前端 使用key iv 使用aes加密后字符串傳給后台 (可拼接時間戳加密)
function js_encrypt(text){ var key = CryptoJS.enc.Latin1.parse('1E390CMD585LLS4S'); //為了避免補位,直接用16位的秘鑰 var iv = CryptoJS.enc.Latin1.parse('1104432290129056'); //16位初始向量(請記住這兩個都要保證是16位) var encrypted = CryptoJS.AES.encrypt(text, key, { iv: iv, mode:CryptoJS.mode.CBC, padding:CryptoJS.pad.ZeroPadding }); return encrypted; }
需引入js 文件下載 https://www.mdaima.com/upload_file/file/2019/07/04/1562201519633156.rar
后台 解密
$password = input('password'); $password_dec=iconv('utf-8','gbk',js_decrypt_openssl($password)); $timesm=substr($password_dec,-10); $password = str_replace($timesm,'',$password_dec); if(time() > $timesm + 10){ $errcode = 10006; return json(['errcode'=>$errcode,'errmsg'=>errcode::getErrMsg($errcode)]); } function js_decrypt_openssl($encrypt){ $key = "****"; //與JS端的KEY一致 $iv = "****"; //這個也是要與JS中的IV一致 $decrypted = openssl_decrypt($encrypt, 'AES-128-CBC', $key, 2 , $iv); $decrypted = trim(trim($decrypted, "\0000"),'');//這個一定要有,要不然在你不用瀏覽器查看源代碼的情況下是很難發現,還有一些亂碼存在的 return $decrypted; }