Implementing One-way Encryption in PHP

This article is a follow up to my previous article on PHP encryption techniques. To demonstrate one-way encryption in PHP, this article describes how to start building a secure online diary application. The one-way encryption will allow the diary to log a user in and generally encrypt the contents of the file that it loads.

How It Works

First, the user has to log into the diary. This ensures that only the person that is supposed to use the diary has access to it. We will use one-way hashing to ensure password safety. The user will be presented with an HTML form that will take a password and then compare it to the stored hash algorithm.

Both the password and the diary contents will be stored in a file. Because PHP works mighty fine with MySQL, we will create some code to show how to store both pieces of information in a MySQL database as well. So you will have not only the option to store them in either the database or file, but you will also have the code to make it possible.

After a user has logged in, they will be transferred to the editor page where they will be presented with unencrypted text in a text box... Hold that thought, let's start from the beginning.

The Database Stuff

The diary takes two tables: the users and contents tables. The users table contains information about the users, such as their names and passwords, and the contents table contains information about the contents of the diary. To ensure that more than one person is able to start their own diary, I've created two tables: one to hold the information about a user and another to hold information about the different kinds of content that can be held by different users. Below is an outline of the tables, followed by the SQL (which you can copy and paste into your MySQL client to create them).

The users table has three fields:

• id – Stores a unique new ID number for each new user
• name – Stores the name of the user
• pass – Stores the password of the user

The contents table has three fields:

• cid – Creates and stores a unique number for each new piece of content
• txt – Stores the main text of the diary
• uid – Stores the name of the user who is responsible for creating the text (This field also acts as a foreign key that links to the users table.)

Below is the SQL for the database tables:

# phpMyAdmin SQL Dump # version 2.5.7-pl1 # https://www.phpmyadmin.net # # Host: localhost # Generation Time: Aug 31, 2008 at 02:25 PM # Server version: 3.23.54 # PHP Version: 5.2.5 # # Database : `diary` # # -------------------------------------------------------- # # Table structure for table `contents` # CREATE TABLE `contents` ( `cid` int(4) NOT NULL auto_increment, `txt` text NOT NULL, `uid` int(4) NOT NULL default '0', PRIMARY KEY (`cid`) ) TYPE=MyISAM AUTO_INCREMENT=2 ; # # Dumping data for table `contents` # INSERT INTO `contents` VALUES (1, 'if(isset($_POST[\'submit\'])){\r\n//get stored password from database\r\n$sql= "SELECT id,name FROM users WHERE pass=\'".MD5($_POST[\'pw\'])."\'";\r\n$res = mysql_query($sql);\r\nif($res){\r\n$row= mysql_fetch_assoc($res);\r\n$name= $row[\'name\'];\r\n$_SESSION[\'name\'] =$name ;\r\n$_SESSION[\'id\'] =$row[\'id\'] ;\r\nheader("location:editor.php");', 1); Users table # Table structure for table `users` # CREATE TABLE `users` ( `id` int(4) NOT NULL auto_increment, `name` varchar(50) NOT NULL default '', `pass` varchar(40) NOT NULL default '', PRIMARY KEY (`id`) ) TYPE=MyISAM AUTO_INCREMENT=2 ; # # Dumping data for table `users` # INSERT INTO `users` VALUES (1, 'hagegeingob', '0cee6764658d708889aa700fc72d28a4');

The Editor

When a user has logged in, the user name and ID is put into session variables and then the user is directed to the editor script. This script shows the unencrypted contents that this user stored previously. To edit the text, the user is presented with a form element called the textarea. There the user can move up and down, write and erase, and do lots of other things. Because the form element provides all of this functionality, we do not actually have to worry about implementing text manipulation. This makes our job extremely easy.

After the user finishes writing the day's entry in the diary, he or she then clicks on the button that says encrypt and exit. When the user presses this button, the text contained in the form element is sent to the PHP code for processing. One of the things the PHP code does is encrypt the text. Then the user is transferred to the login page.

Find a programming school near you

Zip Code:

Subject: - Select All Subjects - Computer Applications Computer Engineering Computer Science Computer Prog. - Software Dev. Computer Game Programming Web Design Web Development Internet Systems Internet Certification Database Design and Development Information Systems Management Information Technology Project Management Network Design - Development Systems Analyst

Degree: - Select All Degrees - Associate's Bachelor's Master's Doctoral Certificates Diplomas Coursework MBA

Online Campus Both