PHP接口上传参数返回参数混淆
<?php
/**
*User:
*Date: 2021-01-20
*/
class Myapp extends Base_Controller
{
public function __construct()
{
parent::__construct();
// $this->load->model("myiapp_model");
$this->pkg = 'com.geekre.org';
$this->dck = explode(',', file_get_contents('./dck.json'));
}
/**
* 生成所有对应此包名的url路径
* 上传参数key
* 下发参数key
* 1: aes 2: des
*/
public function myiappAdd()
{
$allinfo = array();
$jmfs = rand(1, 2);
//获取全部url路由
$getAlljkurl = $this->getAlljkurl();
foreach ($getAlljkurl as $urlk => $urlv) {
$setrandurlpath = $this->setrandurlpath();
$allinfo[$setrandurlpath]['jmfs'] = $jmfs;
$allinfo[$setrandurlpath]['oldurl'] = $urlv['url'];
/**
* 1. 上传参数
*/
$filterparams = array();
if (!empty($urlv['params'])) {
foreach ($urlv['params'] as $key => $val) {
$currentparams = $this->setrandparams();
$wn2 = 0;
while (in_array($currentparams, $filterparams) && ($wn2 < 100)) {
$currentparams = $this->setrandparams();
$wn2++;
}
$allinfo[$setrandurlpath]['params'][$val] = $currentparams;
$filterparams[] = $currentparams;
}
} else {
$allinfo[$setrandurlpath]['params'] = array();
}
/**
* 2. 返回参数
*/
$filterreturnparams = array();
if (!empty($urlv['returnparams'])) {
foreach ($urlv['returnparams'] as $key2 => $val2) {
$currentparams2 = $this->setrandparams();
$wn3 = 0;
while (in_array($currentparams2, $filterreturnparams) && ($wn3 < 100)) {
$currentparams2 = $this->setrandparams();
$wn3++;
}
$allinfo[$setrandurlpath]['returnparams'][$val2] = $currentparams2;
$filterreturnparams[] = $currentparams2;
}
} else {
$allinfo[$setrandurlpath]['returnparams'] = array();
}
/**
* 3.随机code msg data
*/
$msgarr = array('code', 'msg', 'data');
$filterreturnmsg = array();
foreach ($msgarr as $msgk => $msgv) {
$currentparams3 = $this->setrandparams();
$wn5 = 0;
while (in_array($currentparams3, $filterreturnmsg) && ($wn5 < 100)) {
$currentparams3 = $this->setrandparams();
$wn5++;
}
$allinfo[$setrandurlpath]['msgparams'][$msgv] = $currentparams3;
$filterreturnmsg[] = $currentparams3;
}
//随机生成垃圾字段
//$allinfo[$setrandurlpath]['ljparams'] = array();
//$allinfo[$setrandurlpath]['ljmsg'] = array();
$allinfo[$setrandurlpath]['pkg'] = $this->pkg;
/**
* 4. 将随机生成的url生成json文件
*/
$everyjson = json_encode($allinfo[$setrandurlpath]);
$everydir = './oelfktjgawp3452/url/' . $setrandurlpath . '.json';
file_put_contents($everydir, $everyjson);
}
//存入包名对应的json文件
$alljson = json_encode($allinfo);
$dir = './oelfktjgawp3452/pkg/';
file_put_contents($dir . $this->pkg . '.json', $alljson);
$this->show_json(array('code' => 200, 'msg' => '导入路由成功', 'data' => []));
}
/**
* 给包名 追加url
* @return bool
* User:
* Date: 2021-01-21 10:57
*/
public function appendUrl()
{
$pkg = $this->input->get('pkg');
if (empty($pkg)) {
return false;
}
$this->pkg = $pkg;
//追加的时候,这个包是已经存在的包,所以这个包的json文件应该是存在的
$pkgjsonname = './oelfktjgawp3452/pkg/' . $pkg . '.json';
if (!file_exists($pkgjsonname)) {
return false;
}
//当前这个包已经有的url
$pkgjson = file_get_contents($pkgjsonname);
if (!$pkgjson) {
return false;
}
$pkgarr = json_decode($pkgjson, true);
$pkgurlarr = [];
foreach ($pkgarr as $k => $v) {
array_push($pkgurlarr, $v['oldurl']);
}
$oldjmfs = isset($v['jmfs']) ? $v['jmfs'] : rand(1, 2);
//获取目前所有的url
$allurl = $this->getAlljkurl();
//需要追加生成的url
$diffurlarr = [];
foreach ($allurl as $k => $v) {
if (!in_array($v['url'], $pkgurlarr)) {
array_push($diffurlarr, $v);
}
}
if (empty($diffurlarr)) {
echo "没有需要追加的路由";
exit;
}
//循环生成额外的随机路由
foreach ($diffurlarr as $urlk => $urlv) {
$setrandurlpath = $this->setrandurlpath();
$allinfo[$setrandurlpath]['jmfs'] = $oldjmfs; //1==aes 2==des 保持和之前的加密方式一致
