Recently, I made a vote, and we need to take anti-vote measures. But it is difficult to prevent Ticket scalping. After all, there are many methods. This method is used to prevent ticket swiping to the maximum extent.
First, define a string 'www .bkjia.com 'on the foreground page, and then use the authcode function of discuz to generate a string of ciphertext. This string of ciphertext is different each time, for example, it will generate
However, after Decoding in the background, the restored plaintext will eventually be changed back to 'www .bkjia.com '. Using this, we can determine on the server that, if the returned ciphertext is not the string after decoding, we cannot vote.
Discuz's authcode function can be said to have made significant contributions to the Chinese PHP community. Including kangsheng's own products, and most Chinese companies that use PHP use this function for encryption. authcode uses exclusive or operations for encryption and decryption.
The principle is as follows:
Encryption
The ciphertext 0100 1010 is obtained, and the decryption must be different from the key or lower.
Decryption
There is no advanced algorithm, and the key is very important. The key is how to generate the key. Let's take a look at how kangsheng's authcode works:
<? Php // parameter description // $ string: plaintext or ciphertext // $ operation: DECODE indicates decryption, and others indicate encryption // $ key: key // $ expiry: ciphertext Validity Period function authcode ($ string, $ operation = 'decode', $ key = '', $ expiry = 0) {// dynamic key length, the same plaintext will generate different ciphertext by adding the dynamic key // random key, which can make the ciphertext irregular. Even if the original text and the key are identical, the encryption result will be different each time, increase the difficulty of cracking. // The greater the value, the greater the ciphertext change law. The ckey_length of the ciphertext change = 16 to the power. // when this value is 0, no random key $ ckey_length = 4 is generated; // key $ key = md5 ($ key? $ Key: $ GLOBALS ['discuz _ auth_key ']); // key a participates in encryption and decryption $ keya = md5 (substr ($ key, 0, 16 )); // key B is used for data integrity verification $ keyb = md5 (substr ($ key, 16, 16 )); // key c is used to change the generated ciphertext $ keyc = $ ckey_length? ($ Operation = 'decode '? Substr ($ string, 0, $ ckey_length): substr (md5 (microtime (),-$ ckey_length )):''; // calculate the key $ cryptkey = $ keya. md5 ($ keya. $ keyc); $ key_length = strlen ($ cryptkey); // plaintext. The first 10 digits are used to save the timestamp. Data Validity is verified during decryption, 10 to 26 bits are used to save $ keyb (Key B). During decryption, the key will be used to verify data integrity. // if the key is decoded, it will start from the $ ckey_length bit, because the $ ckey_length bit before the ciphertext stores the dynamic key to ensure correct decryption $ string = $ operation = 'decode '? Base64_decode (substr ($ string, $ ckey_length): sprintf ('0d', $ expiry? $ Expiry + time (): 0 ). substr (md5 ($ string. $ keyb), 0, 16 ). $ string; $ string_length = strlen ($ string); $ result = ''; $ box = range (0,255); $ rndkey = array (); // generate a key book for ($ I = 0; $ I <= 255; $ I ++) {$ rndkey [$ I] = ord ($ cryptkey [$ I % $ key_length]);} // use a fixed algorithm to disrupt the key book and increase randomness. It seems complicated, in fact, the ciphertext strength is not added for ($ j = $ I = 0; $ I <256; $ I ++) {$ j = ($ j + $ box [$ I] + $ rndkey [$ I]) % 256; $ tmp = $ box [$ I]; $ box [$ I] = $ box [$ j]; $ Box [$ j] = $ tmp;} // The core encryption and decryption part for ($ a = $ j = $ I = 0; $ I <$ string_length; $ I ++) {$ a = ($ a + 1) % 256; $ j = ($ j + $ box [$ a]) % 256; $ tmp = $ box [$ a]; $ box [$ a] = $ box [$ j]; $ box [$ j] = $ tmp; // The keys obtained from the key book are different or converted into characters $ result. = chr (ord ($ string [$ I]) ^ ($ box [($ box [$ a] + $ box [$ j]) % 256]);} if ($ operation = 'decode') {// substr ($ result, 0, 10) = 0 verify the data validity // substr ($ result, 0, 10) -time ()> 0 to verify data validity // Substr ($ result, 10, 16) = substr (md5 (substr ($ result, 26 ). $ keyb), 0, 16) verify data integrity // verify data validity. Please refer to the unencrypted plaintext format if (substr ($ result, 0, 10) = 0 | substr ($ result, 0, 10)-time ()> 0) & substr ($ result, 10, 16) = substr (md5 (substr ($ result, 26 ). $ keyb), 0, 16) {return substr ($ result, 26) ;}else {return '';}} else {// Save the dynamic key in the ciphertext, this is also why the same plaintext can be decrypted after different ciphertext values are produced // because the encrypted ciphertext may be special characters and may be lost during the copy process, so it is encoded with base64 ret Urn $ keyc. str_replace ('=', '', base64_encode ($ result);} // encrypt echo authcode (" www.bkjia.com ", 'encoding '); // decrypt echo authcode ("www.bkjia.com", 'encoding'); // echo authcode ("Authorization + fC + GKP9Efq6yWeAAvdQFq + D");?>
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
