fe / YOHOBUYPC · Commits

Go to a project

Authored by 梁志锋
Commit 7bcc41911163c1c95646e1fe53bfc0a62be4277a 2 parents 8a6fab6e b6661d8f

Merge remote-tracking branch 'remotes/origin/hotfix/loophole'

Inline Side-by-side
Showing 5 changed files with 106 additions and 6 deletions
<?php
/**
* AES, 128 ECB模式加密数据
*/
namespace WebPlugin;
class Encryption {
//密钥
private static $_secretKey = 'yoho9646abcdefgh';
//前面补8位0
private static $_preString = '00000000';
/**
* 加密方法
* @param string $str
* @return string
*/
public static function encrypt($str){
$str = self::$_preString.$str;
//AES, 128 ECB模式加密数据
$secretKey = self::$_secretKey;
$str = trim($str);
$str = self::addPKCS7Padding($str);
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128,MCRYPT_MODE_ECB),MCRYPT_RAND);
$encrypt_str = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $secretKey, $str, MCRYPT_MODE_ECB, $iv);
return base64_encode($encrypt_str);
}
/**
* 解密方法
* @param string $str
* @return string
*/
public static function decrypt($str){
//AES, 128 ECB模式加密数据
$secretKey = self::$_secretKey;
$str = base64_decode($str);
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128,MCRYPT_MODE_ECB),MCRYPT_RAND);
$encrypt_str = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $secretKey, $str, MCRYPT_MODE_ECB, $iv);
$encrypt_str = trim($encrypt_str);
$encrypt_str = self::stripPKSC7Padding($encrypt_str);
$encrypt_str = ltrim($encrypt_str, self::$_preString);
return $encrypt_str;
}
/**
* 填充算法
* @param string $source
* @return string
*/
private static function addPKCS7Padding($source){
$source = trim($source);
$block = mcrypt_get_block_size('rijndael-128', 'ecb');
$pad = $block - (strlen($source) % $block);
if ($pad <= $block) {
$char = chr($pad);
$source .= str_repeat($char, $pad);
}
return $source;
}
/**
* 移去填充算法
* @param string $source
* @return string
*/
private static function stripPKSC7Padding($source){
$source = trim($source);
$char = substr($source, -1);
$num = ord($char);
if($num==62)return $source;
$source = substr($source,0,-$num);
return $source;
}
}
\ No newline at end of file
... ...
... ... @@ -2,6 +2,7 @@
use Action\WebAction;
use WebPlugin\Helpers;
use WebPlugin\Encryption;
use Index\HomeModel;
use Index\CouponModel;
use LibModels\Web\Home\CouponData;
... ... @@ -29,7 +30,7 @@ class CouponController extends WebAction
* 领券页面控制器
*/
public function indexAction()
{
{
$channel = Helpers::getChannelNameByCookie();
//领券频道头部
$this->setWebNavHeader($channel);
... ... @@ -52,6 +53,11 @@ class CouponController extends WebAction
break;
}
$couponId = $this->get('id', '');
if (empty($couponId)) {
break;
}
//解密
$couponId = Encryption::decrypt($couponId);
$uid = $this->getUid();
if (!$uid) {
$playUrl = Helpers::url('/coupon/index');
... ...
... ... @@ -4,6 +4,7 @@ namespace Index;
use WebPlugin\Helpers;
use WebPlugin\Images;
use WebPlugin\Encryption;
use Index\HomeModel;
use LibModels\Web\Home\CouponData;
... ... @@ -60,7 +61,7 @@ class CouponModel
);
foreach ($couponlistval['data'] as $couponskey => $couponsval) {
$result['categories'][$i]['coupons'][$couponskey] = array(
'id' => $couponsval['couponID'], //优惠券号
'id' => Encryption::encrypt($couponsval['couponID']), //加密优惠券号
'img' => Images::getForceSourceUrl($couponsval['image']['src']), //优惠券图片
'url' => Helpers::getUrlSafe($couponsval['image']['url']) //去逛逛链接
);
... ...
... ... @@ -12,6 +12,7 @@ use WebPlugin\Images;
use Configs\WebCacheConfig;
use Hood\Core\Security\AuthCode;
use WebPlugin\UdpLog;
use WebPlugin\Encryption;
use Configs\ChannelConfig;
/**
... ... @@ -980,7 +981,7 @@ class CartModel
$mobile = substr($mobile, 0, 3) . '****' . substr($mobile, 7);
$build = array();
$build['id'] = $value['address_id'];
$build['id'] = Encryption::encrypt($value['address_id']);
$build['user'] = $value['consignee'];
$build['address'] = $value['area'] . $value['address'] . ' ' . $value['zip_code'] . ' ' . $mobile . ' ' . $value['phone'];
$build['checked'] = $value['is_default'] === 'Y';
... ... @@ -1095,6 +1096,10 @@ class CartModel
// 处理返回结果
if (isset($address['code']) && $address['code'] == 200) {
$result = $address;
if ($result['data']['address_id']) {
$result['data']['address_id'] = Encryption::encrypt($result['data']['address_id']);
$result['data']['id'] = Encryption::encrypt($result['data']['id']);
}
}
}
... ...
... ... @@ -4,6 +4,7 @@ use Action\WebAction;
use WebPlugin\Helpers;
use Shopping\CartModel;
use WebPlugin\UdpLog;
use WebPlugin\Encryption;
/**
* 购物车相关的控制器
... ... @@ -269,6 +270,8 @@ class IndexController extends WebAction
if ($this->isAjax()) {
$uid = $this->getUid(false);
$addressId = $this->post('id');
//解密
$addressId = intval(Encryption::decrypt($addressId));
$result = CartModel::setDefaultAddress($uid, $addressId);
}
... ... @@ -295,7 +298,11 @@ class IndexController extends WebAction
if ($this->isAjax()) {
$uid = $this->getUid(false);
$id = $this->post('id', null);
$id = $this->post('id', null); //TODO
if ($id) {
//解密
$id = intval(Encryption::decrypt($id));
}
$address = $this->post('address', '');
$areaCode = $this->post('areaCode', '');
$consignee = $this->post('consignee', '');
... ... @@ -327,7 +334,8 @@ class IndexController extends WebAction
if ($this->isAjax()) {
$uid = $this->getUid(false);
$addressId = $this->post('id');
$addressId = $this->post('id');// TODO
$addressId = intval(Encryption::decrypt($addressId));
$result = CartModel::delAddress($uid, $addressId);
}
... ... @@ -435,7 +443,9 @@ class IndexController extends WebAction
break;
}
$addressId = $this->post('addressId', null);
$addressId = $this->post('addressId', null);//TODO
//解密
$addressId = intval(Encryption::decrypt($addressId));
$cartType = $this->post('cartType', 'ordinary'); // 默认普通购物车
$deliveryTimeId = $this->post('deliveryTimeId', 1); // 默认只工作日配送
$deliveryWayId = $this->post('deliveryWayId', 1); // 默认普通快递
... ...