| Author |
Message |
sixonetonoffun
Spouse Contemplates Divorce
Joined: Jan 02, 2003
Posts: 2499
|
 Posted:
Tue Mar 09, 2004 7:34 am |
 
|
I just rewrote a login/validation password function using the AES_CRYPT() AES_DECRYPT() functions. Sure is slick too bad it is only in MySQL 4.1 and up no sense in writing 2 login functions to maintain compatability with the popular 3.23x series. (Well I might I really like this function).
Biggest plus is unlike other encryption methods it should be cross platform portable without any hassles.
But once 3.23 is phased AES_ECRYPT will be fast and simple to implement. |
|
|
|
|
Rikk03
Worker
Joined: Feb 16, 2004
Posts: 164
|
| Posted:
Tue Mar 09, 2004 11:25 am |
|
Nice - I would like that for my own site, - is it really that easy to rewrite? |
|
|
|
|
|
sixonetonoffun
Spouse Contemplates Divorce
Joined: Jan 02, 2003
Posts: 2499
|
| Posted:
Tue Mar 09, 2004 12:25 pm |
|
Edited:
There was fundimental flaws in this code. Will post new code as soon as I get a chance. (Tonight?)
Ok here is a demo like package.
I did change so that a cookie is required as a third check uses a hash not an IP so should be aol compatable? Is just a nice little demo not bullet proof. It also show KSES in a very basic use processing forms lol.
I believe all the major bugs are out of the basic functions and authentification is a little crude but I think very effective. Some error messages should be changed ect.. to clean it up for actual use.
Peter |
Last edited by sixonetonoffun on Mon Mar 15, 2004 11:30 pm; edited 2 times in total |
|
|
|
|
sixonetonoffun
Spouse Contemplates Divorce
Joined: Jan 02, 2003
Posts: 2499
|
| Posted:
Tue Mar 09, 2004 4:13 pm |
|
Got around setting an email cookie by adding this code maybe explode()chop() would be better?
| Code: |
list($user_email, $trash) = explode("::", $hash);
$email = $user_email;
|
to verify just above
$check2 = $hash;
At the beginning. This works slick because $hash is the users email address and $trash adds a unique string to the session and cookie. $trash is the $email (user email) $passwd (encrypted) using $password (encrypted as Salt) none of which can be decoded even if someone could split it down without the original Salt in this example $sitekey. |
|
|
|
|
|
Rikk03
Worker
Joined: Feb 16, 2004
Posts: 164
|
| Posted:
Tue Mar 09, 2004 5:42 pm |
|
I know just the thing to test this on...........interesting..........thanks for the Encrypt 101 |
|
|
|
|
|
sixonetonoffun
Spouse Contemplates Divorce
Joined: Jan 02, 2003
Posts: 2499
|
| Posted:
Tue Mar 09, 2004 7:25 pm |
|
lol ya just just be sure to add something to the salt thats unique to the user I used email and it works fine. Comes out like this the same password from 3 different users.
�s7YkԌbOVpa
�^G��$�
!lu.�.r�}Ϻ
Now thats also so my password here so ... if someone cracks that 
The egg is on my face. |
|
|
|
|
|
sixonetonoffun
Spouse Contemplates Divorce
Joined: Jan 02, 2003
Posts: 2499
|
| Posted:
Mon Mar 15, 2004 11:35 pm |
|
Bounce fixed issues/errors and packed up a simple demo see above post sua.zip
If any huge bugs let me know. I'm just about ready to try something like this on a site. |
|
|
|
|
|
|
|
|
|
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
