客户端:
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> 签名 </body> <script src="http://libs.baidu.com/jquery/2.0.0/jquery.min.js"></script> <script src="https://cdn.bootcss.com/blueimp-md5/2.10.0/js/md5.js"></script> <script type="application/javascript"> var secret='cmyxy'; setParamSign = function (params) { console.log(secret); var paramStr = ""; if (typeof params == "string") { paramStr = params; } else if (typeof params == "object") { var arr = []; for (var i in params) { if (params.hasOwnProperty(i)) { arr.push((i + "=" + params[i])); } } paramStr = arr.join(("&")); } console.log(paramStr); if (paramStr) { var newParamStr = paramStr.split("&").sort().join("&"); console.log(newParamStr); var sign = md5(newParamStr+secret); if (typeof params == "string") { params += ("&sign=" + sign); }else { params["sign"] = sign; } } console.log(params); return params; }; var data = { token:'F5D933D3F00A51F90E0A20F75692AB83', timestamp:timest() }; $.ajax({ url: "http://192.168.7.68:4477/index", async: false, data: setParamSign(data), dataType: "json", type: "POST", success: function (data) { console.log('111'); console.log(data); } }); function timest() { var tmp = Date.parse( new Date() ).toString(); tmp = tmp.substr(0,10); return tmp; } </script> </html>
服务器端验证:
<?php /** * Created by PhpStorm. * User: HOUDJ * Date: 2020/6/11 * Time: 10:59 */ namespace appindexcontroller; use appBaseController; use thinkexceptionHttpResponseException; use thinkfacadeCache; class Base extends BaseController { public $userId=0; public $userName=''; public $userMobile=''; public $access_token=''; public function initialize() { parent::initialize(); $params=$this->request->param(); $this->verifySign(config('app.sign_secret'),$params); $this->access_token=$params['token']; if(!$this->access_token || !$this->isLogin()){ return $this->returnMsg(config('status.error'),'','登录异常,请重新登录!'); } } /** * Notes:访问检测 * User: HOUDJ * Date: 2020/7/1 */ function verifySign($secret, $data) { if(config('app.sign_check')) {//配置文件中可关闭验证 // 验证参数中是否有签名 if (!isset($data['sign']) || !$data['sign']) { return $this->returnMsg(config('status.error'), '', '发送的数据签名不存在'); } if (!isset($data['timestamp']) || !$data['timestamp']) { return $this->returnMsg(config('status.error'), '', '发送的数据参数不合法'); } // 验证请求,10分钟失效 if (time() - $data['timestamp'] > 600) { return $this->returnMsg(config('status.error'), '', '访问超时,请重新请求!'); } $sign = $data['sign']; unset($data['sign']); ksort($data); $params = http_build_query($data); $sign2 = md5(urldecode($params) . $secret); if ($sign == $sign2) { return true; } else { return $this->returnMsg(config('status.error'), '', '请求不合法'); } }else{ return true; } } /** * Notes:是否登录 * User: HOUDJ * Date: 2020/6/15 */ public function isLogin(){ $userInfo= Cache::get(config('app.login.login_prefix').$this->access_token); if(!$userInfo){ return false; } $userArr=json_decode($userInfo,true); $this->userId=$userArr['id']; $this->userName=$userArr['username']; $this->userMobile=$userArr['mobile']; return true; } public function returnMsg(...$args){ throw new HttpResponseException(returnMsg(...$args)); } }