A brief discussion on using Aeses for encryption in PHP (with code)

[Recommended learning: "PHP Video Tutorial"]

In the project, especially on the PC side, we will Return an identifier to the front end to determine whether the user is logged in. Most of this identifier is the user's id

. However, there is a big drawback here, that is, this value can be modified. , if I modify this value, I can get all the information of the modified user, how scary it is!

Then let’s use aes for encryption today

<?php
namespace app\api\controller;

/**
 * aes 加密 解密类库
 * Class Aes
 * @package app\common\lib
 */
class Aes {

    private $key = null;

    /**
     *
     * @param $key 		密钥
     * @return String
     */
    public function __construct() {
        // 需要小伙伴在配置文件app.php中定义aeskey
        $this->key = &#39;1234567891112121&#39;;
    }

    /**
     * 加密
     * @param String input 加密的字符串
     * @param String key   解密的key
     * @return HexString
     */
    public function encrypt($input = &#39;&#39;) {
        $size = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB);
        $input = $this->pkcs5_pad($input, $size);
        $td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, &#39;&#39;, MCRYPT_MODE_ECB, &#39;&#39;);
        $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
        mcrypt_generic_init($td, $this->key, $iv);

        $data = mcrypt_generic($td, $input);
        mcrypt_generic_deinit($td);
        mcrypt_module_close($td);
        $data = base64_encode($data);

        return $data;

    }
    /**
     * 填充方式 pkcs5
     * @param String text 		 原始字符串
     * @param String blocksize   加密长度
     * @return String
     */
    private function pkcs5_pad($text, $blocksize) {
        $pad = $blocksize - (strlen($text) % $blocksize);
        return $text . str_repeat(chr($pad), $pad);
    }

    /**
     * 解密
     * @param String input 解密的字符串
     * @param String key   解密的key
     * @return String
     */
    public function decrypt($sStr) {
        $decrypted= mcrypt_decrypt(MCRYPT_RIJNDAEL_128,$this->key,base64_decode($sStr), MCRYPT_MODE_ECB);
        $dec_s = strlen($decrypted);
        $padding = ord($decrypted[$dec_s-1]);
        $decrypted = substr($decrypted, 0, -$padding);

        return $decrypted;
    }

}

This is an aes tool class. Note that this value needs to be modified by ourselves, and it is 16 bits

This way our user will return the ID to the front end when logging in

First control The driver is introduced

# and then instantiated

After the user successfully logs in, we encrypt this value and return it to the front end

This u_id is the encrypted value

Then we set these two methods in the comment file, these two The method is to uniformly process the parameters, so let’s make a judgment here. Any interface that uses the user ID can decrypt the user ID.

More Programming For related knowledge, please visit: programming video! !

The above is the detailed content of A brief discussion on using Aeses for encryption in PHP (with code). For more information, please follow other related articles on the PHP Chinese website!