在网站的开发过程中,常常需要对部分数据(如用户密码)进行加密,本文主要介绍PHP的几个常见的加密函数
Md5()加密算法
方式: 单向加密
语法: md5(string $str [, bool $raw_output = false])
$str:原始字符串
$raw_output:如果可选的raw_output被设置为true, 那么md5报文摘要将以16字节长度的原始二进制格式返回. 返回以32位字符十六进制数字形式返回散列值
md5二次加密:md5(md5($string, true))
Crypt()加密算法
方式: 单向加密
语法: string crypt(string $str[, string $salt]) , 返回一个基于标准UNIX DES算法或系统上其它可用的替代算法的三列字符串
$str: 需要加密的明文
$salt: 加密时的干扰串,是编码更安全
注意: 如果加密时没有加上这个$salt参数, 将随机生成一个干扰串, 否则刷新加密秘文不变
算法常量:
[CRYPT_SALT_LENGTH]
默认的加密长度。使用标准的 DES 加密,长度为 2
[CRYPT_STD_DES]
基于标准 DES 算法的散列使用 "./0-9A-Za-z" 字符中的两个字符作为盐值。在盐值中使用非法的字符将导致 crypt() 失败。
[CRYPT_EXT_DES]
扩展的基于 DES 算法的散列。其盐值为 9 个字符的字符串,由 1 个下划线后面跟着 4 字节循环次数和 4 字节盐值组成。它们被编码成可打印字符,每个字符 6 位,有效位最少的优先。0 到 63 被编码为 "./0-9A-Za-z"。在盐值中使用非法的字符将导致 crypt() 失败。
[CRYPT_MD5]
MD5 散列使用一个以 $1$ 开始的 12 字符的字符串盐值。
[CRYPT_BLOWFISH]
Blowfish 算法使用如下盐值:“$2a$”,一个两位 cost 参数,“$” 以及 64 位由 “./0-9A-Za-z” 中的字符组合而成的字符串。在盐值中使用此范围之外的字符将导致 crypt() 返回一个空字符串。两位 cost 参数是循环次数以 2 为底的对数,它的范围是 04-31,超出这个范围将导致 crypt() 失败。
CRYPT_SHA256
SHA-256 算法使用一个以 $5$ 开头的 16 字符字符串盐值进行散列。如果盐值字符串以 “rounds=
CRYPT_SHA512
SHA-512 算法使用一个以 $6$ 开头的 16 字符字符串盐值进行散列。如果盐值字符串以 “rounds=
例:
if(CRYPT_MD5){
echo "MD5加密:".crypt('something','$1$somethin$');
}
Sha1()加密算法
方式: 单向加密
语法: string sha1(string $str [, bool $raw_output=false]) 计算字符串的sha1散列值
$str: 加密的字符串
$raw_output: 如果可选的raw_output参数被设置为TRUE, 那么sha1摘要将以20字符长度的原始格式返回, 否则返回值是一个40字符串长度的十六进制数字.
URL编码加密技术
编码URL字符串: urlencode(string $str)
解码已编码的URL字符串: urldeocde(string $str)
编码规范: 此字符串中除了-_.之外的所有非字母数字字符都将被替换成百分号(%)后跟两位十六进制数, 空格则编码为加号(+)
按照RFC1738对URL进行编码: rawurlencode(string $str) : 返回从字符串,把空格编码为%20
对已编码的字符串进行解码: rawurldecode(string $str) : 返回字符串, 此字符串中百分号%后跟两位十六进制的序列豆将被替换成原义字符
urlencode和rawurlencode的区别只在于空格.
Base64编码加密技术
使用base64对data进行编码: base64_encode(string $data)
对使用MIME base64编码的数据进行解码: base64_decode(string $data[, $strict=false]) ; $strict:如果输入的数据超出了base64的字母表,则返回false.
base64编码的图片还可以直接放在
标签中显示:
信息加密技术:
1 单项散列加密:
指通过不同输入的长度的信息进行散列计算, 得到固定长度的输出, 这个散列计算过程是单向的, 既不能对固定长度的输出进行计算从而活儿输出信息.
2 Symmetric hash encryption
means that the encryption and decryption keys are the same key or can be calculated from each other.
3 Asymmetric hash encryption
Non The keys for symmetric encryption and decryption are not the same key. One of them is public and is called the public key, and the other is known only to the owner.
The above is the entire content of this article, I hope it will be helpful to everyone's study.
Related recommendations:
phpDetailed explanation of avatar upload preview example
Complete method of DES encryption and decryption encapsulation class implemented in PHP
phpDetailed explanation of avatar upload preview example
The above is the detailed content of PHP built-in encryption function. For more information, please follow other related articles on the PHP Chinese website!
How does PHP identify a user's session?May 01, 2025 am 12:23 AMPHPidentifiesauser'ssessionusingsessioncookiesandsessionIDs.1)Whensession_start()iscalled,PHPgeneratesauniquesessionIDstoredinacookienamedPHPSESSIDontheuser'sbrowser.2)ThisIDallowsPHPtoretrievesessiondatafromtheserver.
What are some best practices for securing PHP sessions?May 01, 2025 am 12:22 AMThe security of PHP sessions can be achieved through the following measures: 1. Use session_regenerate_id() to regenerate the session ID when the user logs in or is an important operation. 2. Encrypt the transmission session ID through the HTTPS protocol. 3. Use session_save_path() to specify the secure directory to store session data and set permissions correctly.
Where are PHP session files stored by default?May 01, 2025 am 12:15 AMPHPsessionfilesarestoredinthedirectoryspecifiedbysession.save_path,typically/tmponUnix-likesystemsorC:\Windows\TemponWindows.Tocustomizethis:1)Usesession_save_path()tosetacustomdirectory,ensuringit'swritable;2)Verifythecustomdirectoryexistsandiswrita
How do you retrieve data from a PHP session?May 01, 2025 am 12:11 AMToretrievedatafromaPHPsession,startthesessionwithsession_start()andaccessvariablesinthe$_SESSIONarray.Forexample:1)Startthesession:session_start().2)Retrievedata:$username=$_SESSION['username'];echo"Welcome,".$username;.Sessionsareserver-si
How can you use sessions to implement a shopping cart?May 01, 2025 am 12:10 AMThe steps to build an efficient shopping cart system using sessions include: 1) Understand the definition and function of the session. The session is a server-side storage mechanism used to maintain user status across requests; 2) Implement basic session management, such as adding products to the shopping cart; 3) Expand to advanced usage, supporting product quantity management and deletion; 4) Optimize performance and security, by persisting session data and using secure session identifiers.
How do you create and use an interface in PHP?Apr 30, 2025 pm 03:40 PMThe article explains how to create, implement, and use interfaces in PHP, focusing on their benefits for code organization and maintainability.
What is the difference between crypt() and password_hash()?Apr 30, 2025 pm 03:39 PMThe article discusses the differences between crypt() and password_hash() in PHP for password hashing, focusing on their implementation, security, and suitability for modern web applications.
How can you prevent Cross-Site Scripting (XSS) in PHP?Apr 30, 2025 pm 03:38 PMArticle discusses preventing Cross-Site Scripting (XSS) in PHP through input validation, output encoding, and using tools like OWASP ESAPI and HTML Purifier.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.
SublimeText3 Chinese version
Chinese version, very easy to use
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
SublimeText3 Mac version
God-level code editing software (SublimeText3)
