Home  >  Article  >  php教程  >  API权限设计总结 系统sign验证规则

API权限设计总结 系统sign验证规则

PHP中文网
PHP中文网Original
2016-05-23 08:39:131507browse

API权限设计总结 系统sign验证规则
http://my.oschina.net/anziguoer/blog/624840

1. [文件]     receive.php 

<?php
// 获取post的数组
$key = "c4ca4238a0b923820dcc509a6f75849b";
// $secret 是存储在数据库中, 可以根据传递过来的key在数据中的查询到secretZ12QAZ12
$secret = "28c8edde3d61a0411511d3b1866f0636";

$data = $_POST;
verifySign($secret, $data);

/**
 * 验证sign是否合法
 * @param  [type] $secret [description]
 * @param  [type] $data   [description]
 * @return [type]         [description]
 */
function verifySign($secret, $data)
{
    // 验证参数中是否有签名
    if (!isset($data[&#39;sign&#39;]) || !$data[&#39;sign&#39;]) {
        echo &#39;发送的数据签名不存在&#39;;
        die();
    }

    if (!isset($data[&#39;timestamp&#39;]) || !$data[&#39;timestamp&#39;]) {
        echo &#39;发送的数据参数不合法&#39;;
        die();
    }

    // 验证请求, 10分钟失效
    if (time() - $data[&#39;timestamp&#39;] > 600) {
        echo &#39;验证失效, 请重新发送请求&#39;;
        die();
    }

    $sign = $data[&#39;sign&#39;];
    unset($data[&#39;sign&#39;]);
    ksort($data);
    $params = http_build_query($data);
    $sign2 = md5($params.$secret);
    if ($sign == $sign2) {
        die(&#39;验证通过&#39;);
    }else{
        die(&#39;请求不合法&#39;);
    }
}
 ?>

2. [文件]     request.php 

<?php

$key = "c4ca4238a0b923820dcc509a6f75849b";
$secret = "28c8edde3d61a0411511d3b1866f0636";

$data = array(
    &#39;username&#39; => &#39;anziguoer@sina.com&#39;,
    &#39;sex&#39; => &#39;男&#39;,
    &#39;age&#39; => &#39;12&#39;,
    &#39;addr&#39; => &#39;北京市海淀区&#39;
);

// 传递的参数中必须有 key, sign, timestamp
$postData = array(
    "key" => $key,
    "timestamp" => time()
);

$psotData = array_merge($postData, $data);
$sign = getSign($secret, $psotData);
$postData[&#39;sign&#39;] = $sign;

// 获取sign
function getSign($secret, $data)
{
    // 对数组的值按key排序
    ksort($data);
    // 生成url的形式
    $params = http_build_query($data);
    // 生成sign
    $sign = md5($params.$secret);
    return $sign;
}

$postData = array_merge($postData, $data);
request($postData);

/**
 * 发送服务器的数据
 * @param  [type] $postData [description]
 * @return [type]           [description]
 */
function request($postData)
{
    $curl = curl_init(&#39;http://host/receive.php&#39;);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($curl, CURLOPT_POST, TRUE);
    curl_setopt($curl, CURLOPT_POSTFIELDS, $postData);
    $info = curl_exec($curl);
    curl_close($curl);
    print_r($info);
}

                               

                   

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:上个月第一天Next article:自己所理解的php路由