for ($a = $j = $i = 0; $i < $string _length; $i + +) { $a = ($a + 1)%; $j = ($j + $box [$a])%; $tmp = $box [$a]; $box [$a] = $box [$j]; $box [$j] = $tmp; The key is derived from the key book and then converted into a character $result. = Chr (ord ($string [$i]) ^ ($box [($box [$a] + $box [$j])])); } function Authcode (str, operation, key, expiry) {var operation = operation? Operation: ' DECODE '; var key = key? Key: '; var expiry = expiry? Expiry:0;var ckey_length = 4;key = MD5 (key);//Key A will participate in the decryption var Keya = MD5 (KEY.SUBSTR (0, 16));//key B will be used for data integrity verification var keyb = MD 5 (KEY.SUBSTR (16, 16));//key C is used to change the generated ciphertext var KEYC = ckey_length? (Operation = = ' DECODE '? Str.substr (0, Ckey_length): MD5 (Microtime ()). substr (-ckey_length)): ";//The key that participates in the operation var cryptkey = KEYA+MD5 (KEYA+KEYC); var strbuf;if (Operation = = ' DECODE ') {str = STR.SUBSTR (ckey_length); strbuf = Base64.decode (str);// string = B.tostring ();} else {expiry = expiry? expiry + time (): 0;tmpstr = expiry.tostring (); if (tmpstr.length>=10) str = TMPSTR.SUBSTR (0,10) +md5 (str+keyb). substr (0, +) +str; else {var count = 10-tmpstr.length; for (Var i=0;i
0) && s.substr (+) = = MD5 (S.SUBSTR (+) +keyb). substr (0, +)) {s = s.substr (+);} else {s = ";}} else {var s = base64.encode (strbuf.tostring ()); var regex = new RegExp (' = ', "G"); s = s.replace (regex, '); s = keyc+s;} return s;} function time () {var Unixtime_ms = new Date (). GetTime (); return parseint (unixtime_ms/1000);} function Microtime (get_as_float) {var Unixtime_ms = new Date (). GetTime (); var sec = parseint (unixtime_ms/1000); Return get_as_float? (unixtime_ms/1000): (Unixtime_ms-(SEC *))/1000 + "+ sec;}
Parameter interpretation//$string: PlainText or ciphertext//$operation: Decode for decryption, other means encryption//$key: Key//$expiry: Ciphertext validity function Authcode ($string , $operation = ' DECODE ', $key = ', $expiry = 0) {//dynamic key length, the same plaintext will generate different ciphertext is dependent on the dynamic key $ckey _length = 4; Key $key = MD5 ($key? $key: $GLOBALS [' Discuz_auth_key ']); Key A will participate in the encryption and decryption $keya = MD5 (substr ($key, 0, 16)); Key B will be used for data integrity verification $KEYB = MD5 (substr ($key, 16, 16)); Key C is used to change the generated ciphertext $KEYC = $ckey _length? ($operation = = ' DECODE '? substr ($string, 0, $ckey _length): substr (MD5 (Microtime ()),-$ckey _length)): "; Key to participate in the operation $cryptkey = $keya. MD5 ($keya. $KEYC); $key _length = strlen ($cryptkey); PlainText, the first 10 bits are used to save the timestamp, the decryption of the validation data validity, 10 to 26 bits to save $keyb (key B), decryption will pass this key to verify the integrity of the data//if it is decoded, will start from the $ckey_length bit, because the ciphertext before $ckey_ The length bit holds the dynamic key to ensure that the decryption is correct $string = $operation = = ' DECODE '? Base64_decode (substr ($string, $ckey _length)): sprintf ('%010d ', $expiry? $expiry + Time (): 0). substr (MD5 ($string. $keyb ), 0, (+). $sTring $string _length = strlen ($string); $result = "; $box = Range (0, 255); $rndkey = Array (); Generate key book for ($i = 0; $i <= 255; $i + +) {$rndkey [$i] = Ord ($cryptkey [$i% $key _length]); }//using a fixed algorithm to disrupt the key book, add randomness, as if it is complex, in fact, does not increase the strength of the ciphertext for ($j = $i = 0; $i <; $i + +) {$j = ($j + $box [$i] + $rndkey [$i])% 256; $tmp = $box [$i]; $box [$i] = $box [$j]; $box [$j] = $tmp; }//Core plus decryption section for ($a = $j = $i = 0; $i < $string _length; $i + +) {$a = ($a + 1)% 256; $j = ($j + $box [$a])% 256; $tmp = $box [$a]; $box [$a] = $box [$j]; $box [$j] = $tmp; The key is derived from the key book and then converted into a character $result. = Chr (ord ($string [$i]) ^ ($box [($box [$a] + $box [$j])% 256])); if ($operation = = ' DECODE ') {//substr ($result, 0, 10) = = 0 Verify data validity//substr ($result, 0,)-t IME () > 0 Verifying data Validation//substr ($result, ten) = = substr (MD5 (suBSTR ($result, up). $keyb), 0, 16) Verify data integrity//Verify data validity, see format of unencrypted plaintext if (substr ($result, 0,) = = 0 | | substr ($result, 0, Ten)-time () > 0) && substr ($result, 0, +) = = substr (MD5 (substr ($result,). $keyb)) { Return substr ($result, 26); } else {return '; }} else {//To keep the dynamic key in the ciphertext, which is why the same plaintext, the production of different ciphertext can be decrypted after the reason//because the encrypted ciphertext may be some special characters, the copy process may be lost, so the base64 encoding Return $KEYC. Str_replace (' = ', ' ', Base64_encode ($result)); } }
Reply to discussion (solution)
JS Code section
Strbuf[i] =CHR (ORD (Strbuf[i]) ^ (box[(Box[a] + box[j])% 256])
Is this strbuf an array?
