?
Solved

How to use the crypt function

Posted on 2009-04-27
18
Medium Priority
?
728 Views
Last Modified: 2013-11-16
I need to know how to use the crypt function. i know it will encrypt the password,
I have paypal sending a password to my database for a restricted area.
Then my users login.

What i need to know is how do i encrypt the password that the user inputs when logging in so that in match's the password in the database.

HELP
0
Comment
Question by:protype
  • 11
  • 7
18 Comments
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 24241761
Not sure what the PayPal part of this is, but there are several ways to make passwords obscure in the data base, and the crypt function is not necessary.  The usual way is to hash the password when it is entered - you know how web pages ask you to enter the password twice?  They compare them and if they match, they make a hash of the password and store the hash in the password field.  One of the functions you can use for this is md5().

When the client wants to log in, the login script reads the password, makes the same hash and compares it to the hashed value in the data base.  If they match, the login is permitted.

Does that help? ~Ray
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 24241777
I should also add that the crypt function is pretty well documented here:
http://us3.php.net/manual/en/function.crypt.php

The user-supplied notes are often very helpful on the PHP.net site.

Best, ~Ray
0
 

Author Comment

by:protype
ID: 24242042
Hi Ray

PayPal sends an IPN to my server and in the IPN there is a encrypted password which was done via the SALT in the crypt function.

i think???????? do i have this correct
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 111

Expert Comment

by:Ray Paseur
ID: 24242070
Can you show me the PayPal Developer manual page for this?  I've got plenty of experience in the IPN, but I have never seen an encrypted password there.  Should not be too hard to figure out, tho.

Thanks, ~Ray
0
 

Author Comment

by:protype
ID: 24242147
The hole problem with PayPal is............How complicated it is............manual??? i would not know where to start.

I am one week trying to get subscription section working on my site
0
 

Author Comment

by:protype
ID: 24242349
OK i have looked into my question.......

What i am asking is how do i encrypt a password which a user enters on my site, so that it will be referenced against a password in my database which was entered by paypal.
0
 

Author Comment

by:protype
ID: 24242362
How do i write the crypt into my php
0
 

Author Comment

by:protype
ID: 24242389
This is the code used when the user is logging in
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}
 
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
 
if (isset($_POST['username22'])) {
  $loginUsername=$_POST['username22'];
  $password=$_POST['password22'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "../page_on_me_site.php";
  $MM_redirectLoginFailed = "samo.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_Login, $Login);
  
  $LoginRS__query=sprintf("SELECT username, password FROM paypal_subscriptions WHERE username='%s' AND password='%s'",
    get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); 
   
  $LoginRS = mysql_query($LoginRS__query, $Login) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
    
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;	      
 
    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>

Open in new window

0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 24242575
Hi, protype: To work with PayPal you need to be knowledgeable of the PayPal Developers documentation.  They have online manuals and PDFs that describe how to use their web services.  I agree with you that it is complicated - the "basics" is over 150 pages, and their interfaces are not in anything standard like XML (Feh!) so you have to write custom code for everything.

As you know if you have read the php man page on crypt(), you must provide a "salt" - it would seem to me that the "salt" in this case may be something that PayPal knows and you must find out from the PayPal documentation for developers.  But as I read more about this by searching the 'net, I think you might want to look at this tutorial and see if it guides you in the right direction.

http://net.tutsplus.com/tutorials/php/using-paypals-instant-payment-notification-with-php/

Let me know what you think, ~Ray
0
 

Author Comment

by:protype
ID: 24242667
I think i have the SALT i just need to add the crypt function to the php...................i am only learning and it is a killer.  
0
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 2000 total points
ID: 24243272
Maybe this will help.  But if I were just learning PHP I would not start with an eCommerce application.  Instead you might benefit from the examples in this (very good) basic book.

http://www.sitepoint.com/books/phpmysql1/

Best regards, ~Ray
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}
 
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
 
if (isset($_POST['username22'])) {
  $loginUsername=$_POST['username22'];
  $password=$_POST['password22'];
 
 
  
// YOU MIGHT TRY ADDING THE crypt() FUNCTION RIGHT HERE
// READ THE MAN PAGE HERE:
// http://us3.php.net/manual/en/function.crypt.php
 
// YOU MUST KNOW THE SALT VALUE IN ADVANCE OR crypt() WILL CHOOSE ONE 
// AND IT WILL ALMOST CERTAINLY BE WRONG
 
// DEFINE THE SALT
define('MY_SALT_STRING', /* SALT STRING YOU GOT FROM PAYPAL */ );
 
$password = crypt($password, MY_SALT_STRING);
 
 
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "../page_on_me_site.php";
  $MM_redirectLoginFailed = "samo.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_Login, $Login);
  
  $LoginRS__query=sprintf("SELECT username, password FROM paypal_subscriptions WHERE username='%s' AND password='%s'",
    get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); 
   
  $LoginRS = mysql_query($LoginRS__query, $Login) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
    
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;       
 
    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];  
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>

Open in new window

0
 

Author Comment

by:protype
ID: 24243710
Can you show me how to write the code for this as the it has me confused.

