Shulou(Shulou.com)06/03 Report--

Today, I will talk to you about what PHP encryption and decryption skills are, many people may not know much about it. In order to make you understand better, the editor has summarized the following content for you. I hope you can get something according to this article.

Here we introduce in detail the implementation of PHP encryption and decryption. I hope the content of this article will improve your understanding of the PHP language. Recently, when learning URL jump, there are three super-useful PHP encryption and decryption functions, which seem to be in discuz.

The reason for using these PHP encryption and decryption is that sometimes if you want to crack your value after your URL address is obtained, you must know your key. Without key, it should take him a while to know the contents of your URL.

To cut the gossip, pack them into a file and call it fun.php.

/ / array.php

< ?php include "fun.php"; $arrayarray = array( "a" =>

"1"

"b" = > "2"

"c" = > "3"

"d" = > "4"

);

/ / serialize produces a value that can be stored

Returns a string that is restored by unserialize

$txt = serialize ($array)

$key = "testkey"

$encrypt = passport_encrypt ($txt,$key)

$decrypt = passport_decrypt ($encrypt,$key)

$decryptArray = unserialize ($decrypt)

Echo $txt. "

< br>

< hr>

"

Echo $encrypt. "

< br>

< hr>

"

Echo $decrypt. "

< br>

< hr>

"

Echo $decryptArray. "

< br>

< hr>

"

? >

Here comes the crucial point... When you want to jump to another URL, but want to make sure your session is correct, you need to do a deal with session. It seems that a company has a website and a forum, both places have registration and login, but they do not want users to fail session when they jump to the forum after logging in to the home page, that is, to log in once and run a complete company.

Then how to deal with the user's session?

Web pages are stateless. If you want to continue to use session in a new web page, you need to move session from one place to another. Some people may have thought that I can call it through url address. . PHP has a variable that handles session, called $_ SESSION. So... .

Convert the session you need to register into an array. So, you can write like this:

/ / login.php

< ?php session_start(); include "fun.php"; …. $_SESSION["userid"]; $_SESSION["username"]; $_SESSION["userpwd"]; … header("Location: http: //$domain/process.php?s=" .urlencode(passport_encrypt (serialize($_SESSION),"sessionkey"))); ?>

In the example of PHP encryption and decryption, we first use serialize to change $_ SESSION into storable data, and then encrypt this data through passport_encrypt. The reason for adding urlencode is that when $_ SESSION is encrypted, it may produce unexpected encoding, so just in case. (it turns out to be very effective)

Deal with it first.

/ / process.php

< ?php session_start(); include "fun.php"; $_SESSION=unserialize(passport _decrypt($_GET["s"],"sessionkey")); header("Location: http://$domain/index.php"); ?>

First use $_ GET ["s"] to get the parameters of URL, then decrypt it with passport_decrypt, and then restore its data to the original data with unserialize.

At this point, your web page may jump freely through header. .

This PHP encryption and decryption method also involves the issue of security, if your url address is obtained by others in the process of passing the address, it is really embarrassing. Although people may not be able to crack the contents of url, they can also directly use this url address to log in to some of your personal accounts, email accounts or even bank accounts (of course, few people will write this, my exception, ). It sounds so scared... . But in fact, you can cancel session on the jump page. .

The following is an enhanced version of process.php

< ?php session_start(); include_once "fun.php"; $_SESSION=unserialize(passport_ decrypt($_GET["s"],"sessionkey")); if((time()-$_SESSION["TIME"])>

30) {

Header ("Location: http://"

$domain/ login.php ")

Unset ($_ SESSION ["USERNAME"])

Unset ($_ SESSION ["PASSWORD"])

}

Else

Header ("Location: http://"

$domain/ index.php ")

? >

Before you write this PHP encryption and decryption file, you also need to set it in the login side.

$_ SESSION ["TIME"] = time ()

The main reason for setting this is to get the time on both sides. If the jump time is more than 30 seconds, you can let it jump to the login.php login page. Customers with slow network speed will be embarrassed. But it also prevents if the url is obtained and the person doesn't log in within 30 seconds, then I'm sorry to log in again when I time out.

$_ SESSION ["USERNAME"] and $_ SESSION ["PASSWORD"] are the usernames and passwords that users need to enter when they log in. . The reason for canceling these two session is that if your url is acquired, that person jumps to the loign.php page in more than 30 seconds, but the passed session is still valid, as long as the url suffix login.php is changed to index.php. . Then he also logged in successfully.

After reading the above, do you have any further understanding of PHP encryption and decryption skills? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.