PHP - Need Simple Two-way Encryption Code - No Mcrypt.

Hi Guys,   First off, not sure if this is the correct area to post. My question is a little bit mixed, including SQL and PHP.   I'm building a basic private messaging system, and planned to use PHP, SQL for the storage, and a little bit of JS on the client. I'm a little confused when it comes to encryption though. My understanding with user password encryption is that the password is stored in the database as a hash, and then a user sent password is compared to the original hash for verification. I've implemented this successfully using password_verify() and password_hash() functions, and I'm pretty sure it's working fine.   However, my big question is in regards to the storage of message data. As far as I can tell, this system won't work, it's really only suitable for password verification because the hash can't really be reverted to the original data, it can only be compared? How should I go about encrypting message data? Is it possible? If I open up a SQL database containing private message data on a server, I don't want to be able to read the contents.   Any help would be greatly appreciated!

Hi Guys   I am fairly new to php, I am trying to build a registration form but I am struggling with encrypting the password (I will also be salting the password at a later stage to make it more secure).   The below line of code encrypts the password but saves the values as the values states in the code e.g password saves as 'pass'   $q = "INSERT INTO users (first_name,last_name,email,pass,registration_date) VALUES ('first_name','last_name','email', SHA1('pass'), NOW())";   The below code saves all the values that the user inputs xcept the password which is blank and the message 'Undefined index: SHA1('pass')' is returned   $q = "INSERT INTO users (first_name,last_name,email,pass,registration_date) VALUES ('".$_POST["first_name"]."','".$_POST["last_name"]."','".$_POST["email"]."','".$_POST["SHA1('pass')"]."', NOW())";   I am hoping someone may be able to help me as I have no idea how to fix this. Thank you in advance

Hi guys, i'm new to this forum, and a junior php guy.   i need to encrypt a google address like this: https://redirector.g...=web&cver=html5   i use picasa for my client to store car video etc to show and i want embed in iframe with a jwplayer that i'm customizing.   i see some sample that transform a address like this https://redirector.g...=web&cver=html5 in something like this --> http:\/\/r20---googlevideo.com\/picasa\/redirect.php?encrypt=0f10fd0fd0f90c30b80b80fb0ee0ed0f20fb0ee0ec0fd0f80fb0b70f00f80f80f00f50ee0ff0f20ed0ee0f80b70ec0f80f60b80ff0f20ed0ee0f80f90f50ea1020eb0ea0ec0f40c80f20ed0c60bc0bc0bc0be0c00bb0c00c00c10ed0bf0ed0ee0b90bb0bb0af0f20fd0ea0f00c60bb0bb0af0fc0f80fe0fb0ec0ee0c60f90f20ec0ea0fc0ea0af0ec0f60f80c60fc0ee0f70fc0f20fd0f20ff0ee0e80ec0f80f70fd0ee0f70fd0ae0bc0cd1020ee0fc0af0f20f90c60b90b70b90b70b90b70b90af0f20...etc etc...    i see that there is a redirect.php?encrypt=....... how i can do that?    Thanks in advance 'cause frankly speaking i don't know also what i must search on google.        

I seen the sticky but that didn't have my answer and no place I go is really answering my core question. This just doesn't make sense in my brain, how is using md5 safe. What if someone got say an encrypted pass. The code md5 uses is available to anyone, no? So if they got a hold of it how is it not as easily cracked as it is encrypted. Someone please explain this to me lol, it's like a thorn in my brain.

I am looking for a way to encrypt a string using PKCS7. I have seen openssl_pkcs7_encrypt() but this involves the creation of temporary files which I don't really need. Is there a way to do this?

Hey, I'm a bit stuck. I'm looking for a simple yet secure way to encrypt a string (not hash, I need to retrieve it later) so that I can store legally sensitive data which I need to use again later. I am aware that any kind of reversable data is by nature not properly secure, but it's not my decision. I'd rather see if there's a pre-built function or class for this rather than just writing my own, which wouldn't be too good

Thanks in Advance
Gareth

Dear All respective friend,

I'm asking for help. during I know how to code in php. I alway use md5() but I had some problem with abit.

can anyone introduce me with persona code encryption without using md5()?

Your ideal are very important to me especially small example code.

Looking forward from you soon.

Kindly Regards,
Steve.

Is there any tutorial or book where i can learn about how to do the encryption?? thanks in advance

Hy 2 all,

I have some questions about password security that I haven't been able to find an answer yet.   
Hopefully you guys know.

