PHP开发api接口安全验证

前台

这里我并没有实际的前台，直接使用一个PHP文件代替前台，然后通过CURL模拟GET请求。

用的是TP框架，URL格式是pathinfo格式。

源代码

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71

<?php /**  * Created by PhpStorm.  * User: Administrator  * Date: 2017/3/16 0016  * Time: 15:56  */ namespace ClientController; use ThinkController;    class ClientController extends Controller{     const TOKEN = 'API';     //模拟前台请求服务器api接口     public function getDataFromServer(){         //时间戳         $timeStamp = time();         //随机数         $randomStr = $this -> createNonceStr();         //生成签名         $signature = $this -> arithmetic($timeStamp,$randomStr);         //url地址         $url = "http://www.apitest.com/Server/Server/respond/t/{$timeStamp}/r/{$randomStr}/s/{$signature}";         $result = $this -> httpGet($url);         dump($result);     }        //curl模拟get请求。     private function httpGet($url){         $curl = curl_init();            //需要请求的是哪个地址         curl_setopt($curl,CURLOPT_URL,$url);         //表示把请求的数据已文件流的方式输出到变量中         curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);            $result = curl_exec($curl);         curl_close($curl);         return $result;     }        //随机生成字符串     private function createNonceStr($length = 8) {         $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";         $str = "";         for ($i = 0; $i < $length; $i++) {             $str .= substr($chars, mt_rand(0, strlen($chars) - 1), 1);         }         return "z".$str;     }        /**      * @param $timeStamp 时间戳      * @param $randomStr 随机字符串      * @return string 返回签名      */     private function arithmetic($timeStamp,$randomStr){         $arr['timeStamp'] = $timeStamp;         $arr['randomStr'] = $randomStr;         $arr['token'] = self::TOKEN;         //按照首字母大小写顺序排序         sort($arr,SORT_STRING);         //拼接成字符串         $str = implode($arr);         //进行加密         $signature = sha1($str);         $signature = md5($signature);         //转换成大写         $signature = strtoupper($signature);         return $signature;     } }

服务器端

接受前台数据进行验证

源代码

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55

<?php /**  * Created by PhpStorm.  * User: Administrator  * Date: 2017/3/16 0016  * Time: 16:01  */ namespace ServerController; use ThinkController;    class ServerController extends Controller{     const TOKEN = 'API';        //响应前台的请求     public function respond(){         //验证身份         $timeStamp = $_GET['t'];         $randomStr = $_GET['r'];         $signature = $_GET['s'];         $str = $this -> arithmetic($timeStamp,$randomStr);         if($str != $signature){             echo "-1";             exit;         }         //模拟数据         $arr['name'] = 'api';         $arr['age'] = 15;         $arr['address'] = 'zz';         $arr['ip'] = "192.168.0.1";         echo json_encode($arr);     }        /**      * @param $timeStamp 时间戳      * @param $randomStr 随机字符串      * @return string 返回签名      */     public function arithmetic($timeStamp,$randomStr){         $arr['timeStamp'] = $timeStamp;         $arr['randomStr'] = $randomStr;         $arr['token'] = self::TOKEN;         //按照首字母大小写顺序排序         sort($arr,SORT_STRING);         //拼接成字符串         $str = implode($arr);         //进行加密         $signature = sha1($str);         $signature = md5($signature);         //转换成大写         $signature = strtoupper($signature);         return $signature;     } } 结果 string(57) "{"name":"api","age":15,"address":"zz","ip":"192.168.0.1"}"