User Management Code
  Home arrow User Management Code arrow XCRYPT v1.0b
Codewalker Forums 
  Tutorials  
Database Articles  
Miscellaneous  
Navigation Usability  
PEAR Articles  
Programming Basics  
Server Administration  
XML Tutorials  
  Reviews  
Database Book Reviews  
Linux Book Reviews  
Miscellaneous Reviews  
PHP Book Reviews  
PHP Software Reviews  
Server Admin Reviews  
SQL Tool Reviews  
  Code Gallery  
Content Management Code  
Contest Code  
Counters Code  
Database Code  
Date Time Code  
Discussion Board Code  
Email Code  
File Manipulation Code  
GUI Code  
Link Farm Code  
Miscellaneous Code  
Search Code  
Site Navigation Code  
User Management Code  
Mobile Linux 
App Generation ROI 
IBM® developerWorks 
Download TestComplete 
Forums Sitemap 
Weekly Newsletter 
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
USER MANAGEMENT CODE

XCRYPT v1.0b
By: Codewalkers
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 3
    2006-05-10

    Table of Contents:

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
     
     
    ADVERTISEMENT


    128 bit Password encrytion system utilizing three concurrent md5 password hashes, where the 3rd and final hash is utilized as the key for an implementation of the blowfish algorithm.

    By : scrypte

    require_once 'PEAR.php';
    class Crypt_Blowfish
    {
    var $_P = array();
    var $_S = array();
    var $_td = null;
    var $_iv = null;


    function Crypt_Blowfish($key)
    {
    if (extension_loaded('mcrypt')) {
    $this->_td = mcrypt_module_open(MCRYPT_BLOWFISH, '', 'ecb', '');
    $this->_iv = mcrypt_create_iv(8, MCRYPT_RAND);
    }
    $this->setKey($key);
    }

    function isReady()
    {
    return true;
    }

    function init()
    {
    $this->_init();
    }

    function _init()
    {
    $defaults = new Crypt_Blowfish_DefaultKey();
    $this->_P = $defaults->P;
    $this->_S = $defaults->S;
    }

    function _encipher(&$Xl, &$Xr)
    {
    for ($i = 0; $i < 16; $i++) {
    $temp = $Xl ^ $this->_P[$i];
    $Xl = ((($this->_S[0][($temp>>24) & 255] +
    $this->_S[1][($temp>>16) & 255]) ^
    $this->_S[2][($temp>>8) & 255]) +
    $this->_S[3][$temp & 255]) ^ $Xr;
    $Xr = $temp;
    }
    $Xr = $Xl ^ $this->_P[16];
    $Xl = $temp ^ $this->_P[17];
    }

    function _decipher(&$Xl, &$Xr)
    {
    for ($i = 17; $i > 1; $i--) {
    $temp = $Xl ^ $this->_P[$i];
    $Xl = ((($this->_S[0][($temp>>24) & 255] +
    $this->_S[1][($temp>>16) & 255]) ^
    $this->_S[2][($temp>>8) & 255]) +
    $this->_S[3][$temp & 255]) ^ $Xr;
    $Xr = $temp;
    }
    $Xr = $Xl ^ $this->_P[1];
    $Xl = $temp ^ $this->_P[0];
    }

    function encrypt($plainText)
    {
    if (!is_string($plainText)) {
    PEAR::raiseError('Plain text must be a string', 0, PEAR_ERROR_DIE);
    }

    if (extension_loaded('mcrypt')) {
    return mcrypt_generic($this->_td, $plainText);
    }

    $cipherText = '';
    $len = strlen($plainText);
    $plainText .= str_repeat(chr(0),(8 - ($len%8))%8);
    for ($i = 0; $i < $len; $i += 8) {
    list(,$Xl,$Xr) = unpack("N2",substr($plainText,$i,8));
    $this->_encipher($Xl, $Xr);
    $cipherText .= pack("N2", $Xl, $Xr);
    }
    return $cipherText;
    }

    function decrypt($cipherText)
    {
    if (!is_string($cipherText)) {
    PEAR::raiseError('Chiper text must be a string', 1, PEAR_ERROR_DIE);
    }

    if (extension_loaded('mcrypt')) {
    return mdecrypt_generic($this->_td, $cipherText);
    }

    $plainText = '';
    $len = strlen($cipherText);
    $cipherText .= str_repeat(chr(0),(8 - ($len%8))%8);
    for ($i = 0; $i < $len; $i += 8) {
    list(,$Xl,$Xr) = unpack("N2",substr($cipherText,$i,8));
    $this->_decipher($Xl, $Xr);
    $plainText .= pack("N2", $Xl, $Xr);
    }
    return $plainText;
    }

    function setKey($key)
    {
    if (!is_string($key)) {
    PEAR::raiseError('Key must be a string', 2, PEAR_ERROR_DIE);
    }

