Core tip: Kangsheng's authcode function can be said to have made a significant contribution to China's PHP community. Including Kangsheng's own products, as well as most Chinese companies using PHP, use this function for encryption. Authcode uses XOR operations for encryption and decryption.
Kangsheng’s authcode function can be said to have made a significant contribution to the PHP community in China. Including Kangsheng's own products, as well as most Chinese companies using PHP, use this function for encryption. Authcode uses XOR operations for encryption and decryption.
The principle is as follows, if:
Encryption
Clear text: 1010 1001
Key: 1110 0011
Ciphertext: 0100 1010
The ciphertext is 0100 1010. For decryption, just XOR it with the key
Decryption
Ciphertext: 0100 1010
Key: 1110 0011
Plaintext: 1010 1001
There is no sophisticated algorithm , the key is very important, so the key lies in how to generate the key.
Let’s take a look at how Kangsheng’s authcode is done.
Copy the code The code is as follows:
// Parameter explanation
// $string: plain text or cipher text
// $operation: DECODE means decryption, others means encryption
// $key: secret key
// $expiry: ciphertext validity period
function authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) {
// Dynamic key length, the same plaintext will Generating different ciphertexts relies on dynamic keys.
// Key a will participate in encryption and decryption
$keya = md5(substr($key, 0, 16));
// Key b will be used for data integrity verification
$keyb = md5(substr($key, 16, 16));
// Key c is used to change the generated ciphertext
$keyc = $ckey_length ? ($operation == 'DECODE ' ? substr($string, 0, $ckey_length):
substr(md5(microtime()), -$ckey_length)) : '';
// Key involved in the operation
$cryptkey = $keya.md5($keya.$keyc);
$key_length = strlen($cryptkey);
// Plain text, the first 10 digits are used to save the timestamp, and verify the data validity when decrypting, 10 to 26 The bit is used to save $keyb (key b). This key will be used to verify data integrity during decryption.
// If it is decoding, it will start from the $ckey_length bit because the $ckey_length bit before the ciphertext saves the dynamic Key to ensure correct decryption
$string = $operation == 'DECODE' ? base64_decode(substr($string, $ckey_length)) :
sprintf('%010d', $expiry ? $expiry + time () : 0).substr(md5($string.$keyb), 0, 16).$string;
$string_length = strlen($string);
$result = '';
$ box = range(0, 255);
$rndkey = array();
// Generate key book
for($i = 0; $i <= 255; $i++) {
$rndkey[$i] = ord($cryptkey[$i % $key_length]); In fact, the pair will not increase the strength of the ciphertext.
for($j = $i = 0; $i < 256; $i++) {
$j = ($j + $box[$i] + $rndkey[$i]) % 256; = $tmp; ($a + 1) % 256;
$j = ($j + $box[$a]) % 256; ] = $box[$j]; chr(ord($string[$i]) ^ ($box[($box[$a] + $box[$j]) % 256]));
}
if($operation == 'DECODE') {
// substr($result, 0, 10) == 0 Verify data validity
// substr($result, 0, 10) - time() > 0 Verify data validity
// substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16) Verify data integrity
> 0) &&
substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16)) {
return substr($result, 26);
Production is different The reason why the ciphertext can be decrypted base64_encode($result));
} }
}
http://www.bkjia.com/PHPjc/824910.html
www.bkjia.com
true
http: //www.bkjia.com/PHPjc/824910.htmlTechArticleCore tip: Kangsheng’s authcode function can be said to have made a significant contribution to the Chinese PHP community. Including Kangsheng's own products, as well as most Chinese companies using PHP, use this function...
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
