php encryption function-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

php encryption function

不言

Apr 16, 2018 pm 01:41 PM

phpfunctionencryption

This article mainly introduces the encryption function of PHP, which has certain reference value. Now I share it with everyone. Friends in need can refer to it

In the development process of the website , it is often necessary to encrypt some data (such as user passwords). This article mainly introduces several common encryption functions of PHP. Friends who need it can refer to it

MD5 encryption:

string md5 ( string $str [, bool $raw_output = false ] )

1.md5() defaults to 32 characters Returns the hash value in hexadecimal digital form. It accepts two parameters. The first is the string to be encrypted, and the second is the Boolean value of raw_output. The default is false. If set to true, md5() will Returns the original 16-bit binary format message digest

2.md5() is a one-way encryption, there is no reverse decryption algorithm, but some common strings can still be cracked through collection, enumeration, collision, etc.

<?php
$username=&#39;jellybool&#39;;
$password=&#39;jellybool.com&#39;;
/*简单地对字符串进行md5加密*/
echo md5($username);
echo "<hr>";
echo md5($password);
echo "<hr>";
/*更推荐的做法是对重要的敏感数据进行多次加密，以防被轻易破解*/
echo md5(md5($password));
 
/*以上输出：
  username：4f5436e5d72608fb647b691e8edcf42e
  password：7bf02cf0f4af6da4accbc73d2a175476
  password(两次加密)：864704bb35754f8cd0232cba6b91521b
*/

Crypt encryption:

string crypt ( string $str [, string $salt ] )

1.crypt() accepts two parameters, the first is the string that needs to be encrypted, and the second one is the salt value (which is the encryption interference value, if not provided, it is automatically generated by PHP by default); returns a hashed string or a string of less than 13 characters, the latter To distinguish the salt value.
2.crypt() is one-way encryption, the same as md5.

<?php
$password=&#39;jellybool.com&#39;;
echo crypt($password);
//输出:$1$Fe0.qr5.$WOhkI4/5VPo7n7TnXHh5K
/*第二个$与第三个$之间的八个字符是由PHP生成的，每刷新一次就变一次
*/
echo "<hr>";
echo crypt($password,"jellybool");
//输出：je7fNiu1KNaEs
/*当我们要加自定义的盐值时，如例子中的jellybool作为第二个参数直接加入，
超出两位字符的会截取前两位*/
echo "<hr>";
echo crypt($password,&#39;$1$jellybool$&#39;);
//输出：$1$jellyboo$DxH7wF7SygRpWb6XBBgfH/
/* crypt加密函数有多种盐值加密支持，以上例子展示的是MD5散列作为盐值，该方式下
盐值以$1$$的形式加入，如例子中的jellybool加在后两个$符之间，
超出八位字符的会截取前八位，总长为12位;crypt默认就是这种形式。
*/
echo "<hr>";
//crypt还有多种盐值加密支持,详见手册

Sha1 encryption:

string sha1 ( string $str [, bool $raw_output = false ]

1. It is very similar to md5, but the difference is sha1( ) returns a 40-character hash value by default. The parameters passed in are of the same nature. The first one is the encrypted string, and the second one is the Boolean value of raw_output. The default is false. If set to true, sha1() will Will return the original 20-bit original format message digest
2.sha1() is also single-line encryption, there is no reverse decryption algorithm

<?php
$my_intro="jellybool";
echo sha1($my_intro);
//输出：c98885c04c1208fd4d0b1dadd3bd2a9ff4d042ca
echo "<hr>";
//当然，可以将多种加密算法混合使用
echo md5(sha1($my_intro));
//输出：94f25bf9214f88b1ef065a3f9b5d9874
//这种方式的双重加密也可以提高数据的安全性

Urlencode encryption:

string urlencode ( string $str )
1. One parameter, pass in the string to be encrypted (usually used to encrypt URLs),
2. Urlencode is a two-way encryption, which can be encrypted with urldecode (strictly speaking, it is not a real encryption)
3. Return a string, all non-letters in this string except -_. Numeric characters will be replaced with a percent sign (%) followed by two hexadecimal digits, and spaces will be encoded as a plus sign ( ).

<?php
  //urlencode()通常用于URL中明文数据的隐藏
  $my_urlencode="jellybool.com?jellybool=true + 4-3%5= \& @!";
  echo urlencode($my_urlencode);
  //输出：jellybool.com%3Fjellybool%3Dtrue+%2B+4-3%255%3D+%5C%26+%40%21
  echo "<hr>";
  $my_urldecode="jellybool.com%3Fjellybool%3Dtrue+%2B+4-3%255%3D+%5C%26+%40%21";
  echo urldecode($my_urldecode);
  //输出：jellybool.com?jellybool=true + 4-3%5= \& @! 
  //还原了$my_urlencode的输出
  echo "<hr>";
  $my_urldecode="http://www.baidu.com/s?word=jellybool+%E8%A7%89%E7%B4%AF%E4%B8%8D%E7%88%B1&tn=98236947_hao_pg&ie=utf-8";
  echo urldecode($my_urldecode);
  /*输出：http://www.baidu.com/s?word=jellybool 觉累不爱&tn=98236947_hao_pg&ie=utf-8
  没错，这就是在百度搜索jellybool 觉累不爱
  */
 
