Shulou(Shulou.com)06/02 Report--

This article mainly explains the "php interface security sign encryption method", the content of the article is simple and clear, easy to learn and understand, now please follow the editor's train of thought slowly in depth, together to study and learn "php interface security sign encryption method"!

First, the first step: organize the parameters

1. For example, request parameter is uid=1&time=2019&name=song

two。 Organize the parameters into an array (which can be obtained directly if it is a post request) and sort by key

For example, the sorted result of the above instance is:

['name' = >' song', 'time' = > 2019,' uid' = > 1]

3. Transcode value (urlencode) and convert it to a sorted string

For example, the sorted result of the above instance is:

Name=song&time=2019&uid=1

Step 2: encryption

1. Encrypt the string with sha1, $secret='miyao'. Keep the secret key, do not disclose it.

$result = hash_hmac ('sha1',' name=song&time=2019&uid=1', $secret, true)

two。 The result of $result is returned after base64 encryption.

Return base64_encode ($result)

Third, step 3: judge

1. The client also needs to perform the sign processing of 1 sign and 2 steps, and the processed result sign is spliced into the parameters and passed.

two。 According to the sign generated by the client, the server compares it with its own sign. If it is consistent, the verification is successful.

3. Because the secret key in it is a private key, which we set by ourselves can not be known by others, so the interface is secure to a certain extent.

4. You can add a timestamp field to the interface. If there is a big difference between the timestamp and the server time, the verification fails to avoid crawling data maliciously all the time.

Thank you for reading, the above is the content of "php interface security sign encryption method". After the study of this article, I believe you have a deeper understanding of the php interface security sign encryption method, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.