|
PHP - Encryption Idea? Will This Work?
Customer data is encrypted using OpenSSL, and then stored in mySQL varbinary column on a server.
Question: What if I encrypted that key? Then I would be the only one able to read the encrypted customer data on my server, even if that server got hacked. Obviously that would not work, because the server needs the untampered secret key in order to encrypt the data for mySQL. Although this seems insurmountable, it feels more like a logic problem....where if you think about it long enough, the answer will come. Any thoughts on this? Thank you.
Similar TutorialsHi, I'm trying to add encryption to a signup for a college assignment, but find that after adding the sha1 and salt encryption the code does not work. The code worked before adding the encryption. Since adding the encryption I've also adding the corresponding fields for username and password into the sql database and double checked, and triple checked all the php, html form and MySQL tables and fields, but don't see any thing wrong. Can anybody else see any immediate problems with the code snippet below? If so, can you please let me know? session_start(); $salt = 'The sky is blue and all the trees are green'; $data = array_map('mysql_escape_string', $_POST); $password = sha1($data['password'].$salt); $query = " INSERT INTO customers ( first_name, last_name, address, mobile, email, username, password ) VALUES ( '{$data['first_name']}', '{$data['last_name']}', '{$data['address']}', '{$data['mobile']}', '{$data['email']}' '{$data['username']}', '$password' ) "; if(mysql_query($query)) { echo 'Your login details have been saved.'; } else { echo 'Your login details have not been saved.<br>'; echo 'Please try again later.'; } Thanks. In a nutshell here is what I am wishing to do. The user clicks on a link. The link has an ID# embedded in it. For this example, we will assume that the Link ID (lid) = 4-1-1 Now I have 2 tables: Table 1 Columns: ID | contact_fname | contact_lname 10 Bl4ck Maj1k Table 2 Columns: ID | contact_id | link_id 1 10 4-1-1 I need to display the contact's First and Last name if he is associated with the current link. The way I thought to track that was via table joins. I have attempted a code but it doesnt work. I basically want to make it so whenever Table 1 has a person with an ID equal to the Contact ID of table 2 AND whenever the Link ID in our URL (which I am capturing via a $_GET function and storing in a variable) is equal to the Link ID in our table with the associated contact in it, I want to then display the First Name and Last Name. Below is my failed attempt at this. Weird thing is, I have done this several times before. I don't see myself doing anything different but I must be because it simply doesn't work. Any help would be greatly appreciated... Code: [Select] <?php $link_id = $_GET['lid']; $query = "SELECT table1.id, table1.contact_fname, table1.contact_lname, table2.contact_id, table2.link_id FROM table1, table2 WHERE table1.id = table2.contact_id AND table2.link_id = $link_id"; $sql = mysql_query($query); while($row = mysql_fetch_array($sql)) { $contact_fname = $row['contact_fname ']; $contact_lname = $row['contact_lname ']; echo '' . $contact_fname . ' ' . $contact_lname . '' ; } ?> Please let me know what I am doing wrong here! Thanks boys and girls :-) Bl4ck Maj1k Hi guys, When I insert the following code I get the parsing error "unexpected $end": Code: [Select] <?PHP if(isSet($_GET['sid'])) { $con = mysql_connect("localhost","YYYYY", "XXXXX"); if (!$con) {die('Could not connect: ' . mysql_error("oop")); mysql_select_db("YYYYY_testDB") or die(mysql_error()); $totalresult = mysql_query("SELECT * FROM QANDATable"); $num_rows = mysql_num_rows($totalresult); $limit; $counter = 1; while($counter < mysql_num_rows($totalresult)){ $result = mysql_query("SELECT * FROM QANDATable WHERE id = $counter"); $row = mysql_fetch_array($result); echo $row['TSuperQuestion']; if(isSet($_GET['sid'])){ echo "<a href=\"/Code-sandbox.php?sid=".$name."&qandanumber=".$counter."\">next</a>";} echo $row['TQuestion']; echo $row['TAnswer']; $counter++;} } else { echo "<h2>Enter Student Number:</h2>"; echo '<form name="input" action="./Code-sandbox.php" method="GET">'; echo '<input type="text" name="sid"/>'; echo '<input type="submit" value="Submit">'; echo '</form>'; } ?> The code worked before I inserted: Code: [Select] if(isSet($_GET['sid'])){ echo "<a href=\"/Code-sandbox.php?sid=".$name."&qandanumber=".$counter."