rsa - openssl_private_decrypt does not take effect in typecho Login.php
漂亮男人
漂亮男人 2017-05-16 13:14:27
0
1
5176

I basically don’t know PHP and only know Java. I want to add rsa encryption when submitting the form in typecho. The front-end encryption is no problem, but after the data is sent to the background, openssl_private_decrypt will not take effect and will not be decrypted. I run it in a separate demo. There is no problem at all. Part of the Login.php code (after modification) is as follows:

<?php
if (!defined('__TYPECHO_ROOT_DIR__')) exit;
/**
 * 登录动作
 *
 * @category typecho
 * @package Widget
 * @copyright Copyright (c) 2008 Typecho team (http://www.typecho.org)
 * @license GNU General Public License 2.0
 * @version $Id$
 */

/**
 * 登录组件
 *
 * @category typecho
 * @package Widget
 * @copyright Copyright (c) 2008 Typecho team (http://www.typecho.org)
 * @license GNU General Public License 2.0
 */
class Widget_Login extends Widget_Abstract_Users implements Widget_Interface_Do
{
    /**
     * 初始化函数
     *
     * @access public
     * @return void
     */
    public function action()
    {
        // protect
        $this->security->protect();

        /** 如果已经登录 */
        if ($this->user->hasLogin()) {
            /** 直接返回 */
            $this->response->redirect($this->options->index);
        }

        /** 初始化验证类 */
        $validator = new Typecho_Validate();
        $validator->addRule('name', 'required', _t('请输入用户名'));
        $validator->addRule('password', 'required', _t('请输入密码'));

        /** 截获验证异常 */
        if ($error = $validator->run($this->request->from('name', 'password'))) {
            Typecho_Cookie::set('__typecho_remember_name', $this->request->name);

            /** 设置提示信息 */
            $this->widget('Widget_Notice')->set($error);
            $this->response->goBack();
        }

        /** 解密账户密码 **/
        $OriginalName = $this->request->name;
        $OriginalPassword = $this->request->password;
        
        // 私钥是放在服务器端的,用以验证和解密客户端经过公钥加密后的信息
        $private_key = '-----BEGIN RSA PRIVATE KEY-----
        (密匙内容)
        -----END RSA PRIVATE KEY-----';
 
        
         
        $pi_key =  openssl_pkey_get_private($private_key);//这个函数可用来判断私钥是否是可用的,可用返回资源id Resource id  
        //$pu_key = openssl_pkey_get_public($public_key);//这个函数可用来判断公钥是否是可用的  
        $decryptName = "";
        $decryptPassword = "";
        openssl_private_decrypt(base64_decode(base64_encode($OriginalName)),$decryptName,$pi_key);//私钥解密  
        openssl_private_decrypt(base64_decode($OriginalPassword),$decryptPassword,$pi_key);//私钥解密  

The username and password are available and have been verified. In the demo, the decrypted string is decrypted normally in the demo's PHP, but the general code does not take effect when moved to typecho. What is the reason for this and how to solve it.
Running environment: Tried both in win environment and virtual machine centos lnmp. Tried php 5.6-7.

Off topic: Although basically no one will hack my blog, and replay can’t be stopped, it’s just a toss-up.

漂亮男人
漂亮男人

reply all(1)
曾经蜡笔没有小新

It's $private_key's problem. When pasting, I also pasted the space information in front of it. After re-doing it, it can be decrypted normally.

Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template