了解crypt()
只要有一点使用非Windows平台经验的读者都可能对crypt()相当熟悉,这一函数完成被称作单向加密的功能,它可以加密一些明码,但不能反过来将密码重新转换为原来的明码。crypt()函数定义如下。
string crypt (string input_string [, string salt])
其中,input_string参数是需要加密的明文字符串,第二个可选的salt是一个位字串,能够影响加密的暗码,进一步排除被破解的可能性。缺省情况下,PHP使用一个2个字符的DES干扰串,如果系统使用的是MD5(参考下一节内容),PHP则会使用一个12个字符的干扰串。可以通过执行下面的命令发现系统将要使用的干扰串的长度。
print "My system salt size is: ". CRYPT_SALT_LENGTH;
crypt()支持4种加密算法,表19.1显示了其支持的算法和相应的salt参数的长度。
表crypt()支持四种加密算法
算法 |
Salt长度 |
CRYPT_STD_DES |
2-character (Default) |
CRYPT_EXT_DES |
9-character |
CRYPT_MD5 |
12-character beginning with $1$ |
CRYPT_BLOWFISH |
16-character beginning with $2$ |
On the surface, the crypt() function seems to be of little use, but this function is indeed widely used to ensure the integrity of system passwords. Because even if the one-way encrypted password falls into the hands of a third party, it will not be of much use since it cannot be restored to plain text.
Use crypt() to implement user authentication
The previous part briefly introduced the functions of the crypt() function. Next, we will use it to implement user authentication. The goals it wants to achieve are the same as those introduced in Section 19.2.3 .
Copy code The code is as follows:
$user_name=$_POST["user_name"];
require_once("sys_conf.inc"); / /System configuration file, including database configuration information
//Connect to the database
$link_id=mysql_connect($DBHOST,$DBUSER,$DBPWD);
mysql_select_db($DBNAME); //Select database my_chat
//Query whether there is login user information
$str="select name,password from user where name ='$user_name'";
$result=mysql_query($str,$link_id); //Execute query
@$rows=mysql_num_rows($result); //Number of records to obtain query results
$user_name=$_SESSION["user_name"];
$password=$_POST["password"];
$salt = substr($password, 0, 2);
$password_en=crypt($password,$salt); //Use crypt() to encrypt user passwords
//For old users
if($rows!=0)
{
list($name,$pwd)=mysql_fetch_row($result);
//If the password is entered correctly
if($pwd= =$password_en)
{
$str="update user set is_online =1 where name ='$user_name' and password='$password_en'";
$result=mysql_query($str, $link_id );//Execute query
require("main.php"); //Go to the chat page
}
//Password input error
else
{
require(" relogin.php");
}
}
//For new users, write their information into the database
else
{
$str="insert into user (name, password,is_online) values('$user_ name','$password_en',1)";
$result=mysql_query($str, $link_id); //Execute query
require("main.php" ); //Go to chat page
}
//Close database
mysql_close($link_id);
?>
Example and previous one The use of the XOR encryption algorithm to protect user information introduced in the section is very similar. The core part is to use the crypt() function to obtain the encrypted password on lines 16 and 17, and compare the password in the database with the encrypted password on line 25. Passwords are equal to check whether the user is legitimate.
Next, let’s take an example to see what the encrypted password will look like.
For example, if the user name is rock and the password is 123456, the encrypted password is:
12tir.zIbWQ3c
A simple user authentication system is implemented above. . When using crypt() to protect important confidential information, it should be noted that using crypt() in the default state is not the most secure and can only be used in systems with lower security requirements.
http://www.bkjia.com/PHPjc/325865.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/325865.htmlTechArticleUnderstanding crypt() Readers who have a little experience using non-Windows platforms may be quite familiar with crypt(). A function completes a function called one-way encryption. It can encrypt some plain codes, but...