接口安全验证

时间戳,用户ID,极光推送ID,token

public function auth_token_check(){
        //默认口令
        $timeStamp = addslashes(@$_REQUEST['time']); //时间戳
        $userid = addslashes(@$_REQUEST['user']);
        $registration_id = addslashes(@$_REQUEST['registration_id']);
        $access_token = addslashes(@$_REQUEST['token']);

        if(!isset($_REQUEST['time']) && empty($timeStamp)){
            $result = array(
                'flag' => -1,
                'msg' => 'time参数有误',
                'data' => null
            ); 
            $this->tojson($result,@$_GET['callback']);
        }
        if(!isset($_REQUEST['user'])){
            $userid = 0;
        }
        if(!isset($_REQUEST['registration_id']) && empty($registration_id)){
            $result = array(
                'flag' => -3,
                'msg' => 'registration_id参数有误',
                'data' => null
            ); 
            $this->tojson($result,@$_GET['callback']);
        }
        if(!isset($_REQUEST['token']) && empty($access_token)){
            $result = array(
                'flag' => -4,
                'msg' => 'token参数有误',
                'data' => null
            ); 
            $this->tojson($result,@$_GET['callback']);
        }
        if(time()-$timeStamp > 600){
            $result = array(
                'flag' => -5,
                'msg' => '接口验证已过期',
                'data' => null
            ); 
            $this->tojson($result,@$_GET['callback']);
        }
        if(!empty($userid)){
            $userinfo = $this->_get_user_info($userid);
            if(!empty($userinfo)){
                $login_record = Db::name("login_record")->field("registration_id")->where("userid = ".$userid)->find();
                if($login_record['registration_id'] == $registration_id){
                    //加密
                    $key = base64_encode("http://tongji.study119.com/qrcode/logo.png");
                    $arr['registration'] = $registration_id;
                    $arr['secret_key'] = $key;
                    $arr['timeStamp'] = $timeStamp;
                    $arr['userid'] = $userid;
                    //拼接成字符串
                    $str = implode($arr);
                    //进行加密
                    $signature = sha1($str);
                    $signature = md5($signature);
                    //转换成大写
                    $token = strtoupper($signature);
                    //echo $token;die;
                    if($access_token != $token){
                        $result = array(
                            'flag' => -1,
                            'msg' => 'token验证失败',
                            'data' => null
                        ); 
                        $this->tojson($result,@$_GET['callback']);
                    }
                }else{
                    $result = array(
                        'flag' => -7,
                        'msg' => 'token验证失败',
                        'data' => null
                    ); 
                    $this->tojson($result,@$_GET['callback']);
                }
            }else{
                $result = array(
                    'flag' => -6,
                    'msg' => '用户不存在',
                    'data' => null
                ); 
                $this->tojson($result,@$_GET['callback']);
            }
        }else{
            //加密
            $key = base64_encode("http://tongji.study119.com/qrcode/logo.png");
            $arr['registration'] = $registration_id;
            $arr['secret_key'] = $key;
            $arr['timeStamp'] = $timeStamp;
            //拼接成字符串
            $str = implode($arr);
            //进行加密
            $signature = sha1($str);
            $signature = md5($signature);
            //转换成大写
            $token = strtoupper($signature);
            if($access_token != $token){
                $result = array(
                    'flag' => -7,
                    'msg' => 'token验证失败',
                    'data' => null
                ); 
                $this->tojson($result,@$_GET['callback']);
            }
        }
    }

 

原案例:

//权限认证
class UserAuth extends Controller {
    const TOKEN = 'study119_api';

    protected function _initialize(){
        $this->auth_token_check();
    }

    public function auth_token_check(){
        //默认口令
        $token = self::TOKEN;
        //时间戳
        $timeStamp = time();
        //随机数
        $randomStr = $this -> createNonceStr();
        //$signature = $_GET['s'];
        $str = $this -> arithmetic($timeStamp,$randomStr);
        print_r($str);die;
    }

    /**
     * @param $timeStamp 时间戳
     * @param $randomStr 随机字符串
     * @return string 返回签名
     */
    protected function arithmetic($timeStamp,$randomStr){
        $arr['timeStamp'] = $timeStamp;
        $arr['randomStr'] = $randomStr;
        $arr['token'] = self::TOKEN;
        //按照首字母大小写顺序排序
        sort($arr,SORT_STRING);
        //拼接成字符串
        $str = implode($arr);
        //进行加密
        $signature = sha1($str);
        $signature = md5($signature);
        //转换成大写
        $signature = strtoupper($signature);
        return $signature;
    }

    //随机生成字符串
    private function createNonceStr($length = 8) {
        $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
        $str = "";
        for ($i = 0; $i < $length; $i++) {
            $str .= substr($chars, mt_rand(0, strlen($chars) - 1), 1);
        }
        return "z".$str;
    }
}

 

posted on 2019-06-21 10:08  夏沫忆香  阅读(863)  评论(0编辑  收藏  举报