Zubrag.com
February 23, 2018, 04:40:22 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
 
   Home   Help Search Login Register  
Pages: [1]
  Print  
Author Topic: Encryption user passwords  (Read 3632 times)
tonysilva
Newbie
*
Posts: 2


« on: August 24, 2015, 10:09:39 AM »

There was a topic from some years back already, but the system advised me to start a new one.

Could someone send me a few hints on how to add a simple encryption to this?
I know how the basic encryption works:

Code:
<?php 
//Variables
$textToEncrypt "This is my super secret password!";
$encryptionMethod "AES-256-CBC";
$secretHash "1234567890aeiou";

//To encrypt
$encryptedMessage openssl_encrypt($textToEncrypt$encryptionMethod$secretHash);

//To Decrypt
$decryptedMessage openssl_decrypt($encryptedMessage$encryptionMethod$secretHash);

//Test Result
echo "Encrypted: $encryptedMessage <br>Decrypted: $decryptedMessage";
?>

But how do I merge this into the manager.php database list?

Logged
zubrag
Administrator
Hero Member
*****
Posts: 785


WWW
« Reply #1 on: August 25, 2015, 01:57:41 AM »

It would require a lot of changes to cipher only password. So better to cipher whole file.

Sorry i didn't work with PHP for a long time, so writing without checking for valid code

==login.php==

this
$users = @file(USERS_LIST_FILE);

should be
$users = @file(USERS_LIST_FILE);
for ($i =0; $i<count($users); $i++) {
  // loop through each line and decipher it
  $users[$i] = openssl_decrypt($users[$i], $encryptionMethod, $secretHash);
}


== reminder.php ==
the same change as above


== signup.php ==
the same change as above

and also replace this
fputs($fusers, "\n" . $this->login. ',' . $this->pass . ',' . $this->email);

with this

$s = $this->login. ',' . $this->pass . ',' . $this->email;
$ciphered = openssl_encrypt($s, $encryptionMethod, $secretHash);
fputs($fusers, "\n" . $ciphered);


== flatfile.inc.php ==
replace this
fputs($f,$s."\n");

with this
$ciphered = openssl_encrypt($s, $encryptionMethod, $secretHash);
fputs($f,$ciphered."\n");


and also replace this
$data = file($data_file);

with this
$data = file($data_file);
for ($i =0; $i<count($data); $i++) {
  // loop through each line and decipher it
  $data[$i] = openssl_decrypt($data[$i], $encryptionMethod, $secretHash);
}


$encryptionMethod and $secretHash variables could be placed into settings.php. Looks like settings.php gets included into all files and you will not have to define them in each and every file.


NOTE: do not forget to backup users.php, otherwise it may be lost or overwritten with incorrect content because as i said before these proposed changes were not tested by me.
Logged
tonysilva
Newbie
*
Posts: 2


« Reply #2 on: August 25, 2015, 02:26:59 AM »

Thank you so much, it worked flawlessly.
Cheesy
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC