深圳全飞鸿

标题: 关于php的httpd处理请求头里的签名的方法,验证签名,拒绝服务的演示 [打印本页]
作者: admin    时间: 2023-8-23 11:44
标题: 关于php的httpd处理请求头里的签名的方法,验证签名,拒绝服务的演示
未验证代码:
  1. <?php
  2. $secretKey = "your_secret_key_here";

  4. // 从请求头获取签名、时间戳和随机数
  5. $receivedSignature = $_SERVER['HTTP_X_SIGNATURE'];
  6. $receivedTimestamp = $_SERVER['HTTP_X_TIMESTAMP'];
  7. $receivedNonce = $_SERVER['HTTP_X_NONCE'];
  8. $receivedData = file_get_contents('php://input'); // 获取请求体内容

  10. // 生成本地签名
  11. $generatedSignature = hash_hmac('sha256', $receivedTimestamp . $receivedNonce . $receivedData, $secretKey);

  13. // 验证签名
  14. if ($receivedSignature === $generatedSignature) {
  15.     // 签名验证通过
  16.     // 可以继续处理请求
  17.     echo "Signature verified. Request processing...";
  18. } else {
  19.     // 签名验证失败,返回错误响应
  20.     http_response_code(401); // 设置响应状态码为 Unauthorized
  21.     echo "Signature verification failed. Unauthorized request.";
  22. }
  23. ?>
复制代码






欢迎光临 深圳全飞鸿 (http://www.nagomes.com/disc/) Powered by Discuz! X3.2