Security in PHP

Introduction

Encryption is the conversion of data into a form called "ciphertext", that cannot be easily understood by unauthorized people. Decryption is the reverse of encryption; it decrepts the data that had been encrypted.

In PHP we can use the "crypt()" function to create a one-way encryption. Often in an application a password is confidential for the user. When the user chooses their password, the password is then encrypted, and the encrypted version of the password is saved. Whenever the user logins the next time, the application provides the login facilities; if their password matches the encrypted version of the saved password then the login is successful.

Syntax

The syntax of the crypt function is:

crypt (inputString, Salt)

Parameters

The parameters for the crypt function are:

Parameter Description
inputString It specifies which string, you would like to encrypt (Example- Password).
Salt The optional parameter Salt specifies , how encryption will work. Salt will work four types:
  • CRYPT_STD_DES - Standard DES-based encryption with a two character salt.
  • CRYPT_EXT_DES - Extended DES-based encryption with a nine character salt.
  • CRYPT_MD5 - MD5 encryption with a twelve character salt starting with $1$.
  • CRYPT_BLOWFISH - Blowfish encryption with a sixteen character salt starting with $2$ or $2a$.

Example

The following example shows how you can decrypt your input string (like a NewPassword) in various ways. If you do not use the second encrypt function parameter (Salt), the encrypt inputString will be different every time that the crypt function is executed. If you use the same salt then the encrypted password should always be the same.

<?php

$encryptpassword = crypt('NewPassword');

print $encryptpassword . "is the <b>encrypted version</b> of mypassword.";

echo "</br>";

$encryptpassword = crypt('NewPassword' , 'rtw34');

print $encryptpassword . " is the <b>CRYPT_STD_DES version</b> of mypassword"."</br>";

$password = crypt('NewPassword' , 'k7uritrd.y1g');

print $encryptpassword . " is the <b>CRYPT_EXT_DES version</b> of mypassword."."</br>";

$encryptpassword = crypt('NewPassword' , '$1$d5rttuhy6d$');

print $encryptpassword . " is the <b>CRYPT_MD5 version</b> of mypassword."."</br>";

$encryptpassword = crypt('NewPassword' , '$2a$07$khgfslerd...........$');

print $encryptpassword . " is the <b>CRYPT_BLOWFISH version</b> of mypassword.";

 ?>
 

Output

security-in-php.jpg

Up Next
    Ebook Download
    View all
    Learn
    View all