PHP token Token improved version
It is precisely because of the use of base64 that there is a problem when sending this token through the GET method.
For example: http://test/test.php?a=1+2
You use $_GET["a"] to get: 1 2, that is, the plus sign is gone. At first I used urlencode to convert it, but there were always one or two results that were unexpected.
Later I thought about the base64 characters are limited to: [A-Za-z0-9+/=] There are so many, the plus sign is a problem, so I changed the plus sign to a symbol that does not cause the problem, the underscore is the best choose. The following is the modified code:
GEncrypt.inc.php
The code is as follows:
class GEncrypt {
protected static function keyED($txt, $encrypt_key) {
$encrypt_key = md5 ( $encrypt_key );
$ctr = 0;
$tmp = "";
for($i = 0; $i < strlen ( $txt ); $i ++) {
if ($ctr == strlen ( $encrypt_key ))
$ctr = 0;
$tmp .= substr ( $txt, $i, 1 ) ^ substr ( $encrypt_key, $ctr, 1 );
$ctr ++;
}
return $tmp;
}
public static function encrypt($txt, $key) {
$encrypt_key = md5 ( (( float ) date ( "YmdHis" ) + rand ( 10000000000000000, 99999999999999999 )) . rand ( 100000, 999999 ) );
$ctr = 0;
$tmp = "";
for($i = 0; $i < strlen ( $txt ); $i ++) {
if ($ctr == strlen ( $encrypt_key ))
$ctr = 0;
$tmp .= substr ( $encrypt_key, $ctr, 1 ) . (substr ( $txt, $i, 1 ) ^ substr ( $encrypt_key, $ctr, 1 ));
$ctr ++ ;
}
return ( preg_replace("/\+/s","_", base64_encode ( self::keyED ( $tmp, $key ) ) ));
}
//base64 [A-Za-z0- 9+/=]
public static function decrypt($txt, $key) {
if($txt == ""){ return false;}
//echo preg_replace("/_/s","+", $txt);
$txt = self::keyED (base64_decode ( preg_replace("/_/s","+", $txt) ), $key );
$tmp = "";
for($i = 0; $i < strlen ( $txt ); $i ++) {
$md5 = substr ( $txt, $i, 1 );
$i ++;
$tmp .= (substr ( $txt, $i, 1 ) ^ $md5);
}
return $tmp;
}
}
?>
GToken.inc.php
The code is as follows:
/**
* Principle: When requesting to allocate a token, find a way to allocate a unique token, base64( time + rand + action)
* If submitted, record this token, indicating that this token has been used before, and you can follow it to avoid duplication submit.
*
*/
class GToken {
/**
* Get all current tokens
*
* @return array
*/
public static function getTokens(){
$tokens = $_SESSION[GConfig::SSN_KEY_TOKEN ];
if (empty($tokens) && !is_array($tokens)) {
$tokens = array();
}
return $tokens;
}
/**
* Generate a new Token
*
* @param string $formName
* @param Encryption key $key
* @return string
*/
public static function newToken($formName,$key = GConfig::ENCRYPT_KEY ){
$token = GEncrypt::encrypt($formName.session_id(),$key);
return $token;
}
/**
* Deleting a token actually adds an element to an array in the session, indicating that the token has been used before to avoid repeated submission of data.
*
* @param string $token
*/
public static function dropToken($token){
$tokens = self::getTokens();
$tokens[] = $token;
GSession::set(GConfig::SESSION_KEY_TOKEN ,$tokens);
}
/**
* Check whether it is the specified Token
*
* @param string $token The token value to be checked
* @param string $formName
* @param boolean $fromCheck Whether to check the source, if it is true, it will be judged that the token is appended Whether the session_id is the same as the current session_id.
