Salt Pepper Encrypter PHP

SUBMITTED BY: Guest

DATE: July 23, 2014, 12:10 p.m.

FORMAT: Text only

SIZE: 5.7 kB

Raw Download

HITS: 721

Report
  1. <?php
  2. ////////////////////////////////////////
  3. // Salt & Pepper Encrypter v1.0
  4. // (C) 2005 Nathan Bolender
  5. // www.nathanbolender.com
  6. ////////////////////////////////////////
  7. ////////////////////////////////////////
  8. // Feel free to use as you wish, but do
  9. // not remove this copyright notice.
  10. ////////////////////////////////////////
  11. // Redistribution prohibited! May only
  12. // be distributed through
  13. // www.nathanbolender.com
  14. // Full license at:
  15. // http://creativecommons.org/licenses/by-nc-nd/2.0/
  16. ////////////////////////////////////////
  17. ////////////////////////////
  18. // Configuration
  19. ////////////////////////////
  20. // Salt Key
  21. // Set this to anything you wish
  22. // but it must be specific to your
  23. // website and should never be
  24. // revealed to the public
  25. $saltkey = '0987274882';
  26. // Note that if you change this key all of your stored passwords
  27. // will STOP WORKING! This value must be set correctly for pepper() to function correctly
  28. // If you have some experience you can set a different key for each password
  29. // But you must be able to retrieve that key to check the password !
  34. ////////////////////////////
  35. // That's all!
  36. // Now here is some usage instructions:
  37. //
  38. // To get a hash to put into your database (encrypted password)
  39. // include this file and use this function:
  40. // salt('mypassword')
  41. // You can also set a static position and key hash like this:
  42. // salt('mypassword', 15, 'n')
  43. // Options for this is:
  44. // Position must be between 10 and 38
  45. // hash types are 'n' or 'b' where n is sha1 and b is md5
  46. //
  47. // To check a string against a hash from the database:
  48. // pepper('mypass', '8fe5ccb19ba61c4c0873ddc')
  49. // This will return TRUE or FALSE, letting you do the action you
  50. // wish depending on the result.
  51. //
  52. // Both of these functions also have a debug function which works like this:
  53. // salt('mypass', 'a', 'a', 1) (note that a value of 'a' is the same as no value at all in this case
  54. // pepper('mypass', '8fe5ccb19ba61c4c0873ddc', 1)
  55. //
  56. // This will echo the value of all of the variables set.
  57. /////////////////////////////////////////////////////////////////////////////////
  58. /////////////////////////////////////////////////////////////////////////////////
  59. /////////////////////////////////////////////////////////////////////////////////
  60. /////////////////////////////////////////////////////////////////////////////////
  61. ///////////////////////// DO NOT EDIT BELOW THIS BLOCK! /////////////////////////
  62. /////////////////////////////////////////////////////////////////////////////////
  63. /////////////////////////////////////////////////////////////////////////////////
  64. /////////////////////////////////////////////////////////////////////////////////
  65. /////////////////////////////////////////////////////////////////////////////////
  67. //////////////////////////////////
  68. // You should not be down here!
  69. //////////////////////////////////
  71. function salt($string, $pos = 'a', $stype = 'a', $debug = 0) {
  72. global $saltkey;
  73. $stringA = sha1($string);
  74. if ($pos == 'a'): $pos = rand(10, 38);
  75. endif;
  76. if ((rand(1, 3) == 1) || ($stype == 'b')) {
  77. $salt = md5($saltkey);
  78. $stype = 'b';
  79. $slen = 32;
  80. } else {
  81. $salt = sha1($saltkey);
  82. $stype = 'n';
  83. $slen = 40;
  84. }
  85. $afterstr = substr($stringA, $pos);
  86. $startbeginning = -(strlen($afterstr));
  87. $beforestr = substr($stringA, 0, $startbeginning);
  88. $salted = $beforestr . $salt . $afterstr . $stype . $pos;
  90. if ($debug == 1) {
  91. echo '<br>$saltkey = '.$saltkey;
  92. echo '<br>$stringA = '.$stringA;
  93. echo '<br>$pos = '.$pos;
  94. echo '<br>$salt = '.$salt.'<br>$stype = '.$stype.'<br>$slen = '.$slen;
  95. echo '<br>$afterstr = '.$afterstr;
  96. echo '<br>$startbeginning = '.$startbeginning;
  97. echo '<br>$beforestr = '.$beforestr;
  98. echo '<br><br>$salted = '.$salted;
  99. }
  101. return $salted;
  102. }
  104. function pepper($str, $dbhash, $debug = 0) { // str = string to be checked against DBHASH
  105. global $saltkey;
  107. // Find the original sha1 hash and check it with the new one
  108. $hashA = sha1($str); // new hash to be checked
  110. $pos = substr($dbhash, -2);
  112. $stype = substr($dbhash, -3, 1); // n or b
  114. if ($stype == 'n') {
  115. $slen = 40;
  116. } else {
  117. $slen = 32;
  118. }
  120. $beforesalt = substr($dbhash, 0, $pos);
  122. $aftersaltA = substr($dbhash, ($pos + $slen));
  124. $aftersalt = substr($aftersaltA, 0, -3);
  126. $saltA = substr($dbhash, $pos, ((-strlen($aftersalt)) - 3));
  128. if ($stype == 'n') {
  129. $salt = sha1($saltkey);
  130. } else {
  131. $salt = md5($saltkey);
  132. }
  134. $unsalted = $beforesalt . $aftersalt;
  136. if ($debug == 1) {
  137. echo '<br><br>$saltkey = '.$saltkey;
  138. echo '<br>$str = '.$str;
  139. echo '<br>$dbhash = '.$dbhash;
  140. echo '<br>$hashA = '.$hashA;
  141. echo '<br>$pos = '.$pos;
  142. echo '<br>$stype = '.$stype;
  143. echo '<br>$slen = '.$slen;
  144. echo '<br>$beforesalt = '.$beforesalt;
  145. echo '<br>$aftersaltA = '.$aftersaltA;
  146. echo '<br>$aftersalt = '.$aftersalt;
  147. echo '<br>$saltA = '.$saltA;
  148. echo '<br>$salt = '.$salt;
  149. echo '<br>$unsalted = '.$unsalted.'<br>if = ';
  150. }
  152. if (($hashA == $unsalted) && ($salt == $saltA)) {
  153. if ($debug == 1): echo 'true'; endif;
  154. return true;
  155. } else {
  156. if ($debug == 1): echo 'false'; endif;
  157. return false;
  158. }
  159. }
  160. ?>
comments powered by Disqus