小贝子编程

PHP上的Openssl在错误解密和无效密钥长度之间交替



问题:

当我运行此代码时,它会在错误解密和无效密钥长度之间交替出现。

(我在服务器上使用诸如
之类的输入运行代码test.php?电子邮件=ted.tester@hotmail.com&password=你好

代码:

<?php
session_start();
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 2592000)) {
    session_destroy();
    session_start();
}
$_SESSION['LAST_ACTIVITY'] = time();
$mysqli = new mysqli('127.0.0.1', 'php', 'password', 'pizzaprogramming');
if($mysqli->connect_errno){
    print("Our Database is currently down, try again later.");
    throw new Exception($mysqli->connect_errno);
}
function login() {
    global $mysqli;
    //REQUIRES Cookies, mysql database, and more.
    /*
    Set Variables
    */
    $IV = (empty($_COOKIE["IV"]))?openssl_random_pseudo_bytes(16):$_COOKIE["IV"];
    $email = empty($_COOKIE["email"])?$_REQUEST["email"]:$_COOKIE["email"];
    
    if (!$hash = $mysqli->query("SELECT user_hash FROM users WHERE user_email='".$mysqli->real_escape_string($email)."';")) {
        print("Sorry, we are experiencing technical difficulties");
        throw new Exception("Sorry, we are experiencing technical difficulties");
    }
    else if ($hash->num_rows === 0) {
        print "Incorrect Username";
        throw new Exception("Incorrect Username");
    }
    else {
        $hash_result = $hash->fetch_assoc();
    }
    if (is_null($hash_result["user_hash"])) {
        print "Database Error";
        throw new Exception("HASH ERROR");
    }
    $key = hash("sha256", $email);
    var_dump($key);
    if(empty($_SESSION["AES"])) {
        if (empty($_REQUEST["password"])) {
            throw new Exception("Empty Password.");
        }
        else {
            $aes_result = openssl_encrypt($pass,"AES-256-CBC",$key,OPENSSL_RAW_DATA,$IV);
            print "hello";
        }
    }
    else {
        $aes_result = base64_decode($_SESSION["AES"];
    }
    $aes_result = base64_encode($aes_result);
    $_SESSION["AES"] = $aes_result;
    $hash = $hash_result["user_hash"];
    setcookie("IV", $IV, time()+2592000);
    setcookie("email", $email, time()+2592000);
    print "<marquee>Hello " . htmlspecialchars($email) . "</marquee>";
    print "<p>Hash: " . $hash . "</p>";
    print "<p>AES: " . $aes_result . "</p>";
    print " " . var_dump(openssl_decrypt(base64_decode($aes_result),"AES-256-CBC",$key,OPENSSL_RAW_DATA, $IV));
    print " " . openssl_error_string();
    //implement database storage
    if(password_verify(openssl_decrypt(base64_decode($aes_result),"AES-256-CBC",$key,OPENSSL_RAW_DATA, $IV),$hash)){
        echo "THIS IS SPARTA";
    }
    if($_REQUEST["hash"]!="" and $_REQUEST["password"]!=""){
        echo "<p>Hash Verifies: ". htmlspecialchars(password_verify($_REQUEST["password"], $_REQUEST["hash"])?"True":"False") . "</p>";
    }
    else {
        echo "<p> Make sure you have both hash and pass set in order to verify hashes. </p>";
    }
}
login();
session_write_close();
?>
<p> Hello </p>

$key = hash("sha256", $email);提供64个字符的字符串,但AES仅支持16、24和32字节的密钥。您可能希望使用原始输出:$key = hash("sha256", $email, true);

然后您忘记在使用$pass = $_REQUEST["password"]之前设置它。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium