Php-app Development Interface Encryption

Source: Internet
Author: User
This article is mainly for you to introduce the Php-app development interface encryption rules, with a certain reference value, interested in small partners can refer to

The set of interface encryption rules that I use in my usual work is recorded and used later:


/**inc parsing Interface Client Interface Transport rules: 1. Use the cmd parameter (base64) to invoke the different interfaces dynamically, and the interface address is http://a.lovexpp.com2. The arguments to be passed form an array, and the array adds timestamp elements ( The current timestamp, exactly to the second), sorts the key values of the array from large to small by natural sort 3. The array is composed of a string in the form of Key=val&key=val, the string is concatenated with the Xpp_key, encrypted once with MD5 (32-bit lowercase), Get sign4. Add sign to the parameter array 5. Convert the parameter array to JSON with the POST request interface address, the key value is Param server Interface parsing rule: 1. Receive parameter param, parse the result JSON to get the parameter array 2. Take out sign, Remove the SIGN3 in the parameter array. Sort the parameter array key values from the big to the small by natural sort 4. The sorted parameter array is composed of a string in the form of Key=val&key=val, the string is concatenated with the Xpp_key, encrypted once with MD5 (32-bit lowercase), Get sign5. Match sign to the client's sign, if not the same, it could be the parameter being tampered with halfway. The server rejected the request 6. Compare sign to sign in session, if same, repeat commit, the server rejects the request 7. This sign is deposited in Session8. Executes the route cmd (after Base64 parsing), takes parameters to the method/$xpp _ key = "XXX"; Receive parameter param, parse the result JSON to get the parameter array $param = Json_decode ($_post[' param '), true); Remove sign, remove Sign$client_sign in the parameter array = $param [' Sign '];unset ($param [' sign ']); The parameter array key value is sorted from large to small by natural sort krsort ($param); The sorted parameter array is composed of strings in the form of key=val&key=val, strings are concatenated with Xpp_key, encrypted once with MD5 (32-bit lowercase), SIGN$SB = "'; foreach ($param as $key = = $val) {$sb. = $key. '=' . $val. ' & ';} $sb. = $xpp _key; $server _sign = MD5 ($SB); Match sign to the client's sign, if notIn the same way, the parameter may be tampered with, the server rejects the request if ($server _sign!== $client _sign) {echo json_encode (' code ' = ' Invalid request '); Exit;} Compare sign to sign in SESSION, if same, repeat commit, the server rejects the request if ($server _sign = = $_session[' last_sign ') {echo json_encode ('  Code ' = ' repeated requests '); Exit ();} This sign is deposited session$_session[' last_sign ' = $server _sign; Executes the route cmd (after Base64 parsing), takes the parameter to the method $cmd = Base64_decode ($param [' cmd ']), list ($__controller,$__action) = explode ('-', $cmd ); Set request parameter unset ($param [' cmd ']), unset ($param [' timestamp ']), foreach ($param as $key = = $val) {$_request[$key] = $val;}


Client Code Demo:


Package Com.xpplove.newxpp.activity;import Java.util.hashmap;import Java.util.iterator;import java.util.Map;import Java.util.treemap;import Org.apache.commons.codec.binary.base64;import Android.os.bundle;import Com.alibaba.fastjson.json;import Com.xpplove.newxpp.baseactivity;import Com.xpplove.newxpp.bean.params;import Com.xpplove.newxpp.net.netposttask;import Com.xpplove.newxpp.utils.densityutil;public class TestActivity extends  baseactivity {private String URL = "http://c.lovexpp.com/";    @Override protected void OnCreate (Bundle savedinstancestate) {super.oncreate (savedinstancestate);  Loadmesage ();    } private void Loadmesage () {Base64 base64 = new Base64 ();    map<string, string> paramsmap = new hashmap<string, string> ();    Paramsmap.put ("timestamp", (System.currenttimemillis ()/1000 + ""));    string cmd = new string (Base64.encode ("User-camlist". GetBytes ()));    String dcmd = new String (Base64.decode (Cmd.getbytes ()));    Paramsmap.put ("cmd", cmd); ParaMsmap.put ("Sign", getString (Paramsmap));    String str = getkeyvalues (PARAMSMAP);    Paramsmap = new hashmap<string, string> ();    Paramsmap.put ("param", str);    params params = new params ();    Params.listener = this;    Params.url = URL;    New Networktask (). Executeproxy (params);  New Netposttask (Paramsmap). Executeproxy (params);    } @Override public void Ongetresult (int errorCode, Object result) {Super.ongetresult (ErrorCode, result);  System.out.println ();    } private String getString (map<string, string> paramsmap) {TREEMAP TM = new TreeMap (PARAMSMAP);    Iterator i = Tm.descendingmap (). EntrySet (). Iterator ();    StringBuffer buffer = new StringBuffer ();    while (I.hasnext ()) {Buffer.append (I.next () + "&");    } buffer.append (AppKey);  Return Densityutil.md5 (Buffer.tostring ());    }//Get key value pair private String getkeyvalues (map<string, string> paramsmap) {TREEMAP TM = new TreeMap (PARAMSMAP); Iterator i = Tm.descendingkeyset (). IteratoR ();    String Jsontext = json.tojsonstring (Tm.descendingmap (), true);  return jsontext; }}
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.