登录页AES加密提交帐号密码信息

前端参考代码如下，后台PHP代码参考上篇文章。

其中，key为后台动态生成的16位随机字符串并写入cache中，登录验证verify方法中需先判断此key的缓存是否存在。

引入相关js:

<script src="{__PLUG_PATH}crypto-js/core.js"></script>
<script src="{__PLUG_PATH}crypto-js/cipher-core.js"></script>
<script src="{__PLUG_PATH}crypto-js/aes.js"></script>
<script src="{__PLUG_PATH}crypto-js/mode-ecb.js"></script>
<script src="{__PLUG_PATH}crypto-js/enc-base64.js"></script>

登录操作:

form.on('submit(login)', function(obj){
    let data = obj.field;
    let key = CryptoJS.enc.Utf8.parse(data.key);
    let password = CryptoJS.enc.Utf8.parse(data.password);
    let encrypted = CryptoJS.AES.encrypt(password, key, {iv:key, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7});
    var hexStr = encrypted.ciphertext.toString();
    var oldHexStr = CryptoJS.enc.Hex.parse(hexStr);
    let base64 = CryptoJS.enc.Base64.stringify(oldHexStr);
    data.password = base64;

    $.ajax({
        url: "{:url('verify')}"
        ,data: data
        ,method: "POST"
        ,dataType: "json"
        ,success: function(res){
            if(res.code == 200){
                layer.msg('登录成功', {time: 1000}, function(){
                    location.href = "{:url('index/index')}";
                });
            }else{
                //重置验证码
                $('#vercode').trigger('click');
                $('#code').val('');
                layer.msg(res.msg, {time: 2000});
            }
        }
    });
});