PHP interface encryption for the app write interface

Source: Internet
Author: User

<?php
/**
Inc
Parsing interfaces
Client interface Transport Rules:
1. Using the cmd parameter (base64) to dynamically invoke different interfaces, the interface address is unified to http://a.lovexpp.com
2. The arguments to be passed form an array, the array is added with the timestamp element (current timestamp, exactly to the second), and the key values of the array are sorted from large to small in natural order
3. Make the array into a string of Key=val&key=val, concatenate the string with Xpp_key, encrypt it once with MD5 (32-bit lowercase), get sign
4. Add sign to the parameter array
5. Convert the parameter array to JSON with the POST request interface address, the key value is param
Service-side interface parsing rules:
1. Receive parameter param, parse the result JSON to get the parameter array
2. Remove sign, remove sign from the parameter array
3. Sort the parameter array key values from large to small in natural order
4. The sorted parameter array is composed of a string in the form of Key=val&key=val, the string is concatenated with the Xpp_key, encrypted once with MD5 (32-bit lowercase), and the sign
5. Match sign to the client's sign, if not the same, it may be tampered with the parameter, the server rejects the request.
6. Compare sign to sign in session, if same, repeat commit, the server rejects this request
7. This sign is credited to the session
8. Execute the route cmd (after Base64 parsing) to bring the parameters into the method
*/

$xpp _key = "xxx";

Receive parameter param, parse the result JSON to get the parameter array
$param = Json_decode ($_post[' param '), true);

Remove sign, remove sign from the parameter array
$client _sign = $param [' sign '];
unset ($param [' sign ']);

Sort the parameter array key values from large to small in natural order
Krsort ($param);

The sorted parameter array is composed of strings in the form of key=val&key=val, strings are concatenated with Xpp_key, encrypted once with MD5 (32-bit lowercase), and sign
$SB = ";
foreach ($param as $key = = $val) {
$sb. = $key. ' = '. $val. ' & ';
}
$sb. = $xpp _key;
$server _sign = MD5 ($SB);

Match sign to the client's sign, if not the same, it could be a parameter that was tampered with, and the server rejected the request.
if ($server _sign!== $client _sign) {
echo json_encode (Array (' Code ' = ' Invalid request ');
Exit
}

Compare sign to sign in session, if same, repeat commit, the server rejects this request
if ($server _sign = = $_session[' last_sign ']) {
echo json_encode (Array (' code ' = ' repeated requests '));
Exit ();
}

This sign is credited to the session
$_session[' last_sign '] = $server _sign;

Executes route cmd (after Base64 parsing), takes parameters to the method
$cmd = Base64_decode ($param [' cmd ']);
List ($__controller,$__action) = explode ('-', $cmd);

Set Request parameters
unset ($param [' cmd ']);
unset ($param [' timestamp ']);
foreach ($param as $key = = $val) {
$_request[$key] = $val;
}

PHP interface encryption for the app write interface

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.