About DZ's Authcode function to JS version of the problem.

Source: Internet
Author: User
This post was last edited by Tottyandbaty on 2013-08-30 23:43:38

Before the forum was asked about this question, the original

http://bbs.csdn.net/topics/390310377?page=1#post-393233055


I tried to write this PHP version of Authcode into the JS version, but the results are too far apart.

Some of the functions in PHP that correspond to JS can be found here:
chr:http://phpjs.org/functions/chr/

ord:http://phpjs.org/functions/ord/

Base64.encode,base64.decode http://www.webtoolkit.info/javascript-base64.html

md5:http://phpjs.org/functions/md5/

Where the Base64.encode and Base64.decode test results are the same as in PHP.


In that post, the moderator said, "Because of the character set problem (JS always use Unicode), literal translation and PHP is not the same, no significant".

The Authcode function of DZ uses the RC4 algorithm,

  for ($a = $j = $i = 0; $i < $string _length; $i + +) {          $a = ($a + 1)%;          $j = ($j + $box [$a])%;          $tmp = $box [$a];          $box [$a] = $box [$j];          $box [$j] = $tmp;          The key is derived from the key book and then converted into a character          $result. = Chr (ord ($string [$i]) ^ ($box [($box [$a] + $box [$j])]));      }  


If this part is written in JS version, then the problem is not the same as the PHP version. $string was the same before the code was run, but it didn't work.

Attached code:

function Authcode (str, operation, key, expiry) {var operation = operation? Operation: ' DECODE '; var key = key? Key: '; var expiry = expiry? Expiry:0;var ckey_length = 4;key = MD5 (key);//Key A will participate in the decryption var Keya = MD5 (KEY.SUBSTR (0, 16));//key B will be used for data integrity verification var keyb = MD 5 (KEY.SUBSTR (16, 16));//key C is used to change the generated ciphertext var KEYC = ckey_length?  (Operation = = ' DECODE '? Str.substr (0, Ckey_length): MD5 (Microtime ()). substr (-ckey_length)): ";//The key that participates in the operation var cryptkey = KEYA+MD5 (KEYA+KEYC); var strbuf;if (Operation = = ' DECODE ') {str = STR.SUBSTR (ckey_length); strbuf = Base64.decode (str);// string = B.tostring ();} else {expiry = expiry? expiry + time (): 0;tmpstr = expiry.tostring (); if (tmpstr.length>=10) str = TMPSTR.SUBSTR    (0,10) +md5 (str+keyb). substr (0, +) +str;        else {var count = 10-tmpstr.length; for (Var i=0;i
 
  0) && s.substr (+) = = MD5 (S.SUBSTR (+) +keyb). substr (0, +)) {s = s.substr (+);} else {s = ";}} else {var s = base64.encode (strbuf.tostring ()); var regex = new RegExp (' = ', "G"); s = s.replace (regex, '); s = keyc+s;} return s;}    function time () {var Unixtime_ms = new Date (). GetTime (); return parseint (unixtime_ms/1000);}    function Microtime (get_as_float) {var Unixtime_ms = new Date (). GetTime ();    var sec = parseint (unixtime_ms/1000); Return get_as_float? (unixtime_ms/1000): (Unixtime_ms-(SEC *))/1000 + "+ sec;}
 


PHP Version:

