dpca4790
2017-09-25 02:47
浏览 177
已采纳

使用PHP加密图像以便在MySQL BLOB中存储然后解密和打印

I'm trying to take an uploaded image, encrypt the image, store it in MySQL, then decrypt it for display when an authorized person requests to see it.

Here's how I'm currently encrypting:

$image = addslashes(file_get_contents($_FILES['users_image']['tmp_name']));
$enc_image = encrypt($image, "long secret random key");

Then I store the $enc_image in a MySQL BLOB field. When I try to decrypt it and print it goes like so:

$img = decrypt($rec['file'], "long secret random key");
echo '<img src="data:image/jpeg;base64,'.base64_encode($img).'"/>';

I'm using this code from this Stackoverflow answer, and I'm seeing the decrypted base-64 text, in my output, but it doesn't display via HTML. Here is a sample encrypted image's attempt at being recovered: https://pastebin.com/miDCP3Gz

NOTE: My "long secret random key" includes a hashed random unique salt, but I am sure I am encrypting and decrypting with the same string.

Any idea why this wouldn't be displaying correctly?

图片转代码服务由CSDN问答提供 功能建议

我正在尝试上传图像,加密图像,将其存储在MySQL中,然后解密显示 当授权人要求查看时。

以下是我目前正在加密的方式:

  $ image = addslashes(file_get_contents($  _FILES ['users_image'] ['tmp_name'])); 
 $ enc_image = encrypt($ image,“long secret random key”); 
   
 
 

然后 我将 $ enc_image 存储在MySQL BLOB字段中。 当我尝试解密并打印时,它就像这样:

  $ img = decrypt($ rec ['file'],“long secret random key”); 
echo  '&lt; img src =“data:image / jpeg; base64,'。base64_encode($ img)。'”/&gt;'; 
   
 
 

我是 使用此Stackoverflow答案中的代码,我在输出中看到解密的base-64文本,但它 不通过HTML显示。 以下是加密图像的示例尝试恢复: https://pastebin.com/miDCP3Gz

注意:我的“长秘密随机密钥”包含一个哈希随机唯一盐,但我确信我使用相同的字符串加密和解密。

任何想法 为什么这不能正确显示?

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • douzi4766 2017-09-25 07:24
    已采纳
    1. Make sure your image is small enough or your storage location is large enough. If you have anything over 65kB you need a longblob not a blob. Anything over that size will be truncated and lost.

    2. Move the addslashes to right before insertion into the DB, NOT before the encryption. Single quotes (or double depending on which you are using) designate the beginning and end of a string to the MySQL engine. The addslashes function escapes these and other special characters to prevent them from confusing they MySQL engine. The fact that it adds the record to the DB with you performing it before the encryption is merely random chance.

    3. You should know that these images are being saved on the server as temporary files. Unless special precautions are taken, the data in them will remain in the slack space on the HDD. It can easily be retrieved by an adversary using forensics or restoration tools.

    Markup:

    <html>
    <head><title>Picture</title></head>
    <body>
        <form enctype="multipart/form-data" action="file.php" method="post">
            <input type="hidden" name="MAX_FILE_SIZE" value="600000" />
            <input type="file" name="users_image"/>
            <input type="submit" text="Upload">
        </form>
    <?
    
        if($_SERVER['REQUEST_METHOD'] === 'POST')
        {
    
            $image = file_get_contents($_FILES['users_image']['tmp_name']);
            //encrypt
            $cipher = "aes-128-cbc";
            $ivlen = openssl_cipher_iv_length($cipher);
            $iv = openssl_random_pseudo_bytes($ivlen);
            $key = openssl_random_pseudo_bytes(128);
            $ciphertext = openssl_encrypt($image, $cipher, $key, $options=0, $iv);
    
            //add to DB
            $mysqli = mysqli_connect("localhost","testu","","test");
            $query = "INSERT INTO blobtbl(pics) VALUES (\"" . addslashes($ciphertext) ."\")";
            $mysqli->query($query);
            $id = mysqli_insert_id($mysqli);
    
            //retrieve from DB
            $sql = "SELECT * FROM blobtbl WHERE id = $id";
            $res = $mysqli->query($sql);
            $row=mysqli_fetch_assoc($res);
            $newciphertext = $row['pics'];
    
            //decrpyt and display
            $img = openssl_decrypt($newciphertext, $cipher, $key, $options=0, $iv);
            echo '<img src="data:image/jpeg;base64,'.base64_encode($img).'"/>';
            echo "<br>Did it work?";
        }
    ?>
    </body>
    </html>
    
    点赞 评论
  • dqypcghd381390 2017-09-25 05:36

    Remove addslashes in encrypt phase.

    点赞 评论

相关推荐 更多相似问题