PHP internal encryption and decryption algorithms

Package them into a file named fun. php.
Copy codeThe Code is as follows:
<? Php
Function passport_encrypt ($ txt, $ key ){
Srand (double) microtime () * 1000000 );
$ Encrypt_key = md5 (rand (0, 32000 ));
$ Ctr = 0;
$ Tmp = '';
For ($ I = 0; $ I <strlen ($ txt); $ I ++ ){
$ Ctr = strlen ($ encrypt_key )? 0: $ ctr;
$ Tmp. = $ encrypt_key [$ ctr]. ($ txt [$ I] ^ $ encrypt_key [$ ctr ++]);
}
Return base64_encode (passport_key ($ tmp, $ key ));
}

Function passport_decrypt ($ txt, $ key ){
$ Txt = passport_key (base64_decode ($ txt), $ key );
$ Tmp = '';
For ($ I = 0; $ I <strlen ($ txt); $ I ++ ){
$ Md5 = $ txt [$ I];
$ Tmp. = $ txt [++ $ I] ^ $ md5;
}
Return $ tmp;
}

Function passport_key ($ txt, $ encrypt_key ){
$ Encrypt_key = md5 ($ encrypt_key );
$ Ctr = 0;
$ Tmp = '';
For ($ I = 0; $ I <strlen ($ txt); $ I ++ ){
$ Ctr = strlen ($ encrypt_key )? 0: $ ctr;
$ Tmp. = $ txt [$ I] ^ $ encrypt_key [$ ctr ++];
}
Return $ tmp;
}
?>


The following are examples to help you better understand the three encryption and decryption functions.
Copy codeThe Code is as follows:
// String. php
<? Php
Include "fun. php ";

$ Txt = "This is a test ";
$ Key = "testkey ";
$ Encrypt = passport_encrypt ($ txt, $ key );
$ Decrypt = passport_decrypt ($ encrypt, $ key );

Echo $ txt. "<br> Echo $ encrypt. "<br> Echo $ decrypt. "<br> ?>

// Array. php
<? Php
Include "fun. php ";

$ Array = array (
"A" => "1 ",
"B" => "2 ",
"C" => "3 ",
"D" => "4"
);
// Serialize generates a stored value, returns a string, unserialize restore
$ Txt = serialize ($ array );
$ Key = "testkey ";
$ Encrypt = passport_encrypt ($ txt, $ key );
$ Decrypt = passport_decrypt ($ encrypt, $ key );
$ DecryptArray = unserialize ($ decrypt );

Echo $ txt. "<br> Echo $ encrypt. "<br> Echo $ decrypt. "<br> Echo $ decryptArray. "<br> ?>


The key point is that when you want to jump to another website, but want to ensure that your session is correct, you need to process the session. it seems that a company has a website and a forum, both of which have registration and login, but does not want users to invalidate the session when they log on to the Forum on the homepage, that is, log on to the entire company at a time.

How can we handle user sessions?

The web page is stateless. If you want to continue using the session in the new web page, you need to move the session from one place to another. Some people may already think of it, I can call it through url-based address transfer. PHP has a variable for processing sessions, called $ _ session. so convert the session to be registered into an array. then, you can write as follows:
Copy codeThe Code is as follows:
// Login. php
<? Php
Session_start ();
Include "fun. php ";
$ _ SESSION ["userid"];
$ _ SESSION ["username"];
$ _ SESSION ["userpwd"];

Header ("Location: http: // $ domain/process. php? S = ". urlencode (passport_encrypt (serialize ($ _ SESSION)," sessionkey ")));
?>

In the preceding example, use serialize to convert $ _ SESSION into data that can be stored, and then use passport_encrypt to encrypt the data. The reason for adding urlencode is that when $ _ SESSION is encrypted, there may be unexpected code, so just in case (it turns out to be very effective)

Proceed first
Copy codeThe Code is as follows:
// Process. php
<? Php
Session_start ();
Include "fun. php ";
$ _ SESSION = unserialize (passport_decrypt ($ _ GET ["s"], "sessionkey "));
Header ("Location: http: // $ domain/index. php ");
?>


Use $ _ GET ["s"] to obtain URL parameters, use passport_decrypt to decrypt the parameters, and then use unserialize to restore the data to the original data. In this step, your webpage may jump freely through the header.

This method also involves security issues. If your url address is obtained by someone during the address transfer process, it is really embarrassing, although it may not be able to crack the content in the url, however, people can also use this url to log on to some of your personal accounts, email accounts, and even bank accounts (of course few will write this, I am sorry, haha. however, you can cancel the session on the jump page.

The following is the enhanced version of process. php:
Copy codeThe Code is as follows:
<? Php
Session_start ();
Include_once "fun. php ";
$ _ SESSION = unserialize (passport_decrypt ($ _ GET ["s"], "sessionkey "));
If (time ()-$ _ SESSION ["TIME"])> 30 ){
Header ("Location: http: // $ domain/login. php ");
Unset ($ _ SESSION ["USERNAME"]);
Unset ($ _ SESSION ["PASSWORD"]);
}
Else
Header ("Location: http: // $ domain/index. php ");
?>


Before writing this file, you need to set it on the login side

$ _ SESSION ["TIME"] = time ();


The main reason for setting this is to obtain the time on both sides. If the jump time exceeds 30 seconds, you can redirect it to login. on the php login page, customers with slow network speeds will be embarrassed, but this also prevents users from logging on to the url within 30 seconds if the url is not obtained, logon again after timeout.

$ _ SESSION ["USERNAME"] and $ _ SESSION ["PASSWORD"] Are the usernames and passwords required for logon. the reason for canceling these two sessions is that if your url is obtained, the person jumps to loign within 30 seconds. php pages, but those passed sessions are still valid, as long as the url suffix login. change php to index. php. then he successfully logged on.