Understand crypt()
Readers who have a little experience using non-Windows platforms may be quite familiar with crypt(). This function completes a function called one-way encryption. It can encrypt some clear code, but cannot in turn convert the password to the original clear code again. The crypt() function is defined as follows.
string crypt (string input_string [, string salt])
Among them, the input_string parameter is a plaintext string that needs to be encrypted, and the second optional salt is a bit string that can affect the encrypted password and further rule out the possibility of being cracked. By default, PHP uses a 2-character DES interfering string. If the system uses MD5 (see the next section), PHP will use a 12-character interfering string. The length of the interference string that the system will use can be discovered by executing the following command.
print "My system salt size is: ". CRYPT_SALT_LENGTH;
crypt() supports four encryption algorithms, and Table 19.1 shows the lengths of the supported algorithms and the corresponding salt parameters.
Table crypt() supports four encryption algorithms
On the surface, the crypt() function seems to be of little use, but this function is indeed widely used to ensure the integrity of system passwords. Because even if a one-way encryption password falls into the hands of a third party, it will not be of great use since it cannot be restored to plain text.
Use crypt() to implement user authentication
The previous part briefly introduces the function of the crypt() function. The following is used to realize user authentication, and the goals they want to achieve are consistent with those introduced in Section 19.2.3.
<!--check_user_crypt.php: Use crypt() function to verify the user ------------------->
<?php
$user_name=$_POST["user_name"];
require_once("sys_conf.inc"); //System configuration file, including database configuration information
//Connect the database
$link_id=mysql_connect($DBHOST,$DBUSER,$DBPWD);
mysql_select_db($DBNAME); //Select database my_chat
//Query whether there is logged in user information
$str="select name,password from user where name ='$user_name'";
$result=mysql_query($str,$link_id); //Execute query
@$rows=mysql_num_rows($result); //The number of records that obtain the query results
$user_name=$_SESSION["user_name"];
$password=$_POST["password"];
$salt = substr($password, 0, 2);
$password_en=crypt($password,$salt); //Use crypt() to encrypt the user password
//For old users
if($rows!=0)
{
list($name,$pwd)=mysql_fetch_row($result);
//If the password is entered correctly
if($pwd==$password_en)
{
$str="update user set is_online =1 where name ='$user_name' and password='$password_en'";
$result=mysql_query($str, $link_id);//Execute query
require(""); //Go to the chat page
}
//Password entry error
else
{
require("");
}
}
//For new users, write their information to the database
else
{
$str="insert into user (name,password,is_online) values('$user_ name','$password_en',1)";
$result=mysql_query($str, $link_id); //Execute query
require(""); //Go to the chat page
}
//Close the database
mysql_close($link_id);
?>
The example is very similar to the XOR encryption algorithm introduced in the previous section to protect user information. The core part is that lines 16 and 17 use the crypt() function to obtain the encrypted password, and check whether the user is legal by comparing whether the password in the database and the encrypted password are equal on line 25.
Let’s take an example to see what the encrypted password will look like.
For example, if the user name is rock and the password is 123456, the encrypted password is:
12tir.zIbWQ3c
The above implements a simple user authentication system. When using crypt() to protect important confidential information, it should be noted that using crypt() by default is not the safest and can only be used in systems with low security requirements.
Readers who have a little experience using non-Windows platforms may be quite familiar with crypt(). This function completes a function called one-way encryption. It can encrypt some clear code, but cannot in turn convert the password to the original clear code again. The crypt() function is defined as follows.
string crypt (string input_string [, string salt])
Among them, the input_string parameter is a plaintext string that needs to be encrypted, and the second optional salt is a bit string that can affect the encrypted password and further rule out the possibility of being cracked. By default, PHP uses a 2-character DES interfering string. If the system uses MD5 (see the next section), PHP will use a 12-character interfering string. The length of the interference string that the system will use can be discovered by executing the following command.
print "My system salt size is: ". CRYPT_SALT_LENGTH;
crypt() supports four encryption algorithms, and Table 19.1 shows the lengths of the supported algorithms and the corresponding salt parameters.
Table crypt() supports four encryption algorithms
| algorithm | Salt length |
| CRYPT_STD_DES | 2-character (Default) |
| CRYPT_EXT_DES | 9-character |
| CRYPT_MD5 | 12-character beginning with $1$ |
| CRYPT_BLOWFISH | 16-character beginning with $2$ |
On the surface, the crypt() function seems to be of little use, but this function is indeed widely used to ensure the integrity of system passwords. Because even if a one-way encryption password falls into the hands of a third party, it will not be of great use since it cannot be restored to plain text.
Use crypt() to implement user authentication
The previous part briefly introduces the function of the crypt() function. The following is used to realize user authentication, and the goals they want to achieve are consistent with those introduced in Section 19.2.3.
Copy the codeThe code is as follows:
<!--check_user_crypt.php: Use crypt() function to verify the user ------------------->
<?php
$user_name=$_POST["user_name"];
require_once("sys_conf.inc"); //System configuration file, including database configuration information
//Connect the database
$link_id=mysql_connect($DBHOST,$DBUSER,$DBPWD);
mysql_select_db($DBNAME); //Select database my_chat
//Query whether there is logged in user information
$str="select name,password from user where name ='$user_name'";
$result=mysql_query($str,$link_id); //Execute query
@$rows=mysql_num_rows($result); //The number of records that obtain the query results
$user_name=$_SESSION["user_name"];
$password=$_POST["password"];
$salt = substr($password, 0, 2);
$password_en=crypt($password,$salt); //Use crypt() to encrypt the user password
//For old users
if($rows!=0)
{
list($name,$pwd)=mysql_fetch_row($result);
//If the password is entered correctly
if($pwd==$password_en)
{
$str="update user set is_online =1 where name ='$user_name' and password='$password_en'";
$result=mysql_query($str, $link_id);//Execute query
require(""); //Go to the chat page
}
//Password entry error
else
{
require("");
}
}
//For new users, write their information to the database
else
{
$str="insert into user (name,password,is_online) values('$user_ name','$password_en',1)";
$result=mysql_query($str, $link_id); //Execute query
require(""); //Go to the chat page
}
//Close the database
mysql_close($link_id);
?>
The example is very similar to the XOR encryption algorithm introduced in the previous section to protect user information. The core part is that lines 16 and 17 use the crypt() function to obtain the encrypted password, and check whether the user is legal by comparing whether the password in the database and the encrypted password are equal on line 25.
Let’s take an example to see what the encrypted password will look like.
For example, if the user name is rock and the password is 123456, the encrypted password is:
12tir.zIbWQ3c
The above implements a simple user authentication system. When using crypt() to protect important confidential information, it should be noted that using crypt() by default is not the safest and can only be used in systems with low security requirements.