I wrote an api interface that can be used only after review. thanks for your practical ideas.
Source: Internet
Author: User
[Urgent] I wrote an api that can be used only after review. it is a realistic solution. thank you for calling $ this-& gt; file_get_content (& quot; http: // 127.0.0.40/api. php? Goods_id = XXXX & quot;); the file of the interface is print_R [urgent]. I wrote an api interface, which can be used only after review. thank you for your ideas.
The interface is called like this $ this-> file_get_content ("http: // 127.0.0.40/api. php? Goods_id = XXXX ");
The interface file is print_R with some arrays.
The person who wants to use my interface can use the domain name only after I review it.
I checked some methods online, as shown below:
$ Parse_url = parse_url ($ _ SERVER [HTTP_REFERER]);
$ Url_from = $ parse_url [host];
You can obtain the source URL, but you must click through the hyperlink to obtain it. file_get_content is not usable.
Thank you for your advice!
QQ: 614944530
------ Solution --------------------
Then you can use the simplest logon verification method. first, pass the account password and account password, and then give the result directly.
------ Solution --------------------
Verify the ip address. HTTP_REFERER can be forged.
------ Solution --------------------
File_get_content is unreliable. use curl or fsocketopen.
------ Solution --------------------
Log on after review. don't do anything about IT. IT's not superstitious to talk about technical details.
------ Solution --------------------
Discussion
Verify the ip address. HTTP_REFERER can be forged.
------ Solution --------------------
$ This-> file_get_content
If this is the execution method on your server, you will naturally have the permission to execute it.
If this is to execute his own code, that is, your service. You have provided all interfaces to others. do you still have daily permissions?
------ Solution --------------------
1. file_get_content can be added with the header. of course, you can also add HTTP_REFERER.
2. HTTP_REFERER is unreliable.
------ Solution --------------------
It seems convenient to use the account and password
------ Solution --------------------
First, pass the login information and call the API
------ Solution --------------------
Set an ip-ticket key-value pair and publish it to the user. in this way, you can only access it from the specified ip address with the specified ticket...
You can either learn about google, but there is no limit on the number of visits per day.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
