为什么要进行签名,我们在进行数据请求的时候,为了防止数据被人截取,造成不好的影响,所以我们在进行数据请求的时候,需要进行签名验证,进行签名的原理是:客户端和服务端使用同样的签名算法,来计算签名,当客户端提交的签名,和服务端提供的签名一致的时候,就签名成功。
这里是仿照微信验证的签名算法:需要用到 appid 和 appSecret。
具体实现:
/* 签名算法 */ public function sign(){ $appid = "dd9818820b95ec8e3d"; $appSecret = "e5178f68c37c3a24772e463deb8cc4d8"; $postData = array( \'appid\'=>$appid, \'timestamp\'=>\'1544883104\', \'nonce\'=>md5(md5(\'dd9818820b95ec8e3d\').\'1544883104\'), \'sign\'=>\'B016B5D43749E26775B260FBED08DDCA\' ); echo $this->getSignature()."<br>"; echo $this->checkSignature($postData)."<br>"; die; } public function checkSignature($data = null){ $appid = "dd9818820b95ec8e3d"; $appSecret = "e5178f68c37c3a24772e463deb8cc4d8"; if(!$data){return false;}; $clientSign = $data[\'sign\']; $array = array(); $array[\'appid\'] = $data[\'appid\']; $array[\'timestamp\'] = $data[\'timestamp\']; $array[\'nonce\'] = $data[\'nonce\']; ksort($array); $str = ""; foreach ($array as $k => $v) { $str.= $k.$v; } $restr = $str.$appSecret; $reserverSign = strtoupper(md5($restr)); if($clientSign == $reserverSign){ return true; }; return false; } public function getSignature($array = array()){ $appid = "dd9818820b95ec8e3d"; $appSecret = "e5178f68c37c3a24772e463deb8cc4d8"; $array = array( \'appid\'=>$appid, \'timestamp\'=>\'1544883104\', \'nonce\'=>md5(md5(\'dd9818820b95ec8e3d\').\'1544883104\'), ); // 1.对加密数组进行字典排序 防止因为参数顺序不一致而导致下面拼接加密不同 ksort($array); // 2.将key和value进行拼接 $str = ""; foreach ($array as $k => $v) { $str.= $k.$v; } // 3.通过sha1(或md5)加密并转化为大写 $restr = $str.$appSecret; $sign = strtoupper(md5($restr)); return $sign; } public function getAppid($phone = "18314416390"){ return \'dd\'.substr(md5(md5(time()).md5($phone).mt_rand(1,1000000)),0,16); } public function getAppSecret($phone = "18314416390"){ $key = \'|Hx@IP9O]>6KFX\Z2(r[/?st1}^CNh+W4oQeDgS\'; return md5(md5($key).md5($phone).md5(time()).mt_rand(1,1000000)); }