记登录注册时候 前端js明文密码 加密传输 php解密
前端 使用key iv 使用aes加密后字符串传给后台 (可拼接时间戳加密)
function js_encrypt(text){ var key = CryptoJS.enc.Latin1.parse('1E390CMD585LLS4S'); //为了避免补位,直接用16位的秘钥 var iv = CryptoJS.enc.Latin1.parse('1104432290129056'); //16位初始向量(请记住这两个都要保证是16位) var encrypted = CryptoJS.AES.encrypt(text, key, { iv: iv, mode:CryptoJS.mode.CBC, padding:CryptoJS.pad.ZeroPadding }); return encrypted; }
需引入js 文件下载 https://www.mdaima.com/upload_file/file/2019/07/04/1562201519633156.rar
后台 解密
$password = input('password'); $password_dec=iconv('utf-8','gbk',js_decrypt_openssl($password)); $timesm=substr($password_dec,-10); $password = str_replace($timesm,'',$password_dec); if(time() > $timesm + 10){ $errcode = 10006; return json(['errcode'=>$errcode,'errmsg'=>errcode::getErrMsg($errcode)]); } function js_decrypt_openssl($encrypt){ $key = "****"; //与JS端的KEY一致 $iv = "****"; //这个也是要与JS中的IV一致 $decrypted = openssl_decrypt($encrypt, 'AES-128-CBC', $key, 2 , $iv); $decrypted = trim(trim($decrypted, "\0000"),'');//这个一定要有,要不然在你不用浏览器查看源代码的情况下是很难发现,还有一些乱码存在的 return $decrypted; }