PHP Data Encryption

Data Encryption in the status of our lives has become increasingly important, especially taking into account the network took place in a large number of transactions and transfer of large amounts of data. If the use of safety measures are interested, also will be interested to learn PHP to provide a range of security features. In this article, we will introduce these features, to provide some basic usage, so that you can for their own application software to add security features.

Prior knowledge

PHP in detail the security features, we need to spend a bit of time to not come into contact with this aspect of the readers some basic knowledge of cryptography, if the basic concepts of cryptography is already very familiar with, you can skip this part of the past .

Cryptography can be described as popular on the encryption / decryption of research and experiments, encryption is easy to understand information will not be converted into easy-to-understand information on the process of moving to decrypt the information is not easy to understand easy-to-understand information is converted to the original process. Do not understand the information is known as password, easy-to-understand information, known as codes.

Data encryption / decryption will require a certain degree of algorithms can be very simple, such as the famous Caesar code, but the current encryption algorithm should be relatively much more complex, some of which make use of the existing methods can not even decipher the.

PHP encryption as long as there is little experience in the use of non-Windows platform may be on the crypt () is quite familiar with the completion of this function is called a one-way encryption function, it can encrypt a number of codes, but can not be converted to the original password the codes. Although the face of it this seems to be a useless function, but it really has been widely used to ensure the integrity of the system password. Because one-way encrypted password once people fall into the hands of third parties, as can not be reduced to express, and therefore does not have any great usefulness. Validate user input in the password, the user input is also used in a one-way algorithm, if the input and stored by the encrypted passwords match, then enter a message must be correct.

crypt () function

PHP also offers the use of its crypt () function to complete the possibility of a one-way encryption. Here I will briefly introduce the function:

string crypt (string input_string [, string salt])

Input_string parameters which need to encrypt the string, the second optional salt is a bit string, it can influence the encrypted code, and further to rule out is called the possibility of attacks is expected to count. By default, PHP uses a two-character string DES interference, if your system using MD5 (I will be introduced at a later MD5 algorithm), it will use a 12-character string interference. By the way, you can order through the implementation of the following system will be found to interfere with the use of the length of string:

print "My system salt size is:". CRYPT_SALT_LENGTH;

System may also support other encryption algorithm. crypt () to support the four algorithms, the following is its support for the algorithm and the corresponding parameters of the length of salt:

Salt length algorithm
CRYPT_STD_DES 2-character (Default)
CRYPT_EXT_DES 9-character
CRYPT_MD5 12-character beginning with $
CRYPT_BLOWFISH 16-character beginning with $

Using crypt () to achieve user authentication

As crypt () function of an example, consider a situation, you want to create a section of PHP scripts to limit access to a directory, allowing only able to provide the correct user name and password of the user access the directory. I will I like the information stored in a MySQL database table. Next, we turn to create this is called the members of the table to start our examples:

mysql> CREATE TABLE members (
-> username CHAR (14) NOT NULL,
-> password CHAR (32) NOT NULL,
-> PRIMARY KEY (username)
->);

Then, we assume that the following data has been stored in the table:

Username Password
clark keloD1C377lKE
bruce ba1T7vnz9AWgk
peter paLUvRWsRLZ4U

These encrypted password corresponding codes are kent, banner and parker. Attention to what each of the first two-letter password, this is because I use the following code, according to the first two letters of the password to create interference with strings:

$ enteredPassword.
$ salt = substr ($ enteredPassword, 0, 2);
$ userPswd = crypt ($ enteredPassword, $ salt);
/ / $ UserPswd then and user name is stored in MySQL in conjunction

I will use Apache password - response authentication configuration prompts the user for a user name and password, a little-known information on the PHP is that it can be Apache password - Response System enter a user name and password identification for $ PHP_AUTH_USER and $ PHP_AUTH_PW, I will authentication script used in these two variables. Spend some time carefully read the following script, and more attention to what this explanation in order to better understand the following code:

crypt () and Apache password - response authentication system

^? [Copy to clipboard] View Code PHP

  <? php  
       “localhost” ; $ host = "localhost";  
       “zorro” ; $ user = "zorro";  
       “hell odolly” ; $ pswd = "hell odolly";  
       “users” ; $ db = "users";  

      / / Set authorization to False 
      0 ; $ authorization = 0;  

      / / Verify that user has entered username and password 
      isset ( $PHP_AUTH_USER ) && isset ( $PHP_AUTH_PW ) ) : if (isset ($ PHP_AUTH_USER) & & isset ($ PHP_AUTH_PW)):  
      $host , $user , $pswd )  or die ( “Can’t connect to MySQL  server ! ” ) ; mysql_pconnect ($ host, $ user, $ pswd) or die ( "Can't connect to MySQL server!");  
      $db )  or die ( “Can’t select database ! ” ) ; mysql_select_db ($ db) or die ( "Can't select database!");  

