Home  >  Article  >  php教程  >  PHP token Token improved version

PHP token Token improved version

黄舟
黄舟Original
2016-12-14 11:55:041431browse

It is precisely because of the use of base64 that there is a problem when sending this token through the GET method.
For example: http://test/test.php?a=1+2
You use $_GET["a"] to get: 1 2, that is, the plus sign is gone. At first I used urlencode to convert it, but there were always one or two results that were unexpected.

Later I thought about the base64 characters are limited to: [A-Za-z0-9+/=] There are so many, the plus sign is a problem, so I changed the plus sign to a symbol that does not cause the problem, the underscore is the best choose. The following is the modified code:

GEncrypt.inc.php

The code is as follows:


class GEncrypt {
protected static function keyED($txt, $encrypt_key) {
$encrypt_key = md5 ( $encrypt_key );
$ctr = 0;
$tmp = "";
for($i = 0; $i < strlen ( $txt ); $i ++) {
if ($ctr == strlen ( $encrypt_key ))
$ctr = 0;
$tmp .= substr ( $txt, $i, 1 ) ^ substr ( $encrypt_key, $ctr, 1 );
$ctr ++;
}
return $tmp;
}

public static function encrypt($txt, $key) {
$encrypt_key = md5 ( (( float ) date ( "YmdHis" ) + rand ( 10000000000000000, 99999999999999999 )) . rand ( 100000, 999999 ) );
$ctr = 0;
$tmp = "";
for($i = 0; $i < strlen ( $txt ); $i ++) {
if ($ctr == strlen ( $encrypt_key ))
$ctr = 0;
$tmp .= substr ( $encrypt_key, $ctr, 1 ) . (substr ( $txt, $i, 1 ) ^ substr ( $encrypt_key, $ctr, 1 ));
$ctr ++ ;
}
return ( preg_replace("/\+/s","_", base64_encode ( self::keyED ( $tmp, $key ) ) ));
}
//base64 [A-Za-z0- 9+/=]
public static function decrypt($txt, $key) {
if($txt == ""){ return false;}
//echo preg_replace("/_/s","+", $txt);
$txt = self::keyED (base64_decode ( preg_replace("/_/s","+", $txt) ), $key );
$tmp = "";
for($i = 0; $i < strlen ( $txt ); $i ++) {
$md5 = substr ( $txt, $i, 1 );
$i ++;
$tmp .= (substr ( $txt, $i, 1 ) ^ $md5);
}
return $tmp;
}
}

?>


GToken.inc.php

The code is as follows:


/**
* Principle: When requesting to allocate a token, find a way to allocate a unique token, base64( time + rand + action)
* If submitted, record this token, indicating that this token has been used before, and you can follow it to avoid duplication submit.
*
*/ 
class GToken { 

/**
* Get all current tokens
*
* @return array
*/ 
public static function getTokens(){ 
$tokens = $_SESSION[GConfig::SSN_KEY_TOKEN ]; 
if (empty($tokens) && !is_array($tokens)) { 
$tokens = array(); 

return $tokens; 


/**
* Generate a new Token
*
* @param string $formName
* @param Encryption key $key
* @return string
*/ 

public static function newToken($formName,$key = GConfig::ENCRYPT_KEY ){ 
$token = GEncrypt::encrypt($formName.session_id(),$key); 
return $token; 


/**
* Deleting a token actually adds an element to an array in the session, indicating that the token has been used before to avoid repeated submission of data.
*
* @param string $token
*/ 
public static function dropToken($token){ 
$tokens = self::getTokens(); 
$tokens[] = $token; 
GSession::set(GConfig::SESSION_KEY_TOKEN ,$tokens); 


/**
* Check whether it is the specified Token
*
* @param string $token The token value to be checked
* @param string $formName
* @param boolean $fromCheck Whether to check the source, if it is true, it will be judged that the token is appended Whether the session_id is the same as the current session_id.
* @param string $key encryption key
* @return boolean
*/ 

public static function isToken($token,$formName,$fromCheck = false,$key = GConfig::ENCRYPT_KEY){ 
if(empty($token)) return false; 

$tokens = self::getTokens(); 

if (in_array($token,$tokens)) //如果存在,说明是以使用过的token 
return false; 

$source = GEncrypt::decrypt($token,$key); 

if($fromCheck) 
return $source == $formName.session_id(); 
else{ 
return strpos($source,$formName) === 0; 



public static function getTokenKey($token,$key = GConfig::ENCRYPT_KEY){ 
if($token == null || trim($token) == "") return false; 
$source = GEncrypt::decrypt($token,$key); 
return $source != "" ? str_replace(session_id(),"",$source) : false; 


public function newTokenForSmarty($params){ 
$form = null; 
extract($params); 
return self::newToken($form); 


?>

以上就是PHP令牌 Token改进版的代码实例,希望可以帮助到大家,更多相关内容请关注PHP中文网(www.php.cn)!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn