About how to convert the Authcode function of DZ to the JS version. This post was last edited by TottyAndBaty at 23:43:38
Someone asked this question in the forum.
Http://bbs.csdn.net/topics/390310377? Page = 1 # post-393233055
I tried to write the authcode of this php version into the js version, but the results were too far different.
Some JS functions in PHP can be found here:
Chr: http://phpjs.org/functions/chr/
Ord: http://phpjs.org/functions/ord/
Base64.encode, Base64.decode http://www.webtoolkit.info/javascript-base64.html
Md5: http://phpjs.org/functions/md5/
The test results of Base64.encode and Base64.decode are the same as those of php ,.
In that post, the moderator said, "because of the character set problem (JavaScript always uses unicode), it is meaningless to wait with php after literal translation ".
The Authcode function of DZ uses the RC4 algorithm,
For ($ a = $ j = $ I = 0; $ I <$ string_length; $ I ++) {$ a = ($ a + 1) % 256; $ j = ($ j + $ box [$ a]) % 256; $ tmp = $ box [$ a]; $ box [$ a] = $ box [$ j]; $ box [$ j] = $ tmp; // The Keys obtained from the key book are different or, then convert it into a character $ result. = chr (ord ($ string [$ I]) ^ ($ box [($ box [$ a] + $ box [$ j]) % 256]);}
If this part is written as the JS version, the problem is different from that of the php version. $ String is the same before this code is run, but it won't be able to be used after it is run.
Code:
Function authcode (str, operation, key, expiry) {var operation = operation? Operation: 'decode'; var key = key? Key: ''; var expiry = expiry? Expiry: 0; var ckey_length = 4; key = md5 (key); // key a is used for encryption and decryption. var keya = md5 (key. substr (0, 16); // key B is used for data integrity verification var keyb = md5 (key. substr (16, 16); // The key c is used to change the generated ciphertext var keyc = ckey_length? (Operation = 'decode '? Str. substr (0, ckey_length): md5 (microtime ()). substr (-ckey_length): ''; // key used for calculation var cryptkey = keya + md5 (keya + keyc); var strbuf; if (operation = 'decode ') {str = str. substr (ckey_length); strbuf = Base64.decode (str); // string = B. toString ();} else {expiry = expiry? Expiry + time (): 0; tmpstr = expiry. toString (); if (tmpstr. length> = 10) str = tmpstr. substr (0, 10) + md5 (str + keyb ). substr (0, 16) + str; else {var count = 10-tmpstr. length; for (var I = 0; I
0) & s. substr (10, 16) = md5 (s. substr (26) + keyb ). substr (0, 16) {s = s. substr (26);} else {s = '';} else {var s = Base64.encode (strbuf. toString (); var regex = new RegExp ('=', "g"); s = s. replace (regex, ''); s = keyc + s;} return s;} function time () {var unixtime_ms = new Date (). getTime (); return parseInt (unixtime_ms/1000);} function microtime (get_as_float) {var unixtime_ms = new Date (). getTime (); var Sec = parseInt (unixtime_ms/1000); return get_as_float? (Unixtime_ms/1000): (unixtime_ms-(sec * 1000)/1000 + ''+ sec ;}
Php version:
// Parameter description // $ string: plaintext or ciphertext // $ operation: DECODE indicates decryption, and others indicate encryption // $ key: key // $ expiry: ciphertext validity period function authcode ($ string, $ operation = 'Decode', $ key = '', $ expiry = 0) {// dynamic key length, the same plaintext will generate different ciphertext based on the dynamic key $ ckey_length = 4; // key $ key = md5 ($ key? $ Key: $ GLOBALS ['discuz _ auth_key ']); // key a Participates in encryption and decryption $ keya = md5 (substr ($ key, 0, 16 )); // key B is used for data integrity verification $ keyb = md5 (substr ($ key, 16, 16 )); // key c is used to change the generated ciphertext $ keyc = $ ckey_length? ($ Operation = 'decode '? Substr ($ string, 0, $ ckey_length): substr (md5 (microtime (),-$ ckey_length )):''; // calculate the key $ cryptkey = $ keya. md5 ($ keya. $ keyc); $ key_length = strlen ($ cryptkey); // plaintext. the first 10 digits are used to save the timestamp. data validity is verified during decryption, 10 to 26 bits are used to save $ keyb (key B). during decryption, the key will be used to verify data integrity. // if the key is decoded, it will start from the $ ckey_length bit, because the $ ckey_length bit before the ciphertext stores the dynamic key to ensure correct decryption $ string = $ operation = 'decode '? Base64_decode (substr ($ string, $ ckey_length): sprintf ('% 010d', $ expiry? $ Expiry + time (): 0 ). substr (md5 ($ string. $ keyb), 0, 16 ). $ string; $ string_length = strlen ($ string); $ result = ''; $ box = range (0,255); $ rndkey = array (); // Generate a key book for ($ I = 0; $ I <= 255; $ I ++) {$ rndkey [$ I] = ord ($ cryptkey [$ I % $ key_length]);} // use a fixed algorithm to disrupt the key book and increase randomness. it seems complicated, in fact, the ciphertext strength is not added. for ($ j = $ I = 0; $ I <256; $ I ++) {$ j = ($ j + $ box [$ I] + $ rndkey [$ I]) % 256; $ tmp = $ box [$ I]; $ box [$ I] = $ box [$ j]; $ box [$ j] = $ tmp ;} // core encryption and decryption part for ($ a = $ j = $ I = 0; $ I <$ string_length; $ I ++) {$ a = ($ a + 1) % 256; $ j = ($ j + $ box [$ a]) % 256; $ tmp = $ box [$ a]; $ box [$ a] = $ box [$ j]; $ box [$ j] = $ tmp; // The Keys obtained from the key book are different or, then convert it into a character $ result. = chr (ord ($ string [$ I]) ^ ($ box [($ box [$ a] + $ box [$ j]) % 256]);} if ($ operation = 'decode') {// substr ($ result, 0, 10) = 0 verify the data validity // substr ($ result, 0, 10) -time ()> 0 verify data validity // substr ($ result, 10, 16) = substr (md5 (substr ($ result, 26 ). $ keyb), 0, 16) verify data integrity // verify data validity. please refer to the unencrypted plaintext format if (substr ($ result, 0, 10) = 0 | substr ($ result, 0, 10)-time ()> 0) & substr ($ result, 10, 16) = substr (md5 (substr ($ result, 26 ). $ keyb), 0, 16) {return substr ($ result, 26) ;}else {return '';}} else {// Save the dynamic key in the ciphertext, this is also the reason why different ciphertext texts can be decrypted in the same plain text. // because the encrypted ciphertext may be special characters, the replication process may be lost, therefore, return $ keyc is encoded in base64 format. str_replace ('=', '', base64_encode ($ result ));}}
Reply to discussion (solution)
Js code
68 strbuf [I] = chr (ord (strbuf [I]) ^ (box [(box [a] + box [j]) % 256])
Is this strbuf an array?
