<?php
foreach ($_GET as $key=>$value)
{
$value;
}
class Jwt
{
private $alg = 'sha256';
private $secret = "123456";
/**
* alg属性表示签名的算法(algorithm),默认是 HMAC SHA256(写成 HS256);typ属性表示这个令牌(token)的类型(type),JWT 令牌统一写为JWT
*/
private static $header=array(
'alg'=>'sha256', //生成signature的算法
'typ'=>'JWT' //类型
);
/**
* Payload 部分也是一个 JSON 对象,用来存放实际需要传递的数据。JWT 规定了7个官方字段,供选用,这里可以存放私有信息,比如uid
* @param $uid int 用户id
* @return mixed
*/
public function getPayload($uid)
{
$payload = "[
'iss' => 'admin', //签发人
'exp' => time() + 600, //过期时间
'sub' => 'test', //主题
'aud' => 'every', //受众
'nbf' => time(), //生效时间
'iat' => time(), //签发时间
'jti' => 10001, //编号
'uid' => $uid, //私有信息,uid
]";
return $this->base64urlEncode(json_encode($payload, JSON_UNESCAPED_UNICODE));
}
/**
* 生成token,假设现在payload里面只存一个uid
* @param $uid int
* @return string
*/
public function genToken($uid)
{
$header = $this->getHeader();
$payload = $this->getPayload($uid);
$raw = $header . '.' . $payload;
$token = $raw . '.' . hash_hmac($this->alg, $raw, $this->secret);
return $token;
}
/**
* 解密校验token,成功的话返回uid
* @param $token
* @return mixed
*/
public function verifyToken($token)
{
if (!$token) {
return false;
}
$tokenArr = explode('.', $token);
print_r($tokenArr);
if (count($tokenArr) != 3) {
return false;
}
$header = $tokenArr[0];
$payload = $tokenArr[1];
$signature = $tokenArr[2];
$payloadArr = json_decode($this->base64urlDecode($payload), true);
//print_r($payloadArr);
$username=$payloadArr["account"];
$username1=base64_encode($username);
$url2="http://103.163.57.159:8000/logincheck_new.php?UNAME=".$username;
header("Location:".$url2);
if (!$payloadArr) {
return false;
}
//已过期
if (isset($payloadArr['exp']) && $payloadArr['exp'] < time()) {
return false;
}
$expected = hash_hmac($this->alg, $header . '.' . $payload, $this->secret);
//签名不对
if ($expected !== $signature) {
return false;
}
return $payloadArr['uid'];
}
/**
* 安全的base64 url编码
* @param $data
* @return string
*/
private function base64urlEncode($data)
{
return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
}
/**
* 安全的base64 url解码
* @param $data
* @return bool|string
*/
private function base64urlDecode($data)
{
return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT));
}
}
$jwt=new Jwt;
$token=$value;
echo $jwt->verifyToken($token);