I wrote an api interface that can be used only after review. thanks for your practical ideas.

Source: Internet
Author: User
[Urgent] I wrote an api that can be used only after review. it is a realistic solution. thank you for calling $ this-& gt; file_get_content (& quot; http: // 127.0.0.40/api. php? Goods_id = XXXX & quot;); the file of the interface is print_R [urgent]. I wrote an api interface, which can be used only after review. thank you for your ideas.
The interface is called like this $ this-> file_get_content ("http: // 127.0.0.40/api. php? Goods_id = XXXX ");

The interface file is print_R with some arrays.

The person who wants to use my interface can use the domain name only after I review it.

I checked some methods online, as shown below:
$ Parse_url = parse_url ($ _ SERVER [HTTP_REFERER]);
$ Url_from = $ parse_url [host];
You can obtain the source URL, but you must click through the hyperlink to obtain it. file_get_content is not usable.

Thank you for your advice!

QQ: 614944530


------ Solution --------------------
Then you can use the simplest logon verification method. first, pass the account password and account password, and then give the result directly.
------ Solution --------------------
Verify the ip address. HTTP_REFERER can be forged.
------ Solution --------------------
File_get_content is unreliable. use curl or fsocketopen.
------ Solution --------------------
Log on after review. don't do anything about IT. IT's not superstitious to talk about technical details.
------ Solution --------------------
Discussion
Verify the ip address. HTTP_REFERER can be forged.

------ Solution --------------------
$ This-> file_get_content
If this is the execution method on your server, you will naturally have the permission to execute it.
If this is to execute his own code, that is, your service. You have provided all interfaces to others. do you still have daily permissions?

------ Solution --------------------
1. file_get_content can be added with the header. of course, you can also add HTTP_REFERER.
2. HTTP_REFERER is unreliable.

------ Solution --------------------
It seems convenient to use the account and password
------ Solution --------------------
First, pass the login information and call the API
------ Solution --------------------
Set an ip-ticket key-value pair and publish it to the user. in this way, you can only access it from the specified ip address with the specified ticket...
You can either learn about google, but there is no limit on the number of visits per day.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.