PHP上的Openssl在解密错误和密钥长度无效之间交替 问题:
当我运行这段代码时,它交替出现解密错误和密钥长度无效的错误 (我在我的服务器上用输入运行代码,例如PHP上的Openssl在解密错误和密钥长度无效之间交替 问题:,php,encryption,openssl,Php,Encryption,Openssl,当我运行这段代码时,它交替出现解密错误和密钥长度无效的错误 (我在我的服务器上用输入运行代码,例如 test.php?email=ted。tester@hotmail.com&密码=你好 代码: $key=hash(“sha256”,$email);提供64个字符的字符串,但AES仅支持16、24和32字节的键。您希望使用原始输出:$key=hash(“sha256”,$email,true); 然后,您在使用它之前忘记设置$pass=$\u REQUEST[“password”]。我不认为使用
test.php?email=ted。tester@hotmail.com&密码=你好 代码:
$key=hash(“sha256”,$email);
提供64个字符的字符串,但AES仅支持16、24和32字节的键。您希望使用原始输出:$key=hash(“sha256”,$email,true);
然后,您在使用它之前忘记设置$pass=$\u REQUEST[“password”]
。我不认为使用从电子邮件地址(即公共信息)派生的密钥加密密码有什么用处。
<?php
session_start();
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 2592000)) {
session_destroy();
session_start();
}
$_SESSION['LAST_ACTIVITY'] = time();
$mysqli = new mysqli('127.0.0.1', 'php', 'password', 'pizzaprogramming');
if($mysqli->connect_errno){
print("Our Database is currently down, try again later.");
throw new Exception($mysqli->connect_errno);
}
function login() {
global $mysqli;
//REQUIRES Cookies, mysql database, and more.
/*
Set Variables
*/
$IV = (empty($_COOKIE["IV"]))?openssl_random_pseudo_bytes(16):$_COOKIE["IV"];
$email = empty($_COOKIE["email"])?$_REQUEST["email"]:$_COOKIE["email"];
if (!$hash = $mysqli->query("SELECT user_hash FROM users WHERE user_email='".$mysqli->real_escape_string($email)."';")) {
print("Sorry, we are experiencing technical difficulties");
throw new Exception("Sorry, we are experiencing technical difficulties");
}
else if ($hash->num_rows === 0) {
print "Incorrect Username";
throw new Exception("Incorrect Username");
}
else {
$hash_result = $hash->fetch_assoc();
}
if (is_null($hash_result["user_hash"])) {
print "Database Error";
throw new Exception("HASH ERROR");
}
$key = hash("sha256", $email);
var_dump($key);
if(empty($_SESSION["AES"])) {
if (empty($_REQUEST["password"])) {
throw new Exception("Empty Password.");
}
else {
$aes_result = openssl_encrypt($pass,"AES-256-CBC",$key,OPENSSL_RAW_DATA,$IV);
print "hello";
}
}
else {
$aes_result = base64_decode($_SESSION["AES"];
}
$aes_result = base64_encode($aes_result);
$_SESSION["AES"] = $aes_result;
$hash = $hash_result["user_hash"];
setcookie("IV", $IV, time()+2592000);
setcookie("email", $email, time()+2592000);
print "<marquee>Hello " . htmlspecialchars($email) . "</marquee>";
print "<p>Hash: " . $hash . "</p>";
print "<p>AES: " . $aes_result . "</p>";
print " " . var_dump(openssl_decrypt(base64_decode($aes_result),"AES-256-CBC",$key,OPENSSL_RAW_DATA, $IV));
print " " . openssl_error_string();
//implement database storage
if(password_verify(openssl_decrypt(base64_decode($aes_result),"AES-256-CBC",$key,OPENSSL_RAW_DATA, $IV),$hash)){
echo "THIS IS SPARTA";
}
if($_REQUEST["hash"]!="" and $_REQUEST["password"]!=""){
echo "<p>Hash Verifies: ". htmlspecialchars(password_verify($_REQUEST["password"], $_REQUEST["hash"])?"True":"False") . "</p>";
}
else {
echo "<p> Make sure you have both hash and pass set in order to verify hashes. </p>";
}
}
login();
session_write_close();
?>
<p> Hello </p>