当我尝试使用 base64_decode() 函数时收到以下警告
"Warning: base64_decode() has been disabled for security reasons"
看起来我的主机已禁用base64_*功能。
我有几个问题
- 我认为 php 中默认可以启用base64_* 函数,对吗?
- 未启用base64_*功能是否有任何安全原因?有任何安全漏洞吗?
- 默认情况下可用的 base64_* 函数的替代方案?
- 我在哪里可以找到用于base64_*实现的自定义类/函数,以便我可以将它们放在我的PHP文件中,并在PHP的base64_*函数不可用时使用它们?
感谢帮助。
我已经为所有base64目的编写了替代函数。
看这里:
function base64_decode($input) {
$keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
$chr1 = $chr2 = $chr3 = "";
$enc1 = $enc2 = $enc3 = $enc4 = "";
$i = 0;
$output = "";
// remove all characters that are not A-Z, a-z, 0-9, +, /, or =
$filter = $input;
$input = preg_replace("[^A-Za-z0-9'+'/'=]", "", $input);
if ($filter != $input) {
return false;
}
do {
$enc1 = strpos($keyStr, substr($input, $i++, 1));
$enc2 = strpos($keyStr, substr($input, $i++, 1));
$enc3 = strpos($keyStr, substr($input, $i++, 1));
$enc4 = strpos($keyStr, substr($input, $i++, 1));
$chr1 = ($enc1 << 2) | ($enc2 >> 4);
$chr2 = (($enc2 & 15) << 4) | ($enc3 >> 2);
$chr3 = (($enc3 & 3) << 6) | $enc4;
$output = $output . chr((int) $chr1);
if ($enc3 != 64) {
$output = $output . chr((int) $chr2);
}
if ($enc4 != 64) {
$output = $output . chr((int) $chr3);
}
$chr1 = $chr2 = $chr3 = "";
$enc1 = $enc2 = $enc3 = $enc4 = "";
} while ($i < strlen($input));
return urldecode($output);
}
function base64_encode($data) {
$b64 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
$o1 = $o2 = $o3 = $h1 = $h2 = $h3 = $h4 = $bits = $i = 0;
$ac = 0;
$enc = '';
$tmp_arr = array();
if (!$data) {
return data;
}
do {
// pack three octets into four hexets
$o1 = charCodeAt($data, $i++);
$o2 = charCodeAt($data, $i++);
$o3 = charCodeAt($data, $i++);
$bits = $o1 << 16 | $o2 << 8 | $o3;
$h1 = $bits >> 18 & 0x3f;
$h2 = $bits >> 12 & 0x3f;
$h3 = $bits >> 6 & 0x3f;
$h4 = $bits & 0x3f;
// use hexets to index into b64, and append result to encoded string
$tmp_arr[$ac++] = charAt($b64, $h1).charAt($b64, $h2).charAt($b64, $h3).charAt($b64, $h4);
} while ($i < strlen($data));
$enc = implode($tmp_arr, '');
$r = (strlen($data) % 3);
return ($r ? substr($enc, 0, ($r - 3)) . substr('===', $r) : $enc);
}
function charCodeAt($data, $char) {
return ord(substr($data, $char, 1));
}
function charAt($data, $char) {
return substr($data, $char, 1);
}
但不要忘记charCodeAt和charAt功能。它们对于base64_encode都是必需的。base64_encode和base64_decode这两个函数的工作方式都与内置的PHP函数类似。但只有在内置的不可用时才使用它们,因为它们不如内置的快。
希望对您有所帮助!
刚刚注册评论 jankal 的答案,但没有声誉就做不到。
Jankal答案中base64_encode代码的最后一行函数是
return ($r ? substr($enc, 0, ($r - 3)) : $enc) . substr('===', ($r || 3));
其中$r可以是 0、1 或 2。据我了解,当 $r = 0 时,代码逻辑的 ($r|| 3) 表达式值必须是 3,在其他两种情况下$r,但在实践中 (PHP 5.6/7.0) 这个表达式的值总是等于 1,所以我们的 BASE64 编码字符串总是以两个"="符号结尾,这绝对是错误的。
我的解决方案:
return ($r ? substr($enc, 0, ($r - 3)) . substr('===', $r) : $enc);
function myencode($input)
{
$CODES = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
// the result/encoded string, the padding string, and the pad count
$r = "";
$p= "";
$c = strlen($input) % 3;
// add a right zero pad to make this string a multiple of 3 characters
if ($c > 0)
{
for (; $c < 3; $c++)
{
$p .= "=";
$input .= "'0";
}
}
// increment over the length of the string, three characters at a time
for ($c = 0; $c < strlen($input); $c += 3) {
// we add newlines after every 76 output characters, according to the MIME specs
if ($c > 0 && ($c / 3 * 4) % 76 == 0)
$r += "'r'n";
// these three 8-bit (ASCII) characters become one 24-bit number
$n = (ord($input[$c]) << 16) + (ord($input[$c +1]) << 8) + (ord($input[$c +2]));
// this 24-bit number gets separated into four 6-bit numbers
$n1 = $n >> 18 & 63;
$n2 = $n >> 12 & 63;
$n3 = $n >> 6 & 63;
$n4 = $n & 63;
// those four 6-bit numbers are used as indices into the base64 character list
$r .= "" . $CODES[$n1] . $CODES[$n2] . $CODES[$n3] . $CODES[$n4];
}
return substr($r,0,(strlen($r)-strlen($p))) . $p;
}
function mydecode($input) {
$CODES = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
// remove/ignore any characters not in the base64 characters list
// or the pad character -- particularly newlines
$input= str_replace("[^" . $CODES . "=]","",$input);
// replace any incoming padding with a zero pad (the 'A' character is zero)
$p = ($input[strlen($input) - 1] == '=' ?($input[strlen($input) - 2] == '=' ? "AA" : "A") : "");
$r = "";
$input = substr($input,0,(strlen($input) - strlen($p))) . $p;
// increment over the length of this encoded string, four characters at a time
for ($c = 0; $c < strlen($input); $c += 4) {
// each of these four characters represents a 6-bit index in the
// base64 characters list which, when concatenated, will give the
// 24-bit number for the original 3 characters
$n=(strpos($CODES,$input[$c]) << 18)
+ (strpos($CODES,$input[$c+1]) << 12)
+ (strpos($CODES,$input[$c+2]) << 6)
+ (strpos($CODES,$input[$c+3]));
// split the 24-bit number into the original three 8-bit (ASCII) characters
$r .= "" . chr(($n >> 16) & 0xFF) . chr((($n >> 8) & 0xFF)) . chr(($n & 0xFF));
}
// remove any zero pad that was added to make this a multiple of 24 bits
return substr($r,0, strlen($r)- strlen($p));
}
这是
托管问题。
请更改您的主机或要求他们删除此安全问题