请求url通常需要附带签名参数,以防被篡改。通常是md5生成指纹, 后端通过同样的方法进行验证。
客户端请求添加签名
$url =
"https://localhost?uid=1001&appType=1×tamp=1499656976458";
$sign_key =
"gjieuuef0092jfj48838";
$split = explode(
'?',
$url,
2);
$host =
$split[
0];
$query =
$split[
1];
parse_str(
$query,
$params);
$params[
"appSk"] =
$sign_key;
ksort(
$params, SORT_STRING);
$params_str =
$host.
'?'.http_build_query(
$params);
$sign = md5(
$params_str);
$url .=
"&sign=".
$sign
服务器端验证签名
<?php
$url = "https://localhost?uid=1001&appType=1×tamp=1499656976458&sign=cda6758c69f3b951ebff9207e9a314e7"
$sign_key = "gjieuuef0092jfj48838"
$split = explode('?', $url, 2);
$host = $split[0];
$query = $split[1];
parse_str($query, $params);
$sign_orl = $params["sign"];
unset($params["sign"]);
$params["appSk"] = $sign_key;
ksort($params, SORT_STRING);
$params_str = $host.'?'.http_build_query($params);
$sign = md5($params_str);
if ($sign_orl == $sign) {
echo "success";
}
转载请注明原文地址: https://www.6miu.com/read-28423.html
