Home  >  Article  >  Backend Development  >  PHP token Token improved version_PHP tutorial

PHP token Token improved version_PHP tutorial

WBOY
WBOYOriginal
2016-07-21 15:51:13982browse

It is precisely because of the use of base64 that there is a problem when sending this token through the GET method.
For example: http://test/test.php?a=1+2
You use $_GET["a"] to get: 1 2, that is, the plus sign is gone. At first I used urlencode to convert it, but there were always one or two results that were unexpected.

Then I thought about it, the characters of base64 are limited to: [A-Za-z0-9+/=] There are so many, the plus sign is a problem, so I changed the plus sign to a symbol that does not cause the problem, underline is the best choice. The following is the modified code:

GEncrypt.inc.php

Copy the code The code is as follows:

class GEncrypt {
protected static function keyED($txt, $encrypt_key) {
$encrypt_key = md5 ($encrypt_key);
$ctr = 0;
$tmp = "";
for($i = 0; $i < strlen ( $txt ); $i ++) {
if ($ctr == strlen ( $encrypt_key ))
$ctr = 0;
$tmp .= substr ( $txt, $i, 1 ) ^ substr ( $encrypt_key, $ctr, 1 );
$ctr ++;
}
return $tmp ;
}

public static function encrypt($txt, $key) {
$encrypt_key = md5 ( (( float ) date ( "YmdHis" ) + rand ( 10000000000000000, 99999999 999999999 )). rand ( 100000, 999999 ) );
$ctr = 0;
$tmp = "";
for($i = 0; $i < strlen ( $txt ); $i ++) {
if ($ctr == strlen ( $encrypt_key ))
$ctr = 0;
$tmp .= substr ( $encrypt_key, $ctr, 1) . (substr ( $txt, $i , 1 ) ^ substr ( $encrypt_key, $ctr, 1 ));
$ctr ++;
}
return ( preg_replace("/\+/s","_", base64_encode ( self ::keyED ( $tmp, $key ) ) ));
}
//base64 [A-Za-z0-9+/=]
public static function decrypt($txt, $key) {
if($txt == ""){ return false;}
//echo preg_replace("/_/s","+",$txt);
$txt = self:: keyED (base64_decode ( preg_replace("/_/s","+", $txt) ), $key );
$tmp = "";
for($i = 0; $i < strlen ( $txt ); $i ++) {
$md5 = substr ( $txt, $i, 1);
$i ++;
$tmp .= (substr ( $txt, $ i, 1 ) ^ $md5);
}
return $tmp;
}
}

?>

GToken.inc. php

Copy code The code is as follows:

/**
* Principle: When requesting to allocate a token, find a way to allocate a unique token, base64( time + rand + action)
* If submitted, record this token to indicate that this token has been used and can be used accordingly It is used to avoid duplicate submissions.
*
*/ 
class GToken { 

 /**
* Get all current tokens
*
* @return array
*/ 
 public static function getTokens(){ 
  $tokens = $_SESSION[GConfig::SSN_KEY_TOKEN ]; 
  if (empty($tokens) && !is_array($tokens)) { 
   $tokens = array(); 
  } 
  return $tokens; 
 } 

 /**
* Generate a new Token
*
* @param string $formName
* @param Encryption key $key
* @return string
*/ 

 public static function newToken($formName,$key = GConfig::ENCRYPT_KEY ){ 
  $token = GEncrypt::encrypt($formName.session_id(),$key); 
  return $token; 
 } 

 /**
* Deleting a token actually adds an element to an array in the session, indicating that the token has been used before to avoid repeated submission of data.
*
* @param string $token
*/ 
 public static function dropToken($token){ 
  $tokens = self::getTokens(); 
  $tokens[] = $token; 
  GSession::set(GConfig::SESSION_KEY_TOKEN ,$tokens); 
 } 

 /**
* Check whether it is the specified Token
*
* @param string $token The token value to be checked
* @param string $formName
* @param boolean $fromCheck Whether to check the source , if true, it will be judged whether the session_id attached to the token is the same as the current session_id.
* @param string $key encryption key
* @return boolean
*/ 

 public static function isToken($token,$formName,$fromCheck = false,$key = GConfig::ENCRYPT_KEY){ 
  if(empty($token)) return false; 

  $tokens = self::getTokens(); 

  if (in_array($token,$tokens)) //如果存在,说明是以使用过的token 
   return false; 

  $source = GEncrypt::decrypt($token,$key); 

  if($fromCheck) 
   return $source == $formName.session_id(); 
  else{ 
   return strpos($source,$formName) === 0; 
  } 
 } 

 public static function getTokenKey($token,$key = GConfig::ENCRYPT_KEY){ 
  if($token == null || trim($token) == "") return false; 
  $source = GEncrypt::decrypt($token,$key); 
  return $source != "" ? str_replace(session_id(),"",$source) : false; 
 } 

 public function newTokenForSmarty($params){ 
  $form = null; 
  extract($params); 
  return self::newToken($form); 
 } 

?> 

www.bkjia.comtruehttp://www.bkjia.com/PHPjc/319205.htmlTechArticle正是由于使用了base64,所以在把这个令牌通过GET方法发送的时候,出现了问题。 比如:http://test/test.php?a=1+2 你用$_GET["a"]取得是:12,即那个...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn