Sharing of encryption algorithm using XOR operation in PHP MySQL application_PHP tutorial

Principle of XOR algorithm

From the main encryption method, the transposition method is too simple, especially when the amount of data is small, it is easy to guess the plaintext from the ciphertext, and the substitution method is an effective and simple algorithm.

From the characteristics of various substitution operations, the XOR operation is most suitable for simple encryption and decryption operations. The principle of this method is: when a number A and another number B are XORed, another number will be generated. C, if C and B are XORed, C will be restored to A.

Compared with other simple encryption algorithms, the advantages of the XOR algorithm are as follows.

(1) The algorithm is simple and can be easily implemented in high-level languages.

(2) It is fast and can be used at any time and anywhere.

(3) is valid for any character, unlike some simple encryption algorithms, which are only valid for Western characters. After encrypting Chinese characters and then decrypting them, they cannot be restored to the original characters.

XOR algorithm implementation

The previous part introduced the principle of how to use XOR operation for encryption/decryption. This section will use it to encrypt the user's login information. According to the principle of the XOR encryption algorithm introduced in the previous section, it is not difficult to write the following encryption and decryption functions. Encryption algorithms are listed first.

Copy code The code is as follows:

//Encryption function
functionmyEncrypt($string,$key)
{
for($i=0;$i
{
for($j=0;$j
{
$ string[$i]=$string[$i]^$key[$j];
}
}
return$string;
}

4th The line defines the encryption function myEncrypt(), the input parameter $string is plaintext, and $key is the key; the output is the ciphertext generated using $key as the key and using the XOR encryption algorithm.
The outer for loop in lines 6 to 12 loops through each character of the plaintext string, while the inner for loop (lines 8 to 11) loops through each character in the plaintext and each character in the key. Bit XOR operation. The principle has been introduced in the previous section and will not be reiterated.
Similarly, similar to the encryption function, the following decryption function can be written.

Copy code The code is as follows:

//Decryption function
functionmyDecrypt($string,$key)
{
for($i=0;$i
{
for($j=0;$j
{
$string[$i]=$key[$j]^$string[$i];
}
}
return$ string;
}
?>

Line 4 defines the decryption function myDecrypt(), the input parameter $string is the ciphertext, and $key is the key; the output is using $key is used as the key and uses the XOR decryption algorithm to produce the plaintext.
Below, an application example is used to further illustrate the function of the encryption function.

Copy code The code is as follows:

//Example
$my_password="chair";
echo" my_password=$my_password";
$my_key="1234567890″;
$my_password_en=myEncrypt($my_password,$my_key);
echo"my_password_en=$my_password_en";
$my_password_de=myDecrypt( $my_password_en,$my_key);
echo "my_password_de=$my_password_de";

Line 3 first defines a plaintext $my_password, and then defines the key $my_key on line 4.
Lines 5 and 6 respectively call the encryption function to generate ciphertext and output it; in turn, the ciphertext is decrypted on lines 7 and 8.
The results of the above example are as follows.
my_password=chair
my_password_en=RYPXC
my_password_de=chair
Using XOR algorithm to implement authentication
The previous two parts introduce the principle and implementation of information encryption/decryption using XOR operation. The following is , this method will be used to encrypt the user's login password. In this example, in order to protect the user's password, the system wants to achieve the following purposes.
·When registering, the user needs to fill in the user password form.
·In addition to the user himself, no one else can obtain his password information, including system designers and database administrators.
·The system can verify the legitimacy of the user based on the password entered by the user.
In order to achieve the above purpose, when using the XOR algorithm, you can choose the username as plain text, and the key is the user-defined password, and then store the encrypted username in the database.
In addition, when a user logs in, there are the following two ways to verify legitimate users.
(1) Re-encrypt based on the username (plain text) and password (key) information submitted, and use the encrypted information to compare with the password information stored in the database. If they are equal, the user is legitimate, otherwise, for illegal users.
(2) Decrypt based on the password information (plain text) stored in the database and the password (key) information entered by the user, and compare the encrypted information with the user name submitted by the user. If they are equal, the user is legitimate , otherwise, it is an illegal user.
Both methods can achieve the third purpose. In this example, the second method will be used. The implementation code of this example can be implemented based on the implementation of Section 18.4.1 "User Login" and Section 18.4.2 "Check User". The "User Login" page does not need to be changed. The implementation reference of "Check User" is as follows.

