PHP上的Openssl在解密错误和密钥长度无效之间交替问题:_Php_Encryption_Openssl

PHP上的Openssl在解密错误和密钥长度无效之间交替问题:

php encryption openssl

PHP上的Openssl在解密错误和密钥长度无效之间交替问题:,php,encryption,openssl,Php,Encryption,Openssl,当我运行这段代码时，它交替出现解密错误和密钥长度无效的错误（我在我的服务器上用输入运行代码，例如 test.php？email=ted。tester@hotmail.com&密码=你好代码： $key=hash（“sha256”，$email）；提供64个字符的字符串，但AES仅支持16、24和32字节的键。您希望使用原始输出：$key=hash（“sha256”，$email，true）；然后，您在使用它之前忘记设置$pass=$\u REQUEST[“password”]。我不认为使用

当我运行这段代码时，它交替出现解密错误和密钥长度无效的错误

（我在我的服务器上用输入运行代码，例如
test.php？email=ted。tester@hotmail.com&密码=你好

代码：

$key=hash（“sha256”，$email）；
提供64个字符的字符串，但AES仅支持16、24和32字节的键。您希望使用原始输出：$key=hash（“sha256”，$email，true）；

然后，您在使用它之前忘记设置$pass=$\u REQUEST[“password”]
。我不认为使用从电子邮件地址（即公共信息）派生的密钥加密密码有什么用处。
<?php
session_start();

if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 2592000)) {
    session_destroy();
    session_start();
}

$_SESSION['LAST_ACTIVITY'] = time();

$mysqli = new mysqli('127.0.0.1', 'php', 'password', 'pizzaprogramming');

if($mysqli->connect_errno){
    print("Our Database is currently down, try again later.");
    throw new Exception($mysqli->connect_errno);
}

function login() {
    global $mysqli;

    //REQUIRES Cookies, mysql database, and more.

    /*

    Set Variables

    */

    $IV = (empty($_COOKIE["IV"]))?openssl_random_pseudo_bytes(16):$_COOKIE["IV"];
    $email = empty($_COOKIE["email"])?$_REQUEST["email"]:$_COOKIE["email"];
    
    if (!$hash = $mysqli->query("SELECT user_hash FROM users WHERE user_email='".$mysqli->real_escape_string($email)."';")) {
        print("Sorry, we are experiencing technical difficulties");
        throw new Exception("Sorry, we are experiencing technical difficulties");
    }
    else if ($hash->num_rows === 0) {
        print "Incorrect Username";
        throw new Exception("Incorrect Username");
    }
    else {
        $hash_result = $hash->fetch_assoc();
    }
    if (is_null($hash_result["user_hash"])) {
        print "Database Error";
        throw new Exception("HASH ERROR");
    }

    $key = hash("sha256", $email);
    var_dump($key);

    if(empty($_SESSION["AES"])) {
        if (empty($_REQUEST["password"])) {
            throw new Exception("Empty Password.");
        }
        else {
            $aes_result = openssl_encrypt($pass,"AES-256-CBC",$key,OPENSSL_RAW_DATA,$IV);
            print "hello";
        }
    }
    else {
        $aes_result = base64_decode($_SESSION["AES"];
    }

    $aes_result = base64_encode($aes_result);
    $_SESSION["AES"] = $aes_result;
    $hash = $hash_result["user_hash"];

    setcookie("IV", $IV, time()+2592000);
    setcookie("email", $email, time()+2592000);

    print "<marquee>Hello " . htmlspecialchars($email) . "</marquee>";
    print "<p>Hash: " . $hash . "</p>";
    print "<p>AES: " . $aes_result . "</p>";
    print " " . var_dump(openssl_decrypt(base64_decode($aes_result),"AES-256-CBC",$key,OPENSSL_RAW_DATA, $IV));
    print " " . openssl_error_string();

    //implement database storage

    if(password_verify(openssl_decrypt(base64_decode($aes_result),"AES-256-CBC",$key,OPENSSL_RAW_DATA, $IV),$hash)){
        echo "THIS IS SPARTA";
    }

    if($_REQUEST["hash"]!="" and $_REQUEST["password"]!=""){
        echo "<p>Hash Verifies: ". htmlspecialchars(password_verify($_REQUEST["password"], $_REQUEST["hash"])?"True":"False") . "</p>";
    }
    else {
        echo "<p> Make sure you have both hash and pass set in order to verify hashes. </p>";
    }
}

login();

session_write_close();
?>
<p> Hello </p>