PHP Token token improved version _php tips

It was because of the use of Base64 that the problem occurred when the token was sent through the Get method.
For example: http://test/test.php?a=1+2
You use $_get["a" to obtain is: 1 2, namely that the plus sign is gone. At first I used UrlEncode to convert it, but there were always one or two results that were unexpected.

Later think of Base64 characters are limited to: [a-za-z0-9\+\/=] So many, plus the problem, I will replace the plus sign without problems, underline is the best choice. Here is the modified code:

GEncrypt.inc.php

Copy Code code as follows:

<?php
Class Gencrypt {
protected static function keyed ($txt, $encrypt _key) {
$encrypt _key = MD5 ($encrypt _key);
$ctr = 0;
$tmp = "";
for ($i = 0; $i < strlen ($txt); $i + +) {
if ($ctr = = strlen ($encrypt _key))
$ctr = 0;
$tmp. = substr ($txt, $i, 1) ^ substr ($encrypt _key, $ctr, 1);
$ctr + +;
}
return $tmp;
}

public static function Encrypt ($txt, $key) {
$encrypt _key = MD5 ((float) Date ("Ymdhis") + rand (10000000000000000, 99999999999999999)). Rand (100000, 999999 ) );
$ctr = 0;
$tmp = "";
for ($i = 0; $i < strlen ($txt); $i + +) {
if ($ctr = = strlen ($encrypt _key))
$ctr = 0;
$tmp. = substr ($encrypt _key, $ctr, 1). (Substr ($txt, $i, 1) ^ substr ($encrypt _key, $ctr, 1));
$ctr + +;
}
Return (Preg_replace ("/\\+/s", "_", Base64_encode (self::keyed ($tmp, $key)));
}
Base64 [a-za-z0-9\+\/=]
public static function Decrypt ($txt, $key) {
if ($txt = = "") {return false;}
Echo preg_replace ("/_/s", "+", $txt);
$txt = self::keyed (Base64_decode (Preg_replace ("/_/s", "+", $txt)), $key);
$tmp = "";
for ($i = 0; $i < strlen ($txt); $i + +) {
$MD 5 = substr ($txt, $i, 1);
$i + +;
$tmp. = (substr ($txt, $i, 1) ^ $md 5);
}
return $tmp;
}
}

?>

GToken.inc.php

Copy Code code as follows:

<?php
/**
* Principle: When requesting allocation of token, try to allocate a unique token, base64 (time + rand + action)
* If submitted, place this token record stating that this token is used and can be followed to avoid duplicate submissions.
*
*/
Class Gtoken {

/**
* Get all the current token
*
* @return Array
*/
public static function Gettokens () {
$tokens = $_session[gconfig::ssn_key_token];
if (Empty ($tokens) &&!is_array ($tokens)) {
$tokens = Array ();
}
return $tokens;
}

/**
* To produce a new token
*
* @param string $formName
* @param encryption Key $key
* @return String
*/

public static function Newtoken ($formName, $key = Gconfig::encrypt_key) {
$token = Gencrypt::encrypt ($formName. session_id (), $key);
return $token;
}

/**
* Delete token, in fact, add an element to an array of sessions to show that the token has been used to avoid duplication of data submissions.
*
* @param string $token
*/
public static function Droptoken ($token) {
$tokens = Self::gettokens ();
$tokens [] = $token;
Gsession::set (Gconfig::session_key_token, $tokens);
}

/**
* Check to see if the specified token
*
* @param string $token The token value to check
* @param string $formName
* @param boolean $fromCheck whether to check the routing and, if true, to determine whether the attached session_id in token is the same as the current session_id.
* @param string $key encryption key
* @return Boolean
*/

public static function Istoken ($token, $formName, $fromCheck = False, $key = Gconfig::encrypt_key) {
if (empty ($token)) return false;

$tokens = Self::gettokens ();

if (In_array ($token, $tokens))//If present, the description is in use token
return false;

$source = Gencrypt::d ecrypt ($token, $key);

if ($fromCheck)
return $source = = $formName. session_id ();
else{
Return Strpos ($source, $formName) = = 0;
}
}

public static function Gettokenkey ($token, $key = Gconfig::encrypt_key) {
if ($token = = NULL | | Trim ($token) = = "") return false;
$source = Gencrypt::d ecrypt ($token, $key);
return $source!= ""? Str_replace (session_id (), "", $source): false;
}

Public Function Newtokenforsmarty ($params) {
$form = null;
Extract ($params);
Return Self::newtoken ($form);
}
}
?>