   Parameter interpretation//$string: PlainText or ciphertext//$operation: Decode for decryption, other means encryption//$key: Key//$expiry: Ciphertext validity function Authcode ($string            , $operation = ' DECODE ', $key = ', $expiry = 0) {//dynamic key length, the same plaintext will generate different ciphertext is dependent on the dynamic key $ckey _length = 4;            Key $key = MD5 ($key? $key: $GLOBALS [' Discuz_auth_key ']);      Key A will participate in the encryption and decryption $keya = MD5 (substr ($key, 0, 16));      Key B will be used for data integrity verification $KEYB = MD5 (substr ($key, 16, 16)); Key C is used to change the generated ciphertext $KEYC = $ckey _length?      ($operation = = ' DECODE '? substr ($string, 0, $ckey _length): substr (MD5 (Microtime ()),-$ckey _length)): ";      Key to participate in the operation $cryptkey = $keya. MD5 ($keya. $KEYC);      $key _length = strlen ($cryptkey); PlainText, the first 10 bits are used to save the timestamp, the decryption of the validation data validity, 10 to 26 bits to save $keyb (key B), decryption will pass this key to verify the integrity of the data//if it is decoded, will start from the $ckey_length bit, because the ciphertext before $ckey_ The length bit holds the dynamic key to ensure that the decryption is correct $string = $operation = = ' DECODE '? Base64_decode (substr ($string, $ckey _length)): sprintf ('%010d ', $expiry? $expiry + Time (): 0). substr (MD5 ($string. $keyb ), 0, (+). $sTring      $string _length = strlen ($string);      $result = ";      $box = Range (0, 255);      $rndkey = Array ();      Generate key book for ($i = 0; $i <= 255; $i + +) {$rndkey [$i] = Ord ($cryptkey [$i% $key _length]); }//using a fixed algorithm to disrupt the key book, add randomness, as if it is complex, in fact, does not increase the strength of the ciphertext for ($j = $i = 0; $i <; $i + +) {$j = ($j + $box [$i]          + $rndkey [$i])% 256;          $tmp = $box [$i];          $box [$i] = $box [$j];      $box [$j] = $tmp;          }//Core plus decryption section for ($a = $j = $i = 0; $i < $string _length; $i + +) {$a = ($a + 1)% 256;          $j = ($j + $box [$a])% 256;          $tmp = $box [$a];          $box [$a] = $box [$j];          $box [$j] = $tmp;      The key is derived from the key book and then converted into a character $result. = Chr (ord ($string [$i]) ^ ($box [($box [$a] + $box [$j])% 256])); if ($operation = = ' DECODE ') {//substr ($result, 0, 10) = = 0 Verify data validity//substr ($result, 0,)-t IME () > 0 Verifying data Validation//substr ($result, ten) = = substr (MD5 (suBSTR ($result, up). $keyb), 0, 16) Verify data integrity//Verify data validity, see format of unencrypted plaintext if (substr ($result, 0,) = = 0 | | substr              ($result, 0, Ten)-time () > 0) && substr ($result, 0, +) = = substr (MD5 (substr ($result,). $keyb)) {          Return substr ($result, 26);          } else {return ';          }} else {//To keep the dynamic key in the ciphertext, which is why the same plaintext, the production of different ciphertext can be decrypted after the reason//because the encrypted ciphertext may be some special characters, the copy process may be lost, so the base64 encoding      Return $KEYC. Str_replace (' = ', ' ', Base64_encode ($result));   }  }


Reply to discussion (solution)

JS Code section
Strbuf[i] =CHR (ORD (Strbuf[i]) ^ (box[(Box[a] + box[j])% 256])
Is this strbuf an array?
Whether from
STRBUF = Base64.decode (str);
Still is
Strbuf = str;
Look, strbuf are strings.
Then strbuf[i] = ' x ' is not valid for writing, although no error
Also Ord (Strbuf[i]) is also unable to return the correct value

The JS that corresponds to Ord (Strbuf[i]) is
Strbuf.charcodeat (i)

The JS that corresponds to CHR (n) is
String.fromCharCode (N)

Not seriously to see the PHP you provide the same name function, but at least your JS value, the assignment part has been a problem

Other than that:
DZ's distribution is divided into Utf-8 and GBK
Due to the character inside the code, the Authcode encoding results in version Utf-8 cannot be decoded correctly in the GBK version (solved or utf-8)
Of course, if you do not contain Chinese is not a problem, this point you must pay attention to the test

The Base64 class is also coded for utf-8. If the PHP side is not utf-8, you will not get the same result

Sorry, I was negligent. The wrong version was sent.

