加密和解密cookie(登录操作)
- WBOYOriginal
- 2016-06-07 11:35:231067Durchsuche
通过加密cookie是网站安全性更高,登录信息不保存在session中
在function.php文件在建立两个函数,加密和解密函数/**<br>
* 加密函数<br>
* @param string $txt 需要加密的字符串<br>
* @param string $key 密钥<br>
* @return string 返回加密结果<br>
*/<br>
function encrypt($txt, $key = ''){<br>
if (empty($txt)) return $txt;<br>
if (empty($key)) $key = md5(MD5_KEY);<br>
$chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.";<br>
$ikey ="-x6g6ZWm2G9g_vr0Bo.pOq3kRIxsZ6rm";<br>
$nh1 = rand(0,64);<br>
$nh2 = rand(0,64);<br>
$nh3 = rand(0,64);<br>
$ch1 = $chars{$nh1};<br>
$ch2 = $chars{$nh2};<br>
$ch3 = $chars{$nh3};<br>
$nhnum = $nh1 + $nh2 + $nh3;<br>
$knum = 0;$i = 0;<br>
while(isset($key{$i})) $knum +=ord($key{$i++});<br>
$mdKey = substr(md5(md5(md5($key.$ch1).$ch2.$ikey).$ch3),$nhnum%8,$knum%8 + 16);<br>
$txt = base64_encode(time().'_'.$txt);<br>
$txt = str_replace(array('+','/','='),array('-','_','.'),$txt);<br>
$tmp = '';<br>
$j=0;$k = 0;<br>
$tlen = strlen($txt);<br>
$klen = strlen($mdKey);<br>
for ($i=0; $i
$k = $k == $klen ? 0 : $k;<br>
$j = ($nhnum+strpos($chars,$txt{$i})+ord($mdKey{$k++}))%64;<br>
$tmp .= $chars{$j};<br>
}<br>
$tmplen = strlen($tmp);<br>
$tmp = substr_replace($tmp,$ch3,$nh2 % ++$tmplen,0);<br>
$tmp = substr_replace($tmp,$ch2,$nh1 % ++$tmplen,0);<br>
$tmp = substr_replace($tmp,$ch1,$knum % ++$tmplen,0);<br>
return $tmp;<br>
}<br>
<br>
/**<br>
* 解密函数<br>
* @param string $txt 需要解密的字符串<br>
* @param string $key 密匙<br>
* @return string 字符串类型的返回结果<br>
*/<br>
function decrypt($txt, $key = '', $ttl = 0){<br>
if (empty($txt)) return $txt;<br>
if (empty($key)) $key = md5(MD5_KEY);<br>
<br>
$chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.";<br>
$ikey ="-x6g6ZWm2G9g_vr0Bo.pOq3kRIxsZ6rm";<br>
$knum = 0;$i = 0;<br>
$tlen = @strlen($txt);<br>
while(isset($key{$i})) $knum +=ord($key{$i++});<br>
$ch1 = @$txt{$knum % $tlen};<br>
$nh1 = strpos($chars,$ch1);<br>
$txt = @substr_replace($txt,'',$knum % $tlen--,1);<br>
$ch2 = @$txt{$nh1 % $tlen};<br>
$nh2 = @strpos($chars,$ch2);<br>
$txt = @substr_replace($txt,'',$nh1 % $tlen--,1);<br>
$ch3 = @$txt{$nh2 % $tlen};<br>
$nh3 = @strpos($chars,$ch3);<br>
$txt = @substr_replace($txt,'',$nh2 % $tlen--,1);<br>
$nhnum = $nh1 + $nh2 + $nh3;<br>
$mdKey = substr(md5(md5(md5($key.$ch1).$ch2.$ikey).$ch3),$nhnum % 8,$knum % 8 + 16);<br>
$tmp = '';<br>
$j=0; $k = 0;<br>
$tlen = @strlen($txt);<br>
$klen = @strlen($mdKey);<br>
for ($i=0; $i
$k = $k == $klen ? 0 : $k;<br>
$j = strpos($chars,$txt{$i})-$nhnum - ord($mdKey{$k++});<br>
while ($j
$tmp .= $chars{$j};<br>
}<br>
