Home > Backend Development > PHP Tutorial > Analysis of PHP encryption function principle of discuz x1.5 discuz program

Analysis of PHP encryption function principle of discuz x1.5 discuz program

WBOY
Release: 2016-07-29 08:46:24
Original
958 people have browsed it

The principle is as follows, if:
Encryption
Plain text: 1010 1001
Key: 1110 0011 Cipher text: 0100 1010
The cipher text is 0100 1010. The decryption need is XORed with the key
Decryption cipher text: 0100 1010
 Key: 1110 0011
 Clear text: 1010 1001
 There is no sophisticated algorithm. The key is very important, so the key lies in how to generate the key.
  Let’s take a look at how Kangsheng’s authcode is done


Copy the code The code is as follows:

// Parameter explanation

// $string: plain text or cipher text
// $operation: DECODE means Decryption, others represent encryption
// $key: secret key
// $expiry: ciphertext validity period
function authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) {
/ / Dynamic key length, the same plaintext will generate different ciphertext, relying on the dynamic key
$ckey_length = 4;
// Key
$key = md5($key ? $key : $GLOBALS['discuz_auth_key']) ;
// Key a will participate in encryption and decryption
$keya = md5(substr($key, 0, 16));
// Key b will be used for data integrity verification
$keyb = md5(substr( $key, 16, 16));
// Key c is used to change the generated ciphertext
$keyc = $ckey_length ? ($operation == 'DECODE' ? substr($string, 0, $ckey_length):
substr(md5(microtime()), -$ckey_length)) : '';
//Key involved in the operation
$cryptkey = $keya.md5($keya.$keyc);
$key_length = strlen($cryptkey ; // If decoding, it will start from the $ckey_length bit, because the dynamic key is stored in the $ckey_length bit before the ciphertext to ensure correct decryption
$string = $operation == 'DECODE' ? base64_decode(substr($string, $ckey_length)) :
 sprintf('%010d', $expiry ? $expiry + time() : 0).substr(md5($string.$keyb), 0, 16).$string;
$string_length = strlen ($string);
$result = '';
$box = range(0, 255);
$rndkey = array();
// Generate key book
for($i = 0; $i < = 255; $i++) {
$rndkey[$i] = ord($cryptkey[$i % $key_length]);
}
// Use a fixed algorithm to scramble the key book and increase randomness. It seems very Complex, in fact the pair does not increase the strength of the ciphertext
for($j = $i = 0; $i < 256; $i++) {
$j = ($j + $box[$i] + $ rndkey[$i]) % 256;
$tmp = $box[$i];
$box[$i] = $box[$j];
$box[$j] = $tmp;
}
/ / Core encryption and decryption part
for($a = $j = $i = 0; $i < $string_length; $i++) {
$a = ($a + 1) % 256;
$j = ($j + $box[$a]) % 256;
$tmp = $box[$a];
$box[$a] = $box[$j];
$box[$j] = $tmp;
/ / Get the key from the key book, perform XOR, and then convert it into characters
$result .= chr(ord($string[$i]) ^ ($box[($box[$a] + $box[$ j]) % 256]));
}
if($operation == 'DECODE') {
// substr($result, 0, 10) == 0 Verify data validity
// substr($result, 0, 10) - time() > 0 Verify data validity
// substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16) Verify Data integrity
// Verify data validity, please see the format of unencrypted plaintext
if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > ; 0) &&
 substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16)) {
return substr($result, 26);
} else {
return '';
}
} else {
// Save the dynamic key in the ciphertext, which is why the same plaintext can be decrypted after producing different ciphertexts
// Because the encrypted password The text may contain some special characters and may be lost during the copying process, so use base64 encoding
return $keyc.str_replace('=', '', base64_encode($result));
}
}


But it’s a bit regretful, this The function ownership belongs to Kangsheng Chuangxiang and cannot be used freely.
The above introduces the analysis of the PHP encryption function principle of the discuz x1.5 discuz program, including the content of discuz x1.5. I hope it will be helpful to friends who are interested in PHP tutorials.


Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template