PHP token Token improved version_PHP tutorial

It is precisely because of the use of base64 that there is a problem when sending this token through the GET method.
For example: http://test/test.php?a=1+2
You use $_GET["a"] to get: 1 2, that is, the plus sign is gone. At first I used urlencode to convert it, but there were always one or two results that were unexpected.

Then I thought about it, the characters of base64 are limited to: [A-Za-z0-9+/=] There are so many, the plus sign is a problem, so I changed the plus sign to a symbol that does not cause the problem, underline is the best choice. The following is the modified code:

GEncrypt.inc.php

Copy the code The code is as follows:

class GEncrypt {
protected static function keyED($txt, $encrypt_key) {
$encrypt_key = md5 ($encrypt_key);
$ctr = 0;
$tmp = "";
for($i = 0; $i < strlen ( $txt ); $i ++) {
if ($ctr == strlen ( $encrypt_key ))
$ctr = 0;
$tmp .= substr ( $txt, $i, 1 ) ^ substr ( $encrypt_key, $ctr, 1 );
$ctr ++;
}
return $tmp ;
}

public static function encrypt($txt, $key) {
$encrypt_key = md5 ( (( float ) date ( "YmdHis" ) + rand ( 10000000000000000, 99999999 999999999 )). rand ( 100000, 999999 ) );
$ctr = 0;
$tmp = "";
for($i = 0; $i < strlen ( $txt ); $i ++) {
if ($ctr == strlen ( $encrypt_key ))
$ctr = 0;
$tmp .= substr ( $encrypt_key, $ctr, 1) . (substr ( $txt, $i , 1 ) ^ substr ( $encrypt_key, $ctr, 1 ));
$ctr ++;
}
return ( preg_replace("/\+/s","_", base64_encode ( self ::keyED ( $tmp, $key ) ) ));
}
//base64 [A-Za-z0-9+/=]
public static function decrypt($txt, $key) {
if($txt == ""){ return false;}
//echo preg_replace("/_/s","+",$txt);
$txt = self:: keyED (base64_decode ( preg_replace("/_/s","+", $txt) ), $key );
$tmp = "";
for($i = 0; $i < strlen ( $txt ); $i ++) {
$md5 = substr ( $txt, $i, 1);
$i ++;
$tmp .= (substr ( $txt, $ i, 1 ) ^ $md5);
}
return $tmp;
}
}

?>

GToken.inc. php

Copy code The code is as follows:

/**
* Principle: When requesting to allocate a token, find a way to allocate a unique token, base64( time + rand + action)
* If submitted, record this token to indicate that this token has been used and can be used accordingly It is used to avoid duplicate submissions.
*
*/ 
class GToken { 

 /**
* Get all current tokens
*
* @return array
*/ 
 public static function getTokens(){ 
  $tokens = $_SESSION[GConfig::SSN_KEY_TOKEN ]; 
  if (empty($tokens) && !is_array($tokens)) { 
   $tokens = array(); 
  } 
  return $tokens; 
 } 

 /**
* Generate a new Token
*
* @param string $formName
* @param Encryption key $key
* @return string
*/ 

 public static function newToken($formName,$key = GConfig::ENCRYPT_KEY ){ 
  $token = GEncrypt::encrypt($formName.session_id(),$key); 
  return $token; 
 } 

 /**
* Deleting a token actually adds an element to an array in the session, indicating that the token has been used before to avoid repeated submission of data.
*
* @param string $token
*/ 
 public static function dropToken($token){ 
  $tokens = self::getTokens(); 
  $tokens[] = $token; 
  GSession::set(GConfig::SESSION_KEY_TOKEN ,$tokens); 
 } 

 /**
* Check whether it is the specified Token
*
* @param string $token The token value to be checked
* @param string $formName
* @param boolean $fromCheck Whether to check the source , if true, it will be judged whether the session_id attached to the token is the same as the current session_id.
* @param string $key encryption key
* @return boolean
*/ 

 public static function isToken($token,$formName,$fromCheck = false,$key = GConfig::ENCRYPT_KEY){ 
  if(empty($token)) return false; 

  $tokens = self::getTokens(); 

  if (in_array($token,$tokens)) //如果存在，说明是以使用过的token 
   return false; 

  $source = GEncrypt::decrypt($token,$key); 

  if($fromCheck) 
   return $source == $formName.session_id(); 
  else{ 
   return strpos($source,$formName) === 0; 
  } 
 } 

 public static function getTokenKey($token,$key = GConfig::ENCRYPT_KEY){ 
  if($token == null || trim($token) == "") return false; 
  $source = GEncrypt::decrypt($token,$key); 
  return $source != "" ? str_replace(session_id(),"",$source) : false; 
 } 

 public function newTokenForSmarty($params){ 
  $form = null; 
  extract($params); 
  return self::newToken($form); 
 } 
} 
?> 

http://www.bkjia.com/PHPjc/319205.htmlwww.bkjia.comtruehttp://www.bkjia.com/PHPjc/319205.htmlTechArticle正是由于使用了base64，所以在把这个令牌通过GET方法发送的时候，出现了问题。 比如：http://test/test.php?a=1+2 你用$_GET["a"]取得是：12，即那个...