请求url通常需要附带签名参数,以防被篡改。通常是md5生成指纹, 后端通过同样的方法进行验证。
客户端请求添加签名
$url = "https://localhost?uid=1001&appType=1×tamp=1499656976458";
$sign_key = "gjieuuef0092jfj48838";
$split = explode('?', $url, 2);
$host = $split[0];
$query = $split[1];
parse_str($query, $params);
$params["appSk"] = $sign_key;
ksort($params, SORT_STRING);
$params_str = $host.'?'.http_build_query($params);
$sign = md5($params_str);
$url .= "&sign=".$sign
服务器端验证签名
<?php
$url = "https://localhost?uid=1001&appType=1×tamp=1499656976458&sign=cda6758c69f3b951ebff9207e9a314e7"
$sign_key = "gjieuuef0092jfj48838"
$split = explode('?', $url, 2);
$host = $split[0];
$query = $split[1];
parse_str($query, $params);
$sign_orl = $params["sign"];
unset($params["sign"]);
$params["appSk"] = $sign_key;
ksort($params, SORT_STRING);
$params_str = $host.'?'.http_build_query($params);
$sign = md5($params_str);
if ($sign_orl == $sign) {
echo "success";
}