API权限设计总结 系统sign验证规则
http://my.oschina.net/anziguoer/blog/624840
1. [文件] receive.php
<?php
// 获取post的数组
$key = "c4ca4238a0b923820dcc509a6f75849b";
// $secret 是存储在数据库中, 可以根据传递过来的key在数据中的查询到secretZ12QAZ12
$secret = "28c8edde3d61a0411511d3b1866f0636";
$data = $_POST;
verifySign($secret, $data);
/**
* 验证sign是否合法
* @param [type] $secret [description]
* @param [type] $data [description]
* @return [type] [description]
*/
function verifySign($secret, $data)
{
// 验证参数中是否有签名
if (!isset($data['sign']) || !$data['sign']) {
echo '发送的数据签名不存在';
die();
}
if (!isset($data['timestamp']) || !$data['timestamp']) {
echo '发送的数据参数不合法';
die();
}
// 验证请求, 10分钟失效
if (time() - $data['timestamp'] > 600) {
echo '验证失效, 请重新发送请求';
die();
}
$sign = $data['sign'];
unset($data['sign']);
ksort($data);
$params = http_build_query($data);
$sign2 = md5($params.$secret);
if ($sign == $sign2) {
die('验证通过');
}else{
die('请求不合法');
}
}
?>2. [文件] request.php
<?php
$key = "c4ca4238a0b923820dcc509a6f75849b";
$secret = "28c8edde3d61a0411511d3b1866f0636";
$data = array(
'username' => 'anziguoer@sina.com',
'sex' => '男',
'age' => '12',
'addr' => '北京市海淀区'
);
// 传递的参数中必须有 key, sign, timestamp
$postData = array(
"key" => $key,
"timestamp" => time()
);
$psotData = array_merge($postData, $data);
$sign = getSign($secret, $psotData);
$postData['sign'] = $sign;
// 获取sign
function getSign($secret, $data)
{
// 对数组的值按key排序
ksort($data);
// 生成url的形式
$params = http_build_query($data);
// 生成sign
$sign = md5($params.$secret);
return $sign;
}
$postData = array_merge($postData, $data);
request($postData);
/**
* 发送服务器的数据
* @param [type] $postData [description]
* @return [type] [description]
*/
function request($postData)
{
$curl = curl_init('http://host/receive.php');
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_POST, TRUE);
curl_setopt($curl, CURLOPT_POSTFIELDS, $postData);
$info = curl_exec($curl);
curl_close($curl);
print_r($info);
}
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
Atom editor mac version download
The most popular open source editor
