很难找到一个密码学的实例,就拿上一期的xor挑战来讲咯
和基友@overlord一起搞了俩天才弄出来,星期四下午刚学的知识,当天晚上就用上了,也是很神奇~
先上代码吧
<?php
include("config.php");
header("Content-type: text/html; charset=utf-8");
function authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) {
$ckey_length = 8;
$key = md5($key ? $key : '');
$keya = md5(substr($key, 0, 16));
$keyb = md5(substr($key, 16, 16));
$keyc = $ckey_length ? ($operation == 'DECODE' ? substr($string, 0, $ckey_length): substr(md5(microtime()), -$ckey_length)) : '';
$cryptkey = hash('sha256', $keya.md5($keya.$keyc));
$string = $operation == 'DECODE' ? base64_decode(substr($string, $ckey_length)) : sprintf('%010d', $expiry ? $expiry + time() : 0).md5($keyb.$string).$string;
$string_length = strlen($string);
$result = '';
for ($i=0; $i<$string_length; $i++){
$result .= $string[$i] ^ $cryptkey[$i % 64];
}
if($operation == 'DECODE') {
if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 32) == md5($keyb.substr($result, 42))) {
return substr($result, 42);
} else {
return '';
}
} else {
return $keyc.str_replace('=', '', base64_encode($result));
}
}
if (isset($_GET['showSource'])){
show_source(__FILE__);
die;
}
session_start();
if ($_COOKIE['auth']){
list($user, $password) = explode("\t", authcode($_COOKIE['auth'], 'DECODE', $secret_key));
if ($user !='' && $password != ''){
$sql = "select uid, username, password from users where username='$user'";
$result = mysql_query($sql);
if ($result){
$row = @mysql_fetch_array($result);
if ($row['password']===md5($password)){
$_SESSION['uid'] = $row['uid'];
echo "<div style=\"text-align:left\"><h4>Welcome ".$row['username'].". My lord!</h4></div><br/>";
}
}
}
}
if (!$_SESSION['uid']) {
echo "<div style=\"text-align:left\"><h4>Decrypt me!: ".authcode(base64_encode($msg), 'ENCODE', $secret_key)."</h4></div><br/>";
}else{
echo $msg;
}
?>
<!--<a href="/?showSource">view source</a>-->
阅读全文»