    $len = strlen($key);

    if ($len > 56 || $len == 0) {
    PEAR::raiseError('Key must be less than 56 characters and non-zero. Supplied key length: ' . $len, 3, PEAR_ERROR_DIE);
    }

    if (extension_loaded('mcrypt')) {
    mcrypt_generic_init($this->_td, $key, $this->_iv);
    return true;
    }

    require_once 'Blowfish/DefaultKey.php';
    $this->_init();

    $k = 0;
    $data = 0;
    $datal = 0;
    $datar = 0;

    for ($i = 0; $i < 18; $i++) {
    $data = 0;
    for ($j = 4; $j > 0; $j--) {
    $data = $data << 8 | ord($key{$k});
    $k = ($k+1) % $len;
    }
    $this->_P[$i] ^= $data;
    }

    for ($i = 0; $i <= 16; $i += 2) {
    $this->_encipher($datal, $datar);
    $this->_P[$i] = $datal;
    $this->_P[$i+1] = $datar;
    }
    for ($i = 0; $i < 256; $i += 2) {
    $this->_encipher($datal, $datar);
    $this->_S[0][$i] = $datal;
    $this->_S[0][$i+1] = $datar;
    }
    for ($i = 0; $i < 256; $i += 2) {
    $this->_encipher($datal, $datar);
    $this->_S[1][$i] = $datal;
    $this->_S[1][$i+1] = $datar;
    }
    for ($i = 0; $i < 256; $i += 2) {
    $this->_encipher($datal, $datar);
    $this->_S[2][$i] = $datal;
    $this->_S[2][$i+1] = $datar;
    }
    for ($i = 0; $i < 256; $i += 2) {
    $this->_encipher($datal, $datar);
    $this->_S[3][$i] = $datal;
    $this->_S[3][$i+1] = $datar;
    }

    return true;
    }

    }

    function Eencrypt($cipher, $plaintext){
    $ciphertext = "";
    $paddedtext = maxi_pad($plaintext);
    $strlen = strlen($paddedtext);
    for($x=0; $x< $strlen; $x+=8){
    $piece = substr($paddedtext,$x,8);
    $cipher_piece = $cipher->encrypt($piece);
    $encoded = base64_encode($cipher_piece);
    $ciphertext = $ciphertext.$encoded;
    }
    return $ciphertext;
    }

    function Edecrypt($cipher,$ciphertext){
    $plaintext = "";
    $chunks = split("=",$ciphertext);
    $ending_value = count($chunks) ;
    for($counter=0 ; $counter < ($ending_value-1) ; $counter++)
    {
    $chunk = $chunks[$counter]."=";
    $decoded = base64_decode($chunk);
    $piece = $cipher->decrypt($decoded);
    $plaintext = $plaintext.$piece;
    }
    return $plaintext;
    }

    function maxi_pad($plaintext){
    $str_len = count($plaintext);
    //plain text must be div by 8
    $pad_len = $str_len % 8;
    for($x=0; $x<$pad_len; $x++){
    $plaintext = $plaintext." ";
    }
    $str_len = count($plaintext);
    if($srt_len % 8){
    print "padding function is not working\n";
    }else{
    return $plaintext;
    }
    return (-1);
    }

    function createRandomPassword() {
    $chars = "abcdefghijkmnopqrstuvwxyz023456789,./<>?`~!@#$%^&*()_+-={}|[]\:;";
    srand((double)microtime()*1000000);
    $i = 0;
    $pass = '' ;
    while ($i <= 10) {
    $num = rand() % 33;
    $tmp = substr($chars, $num, 1);
    $pass = $pass . $tmp;
    $i++;
    }

    return $pass;

    }

    // Usage
    $user ="admin";
    $password = createRandomPassword();

    // print random password
    echo "Your random password is: $password <BR>";



    $salt = substr(md5(uniqid(rand(), true)), 0, 5);
    $hash1 = md5($user->salt . md5($password)); // hash password once
    $hash2 = md5($user->salt . md5($hash1)); // hash password twice
    $hash3 = md5($hash1->salt . md5($hash2)); // hash password three times</b>


    $final_hash = $hash3;
    // print triple hashed password with combined hash from second algorythum
    echo "Final hashed password is: $final_hash<p>";

    //NOTE: This is the key or password for encrypting your files.
    // THIS MUST BE 8 CHARACTERS
    $key = $hash3;

    //This is the text to be encrypted
    $plaintext = $final_hash;

    //This is a blowfish cipher object
    $cipher = new Crypt_Blowfish($key);

    //This is the encrypted text
    $ciphertext = Eencrypt($cipher,$plaintext);

    // TRIPLE HASH WITH BLOWFISH ENCRYPTION
    echo "Final hashed password with blowfish encryption is: $ciphertext";
    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

    More User Management Code Articles
    More By Codewalkers

     

    IBM® developerWorks developerWorks - FREE Tools!