Regardless
21 strbuf = Base64.decode (str );
Or
36 strbuf = str;
Strbuf is a string.
Strbuf [I] = 'x' is invalid, although no error is reported.
Similarly, ord (strbuf [I]) cannot return the correct value.
The js corresponding to ord (strbuf [I]) is
Strbuf. charCodeAt (I)
Js corresponding to chr (n) is
String. fromCharCode (n)
I didn't take the php functions with the same name seriously, but at least there was a problem with your js values and values.
In addition:
DZ releases are divided into UTF-8 and gbk
Because of the character internal code, the Authcode encoding results in UTF-8 cannot be correctly decoded in gbk (the encoding is still UTF-8)
Of course, there is no problem if you do not include Chinese characters. you must pay attention to this during the test.
The Base64 class is also UTF-8 encoded. If the php end is not UTF-8, you cannot get the same result.
Sorry, you are negligent. The version is incorrect.
This code is the result of my final correction:
Function authcode (str, operation, key, expiry) {var operation = operation? Operation: 'decode'; var key = key? Key: ''; var expiry = expiry? Expiry: 0; var ckey_length = 4; key = md5 (key); // key a is used for encryption and decryption. var keya = md5 (key. substr (0, 16); // key B is used for data integrity verification var keyb = md5 (key. substr (16, 16); // The key c is used to change the generated ciphertext var keyc = ckey_length? (Operation = 'decode '? Str. substr (0, ckey_length): md5 (microtime ()). substr (-ckey_length): ''; // key used for calculation var cryptkey = keya + md5 (keya + keyc); var string = ""; if (operation = 'decode') {string = Base64.decode (str. substr (ckey_length);} else {expiry = expiry? Expiry + time (): 0; tmpstr = expiry. toString (); if (tmpstr. length> = 10) string = tmpstr. substr (0, 10) + md5 (str + keyb ). substr (0, 16) + str; else {var count = 10-tmpstr. length; for (var I = 0; I
0) & result. substr (10, 16) = md5 (result. substr (26) + keyb ). substr (0, 16) {s = result. substr (26) ;}} else {var s = Base64.encode (result); var regex = new RegExp ('=', "g"); s = s. replace (regex, ''); s = keyc + s;} return s ;}
Basically, there is no alternative version of CHR, ORD, and so on. JS only applies. My test page encoding is all UTF-8 encoding.
Base64.encode is the same as base64_encode of php.
As mentioned above, both ord and chr provide JS versions.
Chr: http://phpjs.org/functions/chr/
Ord: http://phpjs.org/functions/ord/
The data that was originally stored in the source code is encrypted and decrypted. you can use JS to implement it now. What are you going to do with the key? Directly put it in JS?
The data that was originally stored in the source code is encrypted and decrypted. you can use JS to implement it now. What are you going to do with the key? Directly put it in JS?
The customer said plain text transmission .... Second, the boss was panic... Therefore, client encryption is required ....
The data that was originally stored in the source code is encrypted and decrypted. you can use JS to implement it now. What are you going to do with the key? Directly put it in JS?
The customer said plain text transmission .... Second, the boss was panic... Therefore, client encryption is required ....
Try to overcome the difficulties and get them hacked after delivery
The data that was originally stored in the source code is encrypted and decrypted. you can use JS to implement it now. What are you going to do with the key? Directly put it in JS?
The customer said plain text transmission .... Second, the boss was panic... Therefore, client encryption is required ....
Try to overcome the difficulties and get them hacked after delivery
Alas, I figured it out. This is meaningless. The client is visible.
I have referred to the tx login encryption method and abandoned this ..
The data that was originally stored in the source code is encrypted and decrypted. you can use JS to implement it now. What are you going to do with the key? Directly put it in JS?
The customer said plain text transmission .... Second, the boss was panic... Therefore, client encryption is required ....
Try to overcome the difficulties and get them hacked after delivery
Alas, I figured it out. This is meaningless. The client is visible.
I have referred to the tx login encryption method and abandoned this ..