API权限设计总结系统sign验证规则-PHP源码
API权限设计总结 系统sign验证规则
http://my.oschina.net/anziguoer/blog/624840
1. [文件] receive.php
600) {
echo '验证失效, 请重新发送请求';
die();
}
$sign = $data['sign'];
unset($data['sign']);
ksort($data);
$params = http_build_query($data);
$sign2 = md5($params.$secret);
if ($sign == $sign2) {
die('验证通过');
}else{
die('请求不合法');
}
}
?>2. [文件] request.php
'anziguoer@sina.com',
'sex' => '男',
'age' => '12',
'addr' => '北京市海淀区'
);
// 传递的参数中必须有 key, sign, timestamp
$postData = array(
"key" => $key,
"timestamp" => time()
);
$psotData = array_merge($postData, $data);
$sign = getSign($secret, $psotData);
$postData['sign'] = $sign;
// 获取sign
function getSign($secret, $data)
{
// 对数组的值按key排序
ksort($data);
// 生成url的形式
$params = http_build_query($data);
// 生成sign
$sign = md5($params.$secret);
return $sign;
}
$postData = array_merge($postData, $data);
request($postData);
/**
* 发送服务器的数据
* @param [type] $postData [description]
* @return [type] [description]
*/
function request($postData)
{
$curl = curl_init('http://host/receive.php');
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_POST, TRUE);
curl_setopt($curl, CURLOPT_POSTFIELDS, $postData);
$info = curl_exec($curl);
curl_close($curl);
print_r($info);
}
PHP之友评论