First, answering the question. Yes, it is possible, if the input value is equal to the value in the database before being encrypted.
Encrypting the input value and comparing it with the existing value gives the same return.
function senha($arg){
$md5 = md5($arg, true);
return substr($md5, 0, 22);
}
print senha('1234');
print "<br/>";
print senha('1234');
$senha_armazenada = senha('1234');
if($senha_armazenada === senha('1234')){
print "senha confere";
} else {
print "senha nao confere";
}
However cryptographic functions such as md5, sha1
and so on are considered unsuitable for tasks like these because they are "easy" to break. Although they seem indestructible, there is tremendous processing power and immense techniques to get the true value of this hash.
To create% secure%, there are currently 2 important factors to take into account:
- The cost (time the computer will take to generate this hash).
- The salt (a unique increment, which makes hashes unique to each case).
hash
has native functions to create, check secure hashes, without much effort. For older versions PHP >= 5.5.0
, there are ways to get the same result, also explained #
Instead of using PHP < 5.5.0
, you can use the native functions of md5
to create something more secure.
<?php
header("Contet-Type: text/html; charset=utf-8;");
$usuarios = array(
0 => array(
'id'=>1,
'nome'=>'Edilson',
'hash'=>'$2y$10$i260FJQg7VgsNjXl6s9Mje9aqXUGbfa9L/c8bA2NOUHyDVoyJoyQu'
),
1 => array(
'id'=>1,
'nome'=>'Samuel',
'hash'=>'$2y$10$r1wD4rLLgB1jm6ExF.Em5eyKXdK4Wn8f6z.G9fsxmc3xXay4.pI/O'
)
);
function logar($usuario, $senha){
global $usuarios;
foreach($usuarios as $key=>$set){
if(in_array($usuario, $set)){
if(password_verify($senha, $set['hash'])){
return true;
}
}
}
return false;
}
function cadastrar($usuario, $senha){
global $usuarios;
if(!empty($usuario) && !empty($senha)){
$hash = password_hash($senha, PASSWORD_BCRYPT);
$id = mt_rand(3,50);
if(array_push($usuarios, array('id'=>$id, 'nome'=>$usuario, 'hash'=>$hash))){
return true;
}
}
return false;
}
//var_dump(cadastrar('Edilson','password')); # (true/cadastrado)
var_dump(logar('Edilson', 'password')); # (true/logado)
var_dump(logar('Samuel', '1234')); # (true/logado)print_r($usuarios);
?>
Here, for example, the PHP >= 5.5.0
variable functions as a table in the database, and when the $usuarios
function is called, it looks in that array, the corresponding hash, and compares, through logado
which returns true if both are equal, or false if the comparison fails.
Recommended: