关于php的httpd处理请求头里的签名的方法，验证签名，拒绝服务的演示

admin

未验证代码：

1. <?php
   
2. $secretKey = "your_secret_key_here";
   
3. 
   
4. // 从请求头获取签名、时间戳和随机数
   
5. $receivedSignature = $_SERVER['HTTP_X_SIGNATURE'];
   
6. $receivedTimestamp = $_SERVER['HTTP_X_TIMESTAMP'];
   
7. $receivedNonce = $_SERVER['HTTP_X_NONCE'];
   
8. $receivedData = file_get_contents('php://input'); // 获取请求体内容
   
9. 
   
10. // 生成本地签名
    
11. $generatedSignature = hash_hmac('sha256', $receivedTimestamp . $receivedNonce . $receivedData, $secretKey);
    
12. 
    
13. // 验证签名
    
14. if ($receivedSignature === $generatedSignature) {
    
15.     // 签名验证通过
    
16.     // 可以继续处理请求
    
17.     echo "Signature verified. Request processing...";
    
18. } else {
    
19.     // 签名验证失败，返回错误响应
    
20.     http_response_code(401); // 设置响应状态码为 Unauthorized
    
21.     echo "Signature verification failed. Unauthorized request.";
    
22. }
    
23. ?>
    

复制代码