This code is the result of my last revision:

function Authcode (str, operation, key, expiry) {var operation = operation? Operation: ' DECODE '; var key = key? Key: '; var expiry = expiry? Expiry:0;var ckey_length = 4;key = MD5 (key);//Key A will participate in the decryption var Keya = MD5 (KEY.SUBSTR (0, 16));//key B will be used for data integrity verification var keyb = MD 5 (KEY.SUBSTR (16, 16));//key C is used to change the generated ciphertext var KEYC = ckey_length?  (Operation = = ' DECODE '? Str.substr (0, Ckey_length): MD5 (Microtime ()). substr (-ckey_length)): ";//The key that participates in the operation var cryptkey =  KEYA+MD5 (KEYA+KEYC); var string= ""; if (operation = = ' DECODE ') {string =base64.decode (Str.substr (Ckey_length));} else {expiry = expiry? expiry + time (): 0;tmpstr = expiry.tostring (); if (tmpstr.length>=10) string = tmpstr.su    BSTR (0,10) +MD5 (str+keyb). substr (0, +) +str;        else {var count = 10-tmpstr.length; for (Var i=0;i
 
  < 256;="" i++)="" {box[i]="i;}var" rndkey="new" array();="" 产生密匙簿for(var="" rndkey[i]="cryptkey.charCodeAt(i" %="" cryptkey.length);}="" 用固定的算法,打乱密匙簿,增加随机性,好像很复杂,实际上对并不会增加密文的强度="" for(var="" j="(j" =="" 0;="" +="" box[i]="box[j];" rndkey[i])="" tmp="box[a];" box[j]="tmp;result+=String.fromCharCode(string.charCodeAt(i)" 核心加解密部分="" result="" ;for(var="" a="(a" string.length;="" 1)="" box[a])="" box[a]="box[j];" ^="" (box[(box[a]="" box[j])="" 256]));}="" if(operation="=" 'decode')="" s="" ;if((result.substr(0,="" 10)="" 0="" ||="" result.substr(="" 0,="" -="" time()="">0) && result.substr (+) = = MD5 (RESULT.SUBSTR (+) +keyb). substr (0, +)) {s = Result.substr (26);} }else {var s = base64.encode (result), var regex = new RegExp (' = ', "G"); s = s.replace (regex, '); s = keyc+s;} return s;}
 


Here basically did not use the alternative version of the Chr,ord, and so on, all with the JS only. My test page encoding is UTF-8 encoded.

The base64.encode here is the same as PHP's Base64_encode results.

The ord,chr mentioned above are available in JS version.

chr:http://phpjs.org/functions/chr/

ord:http://phpjs.org/functions/ord/

Originally placed in the source of encryption and decryption data, you are now using JS to achieve, then ask, key what are you going to deal with? Just put it in JS?



Originally placed in the source of encryption and decryption data, you are now using JS to achieve, then ask, key what are you going to deal with? Just put it in JS?

Stupid customer description text transmission .... Two forced the boss panic ... So the client is required to encrypt ....




Originally placed in the source of encryption and decryption data, you are now using JS to achieve, then ask, key what are you going to deal with? Just put it in JS?

Stupid customer description text transmission .... Two forced the boss panic ... So the client is required to encrypt ....
Try to overcome the difficulties and make them black after delivery.





Originally placed in the source of encryption and decryption data, you are now using JS to achieve, then ask, key what are you going to deal with? Just put it in JS?

Stupid customer description text transmission .... Two forced the boss panic ... So the client is required to encrypt ....
Try to overcome the difficulties and make them black after delivery.

Alas, figured out. It doesn't make sense. Client, are visible.

I refer to the TX encryption method of login, give up this:






Originally placed in the source of encryption and decryption data, you are now using JS to achieve, then ask, key what are you going to deal with? Just put it in JS?

Stupid customer description text transmission .... Two forced the boss panic ... So the client is required to encrypt ....
Try to overcome the difficulties and make them black after delivery.

Alas, figured out. It doesn't make sense. Client, are visible.

I refer to the TX encryption method of login, give up this:

  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.