\">next</a>";}Any idea what is wrong here? Hey, Wondering if this would work, it is based on the idea that everyone who is a real visitor will be using a browser, is that correct? Do robots use browsers too? if so, it wont work! haha. <? $browser = mb_substr($_SERVER['HTTP_USER_AGENT'], 0, 31); if (!empty($browser)){echo '<form action="send.php" method="post">';} ?> Just thought it was nice and simple, and couldnt see anywhere if it would work or not... Hi First of all, I know VERY little about PHP, The effort below is a wile guess that has gone wrong. I get this error Parse error: syntax error, unexpected T_IF in /home/repairyo/public_html/shop/includes/content/viewOrders.inc.php on line 57 I have no idea what ive done wrong, may be I am stupid for attempting it. Cheers Paul This is the original code Code: [Select] $view_orders->assign('VAL_STATE',$lang['glob']['orderState_'.$orders[$i]['status']]); This is the modified code Code: [Select] $view_orders->assign('VAL_STATE',$state = $results[$i]['status'] if ($state == '1') { "<font color='#ff9900'>".$lang['glob']['orderState_'.$results[$i]['status']]."</font>"; } else if ($state == '2') { "<font color='#009900'>".$lang['glob']['orderState_'.$results[$i]['status']]."</font>"; } else if ($state == '4') { "<font color='#cc0000'>".$lang['glob']['orderState_'.$results[$i]['status']]."</font>"; } else if ($state == '5') { "<font color='#cc0000'>".$lang['glob']['orderState_'.$results[$i]['status']]."</font>"; } else if ($state == '6') { "<font color='#cc0000'>".$lang['glob']['orderState_'.$results[$i]['status']]."</font>"; } else if ($state == '7') { "<font color='#ff9900'>".$lang['glob']['orderState_'.$results[$i]['status']]."</font>"; } else { $lang['glob']['orderState_'.$orders[$i]['status']]); } I seen the sticky but that didn't have my answer and no place I go is really answering my core question. This just doesn't make sense in my brain, how is using md5 safe. What if someone got say an encrypted pass. The code md5 uses is available to anyone, no? So if they got a hold of it how is it not as easily cracked as it is encrypted. Someone please explain this to me lol, it's like a thorn in my brain. Hi Guys,
First off, not sure if this is the correct area to post. My question is a little bit mixed, including SQL and PHP.
I'm building a basic private messaging system, and planned to use PHP, SQL for the storage, and a little bit of JS on the client. I'm a little confused when it comes to encryption though. My understanding with user password encryption is that the password is stored in the database as a hash, and then a user sent password is compared to the original hash for verification. I've implemented this successfully using password_verify() and password_hash() functions, and I'm pretty sure it's working fine.
However, my big question is in regards to the storage of message data. As far as I can tell, this system won't work, it's really only suitable for password verification because the hash can't really be reverted to the original data, it can only be compared? How should I go about encrypting message data? Is it possible? If I open up a SQL database containing private message data on a server, I don't want to be able to read the contents.
Any help would be greatly appreciated!
Hi guys, i'm new to this forum, and a junior php guy.
i need to encrypt a google address like this:
https://redirector.g...=web&cver=html5
i use picasa for my client to store car video etc to show and i want embed in iframe with a jwplayer that i'm customizing.
i see some sample that transform a address like this https://redirector.g...=web&cver=html5 in something like this --> http:\/\/r20---googlevideo.com\/picasa\/redirect.php?encrypt=0f10fd0fd0f90c30b80b80fb0ee0ed0f20fb0ee0ec0fd0f80fb0b70f00f80f80f00f50ee0ff0f20ed0ee0f80b70ec0f80f60b80ff0f20ed0ee0f80f90f50ea1020eb0ea0ec0f40c80f20ed0c60bc0bc0bc0be0c00bb0c00c00c10ed0bf0ed0ee0b90bb0bb0af0f20fd0ea0f00c60bb0bb0af0fc0f80fe0fb0ec0ee0c60f90f20ec0ea0fc0ea0af0ec0f60f80c60fc0ee0f70fc0f20fd0f20ff0ee0e80ec0f80f70fd0ee0f70fd0ae0bc0cd1020ee0fc0af0f20f90c60b90b70b90b70b90b70b90af0f20...etc etc...
i see that there is a redirect.php?encrypt=....... how i can do that?
Thanks in advance 'cause frankly speaking i don't know also what i must search on google.
Hi Guys
I am fairly new to php, I am trying to build a registration form but I am struggling with encrypting the password (I will also be salting the password at a later stage to make it more secure).
