在PHP中使用$ _POST方法后，加密的数据将不会解密 [英] Encrypted data won't decrypt after $_POST method in PHP

问题描述

我发现，每当我从 selectbox 值中删除my值进行加密并以 $ _ POST 方法发送并解密后，该值就会变成 NULL 或根本没有任何值.这是下面的代码.我也在这里使用ajax代码，但我认为没有必要，因为它可以传递值.我该如何解决这个问题?

I found out that whenever I past the my value from a selectboxvalue to be encrypted and to send as $_POST method and decrypting it, the value is becoming NULL or don't have any value at all. Here is the code below. I am also using ajax code here but I don't think it is necessary because it passes the value. How do I solve this problem?

option.php
    $species1 = 'Ant';
    $species2 = "Man";

    $obj = new EncDecrypt();
    $species1Enc = $obj->encrypt_data($species1);
    $species2Enc = $obj->encrypt_data($species2);

    echo '<select id="species" name="species">';'
    echo '<option value='.$species1Enc.'>Ant</option>';
    echo "<option value=\"".$species2Enc."\">Man</option>";
    echo '</select>';'

encdecrypt.php
    Class EncDecrypt
    {
        public function encrypt_data($data)
        {
            $plaintext = $data;

                $password = '3sc3RLrpd17';
                $method = 'aes-256-cbc';
                $key = password_hash($password, CRYPT_BLOWFISH, ['cost' => 12]);
                $iv = chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0);

                $encrypted = base64_encode(openssl_encrypt($plaintext, $method, $key, OPENSSL_RAW_DATA, $iv));

                return $encrypted;
            }

            public function decrypt_data($data)
            {
                $data = $data;

                $password = '3sc3RLrpd17';
                $method = 'aes-256-cbc';
                $key = password_hash($password, CRYPT_BLOWFISH, ['cost' => 12]);
                $iv = chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0);

                $decrypted = openssl_decrypt(base64_decode($data), $method, $key, OPENSSL_RAW_DATA, $iv);       

                return $decrypted;
            }
    }

display.php 
  if(isset($_POST["species"]) && !empty($_POST['species']))  
  {  
    $decdata = new EncDecrypt();
    $decryptData = $decdata->decrypt_data($_POST['species']);

    echo "<h1>".$species."</h1>";
  } 

推荐答案

您有几个错别字，其中'在 echo'<后面跟随您的; 选择id ="species" name ="species">';'和 echo'</select>';'

You have a couple of typos with ' trailing your ; on echo '<select id="species" name="species">';' and echo '</select>';'

然后，我不完全理解您为什么要尝试加密表单数据以及您到底想达到什么目的.

Then I don't fully understand why you are trying to encrypt your form data and what exactly you are trying to achive here.

关于您的技术部分，为什么加密/解密部分不起作用:

Anyway to the technical part of your question on why the encryption-decryption part is not working:

首先，您要使用 $ key = password_hash($ password，CRYPT_BLOWFISH，['cost'=> 12]); ，这将每次创建一个不同的字符串.

First of all you are using $key = password_hash($password, CRYPT_BLOWFISH, ['cost' => 12]); which will create a different string everytime.

将其更改为以下内容 $ key = hash('sha256'，$ password，true);

然后，每次进行新的加密时， $ iv 应该是唯一的，并且必须以某种方式在POST变量中传递.生成$ iv的好方法是使用 openssl_random_pseudo_bytes()

Then $iv should be unique everytime you make a new encryption and must be passed somehow in your POST variable. A good way to generate $iv is to use openssl_random_pseudo_bytes()

因此，为了达到我在更改功能之前提到的内容，

So in order to achive what i mentioned before you have to change your functions:

public function encrypt_data($data) {
    $plaintext = $data;
    $password = '3sc3RLrpd17';
    $method = "AES-256-CBC";
    $key = hash('sha256', $password, true);
    $iv = openssl_random_pseudo_bytes(16);

    $ciphertext = openssl_encrypt($plaintext, $method, $key, OPENSSL_RAW_DATA, $iv);
    $hash = hash_hmac('sha256', $ciphertext, $key, true);

    return $iv . $hash . $ciphertext;
}

public function decrypt_data($data) {
    $ivHashCiphertext = $data;
    $password = '3sc3RLrpd17';
    $method = "AES-256-CBC";
    $iv = substr($ivHashCiphertext, 0, 16);
    $hash = substr($ivHashCiphertext, 16, 32);
    $ciphertext = substr($ivHashCiphertext, 48);
    $key = hash('sha256', $password, true);

    if (hash_hmac('sha256', $ciphertext, $key, true) !== $hash) return null;

    return openssl_decrypt($ciphertext, $method, $key, OPENSSL_RAW_DATA, $iv);
}

最后，在调用 encrypt_data 和 decrypt_data()时，您需要使用 base64_encode()和 base64_decode()代码>函数

Finaly you need to use base64_encode() and base64_decode() when you call your encrypt_data and decrypt_data() functions

$ species1Enc = base64_encode($ obj-> encrypt_data($ species1));

$ species2Enc = base64_encode($ obj-> encrypt_data($ species2));

$ decryptData = $ decdata-> decrypt_data(base64_decode($ _ POST ['species']));

这篇关于在PHP中使用$ _POST方法后，加密的数据将不会解密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！