And i do have the SALT i just don't know how the code goes. once i have this sorted i'm working.

please help
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 24245144
"Can you show me how to write the code for this as the it has me confused."

That is EXACTLY what I posted above.  Get the salt string from PayPal and put it into the define statement at line 26.  I don't know what more I can do to help??
0
 

Author Comment

by:protype
ID: 24295752
I will need to get someone the write the php and show me, because i don't understand. I think you have told me where to put the code but i need to know how to write it.

Thanks anyway.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 24296212
"you have told me where to put the code but i need to know how to write it."

Please explain - what do you mean by "how to write it?"  

Thanks, ~Ray
0
 

Author Comment

by:protype
ID: 24496437
Sorry it took so long Ray,

This is the last thing i need to sort and i will have it working.
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}
 
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
 
if (isset($_POST['username22'])) {
  $loginUsername=$_POST['username22'];
  $password=$_POST['password22'];
 
 
  
// YOU MIGHT TRY ADDING THE crypt() FUNCTION RIGHT HERE
// READ THE MAN PAGE HERE:
// http://us3.php.net/manual/en/function.crypt.php
 
// YOU MUST KNOW THE SALT VALUE IN ADVANCE OR crypt() WILL CHOOSE ONE 
// AND IT WILL ALMOST CERTAINLY BE WRONG
 
// DEFINE THE SALT
define('pp'); // IS THIS WHAT I SHOULD BE DOING
 
$password = crypt($password, MY_SALT_STRING);
 
 
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "../page_on_me_site.php";
  $MM_redirectLoginFailed = "samo.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_Login, $Login);
  
  $LoginRS__query=sprintf("SELECT username, password FROM paypal_subscriptions WHERE username='%s' AND password='%s'",
    get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); 
   
  $LoginRS = mysql_query($LoginRS__query, $Login) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
    
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;       
 
    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];  
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>

Open in new window

0
 

Author Comment

by:protype
ID: 24501205
Ok i need to ask another related question.

I have the salt working when i test it BUT, every password seems to have a different salt like this

kq.K6/Cd2NLg2
u866uUGe1.0KA
f/evD8wWOx.C2
7CrEtSevW.h6E >  looking at this one, if i use the 7C salt for the password "jag0glenn" i get the encrypted password of "7CrEtSevW.h6E", NOW as this would make sense to you it is a little confusing for someone learning, because now do i use a salt if the salt is different for every password, what i'm saying is How do i put the salt into my code.

example:  $password =crypt($_POST['password22'], '7C' );

HERE IS A LITTLE CODE YOU CAN RUN THAT WILL SHOW YOU HOW I'M TESTING


<!--Create a page and insert this code then save it as crypt.php
	then run it. -->
 
<FORM ACTION="crypt.php" METHOD="post"> <br>
<INPUT TYPE="password" NAME="password" /> password <P> Insert the password = <strong>jag0glenn</strong>  you should get the uotput = <strong>7CrEtSevW.h6E</strong><br>
 
<INPUT TYPE="submit" VALUE="calculate">
<P> 
</FORM> 
 
<?php 
$password = crypt($_POST['password'], '7C'); // this is the use of crypt   
if ($password == '7CrEtSevW.h6E')
		{
		echo "Well as you can see the password is $password. This is the output for the salt '7C'";
		} 
 
?>

Open in new window

0
 

Author Closing Comment

by:protype
ID: 31590305
Ray

Thanks for the help go it working. All the paypal sorted and working, as you know it is my first attempt at PayPal and ecommerce and i got it sorted.

I had to learn how to build websites because i got shafted by a company who charged me a ridiculous amount of money then left me without a CMS.

I have more question and i just hope you can help as your help has been second to none.

I would like to show you the site but will not put the url up here.

Regards
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I’ll look at how you can use a backup to start a secondary instance for MongoDB.
One of the most important things in an application is the query performance. This article intends to give you good tips to improve the performance of your queries.
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
The viewer will learn how to dynamically set the form action using jQuery.
Suggested Courses
Course of the Month17 days, 9 hours left to enroll

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question