1

我加密了密码,现在尝试在 URL 中显示,但是在 URL 中我总是得到真实的实际密码:kimd

我想我是not passing $encrypted_string in url,请检查我的 php 脚本并让我知道How can i pass $encrypted_string in URL

每当我打电话给我的表格来获取所有信息时,详细信息如下actual passwordencrypted passworddecrypted password

例如:

原始uppass:kimd

加密uppass:5¾VªÜly.TÀîÈ¥MÜQüÑLøø‹y\ñU

解密的uppass:kimd

法律.php:-

<?php
.......................
// Create the initialization vector for added security.
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);

// Encrypt $string
$encrypted_string = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $secret_key, $upass, MCRYPT_MODE_CBC, $iv);

// Decrypt $string
$decrypted_string = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $secret_key, $encrypted_string, MCRYPT_MODE_CBC, $iv);
................................
?>

我只想显示encrypted password in URL不实际的密码,我在法律表中有两个字段,即:-unameupass

我在哪里做错了?请告诉我 ..

4

3 回答 3

1

首先,Its not good practice to send Password through GET parameters. 它应该始终通过 POST 参数发送

 <form method="POST" id="contact_form" action="legals.php">

您可以将它们检索为:

$uname = $_POST['uname'];
$upass = $_POST['upass'];

但是,如果您想在 URL 中加密,请仅base64_encode() or md5()在您的 .php 文件中使用。

于 2014-08-13T06:00:02.497 回答
0

这是你的答案,假设你能得到$ukey$secret_key

<?php 
// Create the initialization vector for added security.
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);

// Encrypt $string
$encrypted_string = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $secret_key, $ukey, MCRYPT_MODE_CBC, $iv);

// Decrypt $string
$decrypted_string = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $secret_key, $encrypted_string, MCRYPT_MODE_CBC, $iv);
?>

<div align="center">
       <form method="get" id="contact_form" action="legal.php">
                 <p>Enter First Name</p>
                 <input type="text" name="fname" value="" />
                 <p>Enter Last Name</p>
                 <input type="text" name="lname" value="" />
                 <input type="hidden" name="uname" value="kim" /> <!-- uname could be dynamic here -->
                 <input type="hidden" name="upass" value="<?php echo $encrypted_string; ?>" /><br/>
                 <input type="submit" id="submit_btn" value="Submit" />
       </form>
</div>

在 legal.php 页面上:

$uname = isset($_GET['uname'])?$_GET['uname']:'';
$upass = isset($_GET['upass'])?$_GET['upass']:'';
$con = mysqli_connect(" "," "," "," ");

$result = mysqli_query($con,"SELECT * FROM `legals` WHERE `upass` = '$upass'");
$row = mysqli_fetch_array($result);

   // else {echo "Username/Key Error";}
mysqli_close($con);
于 2014-08-13T07:01:13.053 回答
0

我绝不是专家,但从您发布的代码来看,您的查询“SELECT * FROM legalsWHERE upass= '$upass'”似乎正在从您的数据库中提取未加密的密码。尽管您已经回显了加密和解密的字符串,但我看不出您在哪里以任何其他方式使用加密字符串。

于 2014-08-13T06:39:05.307 回答