PHP Token into version _ PHP Tutorial

Source: Internet
Author: User
PHP Token. Because base64 is used, a problem occurs when sending the token through the GET method. For example: testtest. php? A1 + 2 you use $ _ GET [a] to obtain 12, that is, because base64 is used, a problem occurs when sending this token through the GET method.
For example, http: // test/test. php? A = 1 + 2
You can use $ _ GET ["a"] to obtain the value: 1 2, that is, the plus sign is missing. At first I used urlencode to convert it, but there was always one or two unexpected results.

Later I thought about base64 characters limited to: [A-Za-z0-9 \ + \/=] so many, the plus sign problem, I will replace the plus sign with the symbol that is not the problem, underline is the best choice. The modified code is as follows:

GEncrypt. inc. php

The code is as follows:


Class GEncrypt {
Protected static function keyED ($ txt, $ encrypt_key ){
$ Encrypt_key = md5 ($ encrypt_key );
$ Ctr = 0;
$ Tmp = "";
For ($ I = 0; $ I <strlen ($ txt); $ I ++ ){
If ($ ctr = strlen ($ encrypt_key ))
$ Ctr = 0;
$ Tmp. = substr ($ txt, $ I, 1) ^ substr ($ encrypt_key, $ ctr, 1 );
$ Ctr ++;
}
Return $ tmp;
}

Public static function encrypt ($ txt, $ key ){
$ Encrypt_key = md5 (float) date ("YmdHis") + rand (10000000000000000,999 9999999999999999). rand (100000,999 999 ));
$ Ctr = 0;
$ Tmp = "";
For ($ I = 0; $ I <strlen ($ txt); $ I ++ ){
If ($ ctr = strlen ($ encrypt_key ))
$ Ctr = 0;
$ Tmp. = substr ($ encrypt_key, $ ctr, 1). (substr ($ txt, $ I, 1) ^ substr ($ encrypt_key, $ ctr, 1 ));
$ Ctr ++;
}
Return (preg_replace ("/\ +/s", "_", base64_encode (self: keyED ($ tmp, $ key ))));
}
// Base64 [A-Za-z0-9 \ + \/=]
Public static function decrypt ($ txt, $ key ){
If ($ txt = "") {return false ;}
// Echo preg_replace ("/_/s", "+", $ txt );
$ Txt = self: keyED (base64_decode (preg_replace ("/_/s", "+", $ txt), $ key );
$ Tmp = "";
For ($ I = 0; $ I <strlen ($ txt); $ I ++ ){
$ Md5 = substr ($ txt, $ I, 1 );
$ I ++;
$ Tmp. = (substr ($ txt, $ I, 1) ^ $ md5 );
}
Return $ tmp;
}
}

?>


GToken. inc. php

The code is as follows:


/**
* Principle: a unique token, base64 (time + rand + action)
* If the token is submitted, it indicates that the token is used. you can follow the token to avoid repeated submission.
*
*/
Class GToken {

/**
* Get all the current tokens.
*
* @ Return array
*/
Public static function getTokens (){
$ Tokens = $ _ SESSION [GConfig: SSN_KEY_TOKEN];
If (empty ($ tokens )&&! Is_array ($ tokens )){
$ Tokens = array ();
}
Return $ tokens;
}

/**
* Generate a new Token
*
* @ Param string $ formName
* @ Param encryption key $ key
* @ Return string
*/

Public static function newToken ($ formName, $ key = GConfig: ENCRYPT_KEY ){
$ Token = GEncrypt: encrypt ($ formName. session_id (), $ key );
Return $ token;
}

/**
* Deleting a token actually adds an element to an array of sessions, indicating that the token has been used to avoid repeated data submission.
*
* @ Param string $ token
*/
Public static function dropToken ($ token ){
$ Tokens = self: getTokens ();
$ Tokens [] = $ token;
GSession: set (GConfig: SESSION_KEY_TOKEN, $ tokens );
}

/**
* Check whether the specified Token is used.
*
* @ Param string $ the token value to be checked
* @ Param string $ formName
* @ Param boolean $ fromCheck whether to check the route. if it is true, it determines whether the session_id appended to the token is the same as the current session_id.
* @ Param string $ key encryption key
* @ Return boolean
*/

Public static function isToken ($ token, $ formName, $ fromCheck = false, $ key = GConfig: ENCRYPT_KEY ){
If (empty ($ token) return false;

$ Tokens = self: getTokens ();

If (in_array ($ token, $ tokens) // if yes, it indicates that it is a used token.
Return false;

$ Source = GEncrypt: decrypt ($ token, $ key );

If ($ fromCheck)
Return $ source = $ formName. session_id ();
Else {
Return strpos ($ source, $ formName) = 0;
}
}

Public static function getTokenKey ($ token, $ key = GConfig: ENCRYPT_KEY ){
If ($ token = null | trim ($ token) = "") return false;
$ Source = GEncrypt: decrypt ($ token, $ key );
Return $ source! = ""? Str_replace (session_id (), "", $ source): false;
}

Public function newTokenForSmarty ($ params ){
$ Form = null;
Extract ($ params );
Return self: newToken ($ form );
}
}
?>

Bytes. For example, http: // test/test. php? A = 1 + 2 you GET it with $ _ GET ["a"]: 12, that is...

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.