Copy code The code is as follows:

session_start();//Load the Session library, be sure To be placed on the first line
$user_name=$_POST["user_name"];
session_register("user_name");//Register the $user_name variable, note that there is no $ symbol
require_once("sys_conf.inc" );//System configuration file, including database configuration information
require_once("encrypy_xor.php");//Contains xor encryption function file
//Connect to the database
$link_id=mysql_connect($DBHOST,$ DBUSER,$DBPWD);
mysql_select_db($DBNAME);//Select database my_chat
//Query whether login user information exists
$str="selectname,passwordfromuserwherename='$user_name'";
$result=mysql_query($str,$link_id);//Execute query
@$rows=mysql_num_rows($result);//Get the number of records of query results
$user_name=$_SESSION["user_name "];
$password=$_POST["password"];
$password_en=myEncrypt($user_name,$password);//Encrypt user information
//For old users
if( $rows!=0)
{
list($name,$pwd)=mysql_fetch_row($result);
$password_de=myDecrypt($pwd,$password);//Decrypt user information
//If the password is entered correctly
if($user_name==$password_de)
{
$str="updateusersetis_online=1wherename='$user_name'andpassword='$password_en'";
$ result=mysql_query($str,$link_id);//Execute query
require("main.php");//Go to the chat page
}
//Password input error
else
{
require("relogin.php");
}
}
//For new users, write their information to the database
else
{
$ str="insertintouser(name,password,is_online)values('$user_name','$password_en',1)";
$result=mysql_query($str,$link_id);//Execute query
require ("main.php");//Go to the chat page
}
//Close the database
mysql_close($link_id);
?>

No. Line 7 introduces the encryption function file encrypy_xor.php, including the two functions introduced in the previous section.
In line 19, the encrypted password value is obtained using the username and password submitted by the user, and for new users, the encrypted value is stored in the database in line 44.
In addition, for old users, obtain the user name and encrypted password information in the database on line 24, and use these two values ​​​​to decrypt on line 25, and then compare the decrypted value with the one submitted by the user on line 28 Username information to check the legitimacy of the user.
Automatically generate keys
The previous part introduced how to use the XOR encryption algorithm to encrypt user information. The password information entered by the user actually becomes the key in the encryption algorithm, and the user name is used as plain text. Using , while this does the job well, logically this approach seems a bit unsound.
This article will introduce a technology that automatically generates keys. You can use the automatically generated keys to encrypt the plain text of passwords submitted by users, making the logic more reasonable.
In this example, it is assumed that the generated key is 512 bits. The code is as follows.

Copy code The code is as follows:

//The automatically generated length is $len The key of
functiongenerate_key($len)
{
$lowerbound=35;
$upperbound=96;
$strMyKey="";
for($i=1; $i{
$rnd=rand(0,100);//Generate random numbers
$k=(($upperbound-$lowerbound)+1)*$rnd+ $lowerbound;
$strMyKey=$strMyKey.$k;
}
return$strMyKey;
}
//Write the key to the file $file_name
functionwrite_key($key ,$file_name)
{
$filename="C:key.txt";
$key=generate_key($key,512);
//Use add mode to open $filename, file pointer will be at the end of the file
if(!$handle=fopen($filename,'w'))
{
print "Cannot open file $filename";
exit;
}
//Write $key to the file we open.
if(!fwrite($handle,$key))
{
print "Cannot write to file $filename";
exit;
}
fclose($handle) ;
}
//Read the key in the key file
functionget_key($file_name)
{
//Open the file
$fp=fopen($file_name," r");
$result="";
//Read line by line
while(!feof($fp))
{
$buffer=fgets($fp,4096 );
$result=$result.$buffer;
}
return$result;
}
///*
$KeyLocation="C:key.txt"; //File to save the key
$key="123456″;
write_key($key,$KeyLocation);
echoget_key($KeyLocation);
//*/
?> ;

The code includes 3 functions.
◆ generate_key($len): Automatically generate a key with length $len
◆ write_key($key,$file_name): Write the key to the file $file_name
◆ get_key($file_name): Read the key value in the key file $file_name
When used, when the user logs in to the system for the first time, the key value is automatically generated for the user. There are two ways to handle this key value.
(1) Store it in a certain field in the database. The disadvantage of this method is that the security of the key in the database cannot be guaranteed;
(2) Save the key locally in the user's computer file, this can prevent the key from being obtained by others, but the disadvantage of this method is that when the user uses other machines to access the system, he cannot log in.
In this example, the second method will be used.
Specifically, lines 11 to 18 of the above code continuously generate keys by generating random numbers, and enhance their complexity through a calculation. The lowerbound and upperbound values ​​are actually the ASCII character range you want to use for encryption. Below is an example of a generated key file.
208123915925183361116049369344372701567721435181102718332639307390344373445407
524316475863232913993383189547474 747394154915312639841226741894189965623523913 95367
593586318332391170941272701152344371709270125776235313540032267139933835677407
6173841356961112391307329494 69623520815987524358635491542913374933524334454251 1363151191
833412771743139654…
Finally, you need to save the key in a safe place on the server, and then you can It is used with encryption algorithms such as XOR to encrypt/decrypt user information. How to use this key in the XOR introduced in the previous section is very simple and will not be described in detail.

http://www.bkjia.com/PHPjc/324110.html

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/324110.htmlTechArticlePrinciple of XOR algorithm From the main method of encryption, the transposition method is too simple, especially when the amount of data is small It is easy to guess the plaintext from the ciphertext, and the substitution method is an effective simple...