      / / Perform the encryption 
      substr ( $PHP_AUTH_PW , 0 , 2 ) ; $ salt = substr ($ PHP_AUTH_PW, 0, 2);  
      crypt ( $PHP_AUTH_PW , $salt ) ; $ encrypted_pswd = crypt ($ PHP_AUTH_PW, $ salt);  

      / / Build the query 
       “SELECT username FROM members WHERE $ query = "SELECT username FROM members WHERE  
      ’ AND username = '$ PHP_AUTH_USER' AND  
      ’” ; password = '$ encrypted_pswd' ";  

      / / Execute the query 
      mysql_numrows ( mysql_query ( $query ) ) == 1 ) : if (mysql_numrows (mysql_query ($ query)) == 1):  
      1 ; $ authorization = 1;  
      endif;  
      endif;  

      / / Confirm authorization 
      ! $authorization ) : if (! $ authorization):  

      ’WWW - Authenticate :  Basic realm = “ Private ” ) ; header ( 'WWW - Authenticate: Basic realm = "Private");  
      HTTP / 1.0 401  Unauthorized ) ; header (HTTP / 1.0 401 Unauthorized);  
      ” ; print "You are unauthorized to enter this area.";  
      exit;  

      else:  
      ” ; print "This is the secret data!";  
      endif;  
  ?>

Verification of the above is a simple user access authentication system. In the use of crypt () to protect the confidentiality of important data, remember to use the default state of the crypt () is not the most secure, can only be used for less demanding on the security system, requiring a higher level of security if performance, I will need the back of this article introduced algorithms.

md5 () function

Now I will introduce another PHP support function ━ ━ md5 (), this function using the MD5 hash algorithm, it has several very interesting usage is worth mentioning:

Mixed

A mixed function can be a variable-length information transformation with fixed-length output had been mixed, also known as "Information Digest." This is very useful, because a fixed-length strings can be used to check the integrity of the document and verify digital signatures and user authentication. Because it is suitable for PHP, PHP built-in md5 () function will be a mixed variable-length information is converted to 128 (32 characters) digest the information. Mixed in an interesting analysis of the characteristics is not mixed after the information is clearly the original, because after mixed results with the original content is not dependent on the relationship between codes. Even if only to change a string of one character, but also will allow mixed MD5 algorithm to calculate two different results. We turn first to the table of contents and the corresponding results:

The use of md5 () mixed string

^? [Copy to clipboard] View Code PHP

 1 
  2, 
  3, 
  Four 
  Five

  <? php  
       “This is some message that I just wrote” ; $ msg = "This is some message that I just wrote";  
      md5 ( $msg ) ; $ enc_msg = md5 ($ msg);  
      $enc_msg  ” ; print "hash: $ enc_msg";  
  ?>

Results:

hash: 81ea092649ca32b5ba375e81d8f4972c

Note that the results of the length of 32 characters. Take another look at the table below, in which the value of $ msg tiny, there was a slight change:

The use of md5 () on a slightly mixed string change

^? [Copy to clipboard] View Code PHP

 1 
  2, 
  3, 
  Four 
  Five 
  Six

  <? php  
      / / Note, message in a few s 
       “This is some mesage that I just wrote” ; $ msg = "This is some mesage that I just wrote";  
      md5 ( $msg ) ; $ enc_msg = md5 ($ msg);  
      $enc_msg < br />< br /> ” ; print "hash2: $ enc_msg <br /> <br />";  
  ?>

Results:

hash2: e86cf511bd5490d46d5cd61738c82c0c

Can be found, although the two are the result of the length of 32 characters, but the point explicitly in making minor changes in the results of great changes have taken place, therefore, mixed and md5 () function is to check the data in the small changes in a good tool.

Although the crypt () and md5 () have their own use, but the two functions are subject to certain restrictions. In the following section, we will introduce two very useful Mcrypt and Mhash, known as the PHP extension will greatly expand PHP users encryption options.

While we in the above section illustrates the importance of a one-way encryption, but sometimes we may need in the encrypted, password data and then restore the original data, fortunately, PHP through Mcrypt Treasury provided in the form of expansion of this possibility.

Pages: 1 2

(No Ratings Yet)

Loading ...

- Welcome rating for this article

No donations within the last 180 days.Who make donation will leave message at here. Donate Now.

This a wordpress plugin Wp-Donators. It provides a smart donation function to autoleave the sponsor information in this container after payment. People can donate and submit name / URL or TextLink AD. The information of the latest donors are displayed in the cloud. The more a person donates, the bigger their link will be.It 's will support most popular payment interface in future. ParPal Just the first one. More ..

Powered By: WP-DONATORS