PHP Token. Because base64 is used, a problem occurs when sending the token through the GET method. For example: testtest. php? A1 + 2 you use $ _ GET [a] to obtain 12, that is, because base64 is used, a problem occurs when sending this token through the GET method.
For example, http: // test/test. php? A = 1 + 2
You can use $ _ GET ["a"] to obtain the value: 1 2, that is, the plus sign is missing. At first I used urlencode to convert it, but there was always one or two unexpected results.
Later I thought about base64 characters limited to: [A-Za-z0-9 \ + \/=] so many, the plus sign problem, I will replace the plus sign with the symbol that is not the problem, underline is the best choice. The modified code is as follows:
GEncrypt. inc. php
The code is as follows:
Class GEncrypt {
Protected static function keyED ($ txt, $ encrypt_key ){
$ Encrypt_key = md5 ($ encrypt_key );
$ Ctr = 0;
$ Tmp = "";
For ($ I = 0; $ I <strlen ($ txt); $ I ++ ){
If ($ ctr = strlen ($ encrypt_key ))
$ Ctr = 0;
$ Tmp. = substr ($ txt, $ I, 1) ^ substr ($ encrypt_key, $ ctr, 1 );
$ Ctr ++;
}
Return $ tmp;
}
Public static function encrypt ($ txt, $ key ){
$ Encrypt_key = md5 (float) date ("YmdHis") + rand (10000000000000000,999 9999999999999999). rand (100000,999 999 ));
$ Ctr = 0;
$ Tmp = "";
For ($ I = 0; $ I <strlen ($ txt); $ I ++ ){
If ($ ctr = strlen ($ encrypt_key ))
$ Ctr = 0;
$ Tmp. = substr ($ encrypt_key, $ ctr, 1). (substr ($ txt, $ I, 1) ^ substr ($ encrypt_key, $ ctr, 1 ));
$ Ctr ++;
}
Return (preg_replace ("/\ +/s", "_", base64_encode (self: keyED ($ tmp, $ key ))));
}
// Base64 [A-Za-z0-9 \ + \/=]
Public static function decrypt ($ txt, $ key ){
If ($ txt = "") {return false ;}
// Echo preg_replace ("/_/s", "+", $ txt );
$ Txt = self: keyED (base64_decode (preg_replace ("/_/s", "+", $ txt), $ key );
$ Tmp = "";
For ($ I = 0; $ I <strlen ($ txt); $ I ++ ){
$ Md5 = substr ($ txt, $ I, 1 );
$ I ++;
$ Tmp. = (substr ($ txt, $ I, 1) ^ $ md5 );
}
Return $ tmp;
}
}
?>
GToken. inc. php
The code is as follows:
/**
* Principle: a unique token, base64 (time + rand + action)
* If the token is submitted, it indicates that the token is used. you can follow the token to avoid repeated submission.
*
*/
Class GToken {
/**
* Get all the current tokens.
*
* @ Return array
*/
Public static function getTokens (){
$ Tokens = $ _ SESSION [GConfig: SSN_KEY_TOKEN];
If (empty ($ tokens )&&! Is_array ($ tokens )){
$ Tokens = array ();
}
Return $ tokens;
}
/**
* Generate a new Token
*
* @ Param string $ formName
* @ Param encryption key $ key
* @ Return string
*/
Public static function newToken ($ formName, $ key = GConfig: ENCRYPT_KEY ){
$ Token = GEncrypt: encrypt ($ formName. session_id (), $ key );
Return $ token;
}
/**
* Deleting a token actually adds an element to an array of sessions, indicating that the token has been used to avoid repeated data submission.
*
* @ Param string $ token
*/
Public static function dropToken ($ token ){
$ Tokens = self: getTokens ();
$ Tokens [] = $ token;
GSession: set (GConfig: SESSION_KEY_TOKEN, $ tokens );
}
/**
* Check whether the specified Token is used.
*
* @ Param string $ the token value to be checked
* @ Param string $ formName
* @ Param boolean $ fromCheck whether to check the route. if it is true, it determines whether the session_id appended to the token is the same as the current session_id.
* @ Param string $ key encryption key
* @ Return boolean
*/
Public static function isToken ($ token, $ formName, $ fromCheck = false, $ key = GConfig: ENCRYPT_KEY ){
If (empty ($ token) return false;
$ Tokens = self: getTokens ();
If (in_array ($ token, $ tokens) // if yes, it indicates that it is a used token.
Return false;
$ Source = GEncrypt: decrypt ($ token, $ key );
If ($ fromCheck)
Return $ source = $ formName. session_id ();
Else {
Return strpos ($ source, $ formName) = 0;
}
}
Public static function getTokenKey ($ token, $ key = GConfig: ENCRYPT_KEY ){
If ($ token = null | trim ($ token) = "") return false;
$ Source = GEncrypt: decrypt ($ token, $ key );
Return $ source! = ""? Str_replace (session_id (), "", $ source): false;
}
Public function newTokenForSmarty ($ params ){
$ Form = null;
Extract ($ params );
Return self: newToken ($ form );
}
}
?>
Bytes. For example, http: // test/test. php? A = 1 + 2 you GET it with $ _ GET ["a"]: 12, that is...