Membuat Enkripsi Password di Database Menggunakan Cipher (PHP Mcrypt)
1) Buat file library cipher.php dengan isi seperti berikut
<?php
/**
* Cipher
*
* Simple mcrypt interface.
*
* Cipher is a simple class for working with mcrypt.
*
* @package Cipher
* @author Nathan Lucas <nathan@gimpstraw.com>
* @link http://www.gimpstraw.com/
* @copyright Copyright (c) 2008, Nathan Lucas
* @version 2.0.0
*
* Added $iv to both encrypt() and decrypt() allowing you to use preset IVs
* while encrypting/decrypting data.
*
* Also added getIV(), which returns the instance's current IV in base64
* allowing you to store this IV for use on other instances of Cipher.
*/
class Cipher {
/**
* Algorithm to use.
*
* @access private
* @var string
*/
private $algo;
/**
* Encryption mode.
*
* @access private
* @var string
*/
private $mode;
/**
* Randomization source.
*
* @access private
* @var integer
*/
private $source;
/**
* Initialization vector.
*
* @access private
* @var string
*/
private $iv = null;
/**
* Encryption key.
*
* @access private
* @var string
*/
private $key = null;
/**
* Cipher($algo, $mode, $source)
*
* Cipher constructor. Sets the algorithm being used, the encryption
* mode, and the IV.
*
* @param string $algo
* @param string $mode
* @param integer $source (randomization source)
* @access public
* @return void
*/
public function __construct($algo = MCRYPT_3DES, $mode = MCRYPT_MODE_CBC, $source = MCRYPT_RAND) {
$this->algo = $algo;
$this->mode = $mode;
$this->source = $source;
if (is_null($this->algo) || (strlen($this->algo) == 0)) {
$this->algo = MCRYPT_3DES;
}
if (is_null($this->mode) || (strlen($this->mode) == 0)) {
$this->mode = MCRYPT_MODE_CBC;
}
}
/**
* encrypt($data, $key, $iv)
*
* Returns encrpyted $data, base64 encoded. $key must be specified at
* least once, it can be changed at any point.
*
* @param string $data
* @param mixed $key
* @param string $iv
* @access public
* @return string
*/
public function encrypt($data, $key = null, $iv = null) {
$key = (strlen($key) == 0) ? $key = null : $key;
$this->setKey($key);
$this->setIV($iv);
$out = mcrypt_encrypt($this->algo, $this->key, $data, $this->mode, $this->iv);
return base64_encode($out);
}
/**
* decrypt($data, $key, $iv)
*
* Returns decrypted $data. $key must be specified at least once, it can
* be changed at any point.
*
* @param mixed $data
* @param mixed $key
* @param string $iv
* @access public
* @return string
*/
public function decrypt($data, $key = null, $iv = null) {
$key = (strlen($key) == 0) ? $key = null : $key;
$this->setKey($key);
$this->setIV($iv);
$data = base64_decode($data);
$out = mcrypt_decrypt($this->algo, $this->key, $data, $this->mode, $this->iv);
return trim($out);
}
/**
* getIV()
*
* Returns the IV used for encryption so you can use it again in another
* Cipher instance to decrypt data.
*
* @access public
* @return string
*/
public function getIV() {
return base64_encode($this->iv);
}
/**
* setIV($iv)
*
* Sets IV. If $iv is specified, the instance IV will be set to this. If not,
* the instance will generate an IV.
*
* @param string $iv
* @access private
* @return void
*/
private function setIV($iv) {
if (!is_null($iv)) {
$this->iv = base64_decode($iv);
}
if (is_null($this->iv)) {
$iv_size = mcrypt_get_iv_size($this->algo, $this->mode);
$this->iv = mcrypt_create_iv($iv_size, $this->source);
}
}
/**
* setKey($data, $key)
*
* Sets Cipher::key. This will be the key used for the encrypt and decrypt
* methods until another $key is specified. This will trigger an error if
* no initial key is set.
*
* @param mixed $key
* @access private
* @return void
*/
private function setKey($key) {
if (!is_null($key)) {
$key_size = mcrypt_get_key_size($this->algo, $this->mode);
$this->key = hash("sha256", $key, true);
$this->key = substr($this->key, 0, $key_size);
}
if (is_null($this->key)) {
trigger_error("You must specify a key at least once in either Cipher::encrpyt() or Cipher::decrypt().", E_USER_ERROR);
}
}
}
?>
2) Misal digunakan untuk membuat user baru maka penggunaannya seperti berikut
a. Buat file form untuk menambahkan user
<form method="post" action="create_user.php">b. Buat file action create_user.php
<input type="text" name="username" required>
<input type="password" name="password" required>
<button type="submit" name="add_user">Tambah User</button>
</form>
<?php
include 'koneksi.php'; //ganti dengan file koneksi anda
require_once("cipher.php");
$cipher = new Cipher(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
$key = "%^$%^&%*UBAHDISINI";
$username = $_POST['username'];
$password = $cipher->encrypt($_POST['password'], $key);
if(isset($_POST['add_user'])){
$query = mysqli_query($conn,"INSERT INTO tb_user VALUES('$username', '$password')");
if($query){
echo "Berhasil Tambah User";
}
else{
echo "Gagal Tambah User";
}
}
?>
*Pada bagian UBAHDISINI bisa diganti dengan KEY yang diinginkan, misal QWERT123 atau 94XYZ dsb.
3) Misal digunakan untuk form login maka penggunaannya seperti berikut
a. Buat file form untuk login
<form method="post" action="login_proses.php">
<input type="text" name="username" required>
<input type="password" name="password" required>
<button type="submit">Login</button>
</form>
b. Buat file login_proses.php
<?php
@session_start();
include 'koneksi.php'; //ganti dengan file koneksi anda
require_once("cipher.php");
$cipher = new Cipher(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
$key = "%^$%^&%*UBAHDISINI";
$username = $_POST['username'];
$password = $cipher->encrypt($_POST['password'], $key);
if($username&&$password) {
$get_user = mysqli_query($conn,"SELECT * FROM tb_user WHERE username='$username'");
$cek_user = mysqli_num_rows($get_user);
if($cek_user!=0){
while($row = mysqli_fetch_assoc($get_user)){
$dbusername = $row['username '];
$dbpassword = $row['password'];
}
if($username==$dbusername&&$password==$dbpassword){
$_SESSION['username']=$username;
header("location:/dashboard.php");
}
else{
header("location:/login.php");
}
}
?>
4) Selanjutnya kode tersebut tinggal di terapkan pada sistem yang kamu buat
Selamat mencoba!
Comments
Post a Comment
-Berkomentarlah yang baik dan rapi.
-Menggunakan link aktif akan dihapus.