Whether from
STRBUF = Base64.decode (str);
Still is
Strbuf = str;
Look, strbuf are strings.
Then strbuf[i] = ' x ' is not valid for writing, although no error
Also Ord (Strbuf[i]) is also unable to return the correct value
The JS that corresponds to Ord (Strbuf[i]) is
Strbuf.charcodeat (i)
The JS that corresponds to CHR (n) is
String.fromCharCode (N)
Not seriously to see the PHP you provide the same name function, but at least your JS value, the assignment part has been a problem
Other than that:
DZ's distribution is divided into Utf-8 and GBK
Due to the character inside the code, the Authcode encoding results in version Utf-8 cannot be decoded correctly in the GBK version (solved or utf-8)
Of course, if you do not contain Chinese is not a problem, this point you must pay attention to the test
The Base64 class is also coded for utf-8. If the PHP side is not utf-8, you will not get the same result
Sorry, I was negligent. The wrong version was sent.
This code is the result of my last revision:
function Authcode (str, operation, key, expiry) {var operation = operation? Operation: ' DECODE '; var key = key? Key: '; var expiry = expiry? Expiry:0;var ckey_length = 4;key = MD5 (key);//Key A will participate in the decryption var Keya = MD5 (KEY.SUBSTR (0, 16));//key B will be used for data integrity verification var keyb = MD 5 (KEY.SUBSTR (16, 16));//key C is used to change the generated ciphertext var KEYC = ckey_length? (Operation = = ' DECODE '? Str.substr (0, Ckey_length): MD5 (Microtime ()). substr (-ckey_length)): ";//The key that participates in the operation var cryptkey = KEYA+MD5 (KEYA+KEYC); var string= ""; if (operation = = ' DECODE ') {string =base64.decode (Str.substr (Ckey_length));} else {expiry = expiry? expiry + time (): 0;tmpstr = expiry.tostring (); if (tmpstr.length>=10) string = tmpstr.su BSTR (0,10) +MD5 (str+keyb). substr (0, +) +str; else {var count = 10-tmpstr.length; for (Var i=0;i
< 256;="" i++)="" {box[i]="i;}var" rndkey="new" array();="" 产生密匙簿for(var="" rndkey[i]="cryptkey.charCodeAt(i" %="" cryptkey.length);}="" 用固定的算法,打乱密匙簿,增加随机性,好像很复杂,实际上对并不会增加密文的强度="" for(var="" j="(j" =="" 0;="" +="" box[i]="box[j];" rndkey[i])="" tmp="box[a];" box[j]="tmp;result+=String.fromCharCode(string.charCodeAt(i)" 核心加解密部分="" result="" ;for(var="" a="(a" string.length;="" 1)="" box[a])="" box[a]="box[j];" ^="" (box[(box[a]="" box[j])="" 256]));}="" if(operation="=" 'decode')="" s="" ;if((result.substr(0,="" 10)="" 0="" ||="" result.substr(="" 0,="" -="" time()="">0) && result.substr (+) = = MD5 (RESULT.SUBSTR (+) +keyb). substr (0, +)) {s = Result.substr (26);} }else {var s = base64.encode (result), var regex = new RegExp (' = ', "G"); s = s.replace (regex, '); s = keyc+s;} return s;}
Originally placed in the source of encryption and decryption data, you are now using JS to achieve, then ask, key what are you going to deal with? Just put it in JS?
Originally placed in the source of encryption and decryption data, you are now using JS to achieve, then ask, key what are you going to deal with? Just put it in JS?
Stupid customer description text transmission .... Two forced the boss panic ... So the client is required to encrypt ....
Originally placed in the source of encryption and decryption data, you are now using JS to achieve, then ask, key what are you going to deal with? Just put it in JS?
Stupid customer description text transmission .... Two forced the boss panic ... So the client is required to encrypt ....
Try to overcome the difficulties and make them black after delivery.
Originally placed in the source of encryption and decryption data, you are now using JS to achieve, then ask, key what are you going to deal with? Just put it in JS?
Stupid customer description text transmission .... Two forced the boss panic ... So the client is required to encrypt ....
Try to overcome the difficulties and make them black after delivery.
Alas, figured out. It doesn't make sense. Client, are visible.
I refer to the TX encryption method of login, give up this:
Originally placed in the source of encryption and decryption data, you are now using JS to achieve, then ask, key what are you going to deal with? Just put it in JS?
Stupid customer description text transmission .... Two forced the boss panic ... So the client is required to encrypt ....
Try to overcome the difficulties and make them black after delivery.
Alas, figured out. It doesn't make sense. Client, are visible.
I refer to the TX encryption method of login, give up this:
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