Here it goes:

1. Is it better to hash(sha2) the password and then salt it or salt it and than hash it ?
2. I'm guessing that using a random salt is better than the same salt used for every password.
3. How can you generate a different random salt for each password ? I mean how will the login page know which random salt to mix with the hashed user inserted password and then to compare it with the password stored in the db. (an example would be great(for both: generating and authentication)
4. I saw some codes in which the salt and/or hash and/or password was split into two (ex: hash.salt1a.password.salt1b  or  password1a.salt.password1b  or  salt.hash1a.password.hash1b  etc.) Is this a good idea ? Is it really more secure ? If so which would be more secure (splitting the password, the hash or the salt) ?
5. Is double hashing (ex: (sha1(md5($password))) any good ?
6. I've been reading something about password salt and pepper ?? What exactly is pepper ? Is it some sort of second salt ?

If somebody could enlighten me about these questions, that would be great.

Thanks in advance!

I would like to add md5 encryption into the create and login functions but I'm having difficulties with the process.

user.php - create user and login functions
Code: [Select]
<?php
function create_user($params)
{
 db_connect_posts();
 $query = sprintf("INSERT INTO users 
SET
users.screen_name = '%s',
users.user_email = '%s',
users.user_pwd = '%s',
users.image = '%s',
created_at = NOW()"
, mysql_real_escape_string($params['screen_name']),
mysql_real_escape_string($params['user_email']),
mysql_real_escape_string($params['user_pwd']),
mysql_real_escape_string($params['image'])
);
 $result = mysql_query($query);
 if(!$result)
 {
return false;
 }
 else
 {
return true;
 }
}

function login($username, $password)
{
 db_connect_posts();
 $query = sprintf("SELECT * FROM users
WHERE 
user_email = '%s' AND
user_pwd = '%s'"
, mysql_real_escape_string($username),
mysql_real_escape_string($password)
);
 $result = mysql_query($query);
 $number_of_posts = mysql_num_rows($result);
 if($number_of_posts == 0)
 {
return false;
 }

 $row = mysql_fetch_array($result);

 $_SESSION['user'] = $row;

 return true;
}
?>
Register form:
Code: [Select]
<form action="<?php echo '/'.APP_ROOT.'/'; ?>sessions/signup" method="post">
  <fieldset>
    <legend>Register</legend>
    <div>
      <label>Screen Name</label>
      <input name="user[screen_name]" size="40" type="text" />
    </div>
   
    <div>
      <label>E-mail</label>
      <input name="user[user_email]" size="40" type="text" />
    </div>
   
    <div>
      <label>Password</label>
      <input name="user[user_pwd]" size="40" type="password" />
    </div>
   
    <div>
      <label>Image</label>
      <input name="user[image]" size="40" type="text" />
    </div>
    <input type="submit" name="Register" value="Register" />
  </fieldset>
</form>
Login form:
Code: [Select]
<form action="<?php echo '/'.APP_ROOT.'/'; ?>sessions/login_user" method="post">
  <fieldset>
    <legend>Login</legend>
    <div>
      <label>E-mail</label>
      <input name="user[user_email]" size="40" type="text" />
    </div>
   
    <div>
      <label>Password</label>
      <input name="user[user_pwd]" size="40" type="password" />
    </div>
    <input type="submit" value="Login" />
  </fieldset>
</form>

 Hello ..Im so glad to be here with u all

I am a novice in the use of this php/sql  and I  have to complete my project..but Unfortunately,  I got this  problem and I couldent figure out  where the mistake lies.. please any advice

here u my code
  Code: [Select]
<html>
<body background="3d-background-blue.jpg">
<?php
$x1=$_POST['fname'];
$x2=$_POST['age'];
$x3=$_POST['password'];
$x4=$_POST['email'];
$x5=$_POST['yourtype'];
mysql_connect("localhost","root","")or
die("there is a problem ");
mysql_select_db("order1")or die("no DB");

// check if the username is taken
$check = "select id from users where fname = '$x1'";
$qry = mysql_query($check) or die ("Could not match data because ".mysql_error());
$num_rows = mysql_num_rows($qry);
if ($num_rows != 0) {
echo "Sorry, there the username $x1 is already taken.
";
echo "Try again";
echo "<a href= iinterface.html >home</a>";
echo "<br>";
exit();
}
else {

// insert the data

$query="insert into users (fname,age,password,email,type) values('$x1','$x2','$x3','$x4','$x5')";
$result=mysql_query($query);
if($result){
echo "thanks for registering $x1 " ;echo "<br>";
echo "the date of registeration is ";
Echo gmdate ("D, d M Y H:i:s");
echo "<br>";
echo "<br>";
echo "<a href=iinterface.html > back to main </a>";
echo "<br>"; 
 }
else
{echo"insertion error";
}
?>
</body>
</html>
the massege of error is :