$tmp = str_replace(array('-','_','.'),array('+','/','='),$tmp);<br>
$tmp = trim(base64_decode($tmp));<br>
<br>
if (preg_match("/\d{10}_/s",substr($tmp,0,11))){<br>
if ($ttl > 0 && (time() - substr($tmp,0,11) > $ttl)){<br>
$tmp = null;<br>
}else{<br>
$tmp = substr($tmp,11);<br>
}<br>
}<br>
return $tmp;<br>
}后台系统登录页面的操作处理方法 //登录<br>
public function login(){<br>
if(IS_POST){<br>
//验证验证码<br>
if(!$this->checkverify(I('post.captcha'))){<br>
$this->error(L('verify_error'));//L函数方便多语言系统,内容是“验证码错误”<br>
}<br>
$Admin=D('admin');<br>
$res=$Admin->checkLogin(I('post.name'),I('post.pass'));//这里其实就是在model里面通过M('admin')->where(array('admin_name'=>$name,'admin_password'=>$pass))->find();<br>
if(is_array($res) && !empty($res)) {<br>
//admin_name用户名。amdin_id主键。admin_gid是权限组id。admin_is_super是否是超级管理员<br>
$data=array('name'=>$res['admin_name'], 'id'=>$res['admin_id'],'gid'=>$res['admin_gid'],'sp'=>$res['admin_is_super']);<br>
$this->systemSetKey($data);<br>
$this->redirect(U('Index/index'));<br>
}else{<br>
$this->error(L('user_pass_error'));//L函数方便多语言系统,内容是“用户名或密码错误”<br>
}<br>
}else{<br>
$this->display();<br>
}<br>
}<br>
private function systemSetKey($user=''){<br>
if(is_array($user) && !empty($user)){<br>
cookie(COOKIE_PRE.'sys_key',encrypt(serialize($user),MD5_KEY),3600);//这里的COOKIE_PRE是一个常量,你可以在入口文件直接定义个常量。user是一个数据然后序列化成字符串<br>
}<br>
}后台系统首页的验证管理员信息的方法
在基类中写验证<?php <br />
namespace Admin\Controller;<br>
use Think\Controller;<br>
class BaseController extends Controller {<br>
protected $admin_info; //管理员资料 name id group<br>
protected $permission; //权限内容<br>
<br>
public function __construct(){<br>
/**<br>
* 验证用户是否登录<br>
* $admin_info 管理员资料 name id<br>
* id为1 是超级管理员<br>
*/<br>
$this->admin_info = $this->systemLogin();<br>
if ($this->admin_info['id'] != 1){<br>
// 验证权限,这个省略<br>
<br>
}<br>
parent::__construct();<br>
}<br>
<br>
/**<br>
* 系统后台登录验证<br>
*<br>
* @param<br>
* @return array 数组类型的返回结果<br>
*/<br>
protected final function systemLogin(){<br>
//取得cookie内容,解密,和系统匹配<br>
$user = unserialize(decrypt(cookie(COOKIE_PRE.'sys_key'),MD5_KEY));<br>
if (!key_exists('gid',(array)$user) || !isset($user['sp']) || (empty($user['name']) || empty($user['id']))){<br>
$this->redirect(U('Public/login'));<br>
}else {<br>
$this->systemSetKey($user);<br>
}<br>
return $user;<br>
}<br>
/**<br>
* 系统后台 会员登录后 将会员验证内容写入对应cookie中<br>
* @param string $name 用户名<br>
* @param int $id 用户ID<br>
* @return bool 布尔类型的返回结果<br>
*/<br>
protected final function systemSetKey($user){<br>
cookie(COOKIE_PRE.'sys_key',encrypt(serialize($user),MD5_KEY),3600);<br>
}<br>
}
AD:真正免费,域名+虚机+企业邮箱=0元