正常情況下,接口一般都有加密規則,最近工作中用到的是CI框架,下面示例一些簡單的加密規則:
public function verify() {
$arr_user = array(
'cmcc' => 'acae0af3b90c4320c325af551b0830a6', //demo
);
$max_timeleft = 600; //7200秒
//第1步:參數不能爲空
$uid = $this->input->get('uid', true); //ci框架自定義接收get參數方法
$time = substr(trim($this->input->get('time', true)), 0, 10);
$sec = $this->input->get('sec', true);
if (empty($uid) || empty($time) || empty($sec) || !preg_match('/^[0-9]{10}$/', $time)) {
echo '{"code":"1001","message":"參數錯誤"}';
exit;
}
//第2步:驗證接口是否有效
$key = @$arr_user[$uid];
if ( empty($key)){
echo '{"code":"1002","message":"key錯誤"}';
exit;
}
$sec_match = md5($uid.$key.$time);
if ( $sec_match != $sec){
echo '{"code":"2001","message":"鑑權失敗"}';
exit;
}
//第3步:接口時間沒有過期
$currtime = time();
$lefttime = abs($currtime - $time);
if ($lefttime > $max_timeleft) {
echo '{"code":"1003","message":"請求時間已過期"}';
exit;
}
}
校驗規則算是表完善,僅供參考