API权限设计总结 系统sign验证规则
API权限设计总结 系统sign验证规则
http://my.oschina.net/anziguoer/blog/624840
1. [文件] receive.php
<?php
// 获取post的数组
$key = "c4ca4238a0b923820dcc509a6f75849b";
// $secret 是存储在数据库中, 可以根据传递过来的key在数据中的查询到secretZ12QAZ12
$secret = "28c8edde3d61a0411511d3b1866f0636";
$data = $_POST;
verifySign($secret, $data);
/**
* 验证sign是否合法
* @param [type] $secret [description]
* @param [type] $data [description]
* @return [type] [description]
*/
function verifySign($secret, $data)
{
// 验证参数中是否有签名
if (!isset($data['sign']) || !$data['sign']) {
echo '发送的数据签名不存在';
die();
}
if (!isset($data['timestamp']) || !$data['timestamp']) {
echo '发送的数据参数不合法';
die();
}
// 验证请求, 10分钟失效
if (time() - $data['timestamp'] > 600) {
echo '验证失效, 请重新发送请求';
die();
}
$sign = $data['sign'];
unset($data['sign']);
ksort($data);
$params = http_build_query($data);
$sign2 = md5($params.$secret);
if ($sign == $sign2) {
die('验证通过');
}else{
die('请求不合法');
}
}
?>Copy after login
2. [文件] request.php
<?php
$key = "c4ca4238a0b923820dcc509a6f75849b";
$secret = "28c8edde3d61a0411511d3b1866f0636";
$data = array(
'username' => 'anziguoer@sina.com',
'sex' => '男',
'age' => '12',
'addr' => '北京市海淀区'
);
// 传递的参数中必须有 key, sign, timestamp
$postData = array(
"key" => $key,
"timestamp" => time()
);
$psotData = array_merge($postData, $data);
$sign = getSign($secret, $psotData);
$postData['sign'] = $sign;
// 获取sign
function getSign($secret, $data)
{
// 对数组的值按key排序
ksort($data);
// 生成url的形式
$params = http_build_query($data);
// 生成sign
$sign = md5($params.$secret);
return $sign;
}
$postData = array_merge($postData, $data);
request($postData);
/**
* 发送服务器的数据
* @param [type] $postData [description]
* @return [type] [description]
*/
function request($postData)
{
$curl = curl_init('http://host/receive.php');
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_POST, TRUE);
curl_setopt($curl, CURLOPT_POSTFIELDS, $postData);
$info = curl_exec($curl);
curl_close($curl);
print_r($info);
}Copy after login
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
How to fix KB5055523 fails to install in Windows 11?
4 weeks ago
By DDD
How to fix KB5055518 fails to install in Windows 10?
4 weeks ago
By DDD
Roblox: Grow A Garden - Complete Mutation Guide
3 weeks ago
By DDD
Roblox: Bubble Gum Simulator Infinity - How To Get And Use Royal Keys
3 weeks ago
By 尊渡假赌尊渡假赌尊渡假赌
How to fix KB5055612 fails to install in Windows 10?
3 weeks ago
By DDD
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Java Tutorial
1664
14
1664
14
CakePHP Tutorial
1423
52
1423
52
Laravel Tutorial
1317
25
1317
25
PHP Tutorial
1268
29
1268
29
C# Tutorial
1243
24
1243
24