<?php class RSA { private $priKey = null; /** * 构造函数 * * @param string 私钥文件(签名和解密时传入) */ public function __construct($private_key_file = '') { if ($private_key_file) { $this->_getPrivateKey($private_key_file); } } // 私有方法 /** * 自定义错误处理 */ private function _error($msg) { die('RSA Error:' . $msg); //TODO } private function _getPrivateKey($file) { $key_content = $this->_readFile($file); if ($key_content) { $this->priKey = openssl_get_privatekey($key_content); } } private function _readFile($file) { $ret = false; if (!file_exists($file)) { $this->_error("The file {$file} is not exists"); } else { $ret = file_get_contents($file); } return $ret; } /** * 私钥加密 * @param string 明文 * @return string 密文 */ public function encrypt($data) { $ret = false; if (!$this->priKey) $this->_error('public key error'); if (openssl_private_encrypt($data, $result, $this->priKey)) { $ret = base64_encode('' . $result); } return $ret; } /** * 私钥解密 * @param string 密文 * @return string 明文 */ public function decrypt($data) { $ret = false; $data = base64_decode($data); if ($data !== false) { if (openssl_private_decrypt($data, $result, $this->priKey)) { $ret = $result; } } return $ret; } } header('Content-Type:text/html;Charset=utf-8;'); include_once "inc/conn.php"; $DATA = $_GET["data"]; $prifile = 'rsa_private_key.pem'; $rsa = new RSA($prifile); $userInfo = json_decode($rsa->decrypt(rawurldecode($DATA))); $USERNAME = $userInfo->username; $PASSWORD = $userInfo->password; $USERNAME = strtolower(trim($USERNAME)); $query = "SELECT PASSWORD from USER where BYNAME='$USERNAME'"; $cursor = exequery(TD::conn(), $query); $fail_res = array('success' => false); $success_res = array('success' => true, 'uuid' => $userInfo->uuid); // 自定义认证判断成功的条件 if($ROW = mysql_fetch_array($cursor)){ $PWD = $ROW["PASSWORD"]; } if((crypt($PASSWORD, $PWD) == $PWD) || $PASSWORD==$PWD){ echo $rsa->encrypt(json_encode($success_res)); }else{ echo $rsa->encrypt(json_encode($fail_res)); } exit; ?> |