Analysis on the principles of the discuz program's PHP encryption function _ PHP-php Tutorial

Source: Internet
Author: User
Kang Sheng's authcode function can be said to have made significant contributions to the Chinese PHP community. Including Kangsheng's own products, and most Chinese companies that use PHP use this function for encryption. authcode uses exclusive or operations for encryption and decryption. The principle is as follows:
Encryption
Plaintext: 1010 1001
Key: 1110 0011
Ciphertext: 0100 1010
The ciphertext 0100 1010 is obtained, and the decryption must be different from the key or lower.
Decryption
Ciphertext: 0100 1010
Key: 1110 0011
Plaintext: 1010 1001
There is no advanced algorithm, and the key is very important. The key is how to generate the key.
Let's take a look at how Kangsheng's authcode works.
The code is as follows:
// Parameter description
// $ String: plaintext or ciphertext
// $ Operation: DECODE indicates decryption, and others indicates encryption
// $ Key: key
// $ Expiry: ciphertext validity period
Function authcode ($ string, $ operation = 'Decode', $ key = '', $ expiry = 0 ){
// The length of the dynamic key. different ciphertext values are generated for the same plaintext based on the dynamic key.
$ Ckey_length = 4;

// Key
$ Key = md5 ($ key? $ Key: $ GLOBALS ['discuz _ auth_key ']);

// Key a is used for encryption and decryption.
$ Keya = md5 (substr ($ key, 0, 16 ));
// Key B is used for data integrity verification.
$ Keyb = md5 (substr ($ key, 16, 16 ));
// Key c is used to change the generated ciphertext
$ Keyc = $ ckey_length? ($ Operation = 'decode '? Substr ($ string, 0, $ ckey_length ):
Substr (md5 (microtime (),-$ ckey_length )):'';
// Key used for calculation
$ Cryptkey = $ keya. md5 ($ keya. $ keyc );
$ Key_length = strlen ($ cryptkey );
// Plaintext. the first 10 digits are used to save the timestamp. data validity is verified during decryption, and 10 to 26 digits are used to save $ keyb (key B). Data integrity is verified through this key during decryption.
// If it is decoded, it starts from the $ ckey_length bit, because the $ ckey_length bit before the ciphertext stores the dynamic key to ensure correct decryption.
$ String = $ operation = 'decode '? Base64_decode (substr ($ string, $ ckey_length )):
Sprintf ('% 010d', $ expiry? $ Expiry + time (): 0). substr (md5 ($ string. $ keyb), 0, 16). $ string;
$ String_length = strlen ($ string );
$ Result = '';
$ Box = range (1, 0,255 );
$ Rndkey = array ();
// Generate a key book
For ($ I = 0; $ I <= 255; $ I ++ ){
$ Rndkey [$ I] = ord ($ cryptkey [$ I % $ key_length]);
}
// Use a fixed algorithm to disrupt the key book and increase randomness. it seems complicated. In fact, it does not increase the ciphertext strength.
For ($ j = $ I = 0; I I <256; $ I ++ ){
$ J = ($ j + $ box [$ I] + $ rndkey [$ I]) % 256;
$ Tmp = $ box [$ I];
$ Box [$ I] = $ box [$ j];
$ Box [$ j] = $ tmp;
}
// Core encryption/decryption part
For ($ a = $ j = $ I = 0; $ I <$ string_length; $ I ++ ){
$ A = ($ a + 1) % 256;
$ J = ($ j + $ box [$ a]) % 256;
$ Tmp = $ box [$ a];
$ Box [$ a] = $ box [$ j];
$ Box [$ j] = $ tmp;
// The Keys obtained from the key book are different or converted into characters.
$ Result. = chr (ord ($ string [$ I]) ^ ($ box [($ box [$ a] + $ box [$ j]) % 256]);
}
If ($ operation = 'decode '){
// Substr ($ result, 0, 10) = 0 verify data validity
// Substr ($ result, 0, 10)-time ()> 0 to verify data validity
// Substr ($ result, 10, 16) = substr (md5 (substr ($ result, 26). $ keyb), 0, 16) verify data integrity
// Verify the data validity. see the unencrypted plaintext format.
If (substr ($ result, 0, 10) = 0 | substr ($ result, 0, 10)-time ()> 0 )&&
Substr ($ result, 10, 16) = substr (md5 (substr ($ result, 26). $ keyb), 0, 16 )){
Return substr ($ result, 26 );
} Else {
Return '';
}
} Else {
// Save the dynamic key in the ciphertext, which is why different ciphertext can be decrypted in the same plain text.
// Because the encrypted ciphertext may be special characters, the copying process may be lost, so it is Base64-encoded.
Return $ keyc. str_replace ('=', '', base64_encode ($ result ));
}
}

However, it is a pity that the ownership of this function belongs to the idea of Kang Sheng and cannot be freely used.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.