PHP开发中保证接口安全
生活随笔
收集整理的這篇文章主要介紹了
PHP开发中保证接口安全
小編覺得挺不錯的,現(xiàn)在分享給大家,幫大家做個參考.
模擬客戶端請求:
<?php namespace Home\Controller; use Think\Controller; class ClientController extends Controller{const TOKEN = 'API'; //模擬前臺請求服務(wù)器api接口 public function getDataFromServer(){//時間戳 $timeStamp = time(); //隨機字符串 $randomStr = $this -> createNonceStr(); //生成簽名 $signature = $this -> arithmetic($timeStamp,$randomStr); //url地址 $url = "http://www.tp3.com/Home/Server/respond/t/{$timeStamp}/r/{$randomStr}/s/{$signature}"; $result = $this -> httpGet($url); dump($result); }//curl模擬get請求。 private function httpGet($url){$curl = curl_init(); //需要請求的是哪個地址 curl_setopt($curl,CURLOPT_URL,$url); //表示把請求的數(shù)據(jù)以文件流的方式輸出到變量中 curl_setopt($curl,CURLOPT_RETURNTRANSFER,1); $result = curl_exec($curl); curl_close($curl); return $result; }//隨機生成字符串 private function createNonceStr($length = 8) {$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; $str = ""; for ($i = 0; $i < $length; $i++) {$str .= substr($chars, mt_rand(0, strlen($chars) - 1), 1); }return "z".$str; }/** * @param $timeStamp 時間戳 * @param $randomStr 隨機字符串 * @return string 返回簽名 */ private function arithmetic($timeStamp,$randomStr){$arr['timeStamp'] = $timeStamp; $arr['randomStr'] = $randomStr; $arr['token'] = self::TOKEN; //按照首字母大小寫順序排序 sort($arr,SORT_STRING); //拼接成字符串 $str = implode($arr); //進行加密 $signature = sha1($str); $signature = md5($signature); //轉(zhuǎn)換成大寫 $signature = strtoupper($signature); return $signature; } }服務(wù)端響應(yīng)請求:
<?php namespace Home\Controller; use Think\Controller; class ServerController extends Controller{const TOKEN = 'API'; //響應(yīng)前臺的請求 public function respond(){//驗證身份 $timeStamp = $_GET['t']; $randomStr = $_GET['r']; $signature = $_GET['s']; // $signature 客戶端請求地址中攜帶的簽名,與服務(wù)端生成的簽名進行比對 $str = $this -> arithmetic($timeStamp,$randomStr);//$str 服務(wù)端根據(jù)客戶端請求過來的數(shù)據(jù)生成的簽名 if($str != $signature){echo "-1"; exit; }//模擬數(shù)據(jù) $arr['name'] = 'api'; $arr['age'] = 15; $arr['address'] = 'zz'; $arr['ip'] = "192.168.0.1"; echo json_encode($arr); }/** * @param $timeStamp 時間戳 * @param $randomStr 隨機字符串 * @return string 返回簽名 */ public function arithmetic($timeStamp,$randomStr){$arr['timeStamp'] = $timeStamp; $arr['randomStr'] = $randomStr; $arr['token'] = self::TOKEN; //按照首字母大小寫順序排序 sort($arr,SORT_STRING); //拼接成字符串 $str = implode($arr); //進行加密 $signature = sha1($str); $signature = md5($signature); //轉(zhuǎn)換成大寫 $signature = strtoupper($signature); return $signature; } }服務(wù)端根據(jù)客戶端傳遞過來的時間戳和隨機字符串,來按照約定好的生成簽名的算法生成簽名,并與客戶端傳遞過來的簽名進行對比
如果相同,則返回數(shù)據(jù),如果不相同,則不返回數(shù)據(jù)
總結(jié)
以上是生活随笔為你收集整理的PHP开发中保证接口安全的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: PHP简单实现递归
- 下一篇: nginx服务器,访问时显示目录,不直接