php-app接口开发加密常规方法
浏览量:460
重要的接口,尤其是订单,登录啥的参数就需要sign来验证
第一种:
<?php
define("SUPPLIERS_ORDER_KEY", "Test#$@%!*");
$module = "ceshi";
$action = "index";
echo $module.date('Y-m-d',time()).SUPPLIERS_ORDER_KEY.$action."<br/>";
$sign = md5($module.date('Y-m-d',time()).SUPPLIERS_ORDER_KEY.$action);
var_dump($sign);
?>第二种:
<?php
define("SUPPLIERS_ORDER_KEY", "Test#$@%!*");
$param = json_decode($_POST['param'] , true);
$client_sign = $param['sign'];
unset($param['sign']);
krsort($param);
//将排序后的参数数组按照key=val&key=val的形式组成字符串,将字符串与XPP_KEY连接,用md5加密一次(32位小写),得到sign
$sb = '';
foreach($param as $key=>$val){
$sb .= $key . '=' . $val . '&';
}
$sb .= SUPPLIERS_ORDER_KEY;
$server_sign = md5($sb);
//将sign与客户端传过来的sign进行比对,如不一样则可能是中途被篡改参数,服务器拒绝此次请求
if($server_sign !== $client_sign){
echo json_encode(array('code'=>'invalid request'));
exit;
}
//将sign与session中的sign对比,如果一样,则为重复提交,服务器拒绝此次请求
if($server_sign == $_SESSION['last_sign']){
echo json_encode(array('code'=>'Repeated requests'));
exit();
}
//此次的sign存入session
$_SESSION['last_sign'] = $server_sign;
//执行路由cmd(base64解析后),将参数带到该方法中
$cmd = base64_decode($param['cmd']);
list($__controller,$__action) = explode('-' , $cmd);
// 设置请求参数
unset($param['cmd']);
unset($param['timestamp']);
foreach($param as $key => $val){
$_REQUEST[$key] = $val;
}
?>第三种,常用与登录:
<?php
/**
* 数据接收参数
* Class CI_ReceiveData
* author : lianghuiju@chuchujie.com
* dateTime : 2018/8/23
* description :
*/
class ReceiveData
{
const SUPPLIERS_ORDER_KEY = 'DSdnf#JSDKF@090!';
/**
* 获取参数加密
* @return array|mixed|string
* author :lianghuiju@chuchujie.com
* function_name : handlePost
* datetime : 2018/8/23
* description :
*/
public function handlePost()
{
$body_raw = isset($_POST['body']) ? $_POST['body'] : '';
$sign_raw = isset($_POST['sign']) ? $_POST['sign'] : '';
if (empty($body_raw) || empty($sign_raw)) {
exit( 'data not null');
}
if (strcasecmp($sign_raw, $this->_encode($body_raw)) != 0) {
exit('sign not success');
}
if (!is_array($body_raw)) {
$data = json_decode(urldecode($body_raw), TRUE);
} else {
$data = $body_raw;
}
return $data;
}
/**
* 加密请求参数
* @param $mix
* @return string
* author :lianghuiju@chuchujie.com
* function_name : _encode
* datetime : 2018/8/23
* description :
*/
private function _encode($mix) {
if (is_object($mix) == true) {
$mix = spl_object_hash($mix);
} else if (is_resource($mix) == true) {
$mix = get_resource_type($mix) . strval($mix);
} else if(is_array($mix)) {
$mix = http_build_query($mix);
} else {
$mix = urldecode($mix);
}
return md5($mix.self::SUPPLIERS_ORDER_KEY);
}
}
$receiveData = new ReceiveData();
$data =$receiveData->handlePost();
$post_data['token'] = $data['token'];
$post_data['timestamp'] = time();
ksort($post_data);
$key = 'AdApi@key20161101928';
$post_data['sign'] = md5(md5(json_encode($post_data, 32)).$key);
$url = '接口地址';
$suppliers_info = $this->httpPost($url,$post_data);
if($suppliers_info['status'] != 1 || !isset($suppliers_info['data']['shop_id'])) {
$this->renderOutput($suppliers_info, 101, '登录校验失败',true);
}else{
echo "登录成功,获取自己需要的参数";
}
神回复
发表评论:
◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。