The problem is sending the password in plain text to the remote sites. The other problem is the remote sites will have their passwords stored in different formats (plain text, md5, sha, etc).
So, I need to send the password encrypted and provide a function in the remote script to decrypt the password into plain text so the remote script can then hash it appropriately to match the format it is stored in in the remote database.
Not all servers will have mcrypt extension enabled, so that is ruled out.
The only solution I can think of is creating a custom encrypt and decrypt function. Is this correct?
The solution does not need to be super strong, but strong enough that it is not very easily reversible (like base64 encode/decode).
Here's my crappy start that is laughworthy:
Code: Select all
function encrypt($pw, $key)
{
$strlen = strlen($pw);
$padded = str_pad($pw, 255, 'x', STR_PAD_RIGHT);
$i = 0;
$j = 0;
$out = '';
foreach ((array) $key AS $keychar)
{
foreach ((array) $padded AS $paddedchar)
{
echo $keychar;
echo $paddedchar;
exit;
if (($paddedchar[$j] % 5) == 0)
{
$out .= $keychar[$i] . $paddedchar[$j];
} else
{
$out .= $paddedchar[$j];
}
$j++;
}
$i++;
}
echo $out;
}