* @param string $key encryption key
* @return boolean
*/
public static function isToken($token,$formName,$fromCheck = false,$key = GConfig::ENCRYPT_KEY){
if(empty($token)) return false;
$tokens = self::getTokens();
if (in_array($token,$tokens)) //如果存在,说明是以使用过的token
return false;
$source = GEncrypt::decrypt($token,$key);
if($fromCheck)
return $source == $formName.session_id();
else{
return strpos($source,$formName) === 0;
}
}
public static function getTokenKey($token,$key = GConfig::ENCRYPT_KEY){
if($token == null || trim($token) == "") return false;
$source = GEncrypt::decrypt($token,$key);
return $source != "" ? str_replace(session_id(),"",$source) : false;
}
public function newTokenForSmarty($params){
$form = null;
extract($params);
return self::newToken($form);
}
}
?>
以上就是PHP令牌 Token改进版的代码实例,希望可以帮助到大家,更多相关内容请关注PHP中文网(www.php.cn)!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to solve the problem of invalid login token
Sep 14, 2023 am 10:57 AM
The problem of invalid login token can be solved by checking the network connection, checking the token validity period, clearing cache and cookies, checking login status, contacting the application developer and strengthening account security. Detailed introduction: 1. Check the network connection, reconnect to the network or change the network environment; 2. Check the token validity period, obtain a new token, or contact the developer of the application; 3. Clear cache and cookies, clear browser cache and Cookie, and then log in to the application again; 4. Check the login status.
What to do if the login token is invalid
Sep 14, 2023 am 11:33 AM
Solutions to invalid login token include checking whether the Token has expired, checking whether the Token is correct, checking whether the Token has been tampered with, checking whether the Token matches the user, clearing the cache or cookies, checking the network connection and server status, logging in again or requesting a new Token. Contact technical support or developers, etc. Detailed introduction: 1. Check whether the Token has expired. The login Token usually has a validity period set. Once the validity period exceeds, it will be considered invalid, etc.
Analysis of secure JWT token generation and verification technology in PHP
Jul 01, 2023 pm 06:06 PM
Analysis of Secure JWT Token Generation and Verification Technology in PHP With the development of network applications, user authentication and authorization are becoming more and more important. JsonWebToken (JWT) is an open standard (RFC7519) for securely transmitting information in web applications. In PHP development, it has become a common practice to use JWT tokens for user authentication and authorization. This article will introduce secure JWT token generation and verification technology in PHP. 1. Basic knowledge of JWT in understanding how to generate and
How Vue3+Vite uses dual tokens to achieve senseless refresh
May 10, 2023 pm 01:10 PM
1. Token login authentication jwt: JSONWebToken. It is an authentication protocol that is generally used to verify the requested identity information and identity permissions. Composed of three parts: Header, Hayload, Signatureheader: that is, the header information, which is the basic information describing this token, json format {"alg":"HS256", //indicates the signature algorithm, the default is HMACSHA256 (written as HS256) "type":"JWT"//Indicates the type of Token. JWT tokens are uniformly written as JWT}pa
How to solve the problem of storing user tokens in Redis
May 31, 2023 am 08:06 AM
Redis stores user tokens. When designing a system similar to e-commerce, a common requirement is that each page needs to carry logged-in user information. There are two common solutions: using cookies to save and using JWT to save. But if Redis cache is used in the system, there is also a third solution - caching the user token in Redis. Generate a token when logging in and store it in Redis //Generate a token object and save it in redis redisTemplate.opsForHash().put("token","user",user)
What does token mean?
Feb 29, 2024 am 10:19 AM
Token is a kind of virtual currency. It is a digital currency used to represent user permissions, record transaction information, and pay virtual currency. Token can be used to conduct transactions on a specific network, it can be used to buy or sell specific virtual currencies, and it can also be used to pay for specific services.
How to solve C++ syntax error: 'expected primary-expression before ':' token'?
Aug 26, 2023 pm 04:06 PM
How to solve C++ syntax error: 'expectedprimary-expressionbefore':'token'? Syntax errors are a common problem in C++ programming. One of the common errors is the "expectedprimary-expressionbefore':'token" error message. This error usually occurs when using conditional expressions and the ternary operator. This article will introduce the cause of this error
Andrew Ng's ChatGPT class went viral: AI gave up writing words backwards, but understood the whole world
Jun 03, 2023 pm 09:27 PM
Unexpectedly, ChatGPT would still make stupid mistakes to this day? Master Ng Enda pointed it out at the latest class: ChatGPT will not reverse words! For example, let it reverse the word lollipop, and the output is pilollol, which is completely confusing. Oh, this is indeed a bit surprising. So much so that after a netizen who listened to the class posted a post on Reddit, it immediately attracted a large number of onlookers, and the post quickly reached 6k views. And this is not an accidental bug. Netizens found that ChatGPT is indeed unable to complete this task, and the results of our personal testing are also the same. △The actual test of ChatGPT (GPT-3.5) and even many products including Bard, Bing, Wen Xinyiyan, etc. does not work. △Actual test Bard△Actual test Wenxinyiyan
