User Management Code
  Home arrow User Management Code arrow XCRYPT v1.0b
Codewalker Forums 
  Tutorials  
Database Articles  
Miscellaneous  
Navigation Usability  
PEAR Articles  
Programming Basics  
Server Administration  
XML Tutorials  
  Reviews  
Database Book Reviews  
Linux Book Reviews  
Miscellaneous Reviews  
PHP Book Reviews  
PHP Software Reviews  
Server Admin Reviews  
SQL Tool Reviews  
  Code Gallery  
Content Management Code  
Contest Code  
Counters Code  
Database Code  
Date Time Code  
Discussion Board Code  
Email Code  
File Manipulation Code  
GUI Code  
Link Farm Code  
Miscellaneous Code  
Search Code  
Site Navigation Code  
User Management Code  
Mobile Linux 
Case Studies 
iPad Development 
Download TestComplete 
Forums Sitemap 
Weekly Newsletter 
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
USER MANAGEMENT CODE

XCRYPT v1.0b
By: Codewalkers
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 3
    2006-05-10

    Table of Contents:

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
     
     
    ADVERTISEMENT


    128 bit Password encrytion system utilizing three concurrent md5 password hashes, where the 3rd and final hash is utilized as the key for an implementation of the blowfish algorithm.

    By : scrypte

    require_once 'PEAR.php';
    class Crypt_Blowfish
    {
    var $_P = array();
    var $_S = array();
    var $_td = null;
    var $_iv = null;


    function Crypt_Blowfish($key)
    {
    if (extension_loaded('mcrypt')) {
    $this->_td = mcrypt_module_open(MCRYPT_BLOWFISH, '', 'ecb', '');
    $this->_iv = mcrypt_create_iv(8, MCRYPT_RAND);
    }
    $this->setKey($key);
    }

    function isReady()
    {
    return true;
    }

    function init()
    {
    $this->_init();
    }

    function _init()
    {
    $defaults = new Crypt_Blowfish_DefaultKey();
    $this->_P = $defaults->P;
    $this->_S = $defaults->S;
    }

    function _encipher(&$Xl, &$Xr)
    {
    for ($i = 0; $i < 16; $i++) {
    $temp = $Xl ^ $this->_P[$i];
    $Xl = ((($this->_S[0][($temp>>24) & 255] +
    $this->_S[1][($temp>>16) & 255]) ^
    $this->_S[2][($temp>>8) & 255]) +
    $this->_S[3][$temp & 255]) ^ $Xr;
    $Xr = $temp;
    }
    $Xr = $Xl ^ $this->_P[16];
    $Xl = $temp ^ $this->_P[17];
    }

    function _decipher(&$Xl, &$Xr)
    {
    for ($i = 17; $i > 1; $i--) {
    $temp = $Xl ^ $this->_P[$i];
    $Xl = ((($this->_S[0][($temp>>24) & 255] +
    $this->_S[1][($temp>>16) & 255]) ^
    $this->_S[2][($temp>>8) & 255]) +
    $this->_S[3][$temp & 255]) ^ $Xr;
    $Xr = $temp;
    }
    $Xr = $Xl ^ $this->_P[1];
    $Xl = $temp ^ $this->_P[0];
    }

    function encrypt($plainText)
    {
    if (!is_string($plainText)) {
    PEAR::raiseError('Plain text must be a string', 0, PEAR_ERROR_DIE);
    }

    if (extension_loaded('mcrypt')) {
    return mcrypt_generic($this->_td, $plainText);
    }

    $cipherText = '';
    $len = strlen($plainText);
    $plainText .= str_repeat(chr(0),(8 - ($len%8))%8);
    for ($i = 0; $i < $len; $i += 8) {
    list(,$Xl,$Xr) = unpack("N2",substr($plainText,$i,8));
    $this->_encipher($Xl, $Xr);
    $cipherText .= pack("N2", $Xl, $Xr);
    }
    return $cipherText;
    }

    function decrypt($cipherText)
    {
    if (!is_string($cipherText)) {
    PEAR::raiseError('Chiper text must be a string', 1, PEAR_ERROR_DIE);
    }

    if (extension_loaded('mcrypt')) {
    return mdecrypt_generic($this->_td, $cipherText);
    }

    $plainText = '';
    $len = strlen($cipherText);
    $cipherText .= str_repeat(chr(0),(8 - ($len%8))%8);
    for ($i = 0; $i < $len; $i += 8) {
    list(,$Xl,$Xr) = unpack("N2",substr($cipherText,$i,8));
    $this->_decipher($Xl, $Xr);
    $plainText .= pack("N2", $Xl, $Xr);
    }
    return $plainText;
    }

    function setKey($key)
    {
    if (!is_string($key)) {
    PEAR::raiseError('Key must be a string', 2, PEAR_ERROR_DIE);
    }

