The code in PHP that implements user authentication using crypt of
- 2020-05-19 04:23:30
- OfStack
Understand crypt ()
Anyone with a bit of experience with a non-Windows platform will probably be familiar with crypt(), a function that does what's called one-way encryption, which encrypts some plain code but does not reverse the conversion to the original plain code. The crypt() function is defined as follows.
string crypt (string input_string [, string salt])
Among them, the parameter input_string is the plaintext string that needs to be encrypted, and the second optional salt is a bit string, which can affect the encryption cipher, and further exclude the possibility of being cracked. By default, PHP USES a 2-character DES interference string. If the system USES MD5(see section 1 below), PHP USES a 12-character interference string. You can discover the length of the interference string that the system will use by executing the following command.
print "My system salt size is: ". CRYPT_SALT_LENGTH;
crypt() supports four encryption algorithms, and table 19.1 shows the supported algorithms and the corresponding lengths of salt parameters.
Table crypt() supports four encryption algorithms
algorithm Salt length CRYPT_STD_DES 2-character (Default) CRYPT_EXT_DES 9-character CRYPT_MD5 12-character beginning with $1$ CRYPT_BLOWFISH 16-character beginning with $2$
On the surface, the function crypt() may seem useless, but it is widely used to ensure the integrity of the system password. Because, one-way encryption password even if fall into the hands of the third party, because can not be restored to clear text, there is no great use.
Implement user authentication with crypt()
The functions of the crypt() function were briefly introduced in the previous section. The purpose of the crypt() function is to achieve user authentication, which is the same as 1 in section 19.2.3.
The example is very similar to the use of the XOR encryption algorithm to protect user information described in the previous section. The core part of the example is to use the crypt() function in lines 16 and 17 to obtain the encrypted password, and check whether the user is legitimate by comparing the password in the database with the encrypted password in line 25.
Let's look at an example of what an encrypted password will look like.
For example, if the user name is rock and the password is 123456, the encrypted password is:
12 tir zIbWQ3c
The above implementation of a simple user authentication system. When using crypt() to protect important confidential information, it is important to note that using crypt() by default is not the most secure and can only be used on systems with low security requirements.
Anyone with a bit of experience with a non-Windows platform will probably be familiar with crypt(), a function that does what's called one-way encryption, which encrypts some plain code but does not reverse the conversion to the original plain code. The crypt() function is defined as follows.
string crypt (string input_string [, string salt])
Among them, the parameter input_string is the plaintext string that needs to be encrypted, and the second optional salt is a bit string, which can affect the encryption cipher, and further exclude the possibility of being cracked. By default, PHP USES a 2-character DES interference string. If the system USES MD5(see section 1 below), PHP USES a 12-character interference string. You can discover the length of the interference string that the system will use by executing the following command.
print "My system salt size is: ". CRYPT_SALT_LENGTH;
crypt() supports four encryption algorithms, and table 19.1 shows the supported algorithms and the corresponding lengths of salt parameters.
Table crypt() supports four encryption algorithms
algorithm Salt length CRYPT_STD_DES 2-character (Default) CRYPT_EXT_DES 9-character CRYPT_MD5 12-character beginning with $1$ CRYPT_BLOWFISH 16-character beginning with $2$
On the surface, the function crypt() may seem useless, but it is widely used to ensure the integrity of the system password. Because, one-way encryption password even if fall into the hands of the third party, because can not be restored to clear text, there is no great use.
Implement user authentication with crypt()
The functions of the crypt() function were briefly introduced in the previous section. The purpose of the crypt() function is to achieve user authentication, which is the same as 1 in section 19.2.3.
<!--check_user_crypt.php: use crypt() Function validation user ---------------->
<?php
$user_name=$_POST["user_name"];
require_once("sys_conf.inc"); // System configuration file containing database configuration information
// Connect to database
$link_id=mysql_connect($DBHOST,$DBUSER,$DBPWD);
mysql_select_db($DBNAME); // Select database my_chat
// Query for the existence of logged-in user information
$str="select name,password from user where name ='$user_name'";
$result=mysql_query($str,$link_id); // Execute the query
@$rows=mysql_num_rows($result); // The number of pens used to obtain the query result
$user_name=$_SESSION["user_name"];
$password=$_POST["password"];
$salt = substr($password, 0, 2);
$password_en=crypt($password,$salt); // use crypt() Encrypt the user password
// For regular users
if($rows!=0)
{
list($name,$pwd)=mysql_fetch_row($result);
// If the password is entered correctly
if($pwd==$password_en)
{
$str="update user set is_online =1 where name ='$user_name' and password='$password_en'";
$result=mysql_query($str, $link_id);// Execute the query
require("main.php"); // Go to the chat page
}
// Password error
else
{
require("relogin.php");
}
}
// For the new user, write its information to the database
else
{
$str="insert into user (name,password,is_online) values('$user_ name','$password_en',1)";
$result=mysql_query($str, $link_id); // Execute the query
require("main.php"); // Go to the chat page
}
// Shut down the database
mysql_close($link_id);
?>
The example is very similar to the use of the XOR encryption algorithm to protect user information described in the previous section. The core part of the example is to use the crypt() function in lines 16 and 17 to obtain the encrypted password, and check whether the user is legitimate by comparing the password in the database with the encrypted password in line 25.
Let's look at an example of what an encrypted password will look like.
For example, if the user name is rock and the password is 123456, the encrypted password is:
12 tir zIbWQ3c
The above implementation of a simple user authentication system. When using crypt() to protect important confidential information, it is important to note that using crypt() by default is not the most secure and can only be used on systems with low security requirements.