示例#1
0
	/**
	 * 生成签名结果
	 * @param $para_sort 已排序要签名的数组
	 * return 签名结果字符串
	 */
	function buildRequestMysign($para_sort) {
		//把数组所有元素,按照“参数=参数值”的模式用“&”字符拼接成字符串
		$prestr = CacheCreateLinkstringUrlencode($para_sort);
		switch ($this->config['sign_type']) {
			case 'RSA':
				$mysign = CacheRsaSign($prestr,$this->config['private_key_path']);	
				break;
			case 'MD5':
				$mysign = CacheMd5Sign($this->config['appid'],$this->config['appkey'],$prestr,$this->timestamp);	
				break;
			case 2:
				$mysign = CacheMd5Sign($this->config['appid'],$this->config['appkey'],$prestr,$this->timestamp);	
				break;
		}
		return $mysign;
	}
示例#2
0
  /**
   * 初始化验证
   */
  function _initialize() {
	if(!$_GET['nonce_str']){
	  ajaxErrReturn('随机字符串必须');
	}

	if(!$_GET['time_stamp']){
	  ajaxErrReturn('创建时间戳必须');
	}

	if(!IS_POST){
	  ajaxErrReturn('数据必须');
	}

	//判断是否内网ip
	if(!check_ip()){
	  ajaxErrReturn('非内网IP');
	}

	//3分钟有效期
	if($_REQUEST['time_stamp']+180<time()){
	  ajaxErrReturn('签名过期');
	}
	
	$model = D('Api');
	require_once(C('INTERFACE_PATH')."Cache/config.php");
	require_once(C('INTERFACE_PATH')."Cache/lib/core.function.php");
	require_once(C('INTERFACE_PATH')."Cache/lib/md5.function.php");
	require_once(C('INTERFACE_PATH')."Cache/lib/rsa.function.php");
	
	$appid = $_GET['appid'];
	$data['py_name'] = 'cache';
	$data['appid'] = $appid;
	$vo = $model->where($data)->find();
	if(!$vo){
	  ajaxErrReturn('无此应用');
	}
	$appkey = $vo['appkey'];
	//除去待签名参数数组中的空值和签名参数
	$para = $_GET;
	$para['c'] = CONTROLLER_NAME;
	$para['a'] = ACTION_NAME;
	$para_filter = CacheParaFilter($para);
	//对待签名参数数组排序
	$para_sort = CacheArgSort($para_filter);
	$prestr = CacheCreateLinkstring($para_sort);
	$timestamp = $_GET['time_stamp'];
	$sign = $_POST['sign'];
	switch ($_POST['sign_type']) {
		case 'RSA':
			$result = CacheRsaVerify($prestr, $config['public_key_path'], $sign);	
			break;
		case 'MD5':
			$result = CacheMd5Sign($appid, $appkey, $prestr, $timestamp, $sign);	
			break;
		case 2:
			$result = CacheMd5Sign($appid, $appkey, $prestr, $timestamp, $sign);	
			break;
	}	

	//dump($result);exit;
	if(!$result){
	  ajaxErrReturn('验证失败');
	}
  }