search
HomeBackend DevelopmentPHP Tutorial深入研究 UCenter API 之 PHP加密与解密

深入研究 UCenter API 之 PHP加密与解密

UCenter API 中的加密解密函数,被称为 php 领域的经典之作,也是康盛公司为 php 做的一大贡献

这个函数,可以通过一个 KEY ,生成动态的密文,并可以再通过这个 KEY 来解

 

  
// $string: 明文 或 密文   
// $operation:DECODE表示解密,其它表示加密   
// $key: 密匙   
// $expiry:密文有效期   
//字符串解密加密   
function authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) {   
     // 动态密匙长度,相同的明文会生成不同密文就是依靠动态密匙   
    $ckey_length = 4;   // 随机密钥长度 取值 0-32;   
                // 加入随机密钥,可以令密文无任何规律,即便是原文和密钥完全相同,加密结果也会每次不同,增大破解难度。   
                // 取值越大,密文变动规律越大,密文变化 = 16 的 $ckey_length 次方   
                // 当此值为 0 时,则不产生随机密钥   
    // 密匙   
    $key = md5($key ? $key : UC_KEY);   
    // 密匙a会参与加解密   
    $keya = md5(substr($key, 0, 16));   
    // 密匙b会用来做数据完整性验证   
    $keyb = md5(substr($key, 16, 16));   
    // 密匙c用于变化生成的密文   
    $keyc = $ckey_length ? ($operation == 'DECODE' ? substr($string, 0, $ckey_length): substr(md5('1303808563'), -$ckey_length)) : '';   
    // 参与运算的密匙   
    $cryptkey = $keya.md5($keya.$keyc);   
 
    $key_length = strlen($cryptkey);   
 
    // 明文,前10位用来保存时间戳,解密时验证数据有效性,10到26位用来保存$keyb(密匙b),解密时会通过这个密匙验证数据完整性   
    // 如果是解码的话,会从第$ckey_length位开始,因为密文前$ckey_length位保存 动态密匙,以保证解密正确   
    $string = $operation == 'DECODE' ? base64_decode(substr($string, $ckey_length)) : sprintf('%010d', $expiry ? $expiry + time() : 0).substr(md5($string.$keyb), 0, 16).$string;   
    $string_length = strlen($string);   
    $result = '';   
    $box = range(0, 255);   
    $rndkey = array();   
    // 产生密匙簿   
    for($i = 0; $i <= 255; $i++) {   
        $rndkey[$i] = ord($cryptkey[$i % $key_length]);   
     }   
     // 用固定的算法,打乱密匙簿,增加随机性,好像很复杂,实际上对并不会增加密文的强度   
    for($j = $i = 0; $i < 256; $i++) {   
        $j = ($j + $box[$i] + $rndkey[$i]) % 256;   
        $tmp = $box[$i];   
        $box[$i] = $box[$j];   
        $box[$j] = $tmp;   
     }   
    // 核心加解密部分   
    for($a = $j = $i = 0; $i < $string_length; $i++) {   
        $a = ($a + 1) % 256;   
        $j = ($j + $box[$a]) % 256;   
        $tmp = $box[$a];   
        $box[$a] = $box[$j];   
        $box[$j] = $tmp;   
        // 从密匙簿得出密匙进行异或,再转成字符   
        $result .= chr(ord($string[$i]) ^ ($box[($box[$a] + $box[$j]) % 256]));   
     }   
    if($operation == &#39;DECODE&#39;) {   
        // 验证数据有效性,请看未加密明文的格式   
        if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16)) {   
            return substr($result, 26);   
         } else {   
            return &#39;&#39;;   
         }   
     } else {   
         // 把动态密匙保存在密文里,这也是为什么同样的明文,生产不同密文后能解密的原因   
         // 因为加密后的密文可能是一些特殊字符,复制过程可能会丢失,所以用base64编码   
        return $keyc.str_replace(&#39;=&#39;, &#39;&#39;, base64_encode($result));   
     }   
}  
echo authcode(&#39;123456&#39;, &#39;INCODE&#39;, &#39;scutephp&#39;, 0);  
echo "";  
echo authcode(&#39;3575ijqlNCR+R3s7Aakwy1HlvDzHw5g4oKp82qhE7q5FS88&#39;, &#39;DECODE&#39;, &#39;scutephp&#39;, 0);  

 


Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
What is the full form of PHP?What is the full form of PHP?Apr 28, 2025 pm 04:58 PM

The article discusses PHP, detailing its full form, main uses in web development, comparison with Python and Java, and its ease of learning for beginners.

How does PHP handle form data?How does PHP handle form data?Apr 28, 2025 pm 04:57 PM

PHP handles form data using $\_POST and $\_GET superglobals, with security ensured through validation, sanitization, and secure database interactions.

Is PHP a case-sensitive language?Is PHP a case-sensitive language?Apr 28, 2025 pm 04:55 PM

PHP's case sensitivity varies: functions are insensitive, while variables and classes are sensitive. Best practices include consistent naming and using case-insensitive functions for comparisons.

How do you redirect a page in PHP?How do you redirect a page in PHP?Apr 28, 2025 pm 04:54 PM

The article discusses various methods for page redirection in PHP, focusing on the header() function and addressing common issues like "headers already sent" errors.

What is PDO in PHP?What is PDO in PHP?Apr 28, 2025 pm 04:51 PM

The article discusses PHP Data Objects (PDO), an extension for database access in PHP. It highlights PDO's role in enhancing security through prepared statements and its benefits over MySQLi, including database abstraction and better error handling.

What is Memcache and Memcached in PHP? Is it possible to share a single instance of a Memcache between several projects of PHP?What is Memcache and Memcached in PHP? Is it possible to share a single instance of a Memcache between several projects of PHP?Apr 28, 2025 pm 04:47 PM

Memcache and Memcached are PHP caching systems that speed up web apps by reducing database load. A single instance can be shared among projects with careful key management.

What are the steps to create a new database using MySQL and PHP?What are the steps to create a new database using MySQL and PHP?Apr 28, 2025 pm 04:44 PM

Article discusses steps to create and manage MySQL databases using PHP, focusing on connection, creation, common errors, and security measures.

Does JavaScript interact with PHP?Does JavaScript interact with PHP?Apr 28, 2025 pm 04:43 PM

The article discusses how JavaScript and PHP interact indirectly through HTTP requests due to their different environments. It covers methods for sending data from JavaScript to PHP and highlights security considerations like data validation and prot

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Linux new version

SublimeText3 Linux new version

SublimeText3 Linux latest version

DVWA

DVWA

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software

MantisBT

MantisBT

Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.

Atom editor mac version download

Atom editor mac version download

The most popular open source editor