thinkphp Communication Security Authentication during the development of the app interface

Source: Internet
Author: User

For our well-written interface, if it can be directly accessed without security certification, it will have a very large security risk to our site, some hack may directly use your interface to operate the database, the consequences can not be measured. So how do you make effective security validation? Here I used the development of the Access_token mechanism, let the app front-end developers to submit AppID and Appsecert to get token, the server side of token cache for 7,200 seconds, If the client requests tokens directly each time, the token will be reset every time, so the client can also cache the same, the client may determine whether the local token exists, if there is a direct token parameter to access our API, The service side to determine the validity of token and give the corresponding return, the client cache token if it fails, the direct request to obtain token, the idea is probably the case, the following I provide a complete reference code, if there is a better way, please advise

<?phpnamespace Home\controller; UseThink\controller;classIndexcontrollerextendsController { Public $appid= ' dmm888 ';  Public $appsecret= ' http://cnblogs.com/dmm888 ';  Public functionindex () {$this->show (' <style type= "text/css" >*{padding:0; margin:0;} div{padding:4px 48px;} body{background: #fff; font- Family: "Microsoft Jas Black"; Color: #333; font-size:24px} h1{font-size:100px; font-weight:normal; margin-bottom:12px;} p{line-height:1.8em; font- size:36px}</style><div style= "padding:24px 48px;" > ); }     Public functionTest () {if(!isset($_get[' token '])){            $this->apireturn (4001, ' invalid token ')); }Else if(! S$_get[' token '])){                        $this->apireturn (4001, ' invalid token ')); }         $data=Array(            ' id ' =>2, ' username ' = ' The Night of the Ming ', ' info ' =Array(' Age ' =>24, ' address ' = ' Academy road ', ' url ' = ' http://cnblogs.com/dmm888 ')        ); if($data){            $this->apireturn (200, ' Read user information success ',$data,XML); }    }     Public functionGetToken () {$ori _str= S ($this->appid. ' _‘.$this->appsecret);//here AppID and Appsecret I write fixed, is actually obtained through the client so here we can do a lot such as Judge AppID and Appsecret validity, etc.        if($ori _str){//re-fetch and delete the previous tokenS$ori _str,NULL); }        //here is the mechanism of token generation you can also define yourself        $nonce=$this-&GT;CREATENONCESTR (32); $TMPARR=Array($nonce,$this->appid,$this-Appsecret); Sort($TMPARR,sort_string); $tmpStr=implode($TMPARR ); $tmpStr=SHA1($tmpStr ); //Echo $tmpStr; Cache ' A ' =>b and ' B ' =>a format are done hereS$this->appid. ' _‘.$this->appsecret,$tmpStr, 7200); S ($tmpStr,$this->appid. ' _‘.$this->appsecret,7200); }     /** * Function: Generate random string, not longer than 32 bits*/     functionCREATENONCESTR ($length= 32 )     {        $chars= "abcdefghijklmnopqrstuvwxyz0123456789"; $str="";  for($i= 0;$i<$length;$i++ )  {              $str.=substr($chars,Mt_rand(0,strlen($chars)-1), 1); }          return $str; }     }

Specifically how to verify that I do not have to write, so we just have to AppID and Appsecret to the app front-end developers and tell him how to use the token is the only token valid only can be executed down so that security can be guaranteed

thinkphp Communication Security Authentication during the development of the app interface

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.