php can check the user's ID to determine whether the user is logged in, but this ID can be modified. After modification, all the modified user information can be obtained, so we need to encrypt the value. Let's follow the editor to see how to use Aes for encryption.
In the project, especially on the PC side, after the user logs in, we will return an identification to the front end to determine whether the user is logged in. Most of this identification is the user id.
But there is a big drawback here, that is, this value can be modified. If I modify this value, I can get all the information of the modified user. It’s scary, right? !
Then let’s use aes for encryption today
<?php namespace app\api\controller; /** * aes 加密 解密类库 * Class Aes * @package app\common\lib */ class Aes { private $key = null; /** * * @param $key 密钥 * @return String */ public function __construct() { // 需要小伙伴在配置文件app.php中定义aeskey $this->key = '1234567891112121'; } /** * 加密 * @param String input 加密的字符串 * @param String key 解密的key * @return HexString */ public function encrypt($input = '') { $size = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB); $input = $this->pkcs5_pad($input, $size); $td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_ECB, ''); $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND); mcrypt_generic_init($td, $this->key, $iv); $data = mcrypt_generic($td, $input); mcrypt_generic_deinit($td); mcrypt_module_close($td); $data = base64_encode($data); return $data; } /** * 填充方式 pkcs5 * @param String text 原始字符串 * @param String blocksize 加密长度 * @return String */ private function pkcs5_pad($text, $blocksize) { $pad = $blocksize - (strlen($text) % $blocksize); return $text . str_repeat(chr($pad), $pad); } /** * 解密 * @param String input 解密的字符串 * @param String key 解密的key * @return String */ public function decrypt($sStr) { $decrypted= mcrypt_decrypt(MCRYPT_RIJNDAEL_128,$this->key,base64_decode($sStr), MCRYPT_MODE_ECB); $dec_s = strlen($decrypted); $padding = ord($decrypted[$dec_s-1]); $decrypted = substr($decrypted, 0, -$padding); return $decrypted; } }
This is an aes tool class. Note that this value needs to be modified by ourselves, and it is 16 bits, so that our user will return the ID to the front end when logging in.
First introduce it in the controller
’s ‐ to ’s ’ ’s ’
---- first introduced in the controller
# and then instantiate it
After the user successfully logs in, we encrypt this value and return it to the front end
u_id is the encrypted value
Comment file. These two methods are uniformly processed by the parameters, so let me judge here. Any interface with user IDs Just decrypt it
Recommended learning: ###php video tutorial######The above is the detailed content of How to use Aes for encryption in php. For more information, please follow other related articles on the PHP Chinese website!