將加密數據傳遞到 url 並由 php 解密

Question

這是我的 php 代碼，我將一些數據以加密形式傳遞到 url 中。

<?php 
$cancel = encrypt($_GET['id'] . '|' . hotel($_GET['id'], 'area') . '|' . $_GET['roomid']);
<input type = "hidden" name = "cancel_return" value = "<?php echo ROOT_URL; ?>/canceled.php?data=<?php echo $cancel;?>" >

這是我獲取 url 數據的下一頁：

$custom_decrypt = $_GET['data'];
$res = decrypt($custom_decrypt);
print_r( $res);

這段用於加密和解密的代碼：

    function encrypt($text){

        $salt = 'DFS65'; $key = md5($salt);
        $encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_256,$key, $text, MCRYPT_MODE_CBC, md5($key));
        $encrypted = base64_encode($encrypted); return $encrypted;

      } 

   function decrypt($text) {
        $salt = 'DFS65';
        $key = md5($salt); 
        $data = base64_decode($text); 
        $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256,$key, $data, MCRYPT_MODE_CBC, md5($key)); 
        $decrypted = rtrim($decrypted, "\0"); return $decrypted; 
    }

但我得到了這個解密結果：

3 =E j F 1tt 43a_ŋ Q4

Answer 1

You errors:

• 錯過了 php 關閉標簽?>第一行的 php 腳本
• 值應該通過input值標簽傳遞
• 接收器文件 url 應該在form action參數中
• var 的名稱應通過input名稱參數傳遞

這是你的固定代碼。 它已被修改以進行調試，因此請檢查它並根據您的需要進行更新

索引.php：

<?php

$_GET['id'] = '1';
$_GET['roomid'] = '2';

function encrypt($text){

    $salt = 'DFS65'; $key = md5($salt);
    $encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_256,$key, $text, MCRYPT_MODE_CBC, md5($key));
    $encrypted = base64_encode($encrypted); return $encrypted;

}

function decrypt($text) {
    $salt = 'DFS65';
    $key = md5($salt);
    $data = base64_decode($text);
    $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256,$key, $data, MCRYPT_MODE_CBC, md5($key));
    $decrypted = rtrim($decrypted, "\0"); return $decrypted;
}

?>

<?php $cancel = encrypt($_GET['id']. '|'. $_GET['roomid']);?>

<form action="/canceled.php" method="get">
<input type="input" readonly="readonly" name="data" value="<?php echo $cancel;?>">
<input type="submit" >
</form>

並取消了.php

<?php
function encrypt($text){

    $salt = 'DFS65'; $key = md5($salt);
    $encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_256,$key, $text, MCRYPT_MODE_CBC, md5($key));
    $encrypted = base64_encode($encrypted); return $encrypted;

}

function decrypt($text) {
    $salt = 'DFS65';
    $key = md5($salt);
    $data = base64_decode($text);
    $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256,$key, $data, MCRYPT_MODE_CBC, md5($key));
    $decrypted = rtrim($decrypted, "\0"); return $decrypted;
}



$custom_decrypt = $_GET['data'];
$res = decrypt($custom_decrypt);
print_r($res);

輸出：

1|2

Answer 2

看看你的輸入：

<input type="hidden" name="cancel_return" value=".......">

輸入字段名稱是cancel_return ，但在服務器上您試圖獲取未設置的屬性：

$custom_decrypt = $_GET['data'];

實際上應該是：

$custom_decrypt = $_GET['cancel_return'];

這（ $_GET['cancel_return'] ）將返回加密值。 然后，您可以解密該值並使用parse_url從解密的 URL 中的查詢中獲取data值。

$cancel_return = $_GET['cancel_return'];                       // Get the CORRECT value sent from the client 
$cancel_return_url = parse_url($cancel_return);                // Parse the URL that was passed to the server and return its components
parse_str($cancel_return_url['query'], $cancel_return_query);  // Parse the parameters of the query string of the url
echo decrypt($cancel_return_query['data']);                    // decrypt the 'data' parameter of the query string