[英]php encrypt decrypt with key in database
我很簡單地嘗試將加密的電子郵件地址和加密密鑰存儲在數據庫的兩個單獨字段中,然后在另一個頁面上對其進行解密。 有時它可以工作,但大多數情況下不起作用。
function encrypt($string, $key){
$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $string, MCRYPT_MODE_CBC, md5(md5($key))));
return $encrypted;
}
function decrypt($string, $key){
$decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($string), MCRYPT_MODE_CBC, md5(md5($key))), "\0");
return $decrypted;
}
我嘗試將我的關鍵字段從varchar更改為varbinary,似乎沒有什么不同。 我按計划進行,因此所有想法的確值得歡迎編輯:這是我的代碼index.php中的片段
$mysqli = new mysqli(DBHOST, DBUSER, DBPASSWORD, DB);
// $crypter = new Crypter();
if($mysqli->connect_errno){
echo "Failed to connect to MYSQL (".$mysqli->connect_errno.")".$mysqli->connect_error;
}
//construct string and mail to email
$email = trim($_POST['signUpEmail']);
$encryption_key = substr(md5(microtime()), 0,10);
//insert details into table
$password = $_POST['signUpPassword'];
$hashed_password = encrypt_password($password);
$stmt = $mysqli->prepare('INSERT INTO signup (username, hashed_password, enc_key) VALUES (?,?,?)');
$stmt->bind_param("sss", $email, $hashed_password, $encryption_key);
if($stmt->execute()){
$encrypted_email = encrypt($email, $encryption_key);
$row = $stmt->insert_id;
//encrypting the row num
$enc_row = mc_encrypt($row, '000');
$link = "signup/signuser.php?u=".$enc_row."&&e=".$encrypted_email;
echo 'mail link <a href="'.$link.'">'.$link.'</a>'."<br />";
signuser.php
$enc_id = $_GET['u'];
$enc_email = $_GET['e'];
//$crypter = new Crypter();
echo $id = mc_decrypt($enc_id, '000');
if((int)$id > 0){
$validation = new Validation();
if($validation->is_num($id, 'u')){
$mysqli = new mysqli(DBHOST, DBUSER, DBPASSWORD, DB);
if($mysqli->connect_errno){
die('Connection Error');
}
if(!$stmt = $mysqli->prepare('SELECT signup.enc_key FROM loo_signup WHERE id = ?')){
die('preparing failed');
}
if(!$stmt->bind_param('i', $id)){
die('binding undone');
}
if(!$stmt->execute()){
die('executing failed');
}
if(!$stmt->bind_result($key)){
die('binding failed');
}
if($stmt->fetch()){
echo decrypt($enc_email, $key);
}
有一個AES加密類, http://asirra-php.googlecode.com/svn/trunk/AES.class.php可以這樣使用:
function crypt_data($content, $encrypt) {
include_once ('AES.class.php');
$_content = "";
if (!empty($content)) {
$key256 = '603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4';
$Cipher = new AES(AES::AES256);
if ($encrypt) {
$_content = $Cipher->encrypt($Cipher->stringToHex($content), $key256);
} else {
$_content = $Cipher->hexToString($Cipher->decrypt($content, $key256));
}
}
return $_content;
}
然后像這樣使用它:
$encrypted = crypt_data($string_to_encrypt, true);
$decrypted = crypt_data($string_to_decrypt, false);
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.