将它们打包成一个文件就叫fun.php吧
复制代码 代码如下:
function passport_encrypt($txt, $key) {
srand((double)microtime() * 1000000);
$encrypt_key = md5(rand(0, 32000));
$ctr = 0;
$tmp = '';
for($i = 0;$i < strlen($txt); $i++) {
$ctr = $ctr == strlen($encrypt_key) ? 0 : $ctr;
$tmp .= $encrypt_key[$ctr].($txt[$i] ^ $encrypt_key[$ctr++]);
}
return base64_encode(passport_key($tmp, $key));
}
function passport_decrypt($txt, $key) {
$txt = passport_key(base64_decode($txt), $key);
$tmp = '';
for($i = 0;$i < strlen($txt); $i++) {
$md5 = $txt[$i];
$tmp .= $txt[++$i] ^ $md5;
}
return $tmp;
}
function passport_key($txt, $encrypt_key) {
$encrypt_key = md5($encrypt_key);
$ctr = 0;
$tmp = '';
for($i = 0; $i < strlen($txt); $i++) {
$ctr = $ctr == strlen($encrypt_key) ? 0 : $ctr;
$tmp .= $txt[$i] ^ $encrypt_key[$ctr++];
}
return $tmp;
}
?>
以下是一些示例加深对这三个加密解密函数的理解
复制代码 代码如下:
//string.php
include “fun.php”;
$txt = “This is a test”;
$key = “testkey”;
$encrypt = passport_encrypt($txt,$key);
$decrypt = passport_decrypt($encrypt,$key);
echo $txt.”
”;
echo $encrypt.”
”;
echo $decrypt.”
”;
?>
//array.php
include “fun.php”;
$array = array(
"a" => "1",
"b" => "2",
"c" => "3",
"d" => "4"
);
//serialize产生一个可存储的值,返回一个字符串,unserialize还原
$txt = serialize($array);
$key = “testkey”;
$encrypt = passport_encrypt($txt,$key);
$decrypt = passport_decrypt($encrypt,$key);
$decryptArray = unserialize($decrypt);
echo $txt.”
”;
echo $encrypt.”
”;
echo $decrypt.”
”;
echo $decryptArray.”
”;
?>
关键的地方来了当你要跳转到另外一个网址,但又要保证你的session无误的时候,你需要对session作一个处理.貌似一个公司有一个网站又有一个论坛,两个地方都有注册和登录,但又不想让用户在主页登录后跳转到论坛的时候session失效,即是登录一次跑完整间公司
那要怎样来处理用户的session呢
网页都是无状态的,如果要在新的网页中继续使用session,则需要把session从一个地方移到另一个地方,可能有些人已经想到了,我可以通过url传址的方式来调用它.而PHP有个处理session的变量,叫$_SESSION.于是将需要注册的session转换成一个数组吧.那么,你可以这样写:
复制代码 代码如下:
//login.php
session_start();
include “fun.php”;
$_SESSION[“userid”];
$_SESSION[“username”];
$_SESSION[“userpwd”];
header("Location: http://$domain/process.php?s=".urlencode(passport_encrypt(serialize($_SESSION),"sessionkey")));
?>
上例中先用serialize将$_SESSION变成可存储的数据,然后通过passport_encrypt将这个数据加密,加urlencode的原因是因为$_SESSION加密时,有可能会产生像料想不到的编码,所以以防万一(事实证明非常有效)
处理下先
复制代码 代码如下:
//process.php
session_start();
include “fun.php”;
$_SESSION=unserialize(passport_decrypt($_GET["s"],"sessionkey"));
header("Location: http://$domain/index.php");
?>
First use $_GET["s"] to get the parameters of the URL, then use passport_decrypt to decrypt it, and then use unserialize to restore the data to the original data. At this step of processing, your web page may pass the header Jump freely.
This method also involves security issues. If your url address is obtained by others during the address transmission process, it would be really embarrassing. Although they may not be able to decipher the content in the url. , but people can also directly use this URL address to log in to some of your personal accounts, email accounts, and even bank accounts (of course, few people will write like this, I am an exception, haha). It sounds scary. But in fact, you can jump Transfer the page to cancel the session.
The following is the enhanced version of process.php
Copy the code The code is as follows:
session_start();
include_once "fun.php";
$_SESSION=unserialize(passport_decrypt($_GET["s"],"sessionkey"));
if((time()-$_SESSION["TIME"])>30){
header("Location: http://$domain/ login.php");
unset($_SESSION[ "USERNAME"]);
unset($_SESSION["PASSWORD"]);
}
else
header("Location: http://$domain/ index.php");
?>
Before writing this file, you also need to set it on the login side
$_SESSION["TIME"] = time();
The reason for setting this is mainly to get the time on both sides. If the jump takes more than 30 seconds, you can let it jump to the login.php login page. Customers with slow network speeds will not Sorry, but this also prevents if this URL is obtained by someone, and the person does not log in within 30 seconds, then sorry, log in again after timeout.
$_SESSION["USERNAME"] and $_SESSION["PASSWORD"] These two things are the user name and password that the user needs to enter when logging in. The reason for canceling these two sessions is because if your URL is obtained by someone, even if that person is in more than 30 seconds Jump to the login.php page, but the sessions passed are still valid. As long as the url suffix login.php is changed to index.php, he will still log in successfully.
http://www.bkjia.com/PHPjc/321723.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/321723.htmlTechArticlePack them into a file and call it fun.php. Copy the code as follows: ?php function passport_encrypt($txt , $key) { srand((double)microtime() * 1000000); $encrypt_key = md5(rand...