$allinfo[$setrandurlpath]['oldurl'] = $urlv['url'];
$filterparams = array();
if (!empty($urlv['params'])) {
foreach ($urlv['params'] as $key => $val) {
$currentparams = $this->setrandparams();
$wn2 = 0;
while (in_array($currentparams, $filterparams) && ($wn2 < 100)) {
$currentparams = $this->setrandparams();
$wn2++;
}
$allinfo[$setrandurlpath]['params'][$val] = $currentparams;
$filterparams[] = $currentparams;
}
} else {
$allinfo[$setrandurlpath]['params'] = array();
}
$filterreturnparams = array();
if (!empty($urlv['returnparams'])) {
foreach ($urlv['returnparams'] as $key2 => $val2) {
$currentparams2 = $this->setrandparams();
$wn3 = 0;
while (in_array($currentparams2, $filterreturnparams) && ($wn3 < 100)) {
$currentparams2 = $this->setrandparams();
$wn3++;
}
$allinfo[$setrandurlpath]['returnparams'][$val2] = $currentparams2;
$filterreturnparams[] = $currentparams2;
}
} else {
$allinfo[$setrandurlpath]['returnparams'] = array();
}
//随机code msg data
$msgarr = array('code', 'msg', 'data');
$filterreturnmsg = array();
foreach ($msgarr as $msgk => $msgv) {
$currentparams3 = $this->setrandparams();
$wn5 = 0;
while (in_array($currentparams3, $filterreturnmsg) && ($wn5 < 100)) {
$currentparams3 = $this->setrandparams();
$wn5++;
}
$allinfo[$setrandurlpath]['msgparams'][$msgv] = $currentparams3;
$filterreturnmsg[] = $currentparams3;
}
//随机生成垃圾字段
//$allinfo[$setrandurlpath]['ljparams'] = array();
//$allinfo[$setrandurlpath]['ljmsg'] = array();
$allinfo[$setrandurlpath]['pkg'] = $pkg;
//将随机生成的url生成json文件
$everyjson = json_encode($allinfo[$setrandurlpath]);
$everydir = './oelfktjgawp3452/url/' . $setrandurlpath . '.json';
file_put_contents($everydir, $everyjson);
}
//将pkg目录下的对应的json文件备份,并将追加的路由写入文件
$pkgdir = './oelfktjgawp3452/pkg/';
//创建备份目录
$bakdir = $pkgdir . 'bak/';
$res = true;
if (!file_exists($bakdir) && !is_dir($bakdir)) {
$res = mkdir($bakdir, 0777, true);
}
//pkg 目录下的json文件
$pkgfilejson = $pkgdir . $pkg . '.json';
if (file_exists($pkgfilejson) && $res) {
$bakfilename = $bakdir . $pkg . date('YmdHis') . '.json';
$jsonstr = file_get_contents($pkgfilejson);
$jsonarr = json_decode($jsonstr, true);
foreach ($allinfo as $k => $v) {
$jsonarr[$k] = $v;
}
if (rename($pkgfilejson, $bakfilename)) {
$r = file_put_contents($pkgfilejson, json_encode($jsonarr));
}
if ($r) {
echo "成功写入文件,文件名为" . $pkgfilejson;
die();
}
}
echo "写入文件失败";
die();
}
//生成随机参数
public function setrandparams()
{
$arr = $this->dck;
$count = count($arr) - 1;
$params = $arr[rand(0, $count)];
unset($arr);
return $params;
}
//全部需要加密混淆的url参数
public function getAlljkurl()
{
$res = array(
array(
'url' => 'v1/user/register ',
'params' => array(
'email', 'password'
),
'returnparams' => array(
'data'
),
),
array(
'url' => 'v1/user/login ',
'params' => array(
'email', 'password'
),
'returnparams' => array(
'data'
),
),
array(
'url' => 'v1/user/view ',
'params' => array(
'username', 'email', 'token'
),
'returnparams' => array(
'data'
),
),
);
return $res;
}
//生成随机路径
public function setrandurlpath()
{
$arr = $this->dck;
$count = count($arr) - 1;
$prev = $arr[rand(0, $count)];
$urlpath = $prev;
$pkgarr = explode('.', $this->pkg);
unset($pkgarr[0]);
shuffle($pkgarr);
$pkgcount = count($pkgarr) - 1;
$pkgcount = ($pkgcount > 4) ? 4 : $pkgcount;
$dircount = rand(0, $pkgcount);
for ($i = 0; $i <= $dircount; $i++) {
$name = $pkgarr[$i];
$urlpath .= '-' . $name;
}
$urlpath = trim($urlpath, '-');
$urlarr = explode('-', $urlpath);
shuffle($urlarr);
$urlpath = implode('-', $urlarr);
unset($arr);
//$this->show_json(array($urlpath));
return $urlpath;
}
}
实现效果:
赞赏码
非学,无以致疑;非问,无以广识