接口安全驗證json
時間戳,用戶ID,極光推送ID,tokenapi
public function auth_token_check(){ //默認口令 $timeStamp = addslashes(@$_REQUEST['time']); //時間戳 $userid = addslashes(@$_REQUEST['user']); $registration_id = addslashes(@$_REQUEST['registration_id']); $access_token = addslashes(@$_REQUEST['token']); if(!isset($_REQUEST['time']) && empty($timeStamp)){ $result = array( 'flag' => -1, 'msg' => 'time參數有誤', 'data' => null ); $this->tojson($result,@$_GET['callback']); } if(!isset($_REQUEST['user'])){ $userid = 0; } if(!isset($_REQUEST['registration_id']) && empty($registration_id)){ $result = array( 'flag' => -3, 'msg' => 'registration_id參數有誤', 'data' => null ); $this->tojson($result,@$_GET['callback']); } if(!isset($_REQUEST['token']) && empty($access_token)){ $result = array( 'flag' => -4, 'msg' => 'token參數有誤', 'data' => null ); $this->tojson($result,@$_GET['callback']); } if(time()-$timeStamp > 600){ $result = array( 'flag' => -5, 'msg' => '接口驗證已過時', 'data' => null ); $this->tojson($result,@$_GET['callback']); } if(!empty($userid)){ $userinfo = $this->_get_user_info($userid); if(!empty($userinfo)){ $login_record = Db::name("login_record")->field("registration_id")->where("userid = ".$userid)->find(); if($login_record['registration_id'] == $registration_id){ //加密 $key = base64_encode("http://tongji.study119.com/qrcode/logo.png"); $arr['registration'] = $registration_id; $arr['secret_key'] = $key; $arr['timeStamp'] = $timeStamp; $arr['userid'] = $userid; //拼接成字符串 $str = implode($arr); //進行加密 $signature = sha1($str); $signature = md5($signature); //轉換成大寫 $token = strtoupper($signature); //echo $token;die; if($access_token != $token){ $result = array( 'flag' => -1, 'msg' => 'token驗證失敗', 'data' => null ); $this->tojson($result,@$_GET['callback']); } }else{ $result = array( 'flag' => -7, 'msg' => 'token驗證失敗', 'data' => null ); $this->tojson($result,@$_GET['callback']); } }else{ $result = array( 'flag' => -6, 'msg' => '用戶不存在', 'data' => null ); $this->tojson($result,@$_GET['callback']); } }else{ //加密 $key = base64_encode("http://tongji.study119.com/qrcode/logo.png"); $arr['registration'] = $registration_id; $arr['secret_key'] = $key; $arr['timeStamp'] = $timeStamp; //拼接成字符串 $str = implode($arr); //進行加密 $signature = sha1($str); $signature = md5($signature); //轉換成大寫 $token = strtoupper($signature); if($access_token != $token){ $result = array( 'flag' => -7, 'msg' => 'token驗證失敗', 'data' => null ); $this->tojson($result,@$_GET['callback']); } } }
原案例:安全
//權限認證 class UserAuth extends Controller { const TOKEN = 'study119_api'; protected function _initialize(){ $this->auth_token_check(); } public function auth_token_check(){ //默認口令 $token = self::TOKEN; //時間戳 $timeStamp = time(); //隨機數 $randomStr = $this -> createNonceStr(); //$signature = $_GET['s']; $str = $this -> arithmetic($timeStamp,$randomStr); print_r($str);die; } /** * @param $timeStamp 時間戳 * @param $randomStr 隨機字符串 * @return string 返回簽名 */ protected function arithmetic($timeStamp,$randomStr){ $arr['timeStamp'] = $timeStamp; $arr['randomStr'] = $randomStr; $arr['token'] = self::TOKEN; //按照首字母大小寫順序排序 sort($arr,SORT_STRING); //拼接成字符串 $str = implode($arr); //進行加密 $signature = sha1($str); $signature = md5($signature); //轉換成大寫 $signature = strtoupper($signature); return $signature; } //隨機生成字符串 private function createNonceStr($length = 8) { $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; $str = ""; for ($i = 0; $i < $length; $i++) { $str .= substr($chars, mt_rand(0, strlen($chars) - 1), 1); } return "z".$str; } }