The content shared with you in this article is about a brief discussion of PHP (based on TP3.2 framework) development of APP interface (personal opinion). It has certain reference value. Friends in need can refer to it
PHP is very powerful and can be used for various things, including web development, small programs, shopping malls, and of course APPs.
Since the blogger is also preparing to complete an APP project, I will write down my experience so that I can reflect on it in the future, haha.
Because we are writing interfaces, safety comes first, and we can’t kill anyone, right? So we have to negotiate an interface encryption method with the front-end, and each interface needs it (this can be called token encryption, or sign encryption, depending on what you like to call it)
Let me talk about how I encrypt it. Yes, I suggest that the interfaces are all delivered using post, so the following parameters are all based on post delivery
#1. First, sort the passed parameters in the key dictionary and remove the token value (PHP provides A ksort function, the default is standard ASICC code sorting. There is a pitfall here, that is, the sorting of IOS is sometimes different from that of Android, but only in some cases)
2. Concatenate the sorted values (PHP provides a http_build_query function)
3. Splice a custom key after the sorted string (this should be consistent with the front end), and then md5 encryption
4. Convert it to uppercase as token and use it as a parameter.
Let’s post the code
function makeToken($data){ //$data就是$_POST传过来的参数 unset($data['token']); unset($data['auth_key']); //这个下面会说到 ksort($data); $string = http_build_query($data); if(empty($data)){ $string = 'key=CT01aVVsCkSxYdxi55ml'; } else { $string = $string .'&key=CT01aVVsCkSxYdxi55ml'; } $string = md5($string); $result = strtoupper($string); return $result; }
<?phpnamespace Api\Controller;use Think\Controller;/** * 公共控制器 */class CommonController extends Controller { public function _initialize(){ // // //验证token $token = I('token'); $sal = makeToken($_POST); if($sal!=$token){ $result = ajaxR(404,'认证失败'); $this->ajaxReturn($result); } } }
The token generated by the front end is passed in as a parameter, and then compared with the token you generated. If it is wrong, the token verification fails and the interface fails. No longer accessible.
Some interfaces are exceptions. They may request data directly without parameters, so you only need to encrypt the custom key with md5, that is, encrypt the string key=CT01aVVsCkSxYdxi55ml. Of course, this string You can do it however you like, the main thing is to negotiate with the front end.
Before parameter sorting, that is, before http_build_query, you need to remove the token and auth_key passed by the front end (not to mention this first), and then participate in the sorting. This must also be negotiated with the front end.
Let’s talk about auth_key next. Everyone knows that session is used to remember the user login status of the web page, and the APP also needs to log in the user status. Here I use a self-encrypted string to remember the user's login status, called auth_key parameter.
You can define the generation rules of auth_key yourself. After registering and logging in on the APP, store this string in the corresponding user and return it to the front end. Every access after the front end will carry this auth_key parameter. And you can query the relevant information of this user through this parameter.
Of course, you can also set a time limit on this auth_key, for example, give it a 7-day period, call it in every method of the project, and see if it has expired. If it expires, it will return a login status to the front end. Invalid, log out.
In fact, it is not difficult to develop the interface of the APP. The main thing is to negotiate with the front end and it will be easy to do. Generally, what we return is in json format. It is essential to define the returned status code, information and data as follows
{ "code": 200, "message": "获取信息成功", "data": { "lng": "113.743393", "lat": "23.015902", }}
.
PHP is very powerful and can be used for various things, including web development, small programs, shopping malls, and of course APPs.
Since the blogger is also preparing to complete an APP project, I will write down my experience so that I can reflect on it in the future, haha.
Because we are writing an interface, safety comes first, and we can’t kill anyone, right? So we have to negotiate an interface encryption method with the front-end, and each interface needs it (this can be called token encryption, or sign encryption, depending on what you like to call it)
Let me talk about how I encrypt it. Yes, I suggest that the interfaces are all delivered using post, so the following parameters are all based on post delivery
#1. First, sort the passed parameters in the key dictionary and remove the token value (PHP provides A ksort function, which defaults to standard ASICC code sorting. There is a pitfall here, that is, the sorting of IOS is sometimes different from that of Android, but only in some cases)
2. Concatenate the sorted values (PHP provides a http_build_query function)
3. Splice a custom key after the sorted string (this should be consistent with the front end), and then md5 encryption
4. Convert it to uppercase as token and use it as a parameter.
Let’s post the code
function makeToken($data){ //$data就是$_POST传过来的参数 unset($data['token']); unset($data['auth_key']); //这个下面会说到 ksort($data); $string = http_build_query($data); if(empty($data)){ $string = 'key=CT01aVVsCkSxYdxi55ml'; } else { $string = $string .'&key=CT01aVVsCkSxYdxi55ml'; } $string = md5($string); $result = strtoupper($string); return $result; }
<?phpnamespace Api\Controller;use Think\Controller;/** * 公共控制器 */class CommonController extends Controller { public function _initialize(){ // // //验证token $token = I('token'); $sal = makeToken($_POST); if($sal!=$token){ $result = ajaxR(404,'认证失败'); $this->ajaxReturn($result); } } }
The token generated by the front end is passed in as a parameter, and then compared with the token you generated. If it is wrong, the token verification fails and the interface fails. No longer accessible.
Some interfaces are exceptions. They may request data directly without parameters, so you only need to encrypt the custom key with md5, that is, encrypt the string key=CT01aVVsCkSxYdxi55ml. Of course, this string You can do it however you like, the main thing is to negotiate with the front end.
Before parameter sorting, that is, before http_build_query, you need to remove the token and auth_key passed by the front end (not to mention this first), and then participate in the sorting. This must also be negotiated with the front end.
接下来说下auth_key吧,大家都知道session是用来记住web页面的用户登录状态的,而APP也是需要登录用户状态的。这里我使用的一个自己加密的一串用来记住用户登录状态,叫auth_key的参数。
auth_key的生成规则你可以自己定义,在APP端注册登录之后,把这个串存入相应的用户里面,并且将其返回给前端,前端之后的每个访问都带上这个auth_key这个参数,而你就可以通过这个参数来查询这个用户的相关信息。
当然,你也可以对这个auth_key进行一个时间的限制,例如给个7天的期限,在项目的每个方法都调用一下,看看是否过期了,过期了就给前端返回一个登陆状态失效,退出登录。
其实开发APP的接口不难,主要和前端协商好,就很容易办。一般我们返回的都是json格式,如下
{ "code": 200, "message": "获取信息成功", "data": { "lng": "113.743393", "lat": "23.015902", }}
定义好返回的状态码和信息还有数据,这是必不可少的。
相关推荐:
The above is the detailed content of A brief discussion on developing APP interface with PHP (based on TP3.2 framework) (personal opinion). For more information, please follow other related articles on the PHP Chinese website!