For old users
if ($rows!=0)
21 {
List ($name, $pwd) =mysql_fetch_row ($result);
23
24//If the password is entered correctly
if ($pwd = = $password _en)
26 {
$STR = "Update user set Is_online =1 where name = ' $user _name ' and password= ' $password _en '";
$result =mysql_query ($str, $link _id);//Execute Query
Require ("main.php"); Go to chat page
30}
31//Password input error
Or else
33 {
Require ("relogin.php");
35}
36
37}
38//For new users, write their information to the database
Or else
40 {
$str = "INSERT into user (Name,password,is_online) VALUES (' $user _ name ', ' $password _en ', 1)";
$result =mysql_query ($str, $link _id); Execute Query
Require ("main.php"); Go to chat page
44}
45//Close the database
Mysql_close ($link _id);
47? >
The example is very similar to the use of the XOR encryption algorithm described in the previous section to protect user information. The core is that lines 16th and 17 use the crypt () function to get the encrypted password, and check the legality of the user by comparing the password in the database on line 25th with the encrypted password.
Here's an example of what the encrypted password will look like.
For example, if the user name is rock and the password is 123456, the encrypted password is:
12tir.zibwq3c
The above implementation of a simple user authentication system. When using crypt () to protect critical confidential information, it is important to note that the use of crypt () in the default state is not the safest and can only be used in systems with lower security requirements.