加密和解密cookie(登录操作)
程序员文章站
2022-05-22 21:24:54
...
通过加密cookie是网站安全性更高,登录信息不保存在session中
在function.php文件在建立两个函数,加密和解密函数
在基类中写验证
在function.php文件在建立两个函数,加密和解密函数
/**
* 加密函数
* @param string $txt 需要加密的字符串
* @param string $key 密钥
* @return string 返回加密结果
*/
function encrypt($txt, $key = ''){
if (empty($txt)) return $txt;
if (empty($key)) $key = md5(MD5_KEY);
$chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.";
$ikey ="-x6g6ZWm2G9g_vr0Bo.pOq3kRIxsZ6rm";
$nh1 = rand(0,64);
$nh2 = rand(0,64);
$nh3 = rand(0,64);
$ch1 = $chars{$nh1};
$ch2 = $chars{$nh2};
$ch3 = $chars{$nh3};
$nhnum = $nh1 + $nh2 + $nh3;
$knum = 0;$i = 0;
while(isset($key{$i})) $knum +=ord($key{$i++});
$mdKey = substr(md5(md5(md5($key.$ch1).$ch2.$ikey).$ch3),$nhnum%8,$knum%8 + 16);
$txt = base64_encode(time().'_'.$txt);
$txt = str_replace(array('+','/','='),array('-','_','.'),$txt);
$tmp = '';
$j=0;$k = 0;
$tlen = strlen($txt);
$klen = strlen($mdKey);
for ($i=0; $i
$k = $k == $klen ? 0 : $k;
$j = ($nhnum+strpos($chars,$txt{$i})+ord($mdKey{$k++}))%64;
$tmp .= $chars{$j};
}
$tmplen = strlen($tmp);
$tmp = substr_replace($tmp,$ch3,$nh2 % ++$tmplen,0);
$tmp = substr_replace($tmp,$ch2,$nh1 % ++$tmplen,0);
$tmp = substr_replace($tmp,$ch1,$knum % ++$tmplen,0);
return $tmp;
}
/**
* 解密函数
* @param string $txt 需要解密的字符串
* @param string $key 密匙
* @return string 字符串类型的返回结果
*/
function decrypt($txt, $key = '', $ttl = 0){
if (empty($txt)) return $txt;
if (empty($key)) $key = md5(MD5_KEY);
$chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.";
$ikey ="-x6g6ZWm2G9g_vr0Bo.pOq3kRIxsZ6rm";
$knum = 0;$i = 0;
$tlen = @strlen($txt);
while(isset($key{$i})) $knum +=ord($key{$i++});
$ch1 = @$txt{$knum % $tlen};
$nh1 = strpos($chars,$ch1);
$txt = @substr_replace($txt,'',$knum % $tlen--,1);
$ch2 = @$txt{$nh1 % $tlen};
$nh2 = @strpos($chars,$ch2);
$txt = @substr_replace($txt,'',$nh1 % $tlen--,1);
$ch3 = @$txt{$nh2 % $tlen};
$nh3 = @strpos($chars,$ch3);
$txt = @substr_replace($txt,'',$nh2 % $tlen--,1);
$nhnum = $nh1 + $nh2 + $nh3;
$mdKey = substr(md5(md5(md5($key.$ch1).$ch2.$ikey).$ch3),$nhnum % 8,$knum % 8 + 16);
$tmp = '';
$j=0; $k = 0;
$tlen = @strlen($txt);
$klen = @strlen($mdKey);
for ($i=0; $i
$k = $k == $klen ? 0 : $k;
$j = strpos($chars,$txt{$i})-$nhnum - ord($mdKey{$k++});
while ($j
$tmp .= $chars{$j};
}
$tmp = str_replace(array('-','_','.'),array('+','/','='),$tmp);
$tmp = trim(base64_decode($tmp));
if (preg_match("/\d{10}_/s",substr($tmp,0,11))){
if ($ttl > 0 && (time() - substr($tmp,0,11) > $ttl)){
$tmp = null;
}else{
$tmp = substr($tmp,11);
}
}
return $tmp;
}后台系统登录页面的操作处理方法 //登录
public function login(){
if(IS_POST){
//验证验证码
if(!$this->checkverify(I('post.captcha'))){
$this->error(L('verify_error'));//L函数方便多语言系统,内容是“验证码错误”
}
$Admin=D('admin');
$res=$Admin->checkLogin(I('post.name'),I('post.pass'));//这里其实就是在model里面通过M('admin')->where(array('admin_name'=>$name,'admin_password'=>$pass))->find();
if(is_array($res) && !empty($res)) {
//admin_name用户名。amdin_id主键。admin_gid是权限组id。admin_is_super是否是超级管理员
$data=array('name'=>$res['admin_name'], 'id'=>$res['admin_id'],'gid'=>$res['admin_gid'],'sp'=>$res['admin_is_super']);
$this->systemSetKey($data);
$this->redirect(U('Index/index'));
}else{
$this->error(L('user_pass_error'));//L函数方便多语言系统,内容是“用户名或密码错误”
}
}else{
$this->display();
}
}
private function systemSetKey($user=''){
if(is_array($user) && !empty($user)){
cookie(COOKIE_PRE.'sys_key',encrypt(serialize($user),MD5_KEY),3600);//这里的COOKIE_PRE是一个常量,你可以在入口文件直接定义个常量。user是一个数据然后序列化成字符串
}
}后台系统首页的验证管理员信息的方法在基类中写验证
namespace Admin\Controller;
use Think\Controller;
class BaseController extends Controller {
protected $admin_info; //管理员资料 name id group
protected $permission; //权限内容
public function __construct(){
/**
* 验证用户是否登录
* $admin_info 管理员资料 name id
* id为1 是超级管理员
*/
$this->admin_info = $this->systemLogin();
if ($this->admin_info['id'] != 1){
// 验证权限,这个省略
}
parent::__construct();
}
/**
* 系统后台登录验证
*
* @param
* @return array 数组类型的返回结果
*/
protected final function systemLogin(){
//取得cookie内容,解密,和系统匹配
$user = unserialize(decrypt(cookie(COOKIE_PRE.'sys_key'),MD5_KEY));
if (!key_exists('gid',(array)$user) || !isset($user['sp']) || (empty($user['name']) || empty($user['id']))){
$this->redirect(U('Public/login'));
}else {
$this->systemSetKey($user);
}
return $user;
}
/**
* 系统后台 会员登录后 将会员验证内容写入对应cookie中
* @param string $name 用户名
* @param int $id 用户ID
* @return bool 布尔类型的返回结果
*/
protected final function systemSetKey($user){
cookie(COOKIE_PRE.'sys_key',encrypt(serialize($user),MD5_KEY),3600);
}
} AD:真正免费,域名+虚机+企业邮箱=0元