1. 首頁
  2. 問答
  3. mcrypt_encrypt或mcrypt_decrypt沒有基本的HTML表單工作

mcrypt_encrypt或mcrypt_decrypt沒有基本的HTML表單工作

2014-02-20 15 views
5

Based on計算器上我已經創建了crpyts和解密來自HTML形式的文本頁面的一些例子。但不知何故,有時候這種情況有時候並不常見,通常情況並非如此。mcrypt_encrypt或mcrypt_decrypt沒有基本的HTML表單工作

這是怎麼發生的? htmlencode會在發佈過程中修改密鑰嗎?我如何解決這個問題? 我應該使用base64嗎?

<?php 
$key_size = mcrypt_get_key_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CFB); 
$encryption_key = openssl_random_pseudo_bytes($key_size, $strong); 

$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CFB); 
$iv = mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM); // 16 bytes output 


if($_POST){ 
    $iv = $_POST["iv"]; 
    $encryption_key = $_POST["key"]; 
    $string = $_POST["msg"]; 


    if($_POST["do"]=="encrypt"){ 
     echo "crypted"; 
     $result = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $encryption_key, $string, MCRYPT_MODE_CFB, $iv); 
    }else{ 
     echo "de-crypted"; 
     $result = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $encryption_key, $string, MCRYPT_MODE_CFB, $iv); 
    } 

} 

?> 
<div class="main" id="main"> 
    <form method="POST" action=""> 
    <input type="text" value="<?php echo $iv; ?>" name="iv"/> <br/> 
    <input type="text" value="<?php echo $encryption_key; ?>" name="key"/><br/> 

    <textarea name="msg"><?php echo $result; ?></textarea><br/> 
    <select name="do"><option>encrypt</option><option>decrypt</option></select><br/> 
    <input type="submit" value="GO"/> 
    </form> 

</div>

活生生的例子可以發現@http://lab.ohshiftlabs.com/crypt/

來源

2014-02-20 siniradam

+0

[Rü確保ü已安裝的mcrypt模塊 – user3004356

+0

否則,我認爲它想返回錯誤,但肯定的,根據它安裝的phpinfo; mcrypt的支持\t啓用 mcrypt_filter支持\t啓用 版本2.5.8 \t阿比 沒有支持的密碼\t投-128 GOST的Rijndael-128的twofish ARCFOUR鑄256 loki97的Rijndael-192 saferplus喚醒河豚-compat的DES rijndael- 256蛇xtea blowfish enigma rc2 tripledes 支持的模式\t cbc cfb ctr ecb ncfb nofb ofb stream – siniradam

+0

您正在使用哪個操作系統...嘗試運行這個'<?php phpinfo();?>'。這將顯示我在本地嘗試的細節 – user3004356

回答

1

下面是一些註釋代碼,您可能會發現有用的。我認爲你的代碼的主要問題是'mcrypt'例程的輸出是'二進制'格式,需要用某種HTML'安全'格式編碼。我用過base64。

代碼已經過測試。

<?php 
/* 
* PHP 5.3.18 on windows XP 
* 
* I don't have open_ssl active from PHP so used MCRYPT_RAND for the salt. 
* It is adequate for this exercise. 
* 
* As the encoded SALT and encrypted output are binary code i have converted all 
* the output to Base64 encoding to ensure it is HTML safe. 
* 
* It selects the appropriate default action in the 'do' select list. 
* 
* There is a new 'salt' generated at each encryption and the user is prevented from 
* changing it by making the display field as 'readonly'. Normally this would be a 'hidden' field'. 
* 
*/ 

$isEncrypted = null; // used to set default output options 
        // i like to pre-declare the script 'global' variables 


$key_size = mcrypt_get_key_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CFB); 
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CFB); 


if($_POST){ // we have some input... 

    $encryption_key = $_POST["key"]; 
    $string = $_POST["msg"]; // this may be base64 encoded... 


    if($_POST["do"]=="encrypt"){ 
     $isEncrypted = true; // used to set defaults 

     $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); // new salt with each encryption 
     $result = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $encryption_key, $string, MCRYPT_MODE_CFB, $iv); 
     $result = base64_encode($result); // $result is binary so encode as HTML safe. 


    }else{ 
     $isEncrypted = false; // used to set defaults 

     $iv = base64_decode($_POST["iv"]); // get current salt converted back to binary format 
     $string = base64_decode($string); // convert encoded text back to binary string 
     $result = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $encryption_key, $string, MCRYPT_MODE_CFB, $iv); 
    } 
}else{ // no input so create something useful... 
    $isEncrypted = false; // used to set default actions 

    $result = 'enter text to encrypt...'; // sample text 
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); // new salt 
    $encryption_key = substr('testing!' . uniqid() . '!testing', 0, $key_size); 
} 
?> 
<!DOCTYPE html> 
<html> 
    <head> 
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> 
    <title>Test Encryption with base64 encoding.</title> 
    </head> 

    <body> 
    <div class="main" id="main"> 

     <!-- heading --> 
     <strong><?php echo $isEncrypted ? 'Encrypted' : 'Decrypted'; ?></strong><br/> 

     <form method="POST" action=""> 

      <!-- do not allow the user to change the salt by setting 'readonly' --> 
      <input type="text" value="<?php echo base64_encode($iv); ?>" readonly name="iv"/> <br/> 

      <!-- supply a suggested password but the user can change it --> 
      <input type="text" value="<?php echo $encryption_key; ?>" name="key"/><br/> 

      <!-- either show the encoded text as HTML safe string --> 
      <!--- or show as plain text --> 
      <textarea name="msg" ><?php echo $result; ?></textarea><br/> 

      <!-- set the appropriate action as the default --> 
      <select name="do"> 
       <option <?php echo $isEncrypted ? 'selected' : ''; ?>>decrypt</option> 
       <option <?php echo $isEncrypted ? '' : 'selected'; ?>>encrypt</option> 
      </select><br/> 

      <input type="submit" value="GO"/> 
     </form> 
    </div> 
    </body> 
</html>

來源

2014-02-20 16:17:39

+0

就像我想的那樣,我只是在想,應該使用base64或解碼器功能來使它成爲htmlsafe。這是完美的例子謝謝你。由於我在土耳其,因此我會用這個加密信息來避免我的政府。 – siniradam

相關問題

 相關問題