接口安全验证
接口安全验证
时间戳,用户ID,极光推送ID,token
public function auth_token_check(){ //默认口令 $timeStamp = addslashes(@$_REQUEST['time']); //时间戳 $userid = addslashes(@$_REQUEST['user']); $registration_id = addslashes(@$_REQUEST['registration_id']); $access_token = addslashes(@$_REQUEST['token']); if(!isset($_REQUEST['time']) && empty($timeStamp)){ $result = array( 'flag' => -1, 'msg' => 'time参数有误', 'data' => null ); $this->tojson($result,@$_GET['callback']); } if(!isset($_REQUEST['user'])){ $userid = 0; } if(!isset($_REQUEST['registration_id']) && empty($registration_id)){ $result = array( 'flag' => -3, 'msg' => 'registration_id参数有误', 'data' => null ); $this->tojson($result,@$_GET['callback']); } if(!isset($_REQUEST['token']) && empty($access_token)){ $result = array( 'flag' => -4, 'msg' => 'token参数有误', 'data' => null ); $this->tojson($result,@$_GET['callback']); } if(time()-$timeStamp > 600){ $result = array( 'flag' => -5, 'msg' => '接口验证已过期', 'data' => null ); $this->tojson($result,@$_GET['callback']); } if(!empty($userid)){ $userinfo = $this->_get_user_info($userid); if(!empty($userinfo)){ $login_record = Db::name("login_record")->field("registration_id")->where("userid = ".$userid)->find(); if($login_record['registration_id'] == $registration_id){ //加密 $key = base64_encode("http://tongji.study119.com/qrcode/logo.png"); $arr['registration'] = $registration_id; $arr['secret_key'] = $key; $arr['timeStamp'] = $timeStamp; $arr['userid'] = $userid; //拼接成字符串 $str = implode($arr); //进行加密 $signature = sha1($str); $signature = md5($signature); //转换成大写 $token = strtoupper($signature); //echo $token;die; if($access_token != $token){ $result = array( 'flag' => -1, 'msg' => 'token验证失败', 'data' => null ); $this->tojson($result,@$_GET['callback']); } }else{ $result = array( 'flag' => -7, 'msg' => 'token验证失败', 'data' => null ); $this->tojson($result,@$_GET['callback']); } }else{ $result = array( 'flag' => -6, 'msg' => '用户不存在', 'data' => null ); $this->tojson($result,@$_GET['callback']); } }else{ //加密 $key = base64_encode("http://tongji.study119.com/qrcode/logo.png"); $arr['registration'] = $registration_id; $arr['secret_key'] = $key; $arr['timeStamp'] = $timeStamp; //拼接成字符串 $str = implode($arr); //进行加密 $signature = sha1($str); $signature = md5($signature); //转换成大写 $token = strtoupper($signature); if($access_token != $token){ $result = array( 'flag' => -7, 'msg' => 'token验证失败', 'data' => null ); $this->tojson($result,@$_GET['callback']); } } }
原案例:
//权限认证 class UserAuth extends Controller { const TOKEN = 'study119_api'; protected function _initialize(){ $this->auth_token_check(); } public function auth_token_check(){ //默认口令 $token = self::TOKEN; //时间戳 $timeStamp = time(); //随机数 $randomStr = $this -> createNonceStr(); //$signature = $_GET['s']; $str = $this -> arithmetic($timeStamp,$randomStr); print_r($str);die; } /** * @param $timeStamp 时间戳 * @param $randomStr 随机字符串 * @return string 返回签名 */ protected function arithmetic($timeStamp,$randomStr){ $arr['timeStamp'] = $timeStamp; $arr['randomStr'] = $randomStr; $arr['token'] = self::TOKEN; //按照首字母大小写顺序排序 sort($arr,SORT_STRING); //拼接成字符串 $str = implode($arr); //进行加密 $signature = sha1($str); $signature = md5($signature); //转换成大写 $signature = strtoupper($signature); return $signature; } //随机生成字符串 private function createNonceStr($length = 8) { $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; $str = ""; for ($i = 0; $i < $length; $i++) { $str .= substr($chars, mt_rand(0, strlen($chars) - 1), 1); } return "z".$str; } }