修改的编码字符串的解密返回正确的解密字符串

时间:2017-12-20 12:11:34

标签: php codeigniter encryption

我创建了一个加密和解密字符串的函数

function encryptDecrypt($string, $action = 'e') {
        $password = '3sc3RLrpd17';
        $method = 'aes-256-cbc';
        $output=false;

// Must be exact 32 chars (256 bit)
        $password = substr(hash('sha256', $password, true), 0, 32);

// IV must be exact 16 chars (128 bit)
        $iv = chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0);

        if ($action == 'e') {
            $output = base64_encode(openssl_encrypt($string, $method, $password, OPENSSL_RAW_DATA, $iv));
            $output = strtr(
                $output,
                array(
                '+' => '.',
                '=' => '-',
                '/' => '~'
                    )
            );
        } else if ($action == 'd') {
            $string = strtr(
            $string,
            array(
                '.' => '+',
                '-' => '=',
                '~' => '/'
                    )
            );
            $output = openssl_decrypt(base64_decode($string), $method, $password, OPENSSL_RAW_DATA, $iv);
        }

        return $output;
    }
提供给此函数的

字符串"sid=1"将加密返回"~zhn21ZrTPEqI034H2.FGg--"作为加密字符串,并且它的解密应返回"sid=1"
我面临的问题是当我将编码字符串从"~zhn21ZrTPEqI034H2.FGg--"修改为"~zhn21ZrTPEqI034H2.FGg"时,修改后的字符串的解密仍然会将"sid=1"作为解密字符串返回,这不应该发生。
请帮助我如何防止这种情况发生。

0 个答案:

没有答案