User Management Code
  Home arrow User Management Code arrow XCRYPT v1.0b
IBM Rational Software Development Conference
Codewalker Forums 
  Tutorials  
Database Articles  
Miscellaneous  
Navigation Usability  
PEAR Articles  
Programming Basics  
Server Administration  
XML Tutorials  
  Reviews  
Database Book Reviews  
Linux Book Reviews  
Miscellaneous Reviews  
PHP Book Reviews  
PHP Software Reviews  
Server Admin Reviews  
SQL Tool Reviews  
  Code Gallery  
Content Management Code  
Contest Code  
Counters Code  
Database Code  
Date Time Code  
Discussion Board Code  
Email Code  
File Manipulation Code  
GUI Code  
Link Farm Code  
Miscellaneous Code  
Search Code  
Site Navigation Code  
User Management Code  
Forums Sitemap 
Dedicated Servers  
Download TestComplete 
IBM® developerWorks
Weekly Newsletter 
 
Developer Updates  
Free Website Content 
IBM Developerworks
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
USER MANAGEMENT CODE

XCRYPT v1.0b
By: Codewalkers
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 1
    2006-05-10

    Table of Contents:

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
     
     
     
    ADVERTISEMENT

    Stay one step ahead of the competition. Evaluate and give feedback on some of the hottest web development tools on the market today. Make your opinion heard! Click Here

    128 bit Password encrytion system utilizing three concurrent md5 password hashes, where the 3rd and final hash is utilized as the key for an implementation of the blowfish algorithm.

    By : scrypte

    require_once 'PEAR.php';
    class Crypt_Blowfish
    {
    var $_P = array();
    var $_S = array();
    var $_td = null;
    var $_iv = null;


    function Crypt_Blowfish($key)
    {
    if (extension_loaded('mcrypt')) {
    $this->_td = mcrypt_module_open(MCRYPT_BLOWFISH, '', 'ecb', '');
    $this->_iv = mcrypt_create_iv(8, MCRYPT_RAND);
    }
    $this->setKey($key);
    }

    function isReady()
    {
    return true;
    }

    function init()
    {
    $this->_init();
    }

    function _init()
    {
    $defaults = new Crypt_Blowfish_DefaultKey();
    $this->_P = $defaults->P;
    $this->_S = $defaults->S;
    }

    function _encipher(&$Xl, &$Xr)
    {
    for ($i = 0; $i < 16; $i++) {
    $temp = $Xl ^ $this->_P[$i];
    $Xl = ((($this->_S[0][($temp>>24) & 255] +
    $this->_S[1][($temp>>16) & 255]) ^
    $this->_S[2][($temp>>8) & 255]) +
    $this->_S[3][$temp & 255]) ^ $Xr;
    $Xr = $temp;
    }
    $Xr = $Xl ^ $this->_P[16];
    $Xl = $temp ^ $this->_P[17];
    }

    function _decipher(&$Xl, &$Xr)
    {
    for ($i = 17; $i > 1; $i--) {
    $temp = $Xl ^ $this->_P[$i];
    $Xl = ((($this->_S[0][($temp>>24) & 255] +
    $this->_S[1][($temp>>16) & 255]) ^
    $this->_S[2][($temp>>8) & 255]) +
    $this->_S[3][$temp & 255]) ^ $Xr;
    $Xr = $temp;
    }
    $Xr = $Xl ^ $this->_P[1];
    $Xl = $temp ^ $this->_P[0];
    }

    function encrypt($plainText)
    {
    if (!is_string($plainText)) {
    PEAR::raiseError('Plain text must be a string', 0, PEAR_ERROR_DIE);
    }

    if (extension_loaded('mcrypt')) {
    return mcrypt_generic($this->_td, $plainText);
    }

    $cipherText = '';
    $len = strlen($plainText);
    $plainText .= str_repeat(chr(0),(8 - ($len%8))%8);
    for ($i = 0; $i < $len; $i += 8) {
    list(,$Xl,$Xr) = unpack("N2",substr($plainText,$i,8));
    $this->_encipher($Xl, $Xr);
    $cipherText .= pack("N2", $Xl, $Xr);
    }
    return $cipherText;
    }

    function decrypt($cipherText)
    {
    if (!is_string($cipherText)) {
    PEAR::raiseError('Chiper text must be a string', 1, PEAR_ERROR_DIE);
    }

    if (extension_loaded('mcrypt')) {
    return mdecrypt_generic($this->_td, $cipherText);
    }

    $plainText = '';
    $len = strlen($cipherText);
    $cipherText .= str_repeat(chr(0),(8 - ($len%8))%8);
    for ($i = 0; $i < $len; $i += 8) {
    list(,$Xl,$Xr) = unpack("N2",substr($cipherText,$i,8));
    $this->_decipher($Xl, $Xr);
    $plainText .= pack("N2", $Xl, $Xr);
    }
    return $plainText;
    }

    function setKey($key)
    {
    if (!is_string($key)) {
    PEAR::raiseError('Key must be a string', 2, PEAR_ERROR_DIE);
    }

