介绍两种常见的对请求数据的加解密的方式,用来提高请求安全。
1、对数据进行混淆,然后再清除混淆内容
$this->data = I('');
if (isset($this->data['random']) && !empty($this->data['random'])) {
$arr = [];
foreach ($this->data as $k => $v) {
if ($k != 'random') {
$k = str_replace($this->data['random'], '', $k);
$v = str_replace($this->data['random'], '', $v);
}
$arr[$k] = $v;
}
$this->data = $arr;
}
2、用AES加解密
$input = file_get_contents("php://input");
$params = json_decode($input, true);
if (is_array($params) && array_key_exists(ACTION_NAME, C('API_UUIDARR'))) {
$arr = [];
foreach ($params as $k => $v) {
if (strpos($k, C('API_UUIDARR')[ACTION_NAME]) !== false) {
$arr = $v;
}
}
import('@.Lib.AesSecurity');
$aes = new \AesSecurity();
$decrypt = $aes->decrypt($arr);
if (!empty($decrypt)) {
$this->isaesparam = true;
$res = explode(',', $decrypt);
$response = [];
foreach ($res as $k => $v) {
$result = explode('@@', $v);
if ($result[0] && array_key_exists($result[0], C('KEY_UUIDARR'))) {
$response[C('KEY_UUIDARR')[$result[0]]] = $result[1];
}
}
$this->data = $response;
}
}
网友评论