php api验证签名

大概逻辑就是:客服端发来post数据,在发送的时候给数据加一个sign字段,字段内容是客户端和服务端通过appid和serect进行加密的字符串, 客户端和服务端的appid和serect是一样的。

服务端收到数据后,把数据按照客户端一样的方式生成sign,再进行比较,相等则说明通过,验签主要是为了验证是否是指定用户发来的请求。避免安全隐患

<?php
namespace ThreeTrafficNanchang\Controller;
use ThreeTrafficNanchang\Model\UtilModel;
use Think\Controller;
/**
 * 客户端
 * @return mixed
 * @author Yuanhang Liu & Xiaoyun Liu
 * @date 2020/10/14 00:03
 */

class ClientController extends Controller
{
    private $appid = "";
    private $secret = "";
    public function __construct()
    {
        $this->appid = "xiaoyunyunzhenshidaniuniu";
        $this->secret = "xiaohanghangzhenshidaniuniu";
    }

    public function ClientData()
    {
        //需要给服务端传的数据
        $data['create'][] = [
            "Address" => 360100,
            "CompanyId" => "1200WLCXEK1J",
            "TotalMile" => 36353.0,
            "UpdateTime" => 20201027055008,
            "VehicleNo" => "贵A370WB"
        ];
        $data['create'][] = [
            "Address" => 120000,
            "CompanyId" => "1200",
            "TotalMile" => 36.0,
            "UpdateTime" => 20201051262152,
            "VehicleNo" => "湘A370WB"
        ];
        $data['timestamp'] = time();

        $appid = $this->appid;
        $secret = $this->secret;
        //获取签名
        $sign = UtilModel::getSign($data,$appid,$secret);
        //将sign拼接到数据后
        $data['sign'] = $sign;
        //curl传值
        $res = UtilModel::posturl("www.wanglu.cn/ThreeTrafficNanchang/Servers/getClientData",$data);
        print_r($res);
    }
}
<?php
namespace ThreeTrafficNanchang\Controller;
use ThreeTrafficNanchang\Model\UtilModel;
use Think\Controller;
/**
 * 服务端
 * @return mixed
 * @author Yuanhang Liu & Xiaoyun Liu
 * @date 2020/10/14 00:03
 */

class ServersController extends Controller
{
    private $appid = "";
    private $secret = "";
    public function __construct()
    {
        $this->appid = "xiaoyunyunzhenshidaniuniu";
        $this->secret = "xiaohanghangzhenshidaniuniu";
    }

        //接收客户端数据
        public function getClientData()
    {
        $appid = $this->appid;
        $secret = $this->secret;
        $param = json_decode(file_get_contents('php://input'),true);
        //判断客户端是否传了sign
        if(!isset($param['sign'])||empty($param['sign'])){
            return json_encode(['code'=>100,'msg'=>'参数不全']);
        }
        if(!isset($param['timestamp'])||empty($param['timestamp'])){
            return json_encode(['code'=>101,'msg'=>'发送的数据参数不合法']);
        }
        // 验证请求, 10分钟失效
        if(time() - $param['timestamp'] > 600) {
            return json_encode(['code'=>101,'msg'=>'验证失效, 请重新发送请求']);
        }
        //客户端传过来的sign
        $clientSign = $param['sign'];
        unset($param['sign']);
        //服务端获取签名
        $sign = UtilModel::getSign($param,$appid,$secret);
        if($sign==$clientSign){
            echo "验证通过";
            //整理数据入库
        }else{
            echo "验证不通过";
        }
    }
}

 

<?php
namespace ThreeTrafficNanchang\Model;
use Think\Model;
class UtilModel extends Model{

    public function getSign($data,$appid,$secret){
        //对参数进行排序
        ksort($data);
        //变成url模式
        $param = http_build_query($data);
        $sign = md5($param.$appid.$secret);
        return $sign;
    }

    public function posturl($url,$data){
        $data  = json_encode($data);
        $headerArray =array("Content-type:application/json;charset='utf-8'","Accept:application/json");
        $curl = curl_init();
        curl_setopt($curl, CURLOPT_URL, $url);
        curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
        curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,FALSE);
        curl_setopt($curl, CURLOPT_POST, 1);
        curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
        curl_setopt($curl,CURLOPT_HTTPHEADER,$headerArray);
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
        $output = curl_exec($curl);
        curl_close($curl);
        return json_decode($output,true);
    }


}

 

 

 

 

 

  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值