发表新帖
发表新帖

Simple encryption in PHP

后端 未结
关注
3 1194
一个人的身影
一个人的身影 2020-12-28 10:23

I\'m building a with-source system which I am giving out on the \'net for providing adoptable virtual pets. The system will be owned mainly by kids. Since I want it to be us

相关标签:
3条回答
  • 情话喂你
    2020-12-28 10:49

    Why not just give each user a long, random ID and then store all the details about their pet on the server? Best practice is not to store anything in the URL, encrypted or not. All you should need is a session ID.

    0 讨论(0)
  • 爱一瞬间的悲伤
    2020-12-28 11:02

    If you are expecting a relatively low sophistication level, then you can do a very simple "xor" encryption and "store" the key as part of the URL. Then you can just use php's rand() or /dev/random or whatever to generate keys.

    Low-sophistication users won't readily figure out that all they need to do is xor the lower half of their pet ID with the upper half to get a value which can be compared to their friends. I would guess most people who would be able to recognize that was what was going on wouldn't take the time to figure it out, and those people are outside of your target audience anyways.

    Edit: If it wasn't obvious, I'm saying you give a different key to every pet (since giving the same one would not solve your problem). So if the pet variation (petvar) is a 16 bit number, you generate a 16-bit random number (rnd), then you do this: petvar = (petvar^rnd)<<16 | rnd; and then you can reverse that operation to extract the rnd and then petvar^rnd, and then just xor it again to get the original petvar.

    0 讨论(0)
  • 南笙
    2020-12-28 11:09

    You are looking for "one time padding" encryption. It takes a key and does modulus addition to characters to create the encrypted string.

    function ecrypt($str){
  $key = "abc123 as long as you want bla bla bla";
  for($i=0; $i<strlen($str); $i++) {
     $char = substr($str, $i, 1);
     $keychar = substr($key, ($i % strlen($key))-1, 1);
     $char = chr(ord($char)+ord($keychar));
     $result.=$char;
  }
  return urlencode(base64_encode($result));
}


function decrypt($str){
  $str = base64_decode(urldecode($str));
  $result = '';
  $key = "must be same key as in encrypt";
  for($i=0; $i<strlen($str); $i++) {
    $char = substr($str, $i, 1);
    $keychar = substr($key, ($i % strlen($key))-1, 1);
    $char = chr(ord($char)-ord($keychar));
    $result.=$char;
  }
return $result;
}

    So that's simple string encryption. What I would do is serialize the array of the user's parameters and pass it as a variable in the link:

    $arr = array(
  'pet_name'=>"fido",
  'favorite_food'=>"cat poop",
  'unique_id'=>3848908043
);
$param_string = encrypt(serialize($arr));

$link = "/load_pet.php?params=$param_string";

    In load_pet.php you should do the opposite:

    $param_string = $_GET["params"];
$params = unserialize(decrypt($param_string));

    Bam.

    0 讨论(0)
 看不清?
提交回复
热议问题