-1

Hi I have this code that encrypts password and/or username. I'm trying to learn a better way of coding so I ask this question and sorry If this is one of those elementary questions.

I followed this steps stated in another post This one and I want to display (for testing purposes only if what I did was right) It does not need to be username or password, just a plain text inserted in an input box will do as long as I can see if what i entered is encrypted using my code. Please help me out. Stuck for like forever in this scenario.

Now here's my code.

MCrypt.php(just copied it)

<?php 

    class MCrypt
    {
            private $iv = 'fedcba9876543210'; #Same as in JAVA
            private $key = '0123456789abcdef'; #Same as in JAVA


            function __construct()
            {
            }

            function encrypt($str) {

              //$key = $this->hex2bin($key);    
              $iv = $this->iv;

              $td = mcrypt_module_open('rijndael-128', '', 'cbc', $iv);

              mcrypt_generic_init($td, $this->key, $iv);
              $encrypted = mcrypt_generic($td, $str);

              mcrypt_generic_deinit($td);
              mcrypt_module_close($td);

              return bin2hex($encrypted);
            }

            function decrypt($code) {
              //$key = $this->hex2bin($key);
              $code = $this->hex2bin($code);
              $iv = $this->iv;

              $td = mcrypt_module_open('rijndael-128', '', 'cbc', $iv);

              mcrypt_generic_init($td, $this->key, $iv);
              $decrypted = mdecrypt_generic($td, $code);

              mcrypt_generic_deinit($td);
              mcrypt_module_close($td);

              return utf8_encode(trim($decrypted));
            }

            protected function hex2bin($hexdata) {
              $bindata = '';

              for ($i = 0; $i < strlen($hexdata); $i += 2) {
                    $bindata .= chr(hexdec(substr($hexdata, $i, 2)));
              }

              return $bindata;
            }

    }
?>

Here's my submit .php which I don't know if it's correct or not but when I try it show these error

Notice: Use of undefined constant MCrypt - assumed 'MCrypt' in    C:\xampp\htdocs\HSC\submit.php on line 2
Notice: Use of undefined constant php - assumed 'php' in C:\xampp\htdocs\HSC\submit.php   on line 2
Warning: include(MCryptphp): failed to open stream: No such file or directory in C:\xampp\htdocs\HSC\submit.php on line 2
Warning: include(): Failed opening 'MCryptphp' for inclusion (include_path='.;C:\xampp\php\PEAR') in C:\xampp\htdocs\HSC\submit.php on line 2
Fatal error: Class 'MCrypt' not found in C:\xampp\htdocs\HSC\submit.php on line 4

Here's my submit.php

<?php
include(MCrypt.php);

$mcrypt = new MCrypt();
#Encrypt
$encrypted = $mcrypt->encrypt('fruit1');
?>

and my index.php

<!DOCTYPE html>
<html>
<head lang="en">
<meta charset="UTF-8">
<title></title>
</head>
<body>
<form action="submit.php">
<input type="text" id="fruit1">
<input type="text" id="fruit2">
<input type="submit" id="submitfruit" name="clickme">
</form>
</body>
</html>
Community
  • 1
  • 1
user3754307
  • 1
  • 1

1 Answers1

1

Hi I have this code that encrypts password and/or username.

Your first sentence violates basic cryptography concepts.

I'm trying to learn a better way of coding so I ask this question and sorry If this is one of those elementary questions.

As somewhat of a PHP cryptography expert, a better way of coding when it comes to cryptography is to use a reputable and well-studied library instead of writing your own.

See defuse/php-encryption for basic string encryption and password_hash()/password_verify() for storing passwords properly.

As for the code you copied and pasted, it's using hard-coded IVs for CBC mode (massive operational cryptography failure), and failing to apply message authentication to the encryption. Don't use it for anything ever.

Scott Arciszewski
  • 33,610
  • 16
  • 89
  • 206