How to encrypt the php interface

Analysis interface
Client interface transmission rules:
1. Use cmd parameter (base64) to dynamically call different interface, the interface address is unified as http://a.lovexpp.com.

2. Form the parameters to be passed into an array, add the timestamp element (current timestamp, accurate to seconds) to the array, and sort the key values ​​​​of the array from large to small in natural order

3. Form the array into a string in the form of key=val&key=val, connect the string with XPP_KEY, encrypt it once with md5 (32-bit lowercase), and get sign

4. Add sign to the parameter In the array

5. Convert the parameter array into json and use post request to request the interface address. The key value is param

Server interface parsing rules:

1. Receive the parameter param, parse the result into json to get the parameter array

2. Take out the sign, and remove the sign

#3 in the parameter array. Sort the key values ​​of the parameter array in natural order from large to small Small sort

4. Combine the sorted parameter array into a string in the form of key=val&key=val, connect the string with XPP_KEY, encrypt it once with md5 (32-bit lowercase), and get sign

5. Compare the sign with the sign passed by the client. If they are different, the parameters may have been tampered with during the process, and the server rejects the request.

6. Compare the sign with the sign in the session. , if the same, it is a repeated submission and the server rejects the request

7. This time the sign is stored in the session

8. Execute the routing cmd (after base64 parsing) and bring the parameters to In this method

<?php

$xpp_key = "xxx";

//接收参数param,将结果解析json得到参数数组
$param = json_decode($_POST[&#39;param&#39;] , true);

//取出sign,去掉参数数组中的sign
$client_sign = $param[&#39;sign&#39;];
unset($param[&#39;sign&#39;]);

//将参数数组key值按照自然排序从大到小排序
krsort($param);

//将排序后的参数数组按照key=val&key=val的形式组成字符串，将字符串与XPP_KEY连接，用md5加密一次(32位小写)，得到sign
$sb = &#39;&#39;;
foreach($param as $key=>$val){
$sb .= $key . &#39;=&#39; . $val . &#39;&&#39;;
}
$sb .= $xpp_key;
$server_sign = md5($sb);

//将sign与客户端传过来的sign进行比对,如不一样则可能是中途被篡改参数，服务器拒绝此次请求
if($server_sign !== $client_sign){
echo json_encode(array(&#39;code&#39;=>&#39;invalid request&#39;));
exit;
}

//将sign与session中的sign对比，如果一样，则为重复提交，服务器拒绝此次请求
if($server_sign == $_SESSION[&#39;last_sign&#39;]){
echo json_encode(array(&#39;code&#39;=>&#39;Repeated requests&#39;));
exit();
}

//此次的sign存入session
$_SESSION[&#39;last_sign&#39;] = $server_sign;

//执行路由cmd(base64解析后),将参数带到该方法中
$cmd = base64_decode($param[&#39;cmd&#39;]);
list($__controller,$__action) = explode(&#39;-&#39; , $cmd);

// 设置请求参数
unset($param[&#39;cmd&#39;]);
unset($param[&#39;timestamp&#39;]);
foreach($param as $key => $val){
$_REQUEST[$key] = $val;
}

recommended tutorial: PHP video tutorial

The above is the detailed content of How to encrypt the php interface. For more information, please follow other related articles on the PHP Chinese website!