检测用户是否修改url
检测思路:
在url用参数和key上生成一段hash值,如果参数别修改则生成的hash值和正确的hash值对不上,则验证失败
使用的加密类库:
PEAR2里的Crypt_HMAC2,需要下载引入
用户url列表,生成hash值
cryptForm.php
<?phprequire( 'D:\PHP\PEAR\Crypt\HMAC2.php' );#生成hash值的keydefine( 'HASH_KEY' , 'Test Hash Key' );#生成hash值类function createHash( $paramsArray ){$data = '';$ret = array();#构造加密字符串foreach( $paramsArray as $key => $value ){$data .= $key . $value;}$cryptor = new Crypt_HMAC2( HASH_KEY , 'md5' );$hash = $cryptor->hash( $data );return $hash;}?><html><head></head><body><ul><li><a href="validateHash.php?id=1&hash=<?php echo createHash( array( 'id' => 1 ) ); ?>">ChatLiu</a></li><li><a href="validateHash.php?id=2&hash=<?php echo createHash( array( 'id' => 2 ) ); ?>">BruceLee</a></li></ul></body></html><html><head></head><body><ul><li><a href="validateHash.php?id=2&hash=5dbd509b6e9dd26a8d3c7d1a5e3cc4e5">ChatLiu</a></li><li><a href="validateHash.php?id=2&hash=84ecf3a0d5859281e074ee58d4f1d51d">BruceLee</a></li></ul></body></html>
<?phprequire( 'D:\PHP\PEAR\Crypt\HMAC2.php' );define( 'HASH_KEY' , 'Test Hash Key' );#验证用户是否修改