ת×Ôhttp://www.akii.org/discuz-encryption-and-decryption-functions-authcode-analysis.html

discuzµÄ authcode º¯Êý¿ÉÒÔ˵¶ÔÖйúµÄPHP½ç×÷³öÁËÖØ´ó¹±Ïס£°üÀ¨¿µÊ¢×Ô¼ºµÄ²úÆ·£¬ÒÔ¼°´ó²¿·ÖÖйúʹÓÃPHPµÄ¹«Ë¾¶¼ÓÃÕâ¸öº¯Êý½øÐмÓÃÜ£¬authcode ÊÇʹÓÃÒì»òÔËËã½øÐмÓÃܺͽâÃÜ¡£

Ô­ÀíÈçÏ£¬¼ÙÈ磺

¼ÓÃÜ

Ã÷ÎÄ£º1010 1001
Ãܳףº1110 0011
ÃÜÎÄ£º0100 1010

µÃ³öÃÜÎÄ0100 1010£¬½âÃÜÖ®ÐèºÍÃܳ×Òì»òϾͿÉÒÔÁË

½âÃÜ

ÃÜÎÄ£º0100 1010
Ãܳףº1110 0011
Ã÷ÎÄ£º1010 1001

²¢Ã»ÓÐʲô¸ßÉîµÄËã·¨£¬Ãܳ×ÖØÒªÐԺܸߣ¬ËùÒÔ£¬¹Ø¼üÔÚÓÚÔõôÉú³ÉÃܳס£

ÄÇÎÒÃÇÒ»Æð¿´Ï¿µÊ¢µÄauthcodeÔõô×öµÄ°É

// ²ÎÊý½âÊÍ
// $string£º Ã÷ÎÄ »ò ÃÜÎÄ
// $operation£ºDECODE±íʾ½âÃÜ,ÆäËü±íʾ¼ÓÃÜ
// $key£º Ãܳ×
// $expiry£ºÃÜÎÄÓÐЧÆÚ
function authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) {
    // ¶¯Ì¬Ãܳ׳¤¶È£¬ÏàͬµÄÃ÷ÎÄ»áÉú³É²»Í¬ÃÜÎľÍÊÇÒÀ¿¿¶¯Ì¬Ãܳ×
    // ¼ÓÈëËæ»úÃÜÔ¿£¬¿ÉÒÔÁîÃÜÎÄÎÞÈκιæÂÉ£¬¼´±ãÊÇÔ­ÎĺÍÃÜÔ¿ÍêÈ«Ïàͬ£¬¼ÓÃܽá¹ûÒ²»áÿ´Î²»Í¬£¬Ôö´óÆƽâÄѶȡ£
    // È¡ÖµÔ½´ó£¬ÃÜÎı䶯¹æÂÉÔ½´ó£¬ÃÜÎı仯 = 16 µÄ $ckey_length ´Î·½
    // µ±´ËֵΪ 0 ʱ£¬Ôò²»²úÉúËæ»úÃÜÔ¿
    $ckey_length = 4;
 
    // Ãܳ×
    $key = md5($key ? $key : $GLOBALS['discuz_auth_key']);
 
    // Ãܳ×a»á²ÎÓë¼Ó½âÃÜ
    $keya = md5(substr($key, 0, 16));
    // Ãܳ×b»áÓÃÀ´×öÊý¾ÝÍêÕûÐÔÑéÖ¤
    $keyb = md5(substr($key, 16, 16));
    // Ãܳ×cÓÃÓڱ仯Éú³ÉµÄÃÜÎÄ
    $keyc = $ckey_length ? ($operation == 'DECODE' ? substr($string, 0, $ckey_length): substr(md5(microtime()), -$ckey_length)) : '';
    // ²ÎÓëÔËËãµÄÃܳ×
    $cryptkey = $keya.md5($keya.$keyc);
    $key_length = strlen($cryptkey);
    // Ã÷ÎÄ£¬Ç°10λÓÃÀ´±£´æʱ¼ä´Á£¬½âÃÜʱÑéÖ¤Êý¾ÝÓÐЧÐÔ£¬10µ½26λÓÃÀ´±£´æ$keyb(Ãܳ×b)£¬½âÃÜʱ»áͨ¹ýÕâ¸öÃܳ×ÑéÖ¤Êý¾ÝÍêÕûÐÔ
    // Èç¹ûÊǽâÂëµÄ»°£¬»á´ÓµÚ$ckey_lengthλ¿ªÊ¼£¬ÒòΪÃÜÎÄÇ°$ckey_lengthλ±£´æ ¶¯Ì¬Ãܳף¬ÒÔ±£Ö¤½âÃÜÕýÈ·
    $string = $operation == 'DECODE' ? base64_decode(substr($string, $ckey_length)) : sprintf('0d', $expiry ? $expiry + time() : 0).substr(md5($string.$keyb), 0, 16).$string;
    $string_length = strlen($string);
    $result = '';
    $box = range(0, 255);
    $rndkey = array();
    // ²úÉúÃܳײ¾
    for($i = 0; $i <= 255; $i++) {
        $rndkey[$i] = ord($cryptkey[$i % $key_length]);
    }
    // Óù̶¨µÄËã·¨£¬´òÂÒÃܳײ¾£¬Ôö¼ÓËæ»úÐÔ£¬ºÃÏñºÜ¸´ÔÓ£¬Êµ¼ÊÉϲ¢²»»áÔö¼ÓÃÜÎĵÄÇ¿¶È
    for($j = $i = 0; $i < 256; $i++) {
        $j = ($j + $box[$i] + $rndkey[$i]) % 256;
        $tmp = $box[$i];
        $box[$i] = $box[$j];
        $box[$j] = $tmp;
    }
    // ºËÐļӽâÃܲ¿·Ö
    for($a = $j = $i = 0; $i < $string_length; $i++) {
        $a = ($a + 1) % 256;
        $j = ($j + $box[$a]) % 256;
        $tmp = $box[$a];
        $box[$a] = $box[$j];
        $box[$j] = $tmp;
        // ´ÓÃܳײ¾µÃ³öÃܳ׽øÐÐÒì»ò£¬ÔÙת³É×Ö·û
        $result .= chr(ord($string[$i]) ^ ($box[($box[$a] + $box[$j]) % 256]));
    }
    if($operation == 'DECODE') {
        // substr($result, 0, 10) == 0 ÑéÖ¤Êý¾ÝÓÐЧÐÔ
        // substr($result, 0, 10) - time() > 0 ÑéÖ¤Êý¾ÝÓÐЧÐÔ
        // substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16) ÑéÖ¤Êý¾ÝÍêÕûÐÔ
        // ÑéÖ¤Êý¾ÝÓÐЧÐÔ£¬Ç뿴δ¼ÓÃÜÃ÷Îĵĸñʽ
        if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16)) {
            return substr($result, 26);
        } else {
            return '';
        }
    } else {
        // °Ñ¶¯Ì¬Ãܳױ£´æÔÚÃÜÎÄÀÕâÒ²ÊÇΪʲôͬÑùµÄÃ÷ÎÄ£¬Éú²ú²»Í¬ÃÜÎĺóÄܽâÃܵÄÔ­Òò
        // ÒòΪ¼ÓÃܺóµÄÃÜÎÄ¿ÉÄÜÊÇһЩÌØÊâ×Ö·û£¬¸´Öƹý³Ì¿ÉÄܻᶪʧ£¬ËùÒÔÓÃbase64±àÂë
        return $keyc.str_replace('=', '', base64_encode($result));
    }
}