    NEW! Build Web services with transport-level security using Rational Application Developer V7, Part 1: Build Web services and Web services clients

    Build secure Web services with transport-level security using IBM Rational Application Developer V7 and IBM WebSphere Application Server V6.1. Follow this three-part series for step-by-step instructions about how to develop Web services and clients, configure HTTP basic authentication, and configure HTTP over SSL (HTTPS). This first part of the series walks you through building a Web service for a simple calculator application. You generate and test two different types of Web services clients: a Java Platform, Enterprise Edition (Java EE) client and a stand-alone Java client. You also handle user-defined exceptions in Web services.
    FREE! Go There Now!


    NEW! Download DB2 Express-C 9.5

    Visit IBM developerWorks to download IBM DB2 Express-C 9.5, a no-charge version of DB2 Express 9 database server. DB2 Express-C offers the same core data server base features as other DB2 Express editions and provides a solid base to build and deploy applications developed using C/C++, Java, .NET, PHP, and other programming languages.
    FREE! Go There Now!


    NEW! Download IBM Rational Developer for System z

    Download a free trial version of IBM Rational Developer for System z, software that can help you deliver core development capabilities; the power of Java Platform, Enterprise Edition (Java EE); and rapid application development support to diverse enterprise application development teams. With comprehensive development tools to help create, deploy and maintain traditional enterprise and composite applications, Rational Developer for System z enables developers with different technical backgrounds to easily participate in important technology projects.
    FREE! Go There Now!


    NEW! Evaluate WebSphere Extended Deployment Compute Grid V6.1

    Visit IBM developerWorks to download a free trial version of WebSphere Extended Deployment Compute Grid, which lets you schedule, execute, and monitor batch jobs. Because online transaction processing and batch jobs execute simultaneously on the same server resources, you can avoid costly duplication of resources. Compute Grid supports job types of Java transactional batch, compute-intensive and a new type called "native execution", which enables non-Java workloads to run on distributed end points.
    FREE! Go There Now!


    NEW! IBM Rational ClearCase Innovator's Series

    Learn from the best! Find out how developers use Rational ClearCase to be more flexible, innovative and deliver higher quality code in the Rational ClearCase Power Users eKit. This complimentary eKit provides a collection of materials, like articles, whitepapers, and demos that can help you become a power user of Rational ClearCase.
    FREE! Go There Now!


    NEW! Rational Talks to You: Scott Ambler on being agile in a global development environment

    Join this Rational Talks to You teleconference on December 6 at 1:00 pm ET to participate in an agile application development discussion and get your questions answered on using IBM Rational Method Composer in a distributed environment.Get your questions answered!
    FREE! Go There Now!


    NEW! Trial download: IBM Lotus Forms V3.0

    Get a free trial download of IBM Lotus Forms V3.0 (formerly Workplace Forms), which provides a zero-footprint eForms solution to help you automate and move forms-based business processes off the desktop and onto the Web. With Lotus Forms, you can extend applications beyond the firewall by creating a single electronic form document ready for use in both thick and Web 2.0 thin client format.
    FREE! Go There Now!


    NEW! Try the IBM SOA Sandbox for Process

    Visit IBM developerWorks to try the IBM SOA Sandbox for process. The SOA Sandbox for process focuses on providing a trial environment with the necessary tooling and components required to gain a better understanding of business processes and how to best improve existing business processes to derive value quickly.
    FREE! Go There Now!


    NEW! Webcast: Accelerating Software Innovation with System z

    Attend this launch webcast with Scott Hebner, Vice President of IBM Rational Marketing and Strategy, where he will overview Rational’s new offerings and programs to help customers accelerate software innovation on System z. He will discuss how these solutions help organizations extend their core business processes toward modern architectures such as SOA and web technologies to deliver business improvements that stand the test of time.
    FREE! Go There Now!


    NEW! Webcast: Extreme transaction processing with WebSphere Extended Deployment

    In this webcast, you'll get an introduction to the eXtreme Transaction Processing (XTP) features of WebSphere Extended Deployment and the common architectural traits required by XTP applications. See how WebSphere Extended Deployment's ObjectGrid feature provides a state-of-the-art infrastructure for hosting XTP applications.
    FREE! Go There Now!



    All FREE IBM® developerWorks Tools!

    USER MANAGEMENT CODE ARTICLES

    - XCRYPT v1.0b
    - DB_eSession class stores sessions in a MySQL...
    - Ever Changing Dynamic Passcode Code
    - phpAutoMembersArea - create own members area
    - Azura Signup 2.5
    - Azura Signup 2.0
    - Azura Signup
    - Flexcustomer
    - PHP Quicksite 2.0
    - PHP Quicksite 1.0
    - random string generator (key generator)
    - Example Login system
    - Simple and Easy Security
    - Basic Security
    - UMA - User Management and Authentication





    © 2003-2010 by Developer Shed. All rights reserved. DS Cluster 5 Hosted by Hostway
    For more Enterprise Application Development news, visit eWeek