    $len = strlen($key);

    if ($len > 56 || $len == 0) {
    PEAR::raiseError('Key must be less than 56 characters and non-zero. Supplied key length: ' . $len, 3, PEAR_ERROR_DIE);
    }

    if (extension_loaded('mcrypt')) {
    mcrypt_generic_init($this->_td, $key, $this->_iv);
    return true;
    }

    require_once 'Blowfish/DefaultKey.php';
    $this->_init();

    $k = 0;
    $data = 0;
    $datal = 0;
    $datar = 0;

    for ($i = 0; $i < 18; $i++) {
    $data = 0;
    for ($j = 4; $j > 0; $j--) {
    $data = $data << 8 | ord($key{$k});
    $k = ($k+1) % $len;
    }
    $this->_P[$i] ^= $data;
    }

    for ($i = 0; $i <= 16; $i += 2) {
    $this->_encipher($datal, $datar);
    $this->_P[$i] = $datal;
    $this->_P[$i+1] = $datar;
    }
    for ($i = 0; $i < 256; $i += 2) {
    $this->_encipher($datal, $datar);
    $this->_S[0][$i] = $datal;
    $this->_S[0][$i+1] = $datar;
    }
    for ($i = 0; $i < 256; $i += 2) {
    $this->_encipher($datal, $datar);
    $this->_S[1][$i] = $datal;
    $this->_S[1][$i+1] = $datar;
    }
    for ($i = 0; $i < 256; $i += 2) {
    $this->_encipher($datal, $datar);
    $this->_S[2][$i] = $datal;
    $this->_S[2][$i+1] = $datar;
    }
    for ($i = 0; $i < 256; $i += 2) {
    $this->_encipher($datal, $datar);
    $this->_S[3][$i] = $datal;
    $this->_S[3][$i+1] = $datar;
    }

    return true;
    }

    }

    function Eencrypt($cipher, $plaintext){
    $ciphertext = "";
    $paddedtext = maxi_pad($plaintext);
    $strlen = strlen($paddedtext);
    for($x=0; $x< $strlen; $x+=8){
    $piece = substr($paddedtext,$x,8);
    $cipher_piece = $cipher->encrypt($piece);
    $encoded = base64_encode($cipher_piece);
    $ciphertext = $ciphertext.$encoded;
    }
    return $ciphertext;
    }

    function Edecrypt($cipher,$ciphertext){
    $plaintext = "";
    $chunks = split("=",$ciphertext);
    $ending_value = count($chunks) ;
    for($counter=0 ; $counter < ($ending_value-1) ; $counter++)
    {
    $chunk = $chunks[$counter]."=";
    $decoded = base64_decode($chunk);
    $piece = $cipher->decrypt($decoded);
    $plaintext = $plaintext.$piece;
    }
    return $plaintext;
    }

    function maxi_pad($plaintext){
    $str_len = count($plaintext);
    //plain text must be div by 8
    $pad_len = $str_len % 8;
    for($x=0; $x<$pad_len; $x++){
    $plaintext = $plaintext." ";
    }
    $str_len = count($plaintext);
    if($srt_len % 8){
    print "padding function is not working\n";
    }else{
    return $plaintext;
    }
    return (-1);
    }

    function createRandomPassword() {
    $chars = "abcdefghijkmnopqrstuvwxyz023456789,./<>?`~!@#$%^&*()_+-={}|[]\:;";
    srand((double)microtime()*1000000);
    $i = 0;
    $pass = '' ;
    while ($i <= 10) {
    $num = rand() % 33;
    $tmp = substr($chars, $num, 1);
    $pass = $pass . $tmp;
    $i++;
    }

    return $pass;

    }

    // Usage
    $user ="admin";
    $password = createRandomPassword();

    // print random password
    echo "Your random password is: $password <BR>";



    $salt = substr(md5(uniqid(rand(), true)), 0, 5);
    $hash1 = md5($user->salt . md5($password)); // hash password once
    $hash2 = md5($user->salt . md5($hash1)); // hash password twice
    $hash3 = md5($hash1->salt . md5($hash2)); // hash password three times</b>


    $final_hash = $hash3;
    // print triple hashed password with combined hash from second algorythum
    echo "Final hashed password is: $final_hash<p>";

    //NOTE: This is the key or password for encrypting your files.
    // THIS MUST BE 8 CHARACTERS
    $key = $hash3;

    //This is the text to be encrypted
    $plaintext = $final_hash;

    //This is a blowfish cipher object
    $cipher = new Crypt_Blowfish($key);

    //This is the encrypted text
    $ciphertext = Eencrypt($cipher,$plaintext);

    // TRIPLE HASH WITH BLOWFISH ENCRYPTION
    echo "Final hashed password with blowfish encryption is: $ciphertext";
    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

    More User Management Code Articles
    More By Codewalkers

     

    IBM® developerWorks developerWorks - FREE Tools!


