Analysis of PHP encryption function principle of discuz program

Home

Backend Development

PHP Tutorial

Analysis of PHP encryption function principle of discuz program_PHP tutorial

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jul 21, 2016 pm 03:25 PM

discuzphpfunctionanalyzeencryptionprincipleKeyofprogram

The principle is as follows, if:
Encryption
Plain text: 1010 1001
Key: 1110 0011
Cipher text: 0100 1010
Obtain cipher text 0100 1010, the need for decryption is XORed with the key Just click
Decryption
Cipher text: 0100 1010
Key: 1110 0011
Plain text: 1010 1001
There is no sophisticated algorithm, the key is very important, so, The key lies in how to generate the key.
Then let’s take a look at how Kangsheng’s authcode is done

Copy the code The code is as follows:

 
// Parameter explanation
// $string: plain text or cipher text
// $operation: DECODE means decryption, others means encryption
// $key: secret key
// $expiry: ciphertext validity period 
function authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) { 
// Dynamic key length, the same plaintext will generate different ciphertext, relying on dynamic encryption Key
$ckey_length = 4; 

// Key
$key = md5($key ? $key : $GLOBALS['discuz_auth_key']); 

// Key a will participate in encryption and decryption
$keya = md5(substr($key, 0, 16)); 
// Key b will be used for data integrity verification
$keyb = md5( substr($key, 16, 16)); 
// Key c is used to change the generated ciphertext
$keyc = $ckey_length ? ($operation == 'DECODE' ? substr($string, 0 , $ckey_length): 
　substr(md5(microtime()), -$ckey_length)) : ''; 
// The key involved in the operation
$cryptkey = $keya.md5($keya. $keyc); 
$key_length = strlen($cryptkey); 
// Plain text, the first 10 bits are used to save the timestamp, and the data validity is verified during decryption, and 10 to 26 bits are used to save $keyb(cryptkey) Key b), the data integrity will be verified through this key when decrypting 
// If decoding, it will start from the $ckey_length bit, because the dynamic key is stored in the $ckey_length bit before the ciphertext to ensure correct decryption
$string = $operation == 'DECODE' ? base64_decode(substr($string, $ckey_length)) : 
　 sprintf('%010d', $expiry ? $expiry + time() : 0).substr( md5($string.$keyb), 0, 16).$string; 
$string_length = strlen($string); 
$result = ''; 
$box = range(0, 255) ; 
$rndkey = array(); 
// Generate key book
for($i = 0; $i $rndkey[$i] = ord($cryptkey[$i % $key_length]); 
} 
//Use a fixed algorithm to disrupt the key book and increase randomness. It seems very complicated, but in fact it will not increase the number of keys. Strength of text
for($j = $i = 0; $i $j = ($j + $box[$i] + $rndkey[$i]) % 256; 
$tmp = $box[$i]; 
$box[$i] = $box[$j]; 
$box[$j] = $tmp; 
} 
//Core encryption and decryption part
for($a = $j = $i = 0; $i $a = ($a + 1) % 256 ; 
$j = ($j + $box[$a]) % 256; 
$tmp = $box[$a]; 
$box[$a] = $box[$j] ; 
$box[$j] = $tmp; 
// Get the key from the key book, perform XOR, and then convert it into characters 
$result .= chr(ord($string[$ i]) ^ ($box[($box[$a] + $box[$j]) % 256])); 
} 
if($operation == 'DECODE') { 
 // substr($result, 0, 10) == 0 Verify data validity
// substr($result, 0, 10) - time() > 0 Verify data validity
// substr( $result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16) Verify data integrity
//Verify data validity, please see the format of unencrypted plaintext 
if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && 
　substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16)) { 
return substr($result, 26); 
} else { 
return ''; 
} 
} else { 
// Save the dynamic key in the ciphertext, which is why the same plaintext can be decrypted after producing different ciphertexts 
// Because the encrypted password The text may contain some special characters and may be lost during the copying process, so use base64 encoding 
return $keyc.str_replace('=', '', base64_encode($result)); 
} 
} 

But it’s a pity that this function is owned by Kangsheng Chuangxiang and cannot be used freely.

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

PHP Performance Tuning for High Traffic WebsitesMay 14, 2025 am 12:13 AM

ThesecrettokeepingaPHP-poweredwebsiterunningsmoothlyunderheavyloadinvolvesseveralkeystrategies:1)ImplementopcodecachingwithOPcachetoreducescriptexecutiontime,2)UsedatabasequerycachingwithRedistolessendatabaseload,3)LeverageCDNslikeCloudflareforservin

Dependency Injection in PHP: Code Examples for BeginnersMay 14, 2025 am 12:08 AM

You should care about DependencyInjection(DI) because it makes your code clearer and easier to maintain. 1) DI makes it more modular by decoupling classes, 2) improves the convenience of testing and code flexibility, 3) Use DI containers to manage complex dependencies, but pay attention to performance impact and circular dependencies, 4) The best practice is to rely on abstract interfaces to achieve loose coupling.

PHP Performance: is it possible to optimize the application?May 14, 2025 am 12:04 AM

Yes,optimizingaPHPapplicationispossibleandessential.1)ImplementcachingusingAPCutoreducedatabaseload.2)Optimizedatabaseswithindexing,efficientqueries,andconnectionpooling.3)Enhancecodewithbuilt-infunctions,avoidingglobalvariables,andusingopcodecaching

PHP Performance Optimization: The Ultimate GuideMay 14, 2025 am 12:02 AM

ThekeystrategiestosignificantlyboostPHPapplicationperformanceare:1)UseopcodecachinglikeOPcachetoreduceexecutiontime,2)Optimizedatabaseinteractionswithpreparedstatementsandproperindexing,3)ConfigurewebserverslikeNginxwithPHP-FPMforbetterperformance,4)

PHP Dependency Injection Container: A Quick StartMay 13, 2025 am 12:11 AM

APHPDependencyInjectionContainerisatoolthatmanagesclassdependencies,enhancingcodemodularity,testability,andmaintainability.Itactsasacentralhubforcreatingandinjectingdependencies,thusreducingtightcouplingandeasingunittesting.

Dependency Injection vs. Service Locator in PHPMay 13, 2025 am 12:10 AM

Select DependencyInjection (DI) for large applications, ServiceLocator is suitable for small projects or prototypes. 1) DI improves the testability and modularity of the code through constructor injection. 2) ServiceLocator obtains services through center registration, which is convenient but may lead to an increase in code coupling.

PHP performance optimization strategies.May 13, 2025 am 12:06 AM

PHPapplicationscanbeoptimizedforspeedandefficiencyby:1)enablingopcacheinphp.ini,2)usingpreparedstatementswithPDOfordatabasequeries,3)replacingloopswitharray_filterandarray_mapfordataprocessing,4)configuringNginxasareverseproxy,5)implementingcachingwi

PHP Email Validation: Ensuring Emails Are Sent CorrectlyMay 13, 2025 am 12:06 AM

PHPemailvalidationinvolvesthreesteps:1)Formatvalidationusingregularexpressionstochecktheemailformat;2)DNSvalidationtoensurethedomainhasavalidMXrecord;3)SMTPvalidation,themostthoroughmethod,whichchecksifthemailboxexistsbyconnectingtotheSMTPserver.Impl

See all articles