Home > Backend Development > PHP Tutorial > Principle analysis of PHP encryption function in discuz program

Principle analysis of PHP encryption function in discuz program

WBOY
Release: 2016-07-25 08:59:06
Original
835 people have browsed it
  1. // Parameter explanation

  2. // $string: plain text or cipher text
  3. // $operation: DECODE means decryption, others means encryption
  4. // $key: key
  5. // $expiry: ciphertext validity period
  6. function authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) {
  7. // Dynamic key length, the same plaintext will generate different passwords The article relies on dynamic keys
  8. $ckey_length = 4;

  9. // Key

  10. $key = md5($key ? $key : $GLOBALS['discuz_auth_key']);
  11. // Key a will participate in encryption and decryption

  12. $keya = md5(substr($key, 0, 16));
  13. // Key b will be used for data integrity verification
  14. $keyb = md5(substr($key, 16, 16));
  15. // Key c is used to change the generated ciphertext
  16. $keyc = $ckey_length ? ($operation == 'DECODE' ? substr($string, 0, $ckey_length):
  17.  substr(md5(microtime()), -$ckey_length)) : '';
  18. // The key involved in the operation
  19. $cryptkey = $keya.md5($keya.$keyc);
  20. $key_length = strlen($cryptkey);
  21. // Plain text, the first 10 bits are used to save the timestamp and verify the data validity during decryption. Bits 10 to 26 are used to save $keyb (key b). This key will be used during decryption. Verify data integrity
  22. // If decoding, it will start from the $ckey_length bit, because the dynamic key is stored in the $ckey_length bit before the ciphertext to ensure correct decryption
  23. $string = $operation == 'DECODE' ? base64_decode( substr($string, $ckey_length)) :
  24.   sprintf('%010d', $expiry ? $expiry + time() : 0).substr(md5($string.$keyb), 0, 16).$string;
  25. $string_length = strlen($string);
  26. $result = '';
  27. $box = range(0, 255);
  28. $rndkey = array();
  29. // Generate key book
  30. for($i = 0 ; $i <= 255; $i++) {
  31. $rndkey[$i] = ord($cryptkey[$i % $key_length]);
  32. }
  33. //Use a fixed algorithm to scramble the key book and increase Randomness seems very complicated, but in fact it does not increase the strength of the ciphertext
  34. for($j = $i = 0; $i < 256; $i++) {
  35. $j = ($j + $box[ $i] + $rndkey[$i]) % 256;
  36. $tmp = $box[$i];
  37. $box[$i] = $box[$j];
  38. $box[$j] = $tmp ;
  39. }
  40. // Core encryption and decryption part
  41. for($a = $j = $i = 0; $i < $string_length; $i++) {
  42. $a = ($a + 1) % 256;
  43. $ j = ($j + $box[$a]) % 256;
  44. $tmp = $box[$a];
  45. $box[$a] = $box[$j];
  46. $box[$j] = $tmp;
  47. // Get the key from the key book, perform XOR, and then convert it into characters
  48. $result .= chr(ord($string[$i]) ^ ($box[($box[$a] + $box[$j]) % 256]));
  49. }
  50. if($operation == 'DECODE') {
  51. // substr($result, 0, 10) == 0 Verify data validity
  52. // substr($result, 0, 10) - time() > 0 Verify data validity
  53. // substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16) Verify data integrity
  54. // Verify data validity, please see the format of unencrypted plaintext
  55. if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) &&
  56.  substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16)) {
  57. return substr($result, 26);
  58. } else {
  59. return '';
  60. }
  61. } else {
  62. // Save the dynamic key in the ciphertext. This is why the same plaintext can be decrypted after producing different ciphertexts
  63. // Because the encrypted ciphertext may contain some special characters and may be lost during the copying process, it is encoded with base64
  64. return $keyc.str_replace('=', '', base64_encode($result));
  65. }
  66. } //edit bbs.it-home.org
  67. ?>> . Reminder: The ownership of this function belongs to Kangsheng Chuangxiang and cannot be used freely, haha.

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template