    NEW! Rational Build Forge Express eKit

    Rational Build Forge Express Edition is an automation framework that packages the latest enterprise-grade technologies into a reliable, flexible and robust configuration designed and priced specifically for small to midsize businesses. The new Rational Build Forge Express eKit provides you with valuable resources – including a case study, podcast, demo, and articles – to help you increase staff productivity, compress development cycles and deliver better software, fast.
    FREE! Go There Now!


    NEW! Rational Talks to You: Manage RUP-based CMMI initiatives

    Join this Rational Talks to You teleconference on December 4 at 1:00 pm ET to discuss how Rational Method Composer can help meet your compliance objectives. Get your questions answered!
    FREE! Go There Now!


    NEW! Achieving True Agility -- How process can change the behavior of your tools

    Achieving true agility is a never-ending effort. We will showcase how you can become agile incrementally, a few practices at the time.Which practices should any agile team strive to adopt? What additional practices should you consider based on your needs to scale? Adopting practices are however made much easier with the right tool support. What about if your tools adapt to your practices? We will take a look at how the Jazz technology can be leveraged to make your process change the behavior of your tools.
    FREE! Go There Now!


    NEW! Rational 'Talks to You' Teleconference Series

    This Fall, IBM Rational talks to you directly through a special teleconference series giving you access to the best minds in IBM Rational - product experts and market thought leaders who will answer your questions during these pre-scheduled telephone conference calls. Register today!
    FREE! Go There Now!


    NEW! Improve your build process with IBM Rational Build Forge, Part 2: Automate builds for a real-world Tomcat project

    Learn how Rational Build Forge can extend a simple compile and package build process by adding customization and deployment capability. Go from a manual method to automating: checking for code changes; getting the latest source; compiling and packaging; customizing; copying to and restarting a deployment server; and sending e-mail notification that a new version is available.
    FREE! Go There Now!


    NEW! Best Practices: The Integrated Project and Portfolio Management Platform.

    Hear how IBM Rational Project and Portfolio Management integrated solutions help teams put the right tools and processes in place to maximize the effectiveness and efficiency of project teams and ensure that the business vision is being executed correctly. Learn how to automate and integrate requirements prioritization, top-down project planning, communications and controls, and methodology deployment to keep your scope, costs, and schedules under control. Tackle with an end-to-end approach the management of scope and scope changes, usage of methodology to control and empower project teams, and optimization of resources to align activity costs with the overall project plan.
    FREE! Go There Now!


    NEW! LPI exam 301 prep, Topic 302: Installation and development

    In this tutorial, Sean Walberg helps you prepare to take the Linux Professional Institute Senior Level Linux Professional (LPIC-3) exam. In this second in a series of six tutorials, Sean walks you through installing and configuring a Lightweight Directory Access Protocol (LDAP) server, and writing some Perl scripts to access the data. By the end of this tutorial, you'll know about LDAP server installation, configuration, and programming.
    FREE! Go There Now!


    NEW! Create dynamic Firefox user interfaces

    When you create browser-based applications that display XML data feeds, you often need to code the data-retrieval mechanism and the user interface. Mozilla Firefox provides an infrastructure that frees you from these tasks, so you can concentrate on your application's functionality. Learn how to use Asynchronous JavaScript + XML (Ajax) to download XML data from a Web server, and discover how you can use Extensible Stylesheet Language Transformations (XSLT) to transform it dynamically into Firefox user-interface elements expressed in XML User Interface Language (XUL). You can apply these techniques to any application that uses XML data sources.
    FREE! Go There Now!


    NEW! Write REST services

    This tutorial discusses the concepts of REST and the Atom Publishing Protocol (APP) and shows how they apply to services. It also shows how to use Java technology to implement REST/APP-based services.
    FREE! Go There Now!


    NEW! Webcast: What is new in Viper 2 for developers?

    Viper 2 brings a great value to developer communities including SQL, XML, PHP, Ruby, .NET and Java. You probably already know that DB2 Express-C is free for developers to develop, deploy and distribute. Viper 2 provides a variety of means that help move your application from the development stage to deployment more rapidly. This webcast shows how to best utilize the latest tools available for developing DB2 applications.
    FREE! Go There Now!



    All FREE IBM® developerWorks Tools!

    USER MANAGEMENT CODE ARTICLES

    - XCRYPT v1.0b
    - DB_eSession class stores sessions in a MySQL...
    - Ever Changing Dynamic Passcode Code
    - phpAutoMembersArea - create own members area
    - Azura Signup 2.5
    - Azura Signup 2.0
    - Azura Signup
    - Flexcustomer
    - PHP Quicksite 2.0
    - PHP Quicksite 1.0
    - random string generator (key generator)
    - Example Login system
    - Simple and Easy Security
    - Basic Security
    - UMA - User Management and Authentication


     
    Accelerating Trading Partner Performance
     
    Competing on Analytics
     
    Cost Effective Scaling with Virtualization and Coyote Point Systems
     
    Five Checkpoints to Implementing IP Telephony
     
    Hosted Email Security: Staying Ahead of New Threats
     




    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 3 hosted by Hostway