我创建了一个加密和解密字符串的函数
function encryptDecrypt($string, $action = 'e') {
$password = '3sc3RLrpd17';
$method = 'aes-256-cbc';
$output=false;
// Must be exact 32 chars (256 bit)
$password = substr(hash('sha256', $password, true), 0, 32);
// IV must be exact 16 chars (128 bit)
$iv = chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0);
if ($action == 'e') {
$output = base64_encode(openssl_encrypt($string, $method, $password, OPENSSL_RAW_DATA, $iv));
$output = strtr(
$output,
array(
'+' => '.',
'=' => '-',
'/' => '~'
)
);
} else if ($action == 'd') {
$string = strtr(
$string,
array(
'.' => '+',
'-' => '=',
'~' => '/'
)
);
$output = openssl_decrypt(base64_decode($string), $method, $password, OPENSSL_RAW_DATA, $iv);
}
return $output;
}
提供给此函数的字符串"sid=1"
将加密返回"~zhn21ZrTPEqI034H2.FGg--"
作为加密字符串,并且它的解密应返回"sid=1"
。
我面临的问题是当我将编码字符串从"~zhn21ZrTPEqI034H2.FGg--"
修改为"~zhn21ZrTPEqI034H2.FGg"
时,修改后的字符串的解密仍然会将"sid=1"
作为解密字符串返回,这不应该发生。
请帮助我如何防止这种情况发生。