<?php
class RSA {
private $priKey = null;
/**
* 构造函数
*
* @param string 私钥文件(签名和解密时传入)
*/
public function __construct($private_key_file = '') {
if ($private_key_file) {
$this->_getPrivateKey($private_key_file);
}
}
// 私有方法
/**
* 自定义错误处理
*/
private function _error($msg) {
die('RSA Error:' . $msg); //TODO
}
private function _getPrivateKey($file) {
$key_content = $this->_readFile($file);
if ($key_content) {
$this->priKey = openssl_get_privatekey($key_content);
}
}
private function _readFile($file) {
$ret = false;
if (!file_exists($file)) {
$this->_error("The file {$file} is not exists");
} else {
$ret = file_get_contents($file);
}
return $ret;
}
/**
* 私钥加密
* @param string 明文
* @return string 密文
*/
public function encrypt($data) {
$ret = false;
if (!$this->priKey) $this->_error('public key error');
if (openssl_private_encrypt($data, $result, $this->priKey)) {
$ret = base64_encode('' . $result);
}
return $ret;
}
/**
* 私钥解密
* @param string 密文
* @return string 明文
*/
public function decrypt($data) {
$ret = false;
$data = base64_decode($data);
if ($data !== false) {
if (openssl_private_decrypt($data, $result, $this->priKey)) {
$ret = $result;
}
}
return $ret;
}
}
header('Content-Type:text/html;Charset=utf-8;');
include_once "inc/conn.php";
$DATA = $_GET["data"];
$prifile = 'rsa_private_key.pem';
$rsa = new RSA($prifile);
$userInfo = json_decode($rsa->decrypt(rawurldecode($DATA)));
$USERNAME = $userInfo->username;
$PASSWORD = $userInfo->password;
$USERNAME = strtolower(trim($USERNAME));
$query = "SELECT PASSWORD from USER where BYNAME='$USERNAME'";
$cursor = exequery(TD::conn(), $query);
$fail_res = array('success' => false);
$success_res = array('success' => true, 'uuid' => $userInfo->uuid);
// 自定义认证判断成功的条件
if($ROW = mysql_fetch_array($cursor)){
$PWD = $ROW["PASSWORD"];
}
if((crypt($PASSWORD, $PWD) == $PWD) || $PASSWORD==$PWD){
echo $rsa->encrypt(json_encode($success_res));
}else{
echo $rsa->encrypt(json_encode($fail_res));
}
exit;
?>
|
1min目标场景问卷
立即参与
