PHP encryption function principle of DISCUZ forum Program

Kangsheng's Authcode function can be said to make a significant contribution to China's PHP industry. Including Kangsheng's own products, and most Chinese companies using PHP use this function for encryption, Authcode is encrypted and decrypted using XOR.

　　The principle is as follows, if:

Encryption

Clear text: 1010 1001

Secret key: 1110 0011

Redaction: 0100 1010

To get the ciphertext 0100 1010, the need to decrypt and the key is different or under the

Decrypt

Redaction: 0100 1010

Secret key: 1110 0011

Clear text: 1010 1001

There is no advanced algorithm, the key importance is very high, so, the key is how to generate the key.

Well, let's see what Kangsheng's Authcode do together.

1.//Parameter explanation

2.//$string: Clear text or ciphertext

3.//$operation: Decode means decryption, other means of encryption

4.//$key: Secret key

5.//$expiry: Validity of ciphertext

6. Function Authcode ($string, $operation = ' DECODE ', $key = ', $expiry = 0) {

7.//Dynamic key length, the same plaintext will generate different ciphertext is depending on the dynamic key

8. $ckey _length = 4;

9.

10.//Secret key

$key = MD5 ($key $key: $GLOBALS [' Discuz_auth_key ']);

12.

13.//Key A will participate in encryption and decryption

$keya = MD5 (substr ($key, 0, 16));

15.//key B will be used to do data integrity verification

$KEYB = MD5 (substr ($key, 16, 16));

17.//Key C used to change the generated ciphertext

$KEYC = $ckey _length? ($operation = = ' DECODE ' substr ($string, 0, $ckey _length):

SUBSTR (MD5 (Microtime ()),-$ckey _length)): ';

19.//Participate in the operation of the key

$cryptkey = $keya. MD5 ($keya. $KEYC);

$key _length = strlen ($cryptkey);

22.//Clear, the first 10 bits are used to save the timestamp, verify the data validity when decrypting, 10 to 26 bits are used to save $keyb (key B), decryption will verify the data integrity through this key

23.//If it is decoded, it will start with the $ckey_length bit, because the $ckey_length bit of the ciphertext holds the dynamic key to ensure the decryption is correct

$string = $operation = = ' DECODE '? Base64_decode (substr ($string, $ckey _length)):

sprintf ('%010d ', $expiry? $expiry + Time (): 0). substr (MD5 ($string. $keyb), 0). $string;

$string _length = strlen ($string);

$result = ';

$box = Range (0, 255);

$rndkey = Array ();

29.//Generate key Book

for ($i = 0; $i <= 255; $i + +) {

$rndkey [$i] = Ord ($cryptkey [$i% $key _length]);

32.}

33.//With fixed algorithm, to disrupt the key book, increase randomness, seems very complex, in fact, will not increase the intensity of the ciphertext

for ($j = $i = 0; $i < 256; $i + +) {

$j = ($j + $box [$i] + $rndkey [$i])% 256;

$tmp = $box [$i];

$box [$i] = $box [$j];

$box [$j] = $tmp;

39.}

40.//Core Plus decryption section

for ($a = $j = $i = 0; $i < $string _length; $i + +) {

$a = ($a + 1)% 256;

$j = ($j + $box [$a])% 256;

$tmp = $box [$a];

$box [$a] = $box [$j];

$box [$j] = $tmp;

47.//From the key book to the key to the different or, and then converted to characters

$result. = Chr (ord ($string [$i]) ^ ($box [($box [$a] + $box [$j])% 256]);

49.}

if ($operation = = ' DECODE ') {

Wuyi//substr ($result, 0, 10) = 0 Validating data validity

substr ($result, 0,)-time () > 0 Validate data validation

substr ($result) = = substr (MD5 (substr ($result,). $keyb), 0, 16 Verify data integrity

54.//Verify data validity, please see the format of unencrypted plaintext

if (substr ($result, 0,) = = 0 substr ($result, 0,)-time () > 0) &&

substr ($result) = = substr (MD5 (substr ($result,). $keyb), 0, 16)) {

Return substr ($result, 26);

} else {

Return ";

59.}

.} else {

61.//Keep the dynamic key in the ciphertext, which is why the same clear text, the production of different ciphertext can be decrypted after the reason

62.//Because the encrypted ciphertext may be some special characters, the copy process may be lost, so use base64 encoding

Str_replace return $KEYC. (' = ', ', Base64_encode ($result));

64.}

65.}

But unfortunately, this function ownership belongs to Kangsheng, and is not free to use