正常情况下,接口一般都有加密规则,最近工作中用到的是CI框架,下面示例一些简单的加密规则:
public function verify() {
$arr_user = array(
'cmcc' => 'acae0af3b90c4320c325af551b0830a6', //demo
);
$max_timeleft = 600; //7200秒
//第1步:参数不能为空
$uid = $this->input->get('uid', true); //ci框架自定义接收get参数方法
$time = substr(trim($this->input->get('time', true)), 0, 10);
$sec = $this->input->get('sec', true);
if (empty($uid) || empty($time) || empty($sec) || !preg_match('/^[0-9]{10}$/', $time)) {
echo '{"code":"1001","message":"参数错误"}';
exit;
}
//第2步:验证接口是否有效
$key = @$arr_user[$uid];
if ( empty($key)){
echo '{"code":"1002","message":"key错误"}';
exit;
}
$sec_match = md5($uid.$key.$time);
if ( $sec_match != $sec){
echo '{"code":"2001","message":"鉴权失败"}';
exit;
}
//第3步:接口时间没有过期
$currtime = time();
$lefttime = abs($currtime - $time);
if ($lefttime > $max_timeleft) {
echo '{"code":"1003","message":"请求时间已过期"}';
exit;
}
}
校验规则算是表完善,仅供参考