Quote

Parse error: parse error in  insert2.php  on line 45

Hello I do not know anything about php
I am using wordpress and I want to display a shortcode in header.php
the shortcode will disply the information about crona-virus worldwide or for a specific country

this is the code

<?php
echo do_shortcode( “[covid19 country=‘Pakistan’ title=‘Pakistan’]” );
echo do_shortcode( “[covid19 country=‘India’ title=‘India’]” );
echo do_shortcode( “[covid19]” );
?>

it show the data but all on left side I want to show it as middle or center i tried center code it only center the heading of Pakistan , India, Global (list line shortcode)

can anyone help me to center the numbers of cases death recovered:

 

Hi!  I'm new to php so, please forgive if this is a really simple question or if it doesn't make sense.   I have an www.domain.com web site and then I have an microprocessor at home connected to the internet also hosting and simple page. That page is acessible from the internet.   When I'm browising on my www.domain.com i want to add an botton that sends an request to the microprocessor, right now what i do is when the button is clicked, it opens the microprocessor page like : microprocessor.ddns.net/?update=1.    How can i make the www.domain.com send the "?update=1" to the microprocessor without the user have to see the microprocessor page.  The main purpose is to hide the microprocessor address so it's harder to be hacked..    Thanks for the help! 

Okay so I have a table that displays grades. If the stupid has 100 for the grade points then I want a A to be displayed under the table... I think it does something like this...


if grade_type >=100

$final_grade = A


Idk, im new to php and need help doing this... here is my code...





Code: [Select]
<?php

ini_set ("display_errors", "1");
error_reporting(E_ALL);

require_once('database.php');
session_start();






if (isset($_POST['add_grade']))
{




$query = "INSERT INTO grades (grade_id, student_id, grade_type, grade_name, grade_points) ";
$query .= "VALUES (:grade_id, :student_id, :grade_type, :grade_name, :grade_points) ";

$statement = $db->prepare($query);
$statement->bindValue (':student_id', $_SESSION['student_id']);
$statement->bindValue (':grade_id', $_SESSION['grade_id']);
$statement->bindValue (':grade_type', $_POST['grade_type']);
$statement->bindValue (':grade_name', $_POST['grade_name']);
$statement->bindValue (':grade_points', $_POST['grade_points']);

$statement->execute();

$statement->closeCursor();






}





?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>View Course Grades</title>

<link rel="stylesheet" type="text/css" href="main.css" />
</head>

<body>


   



<?php

$student_name = $_SESSION['student_name'];
$student_id = $_SESSION['student_id'];
$query = "SELECT * FROM grades WHERE student_id = :student_id ";

$statement = $db->prepare($query);
$statement->bindValue (':student_id', $student_id);
$statement->execute();
$grades = $statement->fetchAll();
$statement->closeCursor();


echo "<h1>Show Grades for $student_name </h1>";

foreach ($grades as $grade)
{

echo $grade['grade_type'] . " " . $grade['grade_name']. " " . $grade['grade_points'] . "<br />";
}





?>

<div id="content">
            <!-- display a table of products -->
           
            <table>
                <tr>
                    <th>Grade Type</th>
                    <th>Grade Name</th>
                    <th>Grade Points</th>
                    <th>Remove</th>
                </tr>
                <?php foreach ($grades as $grade) : ?>
                <tr>
                    <td><?php echo $grade['grade_type'];   ?></td>
                    <td><?php echo $grade['grade_name'];   ?></td>
                    <td><?php echo $grade['grade_points']; ?></td>
                    <td><form action="delete_grade.php" method="post">
                       
                        <input type="submit" name="remove" value="Delete" />
<input type="submit" name="update" value="Update" />



                    </form></td>
                </tr>
                <?php endforeach; ?>
            </table>
           
        </div>
    </div>

    <div id="footer">
       
    </div>






<form name="grades" method="post" action="grades.php">

<p>Grade Type<SELECT NAME="grade_type">
<OPTION VALUE="Mid-Term">Mid-Term
<OPTION VALUE="Final">Final
<OPTION VALUE="Lab">Lab
</SELECT>
<br>







Grade Name:<input type="text" name="grade_name" value=""><br />
Grade Points:<input type="text" name="grade_point" value="">

<input type="submit" name="add_grade" value="Add Grade">


</form>

</table>

</body>

</html>




Code: [Select]
<html>
<head>
<title>Delete Grade</title>
</head>
<body>
<form method="post" action="delete_grade.php">

<?php


ini_set ("display_errors", "1");
error_reporting(E_ALL);

$dbc = mysqli_connect('localhost', 'se266_user', 'pwd', 'se266') 
or die(mysql_error());

//delete grades

if (isset($_POST['remove']))
{          
foreach($_POST['delete'] as $delete_id)
{             
$query = "DELETE FROM grades WHERE grade_id = $delete_id";             
mysqli_query($dbc, $query) or die ('can\'t delete user');          
}        
echo 'grade has been deleted.<br />';   
}

if (isset($_POST['update']))
{          
foreach($_POST['update'] as $update_id)
{             
$query = "UPDATE grades SET grade_id = $update_id";             
mysqli_query($dbc, $query) or die ('can\'t update user');    
       
