Learn PHP encryption and decryption tips quickly _ PHP Tutorial

Quickly learn PHP encryption and decryption skills. Here we will give you a detailed description of the reason for using these PHP encryption and decryption, because sometimes your URL address is obtained and you need to know what you want to crack and pass the value in your URL. here we will give you a detailed introduction

The reason for using these PHP encryption and decryption is that sometimes your URL address is obtained and you want to crack the content that passes the value in your URL, you must know your key, no key, it takes a while for him to know the content in your URL...

In other words, pack them into a file and call it fun. php.

1. <? Php
2. Function passport_encrypt ($ txt, $ key ){
3. Srand (double) microtime () * 1000000 );
4. $ Encrypt_key = md5 (rand (0, 32000 ));
5. $ Ctr = 0;
6. $ Tmp = '';
7. For ($ I = 0; $ I< Strlen($ Txt); $ I ++ ){
8. $ Ctr = strlen ($ encrypt_key )? 0: $ ctr;
9. $ Tmp. = $ encrypt_key [$ ctr]. ($ txt [$ I]
   ^ $ Encrypt_key [$ ctr ++]);
10. }
11. Return base64_encode (passport_key ($ tmp, $ key ));
12. }
13. Function passport_decrypt ($ txt, $ key ){
14. $ Txt = passport_key (base64_decode ($ txt), $ key );
15. $ Tmp = '';
16. For ($ I = 0; $ I< Strlen($ Txt); $ I ++ ){
17. $ Md5 = $ txt [$ I];
18. $ Tmp. = $ txt [++ $ I] ^ $ md5;
19. }
20. Return $ tmp;
21. }
22. Function passport_key ($ txt, $ encrypt_key ){
23. $ Encrypt_key = md5 ($ encrypt_key );
24. $ Ctr = 0;
25. $ Tmp = '';
26. For ($ I = 0; $ I< Strlen($ Txt); $ I ++ ){
27. $ Ctr = strlen ($ encrypt_key )? 0: $ ctr;
28. $ Tmp. = $ txt [$ I] ^ $ encrypt_key [$ ctr ++];
29. }
30. Return $ tmp;
31. }
32. ?>

Here are some examples... Deepen understanding of these three PHP encryption and decryption functions...

 
 

  
  
// String. php
  
  
<? Php
  
  
Include "fun. php ";
  
  
$ Txt = "This is a test ";
  
  
$ Key = "testkey ";
  
  
$ Encrypt = passport_encrypt ($ txt, $ key );
  
  
$ Decrypt = passport_decrypt ($ encrypt, $ key );
  
  
Echo $ txt. "<br>  
  
Echo $ encrypt. "<br>  
  
Echo $ decrypt. "<br>  
  
?>
  
  
// Array. php
  
  
<? Php
  
  
Include "fun. php ";
  
  
$ Arrayarray = array (
  
  
"A" => "1 ",
  
  
"B" => "2 ",
  
  
"C" => "3 ",
  
  
"D" => "4"
  
  
);
  
  
// Serialize generates a stored value,
Returns a string, unserialize to restore.
  
  
$ Txt = serialize ($ array );
  
  
$ Key = "testkey ";
  
  
$ Encrypt = passport_encrypt ($ txt, $ key );
  
  
$ Decrypt = passport_decrypt ($ encrypt, $ key );
  
  
$ DecryptArray = unserialize ($ decrypt );
  
  
Echo $ txt. "<br>  
  
Echo $ encrypt. "<br>  
  
Echo $ decrypt. "<br>  
  
Echo $ decryptArray. "<br>  
  
?>
 
 

The key point is... When you want to jump to another URL and ensure that your session is correct, you need to handle the session. it seems that a company has a website and a forum, both of which have registration and login, but does not want users to invalidate the session when they log on to the Forum on the homepage, that is, log on to the entire company at a time...

So how can we deal with user sessions...

The web page is stateless. if you want to continue using the session in the new Web page, you need to move the session from one place to another. some people may already think of it, I can call it through url-based address transfer .... PHP has a variable for processing sessions, called $ _ session. so ....

Convert the session to be registered into an array. you can write it as follows:

 
 

  
  
//login.php 
  
  
< ?php 
  
  
session_start(); 
  
  
include “fun.php”; 
  
  
…. 
  
  
$_SESSION[“userid”]; 
  
  
$_SESSION[“username”]; 
  
  
$_SESSION[“userpwd”]; 
  
  
… 
  
  
header("Location: http:
//$domain/process.php?s="
.urlencode(passport_encrypt
(serialize($_SESSION),"sessionkey"))); 
  
  
?> 
 
 

In the example of PHP encryption and decryption, use serialize to convert $ _ SESSION into data that can be stored, and then use passport_encrypt to encrypt the data. the reason for adding urlencode is that when $ _ SESSION is encrypted, there may be unexpected code, so just in case... (It turns out to be very effective)
Proceed first

 
 

  
  
//process.php 
  
  
< ?php 
  
  
session_start(); 
  
  
include “fun.php”; 
  
  
$_SESSION=unserialize(passport
_decrypt($_GET["s"],"sessionkey")); 
  
  
header("Location: http://$domain/index.php"); 
  
  
?> 
 
 

Use $ _ GET ["s"] to obtain URL parameters, use passport_decrypt to decrypt the parameters, and then use unserialize to restore the data to the original data.
In this step, your webpage may jump freely through the header ....

This PHP encryption and decryption method also involves security issues. if your url address is obtained by someone else during the address transfer process, it is really embarrassing... Although people may not be able to crack the content in the url, they can also directly use this url to log on to some of your personal accounts, email accounts and even bank accounts (of course few people write like this, except me, haha )... It sounds so scared .... But you can cancel the session on The Jump page ....

The following is the enhanced version of process. php:

 
 

  
  
< ?php 
  
  
session_start(); 
  
  
include_once "fun.php"; 
  
  
$_SESSION=unserialize(passport_
decrypt($_GET["s"],"sessionkey")); 
  
  
if((time()-$_SESSION["TIME"])>30){ 
  
  
header("Location: http://
$domain/ login.php"); 
  
  
unset($_SESSION["USERNAME"]); 
  
  
unset($_SESSION["PASSWORD"]); 
  
  
} 
  
  
else 
  
  
header("Location: http://
$domain/ index.php"); 
  
  
?> 
 
 

Before writing this PHP encryption and decryption file, you need to set it on the login side

$ _ SESSION ["TIME"] = time ();

The main reason for setting this is to obtain the time on both sides. if the jump time exceeds 30 seconds, you can redirect it to login. on the php login page, customers with slow network speeds will be embarrassed... However, this also prevents the user from logging on to the url within 30 seconds after the url is obtained. sorry, the user has timed out and logged on again.

$ _ SESSION ["USERNAME"] and $ _ SESSION ["PASSWORD"] are the usernames and passwords that users need to enter during logon .... The reason for canceling these two sessions is that if your url is obtained, the person jumps to loign within 30 seconds. php pages, but those passed sessions are still valid, as long as the url suffix login. change php to index. php .... He successfully logged on...

The reason why ghost uses these PHP encryption and decryption is that sometimes the user's URL address is obtained and you must know the content that you want to crack...