前端頁面傳遞數據,或者請求短信類接口,拿到XHR中的請求就有可能被人刷數據。
JS處理這個問題 基礎原理:利用sort降序處理加上時間戳處理
HTML使用
var data = {user_name:user_name,short_company_name:user_name,mobile:mobile,user_passwd:user_passwd,code:code};
//調用js代碼 加密
getSignature(data)
$.post("/Presence/resFirst/", {data:data}, function (data) {
var data = JSON.parse(data);
if (data.resultId == 0) {
$("#error").show().delay(2000).hide(200);
$("#error").text("註冊成功");
setTimeout(function(){
window.location.href = data.Data
},2000);
return false;
}else{
$("#error").show().delay(2000).hide(200);
$("#error").text(data.Data);
return false;
}
})
JS代碼:
/**
* javascript實現PHP字典排序
* @param {Object} vm 當前this
* @param {Array} inputArr 規定要進行排序的數組
* @param {String} sort_flags 規定如何排列數組的元�?/項目
*/
function ksort(vm, inputArr, sort_flags) {
var tmp_arr = {},
keys = [],
sorter, i, k, that = vm,
strictForIn = false,
populateArr = {};
switch (sort_flags) {
case 'SORT_STRING':
// compare items as strings
sorter = function (a, b) {
return that.strnatcmp(a, b);
};
break;
case 'SORT_LOCALE_STRING':
// compare items as strings, original by the current locale (set with i18n_loc_set_default() as of PHP6)
var loc = vm.i18n_loc_get_default();
sorter = vm.php_js.i18nLocales[loc].sorting;
break;
case 'SORT_NUMERIC':
// compare items numerically
sorter = function (a, b) {
return ((a + 0) - (b + 0));
};
break;
// case 'SORT_REGULAR': // compare items normally (don't change types)
default:
sorter = function (a, b) {
var aFloat = parseFloat(a),
bFloat = parseFloat(b),
aNumeric = aFloat + '' === a,
bNumeric = bFloat + '' === b;
if (aNumeric && bNumeric) {
return aFloat > bFloat ? 1 : aFloat < bFloat ? -1 : 0;
} else if (aNumeric && !bNumeric) {
return 1;
} else if (!aNumeric && bNumeric) {
return -1;
}
return a > b ? 1 : a < b ? -1 : 0;
};
break;
}
// Make a list of key names
for (k in inputArr) {
if (inputArr.hasOwnProperty(k)) {
keys.push(k);
}
}
keys.sort(sorter);
// BEGIN REDUNDANT
vm.php_js = vm.php_js || {};
vm.php_js.ini = vm.php_js.ini || {};
strictForIn = vm.php_js.ini['phpjs.strictForIn'] && vm.php_js.ini['phpjs.strictForIn'].local_value && vm.php_js
.ini['phpjs.strictForIn'].local_value !== 'off';
populateArr = strictForIn ? inputArr : populateArr;
for (i = 0; i < keys.length; i++) {
k = keys[i];
tmp_arr[k] = inputArr[k];
if (strictForIn) {
delete inputArr[k];
}
}
for (i in tmp_arr) {
if (tmp_arr.hasOwnProperty(i)) {
populateArr[i] = tmp_arr[i];
}
}
return strictForIn || populateArr;
}
function getRequestStr(obj) {
var str = '';
$.each(obj, function (index, value) {
if(value){
if(str){
str += '&'+ index + '=' + value;
}else{
str += '?'+ index + '=' + value;
}
}
});
return str;
}
function getSignature(data){
data.timestamp = (new Date()).valueOf();
requestJson = ksort(this, data, '');
requestStr = getRequestStr(requestJson);
requestStr = requestStr.substr(1, requestStr.length);
//תmd5
data.signature = $.md5(requestStr).toUpperCase();
return data;
}
必須加上MD5.JS文件處理 md5加密問題
PHP代碼處理
先處理signature 參數 和時間戳驗證是否合法
PHP
<?php
$params_post = $this->getRequest()->getPost();
$post_data = $params_post['data'];
$this->checkSignature($post_data);
if($this->checkSignature($post_data)){
echo "驗證成功";
}
>
private function checkSignature($data){
$requestStr = '';
ksort($data);
if(!isset($data['signature'])){
return false;
}
if(time() - $data['timestamp'] > 60*1000){
return false;
}
foreach ($data as $key => $value){
if(!in_array($key, ['s_log_time', 'signature', 'request_url'])){
$requestStr .= empty($requestStr) ? $key.'='.$value: '&'.$key.'='.$value;
}
}
$requestStr = strtoupper(md5($requestStr));
if($requestStr != $data['signature']){
return false;
}else{
return true;
}
}