PHP token token Improved _php tutorial

Source: Internet
Author: User
It was because of the use of Base64 that there was a problem when sending this token through the Get method.
For example: http://test/test.php?a=1+2
You use $_get["a"] to obtain is: 1 2, that is, the plus sign is gone. At first I used UrlEncode to convert it, but there were always one or two of the results that were unexpected.

Later think of the Base64 character is limited to: [a-za-z0-9\+\/=] So many, plus the problem, I will replace the plus sign with no problem, underline is the best choice. The following is the modified code:

GEncrypt.inc.php
Copy CodeThe code is as follows:
Class Gencrypt {
protected static function KeyED ($txt, $encrypt _key) {
$encrypt _key = MD5 ($encrypt _key);
$ctr = 0;
$tmp = "";
for ($i = 0; $i < strlen ($txt); $i + +) {
if ($ctr = = strlen ($encrypt _key))
$ctr = 0;
$tmp. = substr ($txt, $i, 1) ^ substr ($encrypt _key, $ctr, 1);
$ctr + +;
}
return $tmp;
}

public static function Encrypt ($txt, $key) {
$encrypt _key = MD5 ((float) Date ("Ymdhis") + rand (10000000000000000, 99999999999999999)). Rand (100000, 999999 ) );
$ctr = 0;
$tmp = "";
for ($i = 0; $i < strlen ($txt); $i + +) {
if ($ctr = = strlen ($encrypt _key))
$ctr = 0;
$tmp. = substr ($encrypt _key, $ctr, 1). (Substr ($txt, $i, 1) ^ substr ($encrypt _key, $ctr, 1));
$ctr + +;
}
Return (Preg_replace ("/\\+/s", "_", Base64_encode (self::keyed ($tmp, $key))));
}
Base64 [a-za-z0-9\+\/=]
public static function Decrypt ($txt, $key) {
if ($txt = = "") {return false;}
Echo preg_replace ("/_/s", "+", $txt);
$txt = self::keyed (Base64_decode (Preg_replace ("/_/s", "+", $txt)), $key);
$tmp = "";
for ($i = 0; $i < strlen ($txt); $i + +) {
$MD 5 = substr ($txt, $i, 1);
$i + +;
$tmp. = (substr ($txt, $i, 1) ^ $md 5);
}
return $tmp;
}
}

?>

GToken.inc.php

Copy CodeThe code is as follows:
/**
* Principle: When requesting token assignment, find a way to assign a unique token, base64 (time + rand + action)
* If submitted, this token record, stating that token is used, can be followed by it to avoid duplication of submissions.
*
*/
Class GToken {

/**
* Get all current tokens
*
* @return Array
*/
public static function Gettokens () {
$tokens = $_session[gconfig::ssn_key_token];
if (Empty ($tokens) &&!is_array ($tokens)) {
$tokens = Array ();
}
return $tokens;
}

/**
* Generate a new token
*
* @param string $formName
* @param encryption Key $key
* @return String
*/

public static function Newtoken ($formName, $key = Gconfig::encrypt_key) {
$token = Gencrypt::encrypt ($formName. session_id (), $key);
return $token;
}

/**
* Deleting tokens is actually adding an element to an array in the session stating that the token has been used to avoid repeated data submissions.
*
* @param string $token
*/
public static function Droptoken ($token) {
$tokens = Self::gettokens ();
$tokens [] = $token;
Gsession::set (Gconfig::session_key_token, $tokens);
}

/**
* Check if the token is specified
*
* @param string $token The token value to check
* @param string $formName
* @param boolean $fromCheck whether to check for routing, or true to determine if the session_id attached to token is the same as the current session_id.
* @param string $key encryption key
* @return Boolean
*/

public static function Istoken ($token, $formName, $fromCheck = False, $key = Gconfig::encrypt_key) {
if (empty ($token)) return false;

$tokens = Self::gettokens ();

if (In_array ($token, $tokens))//If present, the description is used token
return false;

$source = Gencrypt::d ecrypt ($token, $key);

if ($fromCheck)
return $source = = $formName. session_id ();
else{
Return Strpos ($source, $formName) = = = 0;
}
}

public static function Gettokenkey ($token, $key = Gconfig::encrypt_key) {
if ($token = = NULL | | Trim ($token) = = "") return false;
$source = Gencrypt::d ecrypt ($token, $key);
return $source! = ""? Str_replace (session_id (), "", $source): false;
}

Public Function Newtokenforsmarty ($params) {
$form = null;
Extract ($params);
Return Self::newtoken ($form);
}
}
?>

http://www.bkjia.com/PHPjc/319205.html www.bkjia.com true http://www.bkjia.com/PHPjc/319205.html techarticle it was because of the use of Base64 that there was a problem when sending this token through the Get method. For example: http://test/test.php?a=1+2 you use $_get["a" to obtain is: 12, that ...

  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.