}
}

//Display grade info with checkbox to delete  
$query = "SELECT * FROM grades";  
$result = mysqli_query($dbc, $query);  
while($row = mysqli_fetch_array($result))
{      
echo '<input type="checkbox" value="' .$row['grade_id'] . '" name="delete[]" />'; 
echo ' ' .$row['grade_type'] .' '. $row['grade_name'];
echo '<br />';  
}
mysqli_close($dbc);

?>

<p>Grade Type<SELECT NAME="grade_type">
<OPTION VALUE="Mid-Term">Mid-Term
<OPTION VALUE="Final">Final
<OPTION VALUE="Lab">Lab
</SELECT>
<br>







Grade Name:<input type="text" name="grade_name" value=""><br />
Grade Points:<input type="text" name="grade_point" value="">

<input type="submit" name="remove" value="Remove" />
<input type="submit" name="update" value="Update" />

</form>
</body>
</html>

I have never worked with des encryption before and have searched through internet getting 3 des and acb - tested multiple code but cant get encrypted the same as in c#

 

public string EncryptQueryString(string stringToEncrypt)

 

public string EncryptQueryString(string stringToEncrypt)
        {
            byte[] key = { };
            byte[] IV = { 0x01, 0x12, 0x23, 0x34, 0x45, 0x56, 0x67, 0x78 };
            try
            {
                key = Encoding.UTF8.GetBytes(KEY);
using (DESCryptoServiceProvider oDESCrypto = new DESCryptoServiceProvider())
                {
                    byte[] inputByteArray = Encoding.UTF8.GetBytes(stringToEncrypt);
                    MemoryStream oMemoryStream = new MemoryStream();
                    CryptoStream oCryptoStream = new CryptoStream(oMemoryStream,
                    oDESCrypto.CreateEncryptor(key, IV), CryptoStreamMode.Write);
                    oCryptoStream.Write(inputByteArray, 0, inputByteArray.Length);
                    oCryptoStream.FlushFinalBlock();
                    return Convert.ToBase64String(oMemoryStream.ToArray());
                }
            }
            catch
            {
                throw;
            }
        }

i followed this ph example but think i am way of course

 

<?php
 
class DES
{
      protected $method;
      protected $key;
        protected $output;
        protected $iv;
     protected $options;
    const OUTPUT_NULL = '';
    const OUTPUT_BASE64 = 'base64';
    const OUTPUT_HEX = 'hex';
 
    public function __construct($key, $method = 'DES-ECB', $output = '', $iv = '', $options = OPENSSL_RAW_DATA | OPENSSL_NO_PADDING)
    {
        $this->key = $key;
        $this->method = $method;
        $this->output = $output;
        $this->iv = $iv;
        $this->options = $options;
    }
 
  
    public function encrypt($str)
    {
        $str = $this->pkcsPadding($str, 8);
        $sign = openssl_encrypt($str, $this->method, $this->key, $this->options, $this->iv);
 
        if ($this->output == self::OUTPUT_BASE64) {
            $sign = base64_encode($sign);
        } else if ($this->output == self::OUTPUT_HEX) {
            $sign = bin2hex($sign);
        }
 
        return $sign;
    }
    public function decrypt($encrypted)
    {
        if ($this->output == self::OUTPUT_BASE64) {
            $encrypted = base64_decode($encrypted);
        } else if ($this->output == self::OUTPUT_HEX) {
            $encrypted = hex2bin($encrypted);
        }
 
        $sign = @openssl_decrypt($encrypted, $this->method, $this->key, $this->options, $this->iv);
        $sign = $this->unPkcsPadding($sign);
        $sign = rtrim($sign);
        return $sign;
    }
 
    private function pkcsPadding($str, $blocksize)
    {
        $pad = $blocksize - (strlen($str) % $blocksize);
        return $str . str_repeat(chr($pad), $pad);
    }
 
 
    private function unPkcsPadding($str)
    {
        $pad = ord($str{strlen($str) - 1});
        if ($pad > strlen($str)) {
            return false;
        }
        return substr($str, 0, -1 * $pad);
    }
 
}
 
$key = 'key123456';
$iv = 'iv123456';
 

$des = new DES($key, 'DES-CBC', DES::OUTPUT_BASE64, $iv);
echo $base64Sign = $des->encrypt('Hello DES CBC');
echo "\n";
echo $des->decrypt($base64Sign);
echo "\n";
 
$des = new DES($key, 'DES-ECB', DES::OUTPUT_HEX);
echo $base64Sign = $des->encrypt('Hello DES ECB');
echo "\n";
echo $des->decrypt($base64Sign);
 

 

Edited May 31 by Paulqvz
made les cluttered