我发现,每当我从selectbox值中加载我的值进行加密并以$_POST方式发送并解密时,该值就会变为NULL或者不是' t有任何价值。这是下面的代码。我也在这里使用ajax代码,但我不认为它是必要的,因为它传递了值。我该如何解决这个问题?
option.php
$species1 = 'Ant';
$species2 = "Man";
$obj = new EncDecrypt();
$species1Enc = $obj->encrypt_data($species1);
$species2Enc = $obj->encrypt_data($species2);
echo '<select id="species" name="species">';'
echo '<option value='.$species1Enc.'>Ant</option>';
echo "<option value=\"".$species2Enc."\">Man</option>";
echo '</select>';'
encdecrypt.php
Class EncDecrypt
{
public function encrypt_data($data)
{
$plaintext = $data;
$password = '3sc3RLrpd17';
$method = 'aes-256-cbc';
$key = password_hash($password, CRYPT_BLOWFISH, ['cost' => 12]);
$iv = chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0);
$encrypted = base64_encode(openssl_encrypt($plaintext, $method, $key, OPENSSL_RAW_DATA, $iv));
return $encrypted;
}
public function decrypt_data($data)
{
$data = $data;
$password = '3sc3RLrpd17';
$method = 'aes-256-cbc';
$key = password_hash($password, CRYPT_BLOWFISH, ['cost' => 12]);
$iv = chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0);
$decrypted = openssl_decrypt(base64_decode($data), $method, $key, OPENSSL_RAW_DATA, $iv);
return $decrypted;
}
}
display.php
if(isset($_POST["species"]) && !empty($_POST['species']))
{
$decdata = new EncDecrypt();
$decryptData = $decdata->decrypt_data($_POST['species']);
echo "<h1>".$species."</h1>";
}
答案 0 :(得分:2)
' ; echo '<select id="species" name="species">';'和echo '</select>';'
$key = password_hash($password, CRYPT_BLOWFISH, ['cost' => 12]);个跟踪错误
然后,我不完全理解您为什么要尝试加密表单数据以及您在此处尝试实现的目的。
无论如何,关于加密 - 解密部分无法正常工作的问题的技术部分:
首先,您正在使用$key = hash('sha256', $password, true);,每次都会创建一个不同的字符串。
将此更改为以下内容
$iv
每次进行新加密时,openssl_random_pseudo_bytes()都应该是唯一的,并且必须以某种方式在POST变量中传递。生成$ iv的好方法是使用public function encrypt_data($data) {
$plaintext = $data;
$password = '3sc3RLrpd17';
$method = "AES-256-CBC";
$key = hash('sha256', $password, true);
$iv = openssl_random_pseudo_bytes(16);
$ciphertext = openssl_encrypt($plaintext, $method, $key, OPENSSL_RAW_DATA, $iv);
$hash = hash_hmac('sha256', $ciphertext, $key, true);
return $iv . $hash . $ciphertext;
}
public function decrypt_data($data) {
$ivHashCiphertext = $data;
$password = '3sc3RLrpd17';
$method = "AES-256-CBC";
$iv = substr($ivHashCiphertext, 0, 16);
$hash = substr($ivHashCiphertext, 16, 32);
$ciphertext = substr($ivHashCiphertext, 48);
$key = hash('sha256', $password, true);
if (hash_hmac('sha256', $ciphertext, $key, true) !== $hash) return null;
return openssl_decrypt($ciphertext, $method, $key, OPENSSL_RAW_DATA, $iv);
}
所以为了在你必须改变你的功能之前实现我所提到的:
base64_encode()最后,当您致电base64_decode()和encrypt_data函数时,您需要使用decrypt_data()和$species1Enc = base64_encode($obj->encrypt_data($species1));
$species2Enc = base64_encode($obj->encrypt_data($species2));
$decryptData = $decdata->decrypt_data(base64_decode($_POST['species']));
function doIt(text) {
for (var i = 1; i <= 6: i++) {
if (('panel' + i.toString()) == text) {
if (document.getElementById('move' + i.toString()).parentElement.getAttribute('id') ==
'panel'+i.toString()) {
document.getElementById('div'+i.toString()).appendChild(
document.getElementById('move' + i.toString())
);
document.getElementById('div'+i.toString()).insertBefore(
document.getElementById('move' + i.toString()), document.getElementById('div'+i.toString()).firstChild);
document.getElementById('move' + i.toString()).innerHTML = document.getElementById('move' + i).innerHTML.substr(1);
} else {
document.getElementById('panel' + i.toString()).appendChild(
document.getElementById('move' + i.toString()));
document.getElementById('move' + i.toString()).innerHTML = '-' + document.getElementById('move' + i.toString()).innerHTML;
}
}
}
}