Checksumming Strings
Using crypt() with strings is similar to creating a checksum of something: It can be easily determined whether a string matches the checksum; however, it is not (easily) possible to re-create the original string from the checksum.
Checking Logins Using SHA1 and MD5 Hashes (checksum.php)
<?php
$pass = (isset($_GET['pass'])) ? $_GET['pass'] :
'';
$md5pass = '6958b43cb096e036f872d65d6a4dc01b';
$sha1pass = '61c2feed11e0e53eb8e295ab8da78150be12
f301';
if (sha1($pass) === $sha1pass) {
echo 'Login successful.';
} else {
echo 'Login failed.';
}
// Alternatively, using MD5:
// if (md5($pass) === $md5pass) {
// echo 'Login successful.';
// } else {
// echo 'Login failed.';
// }
?>
Two algorithms whose purpose is to do exactly this checksumming are Secure Hash Algorithm 1 (SHA1) and Message Digest Algorithm 5 (MD5). They create such a checksum, or hash. The main difference between these two algorithms and the one used in DES/crypt() is: The SHA1 or MD5 checksum of a string is always the same, so it is very easy to verify data. As Figure 1.2 shows, even the PHP distributions have a MD5 checksum mentioned on the website to validate the downloads.
Again, the goal is to validate a password the user provides using GET. The correct password is, once again, 'TopSecret' with the following hashes:
|
When calculating the MD5 or SHA1 hash of a file, no call to file_get_contents() or other file functions is required; PHP offers two functions that calculate the hashes of a file (and takes care of opening and reading in the file data):
|
| 
