Principles of the PHP encryption function of the discuz Forum Program

KANG Sheng's authcode function can be said to have made significant contributions to the Chinese PHP community. Including kangsheng's own products, and most Chinese companies that use PHP use this function for encryption. authcode uses exclusive or operations for encryption and decryption.

The principle is as follows:

Encryption

Plaintext: 1010 1001

Key: 1110 0011

Ciphertext: 0100 1010

The ciphertext 0100 1010 is obtained, and the decryption must be different from the key or lower.

Decryption

Ciphertext: 0100 1010

Key: 1110 0011

Plaintext: 1010 1001

There is no advanced algorithm, and the key is very important. The key is how to generate the key.

Let's take a look at how kangsheng's authcode works.

1. // parameter explanation

2. // $ string: plaintext or ciphertext

3. // $ operation: DECODE indicates decryption, and others indicates Encryption

4. // $ key: key

5. // $ expiry: ciphertext Validity Period

6. function authcode ($ string, $ operation = 'decode', $ key = '', $ expiry = 0 ){

7. // The length of the dynamic key. Different ciphertext values are generated for the same plaintext based on the dynamic key.

8. $ ckey_length = 4;

9.

10. // key

11. $ key = md5 ($ key? $ Key: $ GLOBALS ['discuz _ auth_key ']);

12.

13. // key a will participate in encryption and decryption

14. $ keya = md5 (substr ($ key, 0, 16 ));

15. // key B is used for data integrity verification.

16. $ keyb = md5 (substr ($ key, 16, 16 ));

17. // The Key c is used to change the generated ciphertext.

18. $ keyc = $ ckey_length? ($ Operation = 'decode '? Substr ($ string, 0, $ ckey_length ):

Substr (md5 (microtime (),-$ ckey_length )):'';

19. // The key involved in the operation

20. $ cryptkey = $ keya. md5 ($ keya. $ keyc );

21. $ key_length = strlen ($ cryptkey );

22. // plaintext. The first 10 digits are used to save the timestamp. Data Validity is verified during decryption, and 10 to 26 digits are used to save $ keyb (Key B). Data integrity is verified through this key during decryption.

23. // if it is decoded, it starts from the $ ckey_length bit, because the $ ckey_length bit before the ciphertext stores the dynamic key to ensure correct decryption.

24. $ string = $ operation = 'decode '? Base64_decode (substr ($ string, $ ckey_length )):

Sprintf ('% 010d', $ expiry? $ Expiry + time (): 0). substr (md5 ($ string. $ keyb), 0, 16). $ string;

25. $ string_length = strlen ($ string );

26. $ result = '';

27. $ box = range (1, 0,255 );

28. $ rndkey = array ();

29. // generate a key book

30. for ($ I = 0; $ I <= 255; $ I ++ ){

31. $ rndkey [$ I] = ord ($ cryptkey [$ I % $ key_length]);

32 .}

33. // use a fixed algorithm to disrupt the key book and increase randomness. It seems complicated. In fact, it does not increase the ciphertext strength.

34. for ($ j = $ I = 0; $ I <256; $ I ++ ){

35. $ j = ($ j + $ box [$ I] + $ rndkey [$ I]) % 256;

36. $ tmp = $ box [$ I];

37. $ box [$ I] = $ box [$ j];

38. $ box [$ j] = $ tmp;

39 .}

40. // core encryption and decryption Section

41. for ($ a = $ j = $ I = 0; $ I <$ string_length; $ I ++ ){

42. $ a = ($ a + 1) % 256;

43. $ j = ($ j + $ box [$ a]) % 256;

44. $ tmp = $ box [$ a];

45. $ box [$ a] = $ box [$ j];

46. $ box [$ j] = $ tmp;

47. // The keys obtained from the key book are different or converted into characters.

48. $ result. = chr (ord ($ string [$ I]) ^ ($ box [($ box [$ a] + $ box [$ j]) % 256]);

49 .}

50. if ($ operation = 'decode '){

51. // substr ($ result, 0, 10) = 0 verify Data Validity

52. // substr ($ result, 0, 10)-time ()> 0 to verify data Validity

53. // substr ($ result, 10, 16) = substr (md5 (substr ($ result, 26). $ keyb), 0, 16) verify data integrity

54. // verify the data validity. See the unencrypted plaintext format.

55. if (substr ($ result, 0, 10) = 0 | substr ($ result, 0, 10)-time ()> 0 )&&

Substr ($ result, 10, 16) = substr (md5 (substr ($ result, 26). $ keyb), 0, 16 )){

56. return substr ($ result, 26 );

57.} else {

58. return '';

59 .}

60.} else {

61. // Save the dynamic key in the ciphertext, Which is why different ciphertext can be decrypted in the same plaintext.

62. // because the encrypted ciphertext may be special characters, the replication process may be lost, so base64 encoding is used.

63. return $ keyc. str_replace ('=', '', base64_encode ($ result ));

64 .}

65 .}

However, it is a pity that the ownership of this function belongs to the idea of KANG Sheng and cannot be freely used.