API权限设计总结系统sign验证规则-PHP源码
API权限设计总结 系统sign验证规则
http://my.oschina.net/anziguoer/blog/624840
1. [文件] receive.php
600) { echo '验证失效, 请重新发送请求'; die(); } $sign = $data['sign']; unset($data['sign']); ksort($data); $params = http_build_query($data); $sign2 = md5($params.$secret); if ($sign == $sign2) { die('验证通过'); }else{ die('请求不合法'); } } ?>
2. [文件] request.php
'anziguoer@sina.com', 'sex' => '男', 'age' => '12', 'addr' => '北京市海淀区' ); // 传递的参数中必须有 key, sign, timestamp $postData = array( "key" => $key, "timestamp" => time() ); $psotData = array_merge($postData, $data); $sign = getSign($secret, $psotData); $postData['sign'] = $sign; // 获取sign function getSign($secret, $data) { // 对数组的值按key排序 ksort($data); // 生成url的形式 $params = http_build_query($data); // 生成sign $sign = md5($params.$secret); return $sign; } $postData = array_merge($postData, $data); request($postData); /** * 发送服务器的数据 * @param [type] $postData [description] * @return [type] [description] */ function request($postData) { $curl = curl_init('http://host/receive.php'); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_POST, TRUE); curl_setopt($curl, CURLOPT_POSTFIELDS, $postData); $info = curl_exec($curl); curl_close($curl); print_r($info); }
PHP之友评论