模拟客户端请求:
<?php
namespace Home\Controller;
use Think\Controller;
class ClientController extends Controller{const TOKEN = 'API';
//模拟前台请求服务器api接口
public function getDataFromServer(){//时间戳
$timeStamp = time();
//随机字符串
$randomStr = $this -> createNonceStr();
//生成签名
$signature = $this -> arithmetic($timeStamp,$randomStr);
//url地址
$url = "http://www.tp3.com/Home/Server/respond/t/{$timeStamp}/r/{$randomStr}/s/{$signature}";
$result = $this -> httpGet($url);
dump($result);
}//curl模拟get请求。
private function httpGet($url){$curl = curl_init();
//需要请求的是哪个地址
curl_setopt($curl,CURLOPT_URL,$url);
//表示把请求的数据以文件流的方式输出到变量中
curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
$result = curl_exec($curl);
curl_close($curl);
return $result;
}//随机生成字符串
private function createNonceStr($length = 8) {$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$str = "";
for ($i = 0; $i < $length; $i++) {$str .= substr($chars, mt_rand(0, strlen($chars) - 1), 1);
}return "z".$str;
}/**
* @param $timeStamp 时间戳
* @param $randomStr 随机字符串
* @return string 返回签名
*/
private function arithmetic($timeStamp,$randomStr){$arr['timeStamp'] = $timeStamp;
$arr['randomStr'] = $randomStr;
$arr['token'] = self::TOKEN;
//按照首字母大小写顺序排序
sort($arr,SORT_STRING);
//拼接成字符串
$str = implode($arr);
//进行加密
$signature = sha1($str);
$signature = md5($signature);
//转换成大写
$signature = strtoupper($signature);
return $signature;
}
}
服务端响应请求:
<?php
namespace Home\Controller;
use Think\Controller;
class ServerController extends Controller{const TOKEN = 'API';
//响应前台的请求
public function respond(){//验证身份
$timeStamp = $_GET['t'];
$randomStr = $_GET['r'];
$signature = $_GET['s']; // $signature 客户端请求地址中携带的签名,与服务端生成的签名进行比对
$str = $this -> arithmetic($timeStamp,$randomStr);//$str 服务端根据客户端请求过来的数据生成的签名
if($str != $signature){echo "-1";
exit;
}//模拟数据
$arr['name'] = 'api';
$arr['age'] = 15;
$arr['address'] = 'zz';
$arr['ip'] = "192.168.0.1";
echo json_encode($arr);
}/**
* @param $timeStamp 时间戳
* @param $randomStr 随机字符串
* @return string 返回签名
*/
public function arithmetic($timeStamp,$randomStr){$arr['timeStamp'] = $timeStamp;
$arr['randomStr'] = $randomStr;
$arr['token'] = self::TOKEN;
//按照首字母大小写顺序排序
sort($arr,SORT_STRING);
//拼接成字符串
$str = implode($arr);
//进行加密
$signature = sha1($str);
$signature = md5($signature);
//转换成大写
$signature = strtoupper($signature);
return $signature;
}
}
服务端根据客户端传递过来的时间戳和随机字符串,来按照约定好的生成签名的算法生成签名,并与客户端传递过来的签名进行对比
如果相同,则返回数据,如果不相同,则不返回数据