今天客户想做微擎登陆的时候密码不明文传输,研究半天特此浅记一下,方便以后查询
需要注意的事项 crypto.js不能 <script src="./crypto-js/crypto-js.js"></script>这样引入 只能require引入,不要问我为什么,因为我也不知道,就知道微擎必须这么写!
#js端
require.config({
paths: {
'crypto-js': '/web/resource/js/crypto-js/crypto-js'
}
});
function secret(string, operation) {
var code = CryptoJS.MD5('tpwe8888').toString();
var code2 = CryptoJS.MD5('tpwe8888').toString();
var iv = CryptoJS.enc.Utf8.parse(code.substring(0, 16));
var key = CryptoJS.enc.Utf8.parse(code2.substring(0,16));
if (operation) {
return CryptoJS.AES.decrypt(string, key, {iv: iv, padding: CryptoJS.pad.Pkcs7}).toString(CryptoJS.enc.Utf8);
}
return CryptoJS.AES.encrypt(string, key, {
iv: iv,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
}).toString();
}
# php端
function secret($string,$operation=false){
$code = md5('tpwe8888');
$code2 = md5('tpwe8888');
$iv = substr($code,0,16);
$key = substr($code2,0,16);
if($operation){
return openssl_decrypt(base64_decode($string),"AES-128-CBC",$key,OPENSSL_RAW_DATA,$iv);
}
return base64_encode(openssl_encrypt($string,"AES-128-CBC",$key,OPENSSL_RAW_DATA,$iv));
}
# 微擎端
secret($_GPC['password'],true);
有什么不懂的可以留言,喜欢交流,但是不喜欢白嫖!