  /*
  =========================================================================
  解决第二个经典问题
  =========================================================================
  */
  $pre_url_encode="jellybool.com?username=jellybool&password=jelly";
  //在实际开发中，我们很多时候要构造这种URL，这是没有问题的
  $url_decode  ="jellybool.com?username=jelly&bool&password=jelly";
  /*注意上面两个变量的差别：第一个的username=jellybool，
              第二个为username=jelly&bool
  这种情况下用$_GET()来接受是会出问题的，这是可以用下面的方法解决 
  */
  $username="jelly&bool";
  $url_decode  ="jellybool.com?username=".urlencode($username)."&password=jelly";
  //这是可以很好的解决问题
 
  /*
  总结一下常见的urlencode()的转换字符
    ？=> %3F
    = => %3D
    % => %25
    & => %26
    \ => %5C
    + => %2B
    空格 => +
  */

base64 encoding encryption:

string base64decode (string $encodeddata)
1.base64_encode() accepts a parameter, which is the data to be encoded (strings are not mentioned here) , because base64 is often used to encode images)
2.base64encode() is a two-way encryption, and base64decode() can be used to decrypt

##1

echo base64_encode($my_intro);
echo "<hr>";
/*输出：SmVsbHlCb29s5piv5LiA5Liq6Lqr5p2Q5pyJ6auY5bqmLOiCqeiGgOacieWuveW
6pizog7jogozmnInljprluqYs5oCd5oOz5pyJ5rex5bqm55qE5Zu95a625YWN5qOA5Lq
UQee6p+S8mOi0qOS8quWJjeerr0lU55S35bGM5Lid
*/
echo base64_decode(&#39;SmVsbHlCb29s5piv5LiA5Liq6Lqr5p2Q5pyJ6auY5bqmLOiCqeiGg
OacieWuveW6pizog7jogozmnInljprluqYs5oCd5oOz5pyJ5rex5bqm55qE5Zu95a6
25YWN5qOA5LqUQee6p+S8mOi0qOS8quWJjeerr0lU55S35bGM5Lid&#39;);
 
/*输出：JellyBool是一个身材有高度,肩膀有宽度,胸肌有厚度,思想有深度的国家免检五A
级优质伪前端IT男屌丝
*/

An example of a picture:

<?php
/*
一个图片的应用例子
*/
$filename="https://worktile.com/img/index/index_video.png";
 
$data=file_get_contents($filename);
echo base64_encode($data);
/*然后你查看网页源码就会得到一大串base64的字符串，
再用base64_decode()还原就可以得到图片
*/

相关推荐：

探究PHP的函数运行机制_PHP教程

The above is the detailed content of php encryption function. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

What is the difference between absolute and idle session timeouts?May 03, 2025 am 12:21 AM

Absolute session timeout starts at the time of session creation, while an idle session timeout starts at the time of user's no operation. Absolute session timeout is suitable for scenarios where strict control of the session life cycle is required, such as financial applications; idle session timeout is suitable for applications that want users to keep their session active for a long time, such as social media.

What steps would you take if sessions aren't working on your server?May 03, 2025 am 12:19 AM

The server session failure can be solved through the following steps: 1. Check the server configuration to ensure that the session is set correctly. 2. Verify client cookies, confirm that the browser supports it and send it correctly. 3. Check session storage services, such as Redis, to ensure that they are running normally. 4. Review the application code to ensure the correct session logic. Through these steps, conversation problems can be effectively diagnosed and repaired and user experience can be improved.

What is the significance of the session_start() function?May 03, 2025 am 12:18 AM

session_start()iscrucialinPHPformanagingusersessions.1)Itinitiatesanewsessionifnoneexists,2)resumesanexistingsession,and3)setsasessioncookieforcontinuityacrossrequests,enablingapplicationslikeuserauthenticationandpersonalizedcontent.

What is the importance of setting the httponly flag for session cookies?May 03, 2025 am 12:10 AM

Setting the httponly flag is crucial for session cookies because it can effectively prevent XSS attacks and protect user session information. Specifically, 1) the httponly flag prevents JavaScript from accessing cookies, 2) the flag can be set through setcookies and make_response in PHP and Flask, 3) Although it cannot be prevented from all attacks, it should be part of the overall security policy.

What problem do PHP sessions solve in web development?May 03, 2025 am 12:02 AM

PHPsessionssolvetheproblemofmaintainingstateacrossmultipleHTTPrequestsbystoringdataontheserverandassociatingitwithauniquesessionID.1)Theystoredataserver-side,typicallyinfilesordatabases,anduseasessionIDstoredinacookietoretrievedata.2)Sessionsenhances

What data can be stored in a PHP session?May 02, 2025 am 12:17 AM

PHPsessionscanstorestrings,numbers,arrays,andobjects.1.Strings:textdatalikeusernames.2.Numbers:integersorfloatsforcounters.3.Arrays:listslikeshoppingcarts.4.Objects:complexstructuresthatareserialized.

How do you start a PHP session?May 02, 2025 am 12:16 AM

TostartaPHPsession,usesession_start()atthescript'sbeginning.1)Placeitbeforeanyoutputtosetthesessioncookie.2)Usesessionsforuserdatalikeloginstatusorshoppingcarts.3)RegeneratesessionIDstopreventfixationattacks.4)Considerusingadatabaseforsessionstoragei

What is session regeneration, and how does it improve security?May 02, 2025 am 12:15 AM

Session regeneration refers to generating a new session ID and invalidating the old ID when the user performs sensitive operations in case of session fixed attacks. The implementation steps include: 1. Detect sensitive operations, 2. Generate new session ID, 3. Destroy old session ID, 4. Update user-side session information.

See all articles