Of Stack

PHP encrypts and decrypts internal algorithms

  • 2020-03-31 20:35:32
  • OfStack

Package them into a file called fun.php 

 
<?php 
function passport_encrypt($txt, $key) { 
srand((double)microtime() * 1000000); 
$encrypt_key = md5(rand(0, 32000)); 
$ctr = 0; 
$tmp = ''; 
for($i = 0;$i < strlen($txt); $i++) { 
$ctr = $ctr == strlen($encrypt_key) ? 0 : $ctr; 
$tmp .= $encrypt_key[$ctr].($txt[$i] ^ $encrypt_key[$ctr++]); 
} 
return base64_encode(passport_key($tmp, $key)); 
} 

function passport_decrypt($txt, $key) { 
$txt = passport_key(base64_decode($txt), $key); 
$tmp = ''; 
for($i = 0;$i < strlen($txt); $i++) { 
$md5 = $txt[$i]; 
$tmp .= $txt[++$i] ^ $md5; 
} 
return $tmp; 
} 

function passport_key($txt, $encrypt_key) { 
$encrypt_key = md5($encrypt_key); 
$ctr = 0; 
$tmp = ''; 
for($i = 0; $i < strlen($txt); $i++) { 
$ctr = $ctr == strlen($encrypt_key) ? 0 : $ctr; 
$tmp .= $txt[$i] ^ $encrypt_key[$ctr++]; 
} 
return $tmp; 
} 
?>


Here are some examples to deepen your understanding of these three encryption and decryption functions 
 
//string.php 
<?php 
include  " fun.php " ; 

$txt =  " This is a test " ; 
$key =  " testkey " ; 
$encrypt = passport_encrypt($txt,$key); 
$decrypt = passport_decrypt($encrypt,$key); 

echo $txt. " <br><hr> " ; 
echo $encrypt. " <br><hr> " ; 
echo $decrypt. " <br><hr> " ; 
?> 

//array.php 
<?php 
include  " fun.php " ; 

$array = array( 
"a" => "1", 
"b" => "2", 
"c" => "3", 
"d" => "4" 
); 
//Serialize generates a storable value, returns a string, and unserialize restores
$txt = serialize($array); 
$key =  " testkey " ; 
$encrypt = passport_encrypt($txt,$key); 
$decrypt = passport_decrypt($encrypt,$key); 
$decryptArray = unserialize($decrypt); 

echo $txt. " <br><hr> " ; 
echo $encrypt. " <br><hr> " ; 
echo $decrypt. " <br><hr> " ; 
echo $decryptArray. " <br><hr> " ; 
?>


Key place to when you want to jump to another site, but also to ensure that your session and correct, you need to do a session. As a company have a website and have a BBS, two places have registered and logged in, but don't want to let the user login page jump to the BBS session after failure, namely login once was running full company

So how do you handle the user's session

Web pages are stateless, if you want to continue to use the session in the new web page, you need to put the session move from one place to another place, some people might have thought of, I can through the url address to invoke it. A treatment session and PHP variables, called $_SESSION. So will need to register the session into an array. So, you can write like this: 
 
//login.php 
<?php 
session_start(); 
include  " fun.php " ; 
$_SESSION[ " userid " ]; 
$_SESSION[ " username " ]; 
$_SESSION[ " userpwd " ]; 

header("Location: http://$domain/process.php?s=".urlencode(passport_encrypt(serialize($_SESSION),"sessionkey"))); 
?>

In the above example, we first used serialize to turn $_SESSION into storable data, and then encrypted this data by using passport_encrypt. The reason for adding urlencode was that $_SESSION encryption might generate unexpected encoding, so just in case (it proved to be very effective).

To deal with the first 
 
//process.php 
<?php 
session_start(); 
include  " fun.php " ; 
$_SESSION=unserialize(passport_decrypt($_GET["s"],"sessionkey")); 
header("Location: http://$domain/index.php"); 
?>


Get the URL parameter with $_GET[" s "], decrypt it with passport_decrypt, and unserialize the data back to the original data. At this stage, your page can jump through headers.

This method also involves security problems, if your url address in the address in the process of being obtained, that is really embarrassed although people may not be able to crack the url inside the content, but the somebody else also can use this url to login directly some of your personal accounts, email accounts, even a bank account (of course, very few people can write, I, ha ha) sounds good. But you can do to cancel the session on the jump page.

Here is the enhanced version of process.php 
 
<?php 
session_start(); 
include_once "fun.php"; 
$_SESSION=unserialize(passport_decrypt($_GET["s"],"sessionkey")); 
if((time()-$_SESSION["TIME"])>30){ 
header("Location: http://$domain/ login.php"); 
unset($_SESSION["USERNAME"]); 
unset($_SESSION["PASSWORD"]); 
} 
else 
header("Location: http://$domain/ index.php"); 
?>


Before you can write this file, you'll need to set it up on the login side

The $_SESSION (" TIME ") = TIME ();


Settings on both sides of the main reason is the acquisition of the time, if a jump of more than 30 seconds, you can let it jump to the login. The PHP login page, slow network client will be sorry but it has also prevented if this url was obtained, and the man did not login within 30 seconds, then embarrassed, timeout to login again.

$_SESSION (" USERNAME ") and $_SESSION (" PASSWORD ") the two things that need to input when a user logs in the user name and PASSWORD. Cancel this two session of the reasons is because if your url is obtained, while the man jump in more than 30 seconds to loign. The PHP page, but the coming session is still effective, as long as the login url suffixes. PHP instead of index. The PHP. He same login successfully.

Related articles: