签名的用处和思路:在接口中基本上都会用到签名机制,其实都是为了防止发送的信息被串改,发送方通过将一些字段要素按一定的规则排序后,在转化成json字符串,通过MD5加密机制发送,当接收方接受到请求后需要验证该信息是否被篡改过,也需要将对应的字段按照同样的规则生成验签sign,然后在于接收到的进行比对,可以发现信息是否被串改过。
<?php
/**
* Created by PhpStorm.
* User: Administrator
* Date: 2019/3/1
* Time: 15:31
*/
class Action_Get_Redirect_Autologin_Url extends Action
{
protected function input_validate()
{
}
protected function start()
{
$res = $this->get_redirect_autologin_url();
$this->output_params = $res;
}
function get_redirect_autologin_url()
{
$user_id = 4;
setcookie('plx_user_id', $user_id, 0, '/');
$user_id = $_COOKIE['plx_user_id'];
$select = 'sid,phone,first_login_time,last_login_time';
$where = ['sid' => $user_id];
$user_info = Sys_User_Model::get_user_info($where, $select);
//用户唯一性标识,对应唯一一个用户且不可变
$uid = $user_info['sid'];
//用户积分余额(无积分体系独立活动,积分可以传0)
$credits = 0;
//接口appKey,应用的唯一标识
$appKey = '31ZufKuDPWUjB5fxJdjLQFTKBH4M';
//appSecret 是兑吧签名验证的关键密钥,切勿作为参数加入免登URL
$appSecret = 'AcWShxZnMtjycMYUNtDPTQQEXVJ';
//登录成功后的重定向地址(需要进行urlencode编码)
$redirect = 'www.baidu.com';
$url = $this->buildRedirectAutoLoginRequest($appKey,$appSecret,$uid,$credits,$redirect);
return ['autologin_url' => $url];
}
/*
* 生成直达商城内部页面的免登录地址
* 通过此方法生成的免登陆地址,可以通过redirect参数,跳转到积分商城任意页面
*/
function buildRedirectAutoLoginRequest($appKey,$appSecret,$uid,$credits,$redirect){
$url = "http://www.duiba.com.cn/autoLogin/autologin?";
$timestamp = time()*1000 . "";
$array=array("uid"=>$uid,"credits"=>$credits,"appSecret"=>$appSecret,"appKey"=>$appKey,"timestamp"=>$timestamp);
if($redirect != null){
$array['redirect'] = $redirect;
}
$sign = $this->sign($array);
$array['sign'] = $sign;
$url = $this->AssembleUrl($url,$array);
return $url;
}
/*
* md5签名,$array中务必包含 appSecret
*/
function sign($array){
ksort($array);
$string="";
foreach ($array as $value) {
$string .= $value ;
}
return md5($string);
}
/*
* 签名验证,通过签名验证的才能认为是合法的请求
*/
function signVerify($appSecret,$array){
$newarray=array();
$newarray["appSecret"]=$appSecret;
reset($array);
while(list($key,$val) = each($array)){
if($key != "sign" ){
$newarray[$key]=$val;
}
}
$sign=sign($newarray);
if($sign == $array["sign"]){
return true;
}
return false;
}
/*
* 构建参数请求的URL
*/
function AssembleUrl($url, $array)
{
unset($array['appSecret']);
foreach ($array as $key => $value) {
$url=$url.$key."=".urlencode($value)."&";
}
return $url;
}
}