The below line of code encrypts the password but saves the values as the values states in the code e.g password saves as 'pass'
$q = "INSERT INTO users (first_name,last_name,email,pass,registration_date) VALUES ('first_name','last_name','email', SHA1('pass'), NOW())";
The below code saves all the values that the user inputs xcept the password which is blank and the message 'Undefined index: SHA1('pass')' is returned
$q = "INSERT INTO users (first_name,last_name,email,pass,registration_date) VALUES ('".$_POST["first_name"]."','".$_POST["last_name"]."','".$_POST["email"]."','".$_POST["SHA1('pass')"]."', NOW())";
I am hoping someone may be able to help me as I have no idea how to fix this. Thank you in advance
I am looking for a way to encrypt a string using PKCS7. I have seen openssl_pkcs7_encrypt() but this involves the creation of temporary files which I don't really need. Is there a way to do this? I would like to add md5 encryption into the create and login functions but I'm having difficulties with the process. user.php - create user and login functions Code: [Select] <?php function create_user($params) { db_connect_posts(); $query = sprintf("INSERT INTO users SET users.screen_name = '%s', users.user_email = '%s', users.user_pwd = '%s', users.image = '%s', created_at = NOW()" , mysql_real_escape_string($params['screen_name']), mysql_real_escape_string($params['user_email']), mysql_real_escape_string($params['user_pwd']), mysql_real_escape_string($params['image']) ); $result = mysql_query($query); if(!$result) { return false; } else { return true; } } function login($username, $password) { db_connect_posts(); $query = sprintf("SELECT * FROM users WHERE user_email = '%s' AND user_pwd = '%s'" , mysql_real_escape_string($username), mysql_real_escape_string($password) ); $result = mysql_query($query); $number_of_posts = mysql_num_rows($result); if($number_of_posts == 0) { return false; } $row = mysql_fetch_array($result); $_SESSION['user'] = $row; return true; } ?> Register form: Code: [Select] <form action="<?php echo '/'.APP_ROOT.'/'; ?>sessions/signup" method="post"> <fieldset> <legend>Register</legend> <div> <label>Screen Name</label> <input name="user[screen_name]" size="40" type="text" /> </div> <div> <label>E-mail</label> <input name="user[user_email]" size="40" type="text" /> </div> <div> <label>Password</label> <input name="user[user_pwd]" size="40" type="password" /> </div> <div> <label>Image</label> <input name="user[image]" size="40" type="text" /> </div> <input type="submit" name="Register" value="Register" /> </fieldset> </form> Login form: Code: [Select] <form action="<?php echo '/'.APP_ROOT.'/'; ?>sessions/login_user" method="post"> <fieldset> <legend>Login</legend> <div> <label>E-mail</label> <input name="user[user_email]" size="40" type="text" /> </div> <div> <label>Password</label> <input name="user[user_pwd]" size="40" type="password" /> </div> <input type="submit" value="Login" /> </fieldset> </form> Hey, I'm a bit stuck. I'm looking for a simple yet secure way to encrypt a string (not hash, I need to retrieve it later) so that I can store legally sensitive data which I need to use again later. I am aware that any kind of reversable data is by nature not properly secure, but it's not my decision. I'd rather see if there's a pre-built function or class for this rather than just writing my own, which wouldn't be too good Thanks in Advance Gareth Hy 2 all, I have some questions about password security that I haven't been able to find an answer yet. Hopefully you guys know. Here it goes: 1. Is it better to hash(sha2) the password and then salt it or salt it and than hash it ? 2. I'm guessing that using a random salt is better than the same salt used for every password. 3. How can you generate a different random salt for each password ? I mean how will the login page know which random salt to mix with the hashed user inserted password and then to compare it with the password stored in the db. (an example would be great(for both: generating and authentication) 4. I saw some codes in which the salt and/or hash and/or password was split into two (ex: hash.salt1a.password.salt1b or password1a.salt.password1b or salt.hash1a.password.hash1b etc.) Is this a good idea ? Is it really more secure ? If so which would be more secure (splitting the password, the hash or the salt) ? 5. Is double hashing (ex: (sha1(md5($password))) any good ? 