dpca4790 2017-09-25 02:47
浏览 224
已采纳

使用PHP加密图像以便在MySQL BLOB中存储然后解密和打印

I'm trying to take an uploaded image, encrypt the image, store it in MySQL, then decrypt it for display when an authorized person requests to see it.

Here's how I'm currently encrypting:

$image = addslashes(file_get_contents($_FILES['users_image']['tmp_name']));
$enc_image = encrypt($image, "long secret random key");

Then I store the $enc_image in a MySQL BLOB field. When I try to decrypt it and print it goes like so:

$img = decrypt($rec['file'], "long secret random key");
echo '<img src="data:image/jpeg;base64,'.base64_encode($img).'"/>';

I'm using this code from this Stackoverflow answer, and I'm seeing the decrypted base-64 text, in my output, but it doesn't display via HTML. Here is a sample encrypted image's attempt at being recovered: https://pastebin.com/miDCP3Gz

NOTE: My "long secret random key" includes a hashed random unique salt, but I am sure I am encrypting and decrypting with the same string.

Any idea why this wouldn't be displaying correctly?

  • 写回答

2条回答 默认 最新

  • douzi4766 2017-09-25 07:24
    关注
    1. Make sure your image is small enough or your storage location is large enough. If you have anything over 65kB you need a longblob not a blob. Anything over that size will be truncated and lost.

    2. Move the addslashes to right before insertion into the DB, NOT before the encryption. Single quotes (or double depending on which you are using) designate the beginning and end of a string to the MySQL engine. The addslashes function escapes these and other special characters to prevent them from confusing they MySQL engine. The fact that it adds the record to the DB with you performing it before the encryption is merely random chance.

    3. You should know that these images are being saved on the server as temporary files. Unless special precautions are taken, the data in them will remain in the slack space on the HDD. It can easily be retrieved by an adversary using forensics or restoration tools.

    Markup:

    <html>
    <head><title>Picture</title></head>
    <body>
        <form enctype="multipart/form-data" action="file.php" method="post">
            <input type="hidden" name="MAX_FILE_SIZE" value="600000" />
            <input type="file" name="users_image"/>
            <input type="submit" text="Upload">
        </form>
    <?
    
        if($_SERVER['REQUEST_METHOD'] === 'POST')
        {
    
            $image = file_get_contents($_FILES['users_image']['tmp_name']);
            //encrypt
            $cipher = "aes-128-cbc";
            $ivlen = openssl_cipher_iv_length($cipher);
            $iv = openssl_random_pseudo_bytes($ivlen);
            $key = openssl_random_pseudo_bytes(128);
            $ciphertext = openssl_encrypt($image, $cipher, $key, $options=0, $iv);
    
            //add to DB
            $mysqli = mysqli_connect("localhost","testu","","test");
            $query = "INSERT INTO blobtbl(pics) VALUES (\"" . addslashes($ciphertext) ."\")";
            $mysqli->query($query);
            $id = mysqli_insert_id($mysqli);
    
            //retrieve from DB
            $sql = "SELECT * FROM blobtbl WHERE id = $id";
            $res = $mysqli->query($sql);
            $row=mysqli_fetch_assoc($res);
            $newciphertext = $row['pics'];
    
            //decrpyt and display
            $img = openssl_decrypt($newciphertext, $cipher, $key, $options=0, $iv);
            echo '<img src="data:image/jpeg;base64,'.base64_encode($img).'"/>';
            echo "<br>Did it work?";
        }
    ?>
    </body>
    </html>
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 Stata链式中介效应代码修改
  • ¥15 latex投稿显示click download
  • ¥15 请问读取环境变量文件失败是什么原因?
  • ¥15 在若依框架下实现人脸识别
  • ¥15 添加组件无法加载页面,某块加载卡住
  • ¥15 网络科学导论,网络控制
  • ¥100 安卓tv程序连接SQLSERVER2008问题
  • ¥15 利用Sentinel-2和Landsat8做一个水库的长时序NDVI的对比,为什么Snetinel-2计算的结果最小值特别小,而Lansat8就很平均
  • ¥15 metadata提取的PDF元数据,如何转换为一个Excel
  • ¥15 关于arduino编程toCharArray()函数的使用