How do I use token? I see a token when someone else's mobile client interacts with the server. what is the principle of token? How to implement it? How can I use php to develop servers?
Reply to discussion (solution)
The token is used to verify that the request belongs to your client. only when the token is verified as true will the server accept the data returned by the request.
The token is a token used to determine the identity.
First, the server creates a token to send it to the client. each request from the client sends the token to the server for authentication.
In a simple way, encrypt the id as the token, and then decrypt the token as the id
'; Echo 'token decrypt id = '. checkToken ($ token); // create tokenfunction genToken ($ id) {$ str = json_encode (array (time (), mt_rand (), $ id )); return authcode ($ str, 'encoding', KEY);} // verify tokenfunction checkToken ($ token) {$ str = authcode ($ token, 'Decode', KEY ); $ result = json_decode ($ str); if (is_array ($ result) {return $ result [2];} else {return 'decrypt fail ';}} // encryption/decryption method function authcode ($ string, $ opera Tion = 'Decode', $ key) {$ ckey_length = 4; // random key length value: 0-32; $ key = md5 ($ key ); $ keya = md5 (substr ($ key, 0, 16); $ keyb = md5 (substr ($ key, 16, 16); $ keyc = $ ckey_length? ($ Operation = 'decode '? Substr ($ string, 0, $ ckey_length): substr (md5 (microtime (),-$ ckey_length): ''; $ cryptkey = $ keya. md5 ($ keya. $ keyc); $ key_length = strlen ($ cryptkey); $ string = $ operation = 'decode '? Base64_decode (substr ($ string, $ ckey_length): sprintf ('% 010d', 0 ). substr (md5 ($ string. $ keyb), 0, 16 ). $ string; $ string_length = strlen ($ string); $ result = ''; $ box = range (0,255); $ rndkey = array (); for ($ I = 0; $ I <= 255; $ I ++) {$ rndkey [$ I] = ord ($ cryptkey [$ I % $ key_length]);} for ($ j = $ I = 0; I I <256; $ I ++) {$ j = ($ j + $ box [$ I] + $ rndkey [$ I]) % 256; $ tmp = $ box [$ I]; $ box [$ I] = $ box [$ j]; $ box [$ J] = $ tmp;} for ($ a = $ j = $ I = 0; $ I <$ string_length; $ I ++) {$ a = ($ a + 1) % 256; $ j = ($ j + $ box [$ a]) % 256; $ tmp = $ box [$ a]; $ box [$ a] = $ box [$ j]; $ box [$ j] = $ tmp; $ result. = chr (ord ($ string [$ I]) ^ ($ box [($ box [$ a] + $ box [$ j]) % 256]);} if ($ operation = 'decode') {if (substr ($ result, 0, 10) = 0 | substr ($ result, 0, 10) -time ()> 0) & substr ($ result, 10, 16) = substr (md5 (substr ($ result, 26 ). $ keyb), 0, 16) {return substr ($ result, 26) ;}else {return '';}} else {return $ keyc. str_replace ('=', '', base64_encode ($ result) ;}}?>
Token. the client and server verify each other, that is, encryption and decryption.
Generate an encrypted string.
The token is used to verify that the request belongs to your client. only when the token is verified as true will the server accept the data returned by the request.
Does the server create a new token for each request, or does it work for the first request?
The token is a token used to determine the identity.
First, the server creates a token to send it to the client. each request from the client sends the token to the server for authentication.
[/Code]
Does the server create a new token for each request, or does it work for the first request?
If a token is detected, the token can be used again.
However, token is intended to prevent malicious access, and reuse involves vulnerabilities that can be exploited.
Therefore, it is better to issue it each time.
Good stuff, still studying this part