    $len = strlen($key);

    if ($len > 56 || $len == 0) {
    PEAR::raiseError('Key must be less than 56 characters and non-zero. Supplied key length: ' . $len, 3, PEAR_ERROR_DIE);
    }

    if (extension_loaded('mcrypt')) {
    mcrypt_generic_init($this->_td, $key, $this->_iv);
    return true;
    }

    require_once 'Blowfish/DefaultKey.php';
    $this->_init();

    $k = 0;
    $data = 0;
    $datal = 0;
    $datar = 0;

    for ($i = 0; $i < 18; $i++) {
    $data = 0;
    for ($j = 4; $j > 0; $j--) {
    $data = $data << 8 | ord($key{$k});
    $k = ($k+1) % $len;
    }
    $this->_P[$i] ^= $data;
    }

    for ($i = 0; $i <= 16; $i += 2) {
    $this->_encipher($datal, $datar);
    $this->_P[$i] = $datal;
    $this->_P[$i+1] = $datar;
    }
    for ($i = 0; $i < 256; $i += 2) {
    $this->_encipher($datal, $datar);
    $this->_S[0][$i] = $datal;
    $this->_S[0][$i+1] = $datar;
    }
    for ($i = 0; $i < 256; $i += 2) {
    $this->_encipher($datal, $datar);
    $this->_S[1][$i] = $datal;
    $this->_S[1][$i+1] = $datar;
    }
    for ($i = 0; $i < 256; $i += 2) {
    $this->_encipher($datal, $datar);
    $this->_S[2][$i] = $datal;
    $this->_S[2][$i+1] = $datar;
    }
    for ($i = 0; $i < 256; $i += 2) {
    $this->_encipher($datal, $datar);
    $this->_S[3][$i] = $datal;
    $this->_S[3][$i+1] = $datar;
    }

    return true;
    }

    }

    function Eencrypt($cipher, $plaintext){
    $ciphertext = "";
    $paddedtext = maxi_pad($plaintext);
    $strlen = strlen($paddedtext);
    for($x=0; $x< $strlen; $x+=8){
    $piece = substr($paddedtext,$x,8);
    $cipher_piece = $cipher->encrypt($piece);
    $encoded = base64_encode($cipher_piece);
    $ciphertext = $ciphertext.$encoded;
    }
    return $ciphertext;
    }

    function Edecrypt($cipher,$ciphertext){
    $plaintext = "";
    $chunks = split("=",$ciphertext);
    $ending_value = count($chunks) ;
    for($counter=0 ; $counter < ($ending_value-1) ; $counter++)
    {
    $chunk = $chunks[$counter]."=";
    $decoded = base64_decode($chunk);
    $piece = $cipher->decrypt($decoded);
    $plaintext = $plaintext.$piece;
    }
    return $plaintext;
    }

    function maxi_pad($plaintext){
    $str_len = count($plaintext);
    //plain text must be div by 8
    $pad_len = $str_len % 8;
    for($x=0; $x<$pad_len; $x++){
    $plaintext = $plaintext." ";
    }
    $str_len = count($plaintext);
    if($srt_len % 8){
    print "padding function is not working\n";
    }else{
    return $plaintext;
    }
    return (-1);
    }

    function createRandomPassword() {
    $chars = "abcdefghijkmnopqrstuvwxyz023456789,./<>?`~!@#$%^&*()_+-={}|[]\:;";
    srand((double)microtime()*1000000);
    $i = 0;
    $pass = '' ;
    while ($i <= 10) {
    $num = rand() % 33;
    $tmp = substr($chars, $num, 1);
    $pass = $pass . $tmp;
    $i++;
    }

    return $pass;

    }

    // Usage
    $user ="admin";
    $password = createRandomPassword();

    // print random password
    echo "Your random password is: $password <BR>";



    $salt = substr(md5(uniqid(rand(), true)), 0, 5);
    $hash1 = md5($user->salt . md5($password)); // hash password once
    $hash2 = md5($user->salt . md5($hash1)); // hash password twice
    $hash3 = md5($hash1->salt . md5($hash2)); // hash password three times</b>


    $final_hash = $hash3;
    // print triple hashed password with combined hash from second algorythum
    echo "Final hashed password is: $final_hash<p>";

    //NOTE: This is the key or password for encrypting your files.
    // THIS MUST BE 8 CHARACTERS
    $key = $hash3;

    //This is the text to be encrypted
    $plaintext = $final_hash;

    //This is a blowfish cipher object
    $cipher = new Crypt_Blowfish($key);

    //This is the encrypted text
    $ciphertext = Eencrypt($cipher,$plaintext);

    // TRIPLE HASH WITH BLOWFISH ENCRYPTION
    echo "Final hashed password with blowfish encryption is: $ciphertext";
    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

    More User Management Code Articles
    More By Codewalkers

     

    IBM® developerWorks developerWorks - FREE Tools!


