php api验证签名

大概逻辑就是：客服端发来post数据，在发送的时候给数据加一个sign字段，字段内容是客户端和服务端通过appid和serect进行加密的字符串， 客户端和服务端的appid和serect是一样的。

服务端收到数据后，把数据按照客户端一样的方式生成sign，再进行比较，相等则说明通过，验签主要是为了验证是否是指定用户发来的请求。避免安全隐患

<?php
namespace ThreeTrafficNanchang\Controller;
use ThreeTrafficNanchang\Model\UtilModel;
use Think\Controller;
/**
 * 客户端
 * @return mixed
 * @author Yuanhang Liu & Xiaoyun Liu
 * @date 2020/10/14 00:03
 */

class ClientController extends Controller
{
    private $appid = "";
    private $secret = "";
    public function __construct()
    {
        $this->appid = "xiaoyunyunzhenshidaniuniu";
        $this->secret = "xiaohanghangzhenshidaniuniu";
    }

    public function ClientData()
    {
        //需要给服务端传的数据
        $data['create'][] = [
            "Address" => 360100,
            "CompanyId" => "1200WLCXEK1J",
            "TotalMile" => 36353.0,
            "UpdateTime" => 20201027055008,
            "VehicleNo" => "贵A370WB"
        ];
        $data['create'][] = [
            "Address" => 120000,
            "CompanyId" => "1200",
            "TotalMile" => 36.0,
            "UpdateTime" => 20201051262152,
            "VehicleNo" => "湘A370WB"
        ];
        $data['timestamp'] = time();

        $appid = $this->appid;
        $secret = $this->secret;
        //获取签名
        $sign = UtilModel::getSign($data,$appid,$secret);
        //将sign拼接到数据后
        $data['sign'] = $sign;
        //curl传值
        $res = UtilModel::posturl("www.wanglu.cn/ThreeTrafficNanchang/Servers/getClientData",$data);
        print_r($res);
    }
}

<?php
namespace ThreeTrafficNanchang\Controller;
use ThreeTrafficNanchang\Model\UtilModel;
use Think\Controller;
/**
 * 服务端
 * @return mixed
 * @author Yuanhang Liu & Xiaoyun Liu
 * @date 2020/10/14 00:03
 */

class ServersController extends Controller
{
    private $appid = "";
    private $secret = "";
    public function __construct()
    {
        $this->appid = "xiaoyunyunzhenshidaniuniu";
        $this->secret = "xiaohanghangzhenshidaniuniu";
    }

        //接收客户端数据
        public function getClientData()
    {
        $appid = $this->appid;
        $secret = $this->secret;
        $param = json_decode(file_get_contents('php://input'),true);
        //判断客户端是否传了sign
        if(!isset($param['sign'])||empty($param['sign'])){
            return json_encode(['code'=>100,'msg'=>'参数不全']);
        }
        if(!isset($param['timestamp'])||empty($param['timestamp'])){
            return json_encode(['code'=>101,'msg'=>'发送的数据参数不合法']);
        }
        // 验证请求， 10分钟失效
        if(time() - $param['timestamp'] > 600) {
            return json_encode(['code'=>101,'msg'=>'验证失效， 请重新发送请求']);
        }
        //客户端传过来的sign
        $clientSign = $param['sign'];
        unset($param['sign']);
        //服务端获取签名
        $sign = UtilModel::getSign($param,$appid,$secret);
        if($sign==$clientSign){
            echo "验证通过";
            //整理数据入库
        }else{
            echo "验证不通过";
        }
    }
}

 

<?php
namespace ThreeTrafficNanchang\Model;
use Think\Model;
class UtilModel extends Model{

    public function getSign($data,$appid,$secret){
        //对参数进行排序
        ksort($data);
        //变成url模式
        $param = http_build_query($data);
        $sign = md5($param.$appid.$secret);
        return $sign;
    }

    public function posturl($url,$data){
        $data  = json_encode($data);
        $headerArray =array("Content-type:application/json;charset='utf-8'","Accept:application/json");
        $curl = curl_init();
        curl_setopt($curl, CURLOPT_URL, $url);
        curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
        curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,FALSE);
        curl_setopt($curl, CURLOPT_POST, 1);
        curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
        curl_setopt($curl,CURLOPT_HTTPHEADER,$headerArray);
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
        $output = curl_exec($curl);
        curl_close($curl);
        return json_decode($output,true);
    }


}