[英]Encrypted data won't decrypt after $_POST method in PHP
我發現,每當我從選擇selectbox
值中selectbox
值進行加密並以$_POST
方法發送並解密時,該值將變為NULL
或根本沒有任何值。 這是下面的代碼。 我也在這里使用ajax代碼,但我認為沒有必要,因為它可以傳遞值。 我該如何解決這個問題?
option.php
$species1 = 'Ant';
$species2 = "Man";
$obj = new EncDecrypt();
$species1Enc = $obj->encrypt_data($species1);
$species2Enc = $obj->encrypt_data($species2);
echo '<select id="species" name="species">';'
echo '<option value='.$species1Enc.'>Ant</option>';
echo "<option value=\"".$species2Enc."\">Man</option>";
echo '</select>';'
encdecrypt.php
Class EncDecrypt
{
public function encrypt_data($data)
{
$plaintext = $data;
$password = '3sc3RLrpd17';
$method = 'aes-256-cbc';
$key = password_hash($password, CRYPT_BLOWFISH, ['cost' => 12]);
$iv = chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0);
$encrypted = base64_encode(openssl_encrypt($plaintext, $method, $key, OPENSSL_RAW_DATA, $iv));
return $encrypted;
}
public function decrypt_data($data)
{
$data = $data;
$password = '3sc3RLrpd17';
$method = 'aes-256-cbc';
$key = password_hash($password, CRYPT_BLOWFISH, ['cost' => 12]);
$iv = chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0);
$decrypted = openssl_decrypt(base64_decode($data), $method, $key, OPENSSL_RAW_DATA, $iv);
return $decrypted;
}
}
display.php
if(isset($_POST["species"]) && !empty($_POST['species']))
{
$decdata = new EncDecrypt();
$decryptData = $decdata->decrypt_data($_POST['species']);
echo "<h1>".$species."</h1>";
}
你有幾個錯字'
尾隨你;
在echo '<select id="species" name="species">';'
並echo '</select>';'
然后,我不完全理解您為什么要嘗試加密表單數據以及您到底想達到什么目的。
無論如何,對於您的技術部分,為什么加密/解密部分不起作用:
首先,您使用$key = password_hash($password, CRYPT_BLOWFISH, ['cost' => 12]);
每次都會創建一個不同的字符串。
將其更改為以下$key = hash('sha256', $password, true);
然后,每次進行新加密時, $iv
應該是唯一的,並且必須以某種方式在POST變量中傳遞。 生成$ iv的好方法是使用openssl_random_pseudo_bytes()
因此,為了實現我之前提到的內容,您必須更改功能:
public function encrypt_data($data) {
$plaintext = $data;
$password = '3sc3RLrpd17';
$method = "AES-256-CBC";
$key = hash('sha256', $password, true);
$iv = openssl_random_pseudo_bytes(16);
$ciphertext = openssl_encrypt($plaintext, $method, $key, OPENSSL_RAW_DATA, $iv);
$hash = hash_hmac('sha256', $ciphertext, $key, true);
return $iv . $hash . $ciphertext;
}
public function decrypt_data($data) {
$ivHashCiphertext = $data;
$password = '3sc3RLrpd17';
$method = "AES-256-CBC";
$iv = substr($ivHashCiphertext, 0, 16);
$hash = substr($ivHashCiphertext, 16, 32);
$ciphertext = substr($ivHashCiphertext, 48);
$key = hash('sha256', $password, true);
if (hash_hmac('sha256', $ciphertext, $key, true) !== $hash) return null;
return openssl_decrypt($ciphertext, $method, $key, OPENSSL_RAW_DATA, $iv);
}
最后,在調用encrypt_data
和encrypt_data
decrypt_data()
函數時,需要使用base64_encode()
和base64_decode()
$species1Enc = base64_encode($obj->encrypt_data($species1));
$species2Enc = base64_encode($obj->encrypt_data($species2));
$decryptData = $decdata->decrypt_data(base64_decode($_POST['species']));
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.