6. I've been reading something about password salt and pepper ?? What exactly is pepper ? Is it some sort of second salt ? If somebody could enlighten me about these questions, that would be great. Thanks in advance! Is there any tutorial or book where i can learn about how to do the encryption?? thanks in advance Dear All respective friend, I'm asking for help. during I know how to code in php. I alway use md5() but I had some problem with abit. can anyone introduce me with persona code encryption without using md5()? Your ideal are very important to me especially small example code. Looking forward from you soon. Kindly Regards, Steve. Writing an app that requires symmetric encryption. I need to be able to have a key (such as 123) and be able to use this key and encrypt a string. Then decrypt the string later using the same key. This encryption needs to be pretty robust and unbreakable. Any functions or suggestions?!? Thinking of using the mcrypt library in some way. Drez I have never worked with des encryption before and have searched through internet getting 3 des and acb - tested multiple code but cant get encrypted the same as in c#
public string EncryptQueryString(string stringToEncrypt)
public string EncryptQueryString(string stringToEncrypt)
{
byte[] key = { };
byte[] IV = { 0x01, 0x12, 0x23, 0x34, 0x45, 0x56, 0x67, 0x78 };
try
{
key = Encoding.UTF8.GetBytes(KEY);
using (DESCryptoServiceProvider oDESCrypto = new DESCryptoServiceProvider())
{
byte[] inputByteArray = Encoding.UTF8.GetBytes(stringToEncrypt);
MemoryStream oMemoryStream = new MemoryStream();
CryptoStream oCryptoStream = new CryptoStream(oMemoryStream,
oDESCrypto.CreateEncryptor(key, IV), CryptoStreamMode.Write);
oCryptoStream.Write(inputByteArray, 0, inputByteArray.Length);
oCryptoStream.FlushFinalBlock();
return Convert.ToBase64String(oMemoryStream.ToArray());
}
}
catch
{
throw;
}
}
i followed this ph example but think i am way of course
<?php
class DES
{
protected $method;
protected $key;
protected $output;
protected $iv;
protected $options;
const OUTPUT_NULL = '';
const OUTPUT_BASE64 = 'base64';
const OUTPUT_HEX = 'hex';
public function __construct($key, $method = 'DES-ECB', $output = '', $iv = '', $options = OPENSSL_RAW_DATA | OPENSSL_NO_PADDING)
{
$this->key = $key;
$this->method = $method;
$this->output = $output;
$this->iv = $iv;
$this->options = $options;
}
public function encrypt($str)
{
$str = $this->pkcsPadding($str, 8);
$sign = openssl_encrypt($str, $this->method, $this->key, $this->options, $this->iv);
if ($this->output == self::OUTPUT_BASE64) {
$sign = base64_encode($sign);
} else if ($this->output == self::OUTPUT_HEX) {
$sign = bin2hex($sign);
}
return $sign;
}
public function decrypt($encrypted)
{
if ($this->output == self::OUTPUT_BASE64) {
$encrypted = base64_decode($encrypted);
} else if ($this->output == self::OUTPUT_HEX) {
$encrypted = hex2bin($encrypted);
}
$sign = @openssl_decrypt($encrypted, $this->method, $this->key, $this->options, $this->iv);
$sign = $this->unPkcsPadding($sign);
$sign = rtrim($sign);
return $sign;
}
private function pkcsPadding($str, $blocksize)
{
$pad = $blocksize - (strlen($str) % $blocksize);
return $str . str_repeat(chr($pad), $pad);
}
private function unPkcsPadding($str)
{
$pad = ord($str{strlen($str) - 1});
if ($pad > strlen($str)) {
return false;
}
return substr($str, 0, -1 * $pad);
}
}
$key = 'key123456';
$iv = 'iv123456';
$des = new DES($key, 'DES-CBC', DES::OUTPUT_BASE64, $iv);
echo $base64Sign = $des->encrypt('Hello DES CBC');
echo "\n";
echo $des->decrypt($base64Sign);
echo "\n";
$des = new DES($key, 'DES-ECB', DES::OUTPUT_HEX);
echo $base64Sign = $des->encrypt('Hello DES ECB');
echo "\n";
echo $des->decrypt($base64Sign);
Edited May 31 by Paulqvz made les cluttered hello everyone i'm new to PHP and i need your help. I'm developing a code which implements shannon-fano encryption algorithm with php. But i have problems with my function. Basicly i try to do this: 1.Specofy a string to be coded. 2.Count the number of occurences of a character and write it in assoc array like this : "A"=>4,"B"=>2 etc. then i copy this array 3.After i have the array i sort it descending. 4.Divide the given array into two arrays where the sum of the values is almost equal.In the Copied array i set the value of the elements which fit into the fisrt divided array with 0 the rest with 1. 5.Each of the divided arrays i divide with recursion again until every symbol is into different array.and add to the value in the copied array 0 or 1; 6.I try to print the copied array. here is my function which doesnt work and gives a lot of errors function divide_array($array) { $sum=0; $mid=array_sum($array)/2; foreach($array as $k=>$v) { if($sum<$mid){ $sum=$sum+$array[$k]; $up[$k]=$array[$k]; $codeArr[$k]=0; } else { $down=array_slice($array,$k+1); $codeArr[$k]=1; } } divide_array($up); divide_array($down); echo "<pre>"; print_r($codeArr); echo "</pre>"; } i appreciate any help PS:I know this can be done easier with trees but i don't understand them. Hello, I have one line that I can't understand of PHP code used to encrypt strings: $temp = ord(substr($str,$i,1)) ^ 203; I understand everything but this " ^203 " Can you explain me what it does? |
|||||||