PHP encryption symmetric program example using crypt to store password in a text file

Cpanel/Whm License $3/mo Plesk License $10/mo Cloudlinux License $5/mo

Q. Symmetric encryption is a type of encryption where the same key is used to encrypt and decrypt the message. Can you explain how do I use symmetric encryption under PHP to store password in a text file and authenticate the user?

A. Symmetric encryption differs from asymmetric (also known as public-key) encryption, which uses one key to encrypt a message and another to decrypt the message.

PHP crypt() will return an encrypted string using the standard Unix DES-based encryption algorithm or alternative algorithms that may be available on the system. Arguments are a string to be encrypted and an optional salt string to base the encryption on. See the Unix man page for your crypt function for more information.

Syntax:
string crypt ( string $str [, string $salt] )

Consider following example.
$en_password : Stores encrypted password. You need to store this in database or flat text file.
$userPasswordInput : Holds user provided / supplied password via HTML page

If command is use to check encrypted password (hash) with user supplied password.

<?php
//Standard DES-based encryption with a two character salt called 'ge'
$en_password = crypt('secrete','ge');

if (crypt($userPasswordInput, $en_password) == $en_password) {
   echo "Password verified, you can login!";
}
?>

PHP Function to write / store password to a file called /home/secure/.password

function updateAdminLoginPassword($new){
  $encryptedPassword;
  //This is Blowfish encryption with a sixteen character salt starting with or $2a$
  $encryptedPassword = crypt($new, '$2a$didIL...fpSd78..$');
  // Open the file and erase the contents if any
  $fp = fopen("/home/secure/.password", "w");
  // Write the data to the file
  fwrite($fp, $Password);
  // Close the file
  fclose($fp);
  echo '<h3>Password has been updated!<h3>';
  echo '<SCRIPT>alert('Password changed! You must login again to use new password');</SCRIPT>';
  /* resetSession(); */
}

Function to verify a password (note we are using hash in both functions $2a$didIL…fpSd78..$):

function verifyPassword($password)
{
 $username= "admin"; 
 $encryptedpasswd="";
// read encrypted password
 $fp = fopen("/home/secure/.password", "r");
 while ( $line = fgets($fp, 1000) ) { $encryptedpasswd=$line; }
 if ( $_POST["username"] == $username && (crypt($password,'$2a$didIL...fpSd78..$') ==  $encryptedpasswd) )
 { // allow login
		session_start(); //Initialize session data
                //store user login name and password
		$_SESSION['user'] = $username;
                $_SESSION['pwd'] = $encryptedpasswd;  
                // display main menu
		header( "Location: /welcome.php" );
 } 
 else 
 {       // password is not correct or session expired due to password change
	header( "Location: /login.php?sessionnotfound=1" );
 }
}

Above examples just provides you idea about php password encryptions and hash. You must consider other factors such as SSL http session, MD5 password / hash and mysql database to store password has etc.

Further readings:

Posted by: SXI ADMIN

The author is the creator of SXI LLC and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Related posts

Zuckerberg to Study Crypto in Quest to Fix Facebook

SXI ADMIN

Zooko Wilcox Envisions ‘Ambitious’ Changes for Zcash Cryptocurrency

SXI ADMIN

ZombieChain Comes Alive: Can Ethereum Sidechains Save the Dapps?

SXI ADMIN

ZoKrates Seeks to Bring Best of Zcash to Ethereum with Devcon Debut

SXI ADMIN

Zk-Starks? New Take on Zcash Tech Could Power Truly Private Blockchains

SXI ADMIN

Zk-Snarks Everywhere: Ethereum Privacy Tech Hits Tipping Point

SXI ADMIN

ZipZap to Offer Cash-for-Bitcoin Service at 28,000 UK Locations

SXI ADMIN

ZipZap Resumes Cash-to-Bitcoin Services for UK Shoppers

SXI ADMIN

ZipZap Raises $1.1 Million to Grow Global Bitcoin Payments Network

SXI ADMIN

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More