Mungkin selama ini kita tidak pernah memikirkan bagaimana menjaga keamanan informasi halaman login kita khususnya password user agar tidak mudah di attack oleh pihak yang tidak berkepentingan. Mungkin selama ini kita selalu membuat halaman login contoh login.php dan memprosesnya ke file lainnya contoh proses.php untuk melakukan encript password dan sebagainya. Sebenarnya proses yang kita lakukan ini sangatlah berbahaya, sebab para attacker dapat mengambil lalu lintas data yang sedang dikirimkan ke file selanjutnya (proses.php) dengan menggunakan software tertentu seperti wireshark (di linux). Untuk itu, ada lebih baiknya sebelum kita mengirimkan informasi login ke file berikutnya, terlebih dahulu kita melakukan encrypt password pada halaman login kita dan setelah itu baru memprosesnya ke file berikutnya, dan di file ini kita tidak perlu lagi melakukan encrypt password.

Berikut ini akan saya terangkan bagaimana caranya melakukan enkripsi password pada halaman login (login.php) sebelum mengirimkannya ke file berikutnya (proses.php):

1. Buat file encrypt.js


function rotateRight(n,x){return((x>>>n)|(x<<(32-n)));}
function expand(W,j){return(W[j&0x0f]+=sha256_sigma1(W[(j+14)&0x0f])+W[(j+9)&0x0f]+
sha256_sigma0(W[(j+1)&0x0f]));}
var K256=new Array(0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5,0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174,0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da,0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967,0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85,0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,0xd192e819,0xd6990624,0xf40e3585,0x106aa070,0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3,0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2);var ihash,count,buffer;var sha256_hex_digits="0123456789abcdef";function safe_add(x,y)
{var lsw=(x&0xffff)+(y&0xffff);var msw=(x>>16)+(y>>16)+(lsw>>16);return(msw<<16)|(lsw&0xffff);}
function sha256_init(){ihash=new Array(8);count=new Array(2);buffer=new Array(64);count[0]=count[1]=0;ihash[0]=0x6a09e667;ihash[1]=0xbb67ae85;ihash[2]=0x3c6ef372;ihash[3]=0xa54ff53a;ihash[4]=0x510e527f;ihash[5]=0x9b05688c;ihash[6]=0x1f83d9ab;ihash[7]=0x5be0cd19;}
/**/
function sha256_transform(){var a,b,c,d,e,f,g,h,T1,T2;var W=new Array(16);a=ihash[0];b=ihash[1];c=ihash[2];d=ihash[3];e=ihash[4];f=ihash[5];g=ihash[6];h=ihash[7];for(var i=0;i<16;i++)
W[i]=((buffer[(i<<2)+3])|(buffer[(i<<2)+2]<<8)|(buffer[(i<<2)+1]<<16)|(buffer[i<<2]<<24));for(var j=0;j<64;j++){T1=h+sha256_Sigma1(e)+choice(e,f,g)+K256[j];if(j<16)T1+=W[j];else T1+=sha256_expand(W,j);T2=sha256_Sigma0(a)+majority(a,b,c);h=g;g=f;f=e;e=safe_add(d,T1);d=c;c=b;b=a;a=safe_add(T1,T2);}
ihash[0]+=a;ihash[1]+=b;ihash[2]+=c;ihash[3]+=d;ihash[4]+=e;ihash[5]+=f;ihash[6]+=g;ihash[7]+=h;}
function sha256_update(data,inputLen){var i,index,curpos=0;index=((count[0]>>3)&0x3f);var remainder=(inputLen&0x3f);if((count[0]+=(inputLen<<3))<(inputLen<<3))count[1]++;count[1]+=(inputLen>>29);for(i=0;i+63<inputLen;i+=64){for(var j=index;j<64;j++)
buffer[j]=data.charCodeAt(curpos++);sha256_transform();index=0;}
for(var j=0;j<remainder;j++)
buffer[j]=data.charCodeAt(curpos++);}
function sha256_final(){var index=((count[0]>>3)&0x3f);buffer[index++]=0x80;if(index<=56){for(var i=index;i<56;i++)
buffer[i]=0;}else{for(var i=index;i<64;i++)
buffer[i]=0;sha256_transform();for(var i=0;i<56;i++)
buffer[i]=0;}
buffer[56]=(count[1]>>>24)&0xff;buffer[57]=(count[1]>>>16)&0xff;buffer[58]=(count[1]>>>8)&0xff;buffer[59]=count[1]&0xff;buffer[60]=(count[0]>>>24)&0xff;buffer[61]=(count[0]>>>16)&0xff;buffer[62]=(count[0]>>>8)&0xff;buffer[63]=count[0]&0xff;sha256_transform();}
function sha256_encode_bytes(){var j=0;var output=new Array(32);for(var i=0;i<8;i++){output[j++]=((ihash[i]>>>24)&0xff);output[j++]=((ihash[i]>>>16)&0xff);output[j++]=((ihash[i]>>>8)&0xff);output[j++]=(ihash[i]&0xff);}
return output;}
function sha256_encode_hex(){var output=new String();for(var i=0;i<8;i++){for(var j=28;j>=0;j-=4)
output+=sha256_hex_digits.charAt((ihash[i]>>>j)&0x0f);}
return output;}
function sha256_digest(data){sha256_init();sha256_update(data,data.length);sha256_final();return sha256_encode_hex();}
function sha256_self_test()
{return sha256_digest("message digest")=="f7846f55cf23e14eebeab5b4e1550cad5b509e3348fbc4efa3a1413d393cb650";}

2. Buat file login.php


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login</title>
<script type="text/javascript" src="encrypt.js"></script>
</head>

<body>

<form action="proses.php" method="post" name="login">
<table width="359" border="1">
  <tr>
    <td colspan="3" align="center">
	<font color="#800000"><i>www.tanohaceh.com</i></font></td>
  </tr>
  <tr>
    <td width="147">User Id</td>
    <td width="5">:</td>
    <td width="185"><input type="text" name="username" size="31" /></tr>
  <tr>
    <td width="147">Password Encript</td>
    <td width="5">:</td>
    <td width="185"><input type="password" name="passwd" size="31" onkeyup="document.login.passwdasli.value=document.login.passwd.value;" /></td>
  </tr>
  <tr>
    <td width="147">Password Asli</td>
    <td width="5">:</td>
    <td width="185"><input type="text" name="passwdasli" size="31" /></td>
  </tr>
  <tr>
    <td colspan="3" align="center">
	<input type="submit" value="Login" onClick="document.login.passwd.value=sha256_digest(document.login.passwd.value)" />&nbsp;
	<input type="reset" value="Reset" />
	</td>
  </tr>
</table>
</form>
</body>
</html>

3. Buat file proses.php

<?php
// Get User ID from login.php
$id = $_POST['username'];
echo "User ID = $id<br/>";

// Get Password Encrypt from login.php
$passwd_encript = $_POST['passwd'];
echo "Password Encript = $passwd_encript <br/>";

// Get Password Asli from login.php
$passwd_asli = $_POST['passwdasli'];
echo "Password Asli = $passwd_asli<br/>";

// Encrypt Password Asli With SHA-256
$encrypt_passwd_asli = hash('sha256', $passwd_asli);
echo "Encrypt Password Asli = $encrypt_passwd_asli<br/>";

?>
Dapatkan source selengkapnya disini
Share