PHP internal encryption and decryption algorithms

When I recently learned about URL redirection, three new PHP encryption and decryption functions are available, it seems that the reason for using these encryption and decryption in discuz is that sometimes your URL address is obtained and you need to know your key if you want to crack the content of the value passed in, it takes a while for him to know the content in your URL... in other words, set it to "> <LINKhref =" http: // www.

When I recently learned about URL redirection, I introduced three super-useful PHP encryption and decryption functions, which seem to be in discuz... The reason for using these encryption and decryption is that sometimes your URL address is obtained and you need to know your key if you want to crack the value-passing content, it takes a while for him to know the content in your URL...
In other words, pack them into a file and call it fun. php.
Function passport_encrypt ($ txt, $ key ){
Srand (double) microtime () * 1000000 );
$ Encrypt_key = md5 (rand (0, 32000 ));
$ Ctr = 0;
$ Tmp = '';
For ($ I = 0; $ I <strlen ($ txt); $ I ++ ){
$ Ctr = strlen ($ encrypt_key )? 0: $ ctr;
$ Tmp. = $ encrypt_key [$ ctr]. ($ txt [$ I] ^ $ encrypt_key [$ ctr ++]);
}
Return base64_encode (passport_key ($ tmp, $ key ));
}

Function passport_decrypt ($ txt, $ key ){
$ Txt = passport_key (base64_decode ($ txt), $ key );
$ Tmp = '';
For ($ I = 0; $ I <strlen ($ txt); $ I ++ ){
$ Md5 = $ txt [$ I];
$ Tmp. = $ txt [++ $ I] ^ $ md5;
}
Return $ tmp;
}

Function passport_key ($ txt, $ encrypt_key ){
$ Encrypt_key = md5 ($ encrypt_key );
$ Ctr = 0;
$ Tmp = '';
For ($ I = 0; $ I <strlen ($ txt); $ I ++ ){
$ Ctr = strlen ($ encrypt_key )? 0: $ ctr;
$ Tmp. = $ txt [$ I] ^ $ encrypt_key [$ ctr ++];
}
Return $ tmp;
}
?>
Here are some examples... Deepen understanding of these three encryption and decryption functions...
// String. php
Include "fun. php ";

$ Txt = "This is a test ";
$ Key = "testkey ";
$ Encrypt = passport_encrypt ($ txt, $ key );
$ Decrypt = passport_decrypt ($ encrypt, $ key );

Echo $ txt ."
";
Echo $ encrypt ."
";
Echo $ decrypt ."
";
?>
// Array. php
Include "fun. php ";

$ Array = array (
"A" => "1 ",
"B" => "2 ",
"C" => "3 ",
"D" => "4"
);
// Serialize generates a stored value, returns a string, unserialize restore
$ Txt = serialize ($ array );
$ Key = "testkey ";
$ Encrypt = passport_encrypt ($ txt, $ key );
$ Decrypt = passport_decrypt ($ encrypt, $ key );
$ DecryptArray = unserialize ($ decrypt );

Echo $ txt ."
";
Echo $ encrypt ."
";
Echo $ decrypt ."
";
Echo $ decryptArray ."
";
?>
The key point is... When you want to jump to another URL and ensure that your session is correct, you need to handle the session. it seems that a company has a website and a forum, both of which have registration and login, but does not want users to invalidate the session when they log on to the Forum on the homepage, that is, log on to the entire company at a time...
So how can we deal with user sessions...
The web page is stateless. if you want to continue using the session in the new Web page, you need to move the session from one place to another. some people may already think of it, I can call it through url-based address transfer .... PHP has a variable for processing sessions, called $ _ session. so ....
Convert the session to be registered into an array. you can write it as follows:
// Login. php
Session_start ();
Include "fun. php ";
....
$ _ SESSION ["userid"];
$ _ SESSION ["username"];
$ _ SESSION ["userpwd"];
...
Header ("Location: http: // $ domain/process. php? S = ". urlencode (passport_encrypt (serialize ($ _ SESSION)," sessionkey ")));
?>
In the preceding example, use serialize to convert $ _ SESSION into data that can be stored, and then use passport_encrypt to encrypt the data. the reason for adding urlencode is that when $ _ SESSION is encrypted, there may be unexpected code, so just in case... (It turns out to be very effective)
Proceed first
// Process. php
Session_start ();
Include "fun. php ";
$ _ SESSION = unserialize (passport_decrypt ($ _ GET ["s"], "sessionkey "));
Header ("Location: http: // $ domain/index. php ");
?>
Use $ _ GET ["s"] to obtain URL parameters, use passport_decrypt to decrypt the parameters, and then use unserialize to restore the data to the original data.
In this step, your webpage may jump freely through the header ....
This method also involves security issues. if your url address is obtained by someone during the address transfer process, it is really embarrassing... Although people may not be able to crack the content in the url, they can also directly use this url to log on to some of your personal accounts, email accounts and even bank accounts (of course few people write like this, except me, haha )... It sounds so scared .... But you can cancel the session on The Jump page ....
The following is the enhanced version of process. php:
Session_start ();
Include_once "fun. php ";
$ _ SESSION = unserialize (passport_decrypt ($ _ GET ["s"], "sessionkey "));
If (time ()-$ _ SESSION ["TIME"])> 30 ){
Header ("Location: http: // $ domain/login. php ");
Unset ($ _ SESSION ["USERNAME"]);
Unset ($ _ SESSION ["PASSWORD"]);
}
Else
Header ("Location: http: // $ domain/index. php ");
?>
Before writing this file, you need to set it on the login side
$ _ SESSION ["TIME"] = time ();
The main reason for setting this is to obtain the time on both sides. if the jump time exceeds 30 seconds, you can redirect it to login. on the php login page, customers with slow network speeds will be embarrassed... However, this also prevents the user from logging on to the url within 30 seconds after the url is obtained. sorry, the user has timed out and logged on again.
$ _ SESSION ["USERNAME"] and $ _ SESSION ["PASSWORD"] are the usernames and passwords that users need to enter during logon .... The reason for canceling these two sessions is that if your url is obtained, the person jumps to loign within 30 seconds. php pages, but those passed sessions are still valid, as long as the url suffix login. change php to index. php .... He successfully logged on...
I feel like a lot of nonsense... I don't know how to make people understand... if you understand it, go and practice it...