PHP internal encryption and decryption algorithms

When I recently learned about URL redirection, I introduced three super-useful PHP encryption and decryption functions, which seem to be in discuz... The reason for using these encryption and decryption is that sometimes your URL address is obtained and you need to know your key if you want to crack the value-passing content, it may take a while for him to know the content in your URL. Package them into a file named fun. php.

The following are examples to help you better understand the three encryption and decryption functions.

// String. php
 "; Echo $ encrypt ."
"; Echo $ decrypt ."
";?> // Array. php
 "1", "B" => "2", "c" => "3", "d" => "4 "); // serialize generates a stored value and returns a string. unserialize restores $ txt = serialize ($ array); $ key = "testkey"; $ encrypt = passport_encrypt ($ txt, $ key); $ decrypt = passport_decrypt ($ encrypt, $ key); $ decryptArray = unserialize ($ decrypt); echo $ txt."
"; Echo $ encrypt ."
"; Echo $ decrypt ."
"; Echo $ decryptArray ."
";?>

The key point is that when you want to jump to another website, but want to ensure that your session is correct, you need to process the session. it seems that a company has a website and a forum, both of which have registration and login, but does not want users to invalidate the session when they log on to the Forum on the homepage, that is, log on to the entire company at a time.

How can we handle user sessions?

The web page is stateless. if you want to continue using the session in the new Web page, you need to move the session from one place to another. some people may already think of it, I can call it through url-based address transfer. PHP has a variable for processing sessions, called $ _ session. so convert the session to be registered into an array. then, you can write as follows:

//login.php 
 

In the preceding example, use serialize to convert $ _ SESSION into data that can be stored, and then use passport_encrypt to encrypt the data. the reason for adding urlencode is that when $ _ SESSION is encrypted, there may be unexpected code, so just in case (it turns out to be very effective)

Proceed first

//process.php 
 

Use $ _ GET ["s"] to obtain URL parameters, use passport_decrypt to decrypt the parameters, and then use unserialize to restore the data to the original data. in this step, your webpage may jump freely through the header.

This method also involves security issues. if your url address is obtained by someone during the address transfer process, it is really embarrassing, although it may not be able to crack the content in the url, however, people can also use this url to log on to some of your personal accounts, email accounts, and even bank accounts (of course few will write this, I am sorry, haha. however, you can cancel the session on The Jump page.

The following is the enhanced version of process. php:

 30){ header("Location: http://$domain/ login.php"); unset($_SESSION["USERNAME"]); unset($_SESSION["PASSWORD"]); } else header("Location: http://$domain/ index.php"); ?>

Before writing this file, you need to set it on the login side

$ _ SESSION ["TIME"] = time ();


The main reason for setting this is to obtain the time on both sides. if the jump time exceeds 30 seconds, you can redirect it to login. on the php login page, customers with slow network speeds will be embarrassed, but this also prevents users from logging on to the url within 30 seconds if the url is not obtained, logon again after timeout.

$ _ SESSION ["USERNAME"] and $ _ SESSION ["PASSWORD"] are the usernames and passwords required for logon. the reason for canceling these two sessions is that if your url is obtained, the person jumps to loign within 30 seconds. php pages, but those passed sessions are still valid, as long as the url suffix login. change php to index. php. then he successfully logged on.

For more articles about the internal encryption and decryption algorithms of PHP, refer to the Chinese PHP website!