    Build Forge Express demo: Enabling software delivery excellence for small and midsized businesses

    This demonstration gives you an overview of IBM® Rational® Build Forge Express Edition, a global offering that provides a framework to automate and execute software processes. Rational Build Forge provides a software assembly line that can support all of your tools, technologies, and platforms so you can achieve a repeatable, reliable, and traceable build and release process.
    FREE! Go There Now!


    NEW! Addressing software-as-a-service challenges using Tivoli security and WebSphere solutions

    Building a software-as-a-service solution requires addressing a few key technical challenges. In this webcast, we'll focus on the role of IBM Tivoli Directory Server and WebSphere Portlet Factory in creating a Software as a Service solution. We will demonstrate how to use Tivoli Directory Server to prevent the user population of one tenant from accessing the virtual portal and portlet components of another tenant. We will also use the dynamic profile capability of WebSphere Portlet Factory to create multiple highly customized applications from one code base.
    FREE! Go There Now!


    NEW! Did you say mainframe? e-kit

    Learn how you can extend modern application lifecycle management to IBM System z through the IBM Rational Software Delivery Platform (SDP). The Did you say mainframe? e-kit includes podcasts, webcasts, tutorials, white and red papers, demos, and articles designed to help ease the challenges of modernizing your enterprise. This complimentary kit for mainframe developers is a practical, how-to guide for making the most of an existing development environment, including the skills and infrastructure already in place at an established enterprise.
    FREE! Go There Now!


    NEW! IBM Rational Systems Development e-Kit

    As systems increase in complexity, communication between systems and software teams becomes more and more difficult. Now, there’s a way to improve product quality and communication.<br />Read the “Model Driven Systems Development” white paper to see how. Also included in this kit are more educational white papers, customer examples, tutorials, informative Webcasts, and best practices for designing, building and managing systems.<br />
    FREE! Go There Now!


    NEW! Rational Talks to You: Manage RUP-based CMMI initiatives

    Join this Rational Talks to You teleconference on December 4 at 1:00 pm ET to discuss how Rational Method Composer can help meet your compliance objectives. Get your questions answered!
    FREE! Go There Now!


    NEW! Rational Testing eKits

    Discover how Rational tools and best practices for testing can make your job easier. The new Rational Testing eKits provide you with valuable resources – including demos, webcasts, tutorials, and articles – that help you address your specific testing needs across the software lifecycle. Five new eKits are available covering the topics of Requirements and Test Management, Functional Testing, Performance Testing, Code Quality and Embedded Systems, and SOA and Web Services Testing.
    FREE! Go There Now!


    NEW! The dirty dozen: preventing common application-level hack attacks

    As organizations have grown increasingly dependent on online software, the risk of malicious attacks has also become far more serious. Fortunately, well-governed organizations can protect their Web applications by injecting vulnerability assessments and ethical hacks into their software development and delivery processes. This paper describes 12 of the most common hacker attacks and provides basic rules that you can follow to help create more hack-resistant Web applications.
    FREE! Go There Now!


    NEW! Try the IBM SOA Sandbox for Process

    Visit IBM developerWorks to try the IBM SOA Sandbox for process. The SOA Sandbox for process focuses on providing a trial environment with the necessary tooling and components required to gain a better understanding of business processes and how to best improve existing business processes to derive value quickly.
    FREE! Go There Now!


    NEW! Webcast: What is new in Viper 2 for developers?

    Viper 2 brings a great value to developer communities including SQL, XML, PHP, Ruby, .NET and Java. You probably already know that DB2 Express-C is free for developers to develop, deploy and distribute. Viper 2 provides a variety of means that help move your application from the development stage to deployment more rapidly. This webcast shows how to best utilize the latest tools available for developing DB2 applications.
    FREE! Go There Now!


    Refresh! IBM Rational Systems Development Solution eKit

    With IBM Rational Systems Development Solution, you can deliver products faster with higher quality. Within this kit, Read the “Model Driven Systems Development” white paper to see how to improve product quality and communication. Then check out the rest of the e-Kit to learn more about important topics that can affect the success of any software project through customer examples, tutorials, informative Webcasts, and best practices for designing, building and managing systems. From start to finish, at every stage in your projects, Rational Systems Development Solution can help your company reach its full potential.
    FREE! Go There Now!



    All FREE IBM® developerWorks Tools!

    USER MANAGEMENT CODE ARTICLES

    - XCRYPT v1.0b
    - DB_eSession class stores sessions in a MySQL...
    - Ever Changing Dynamic Passcode Code
    - phpAutoMembersArea - create own members area
    - Azura Signup 2.5
    - Azura Signup 2.0
    - Azura Signup
    - Flexcustomer
    - PHP Quicksite 2.0
    - PHP Quicksite 1.0
    - random string generator (key generator)
    - Example Login system
    - Simple and Easy Security
    - Basic Security
    - UMA - User Management and Authentication





    © 2003-2010 by Developer Shed. All rights reserved. DS Cluster 4 Hosted by Hostway
    For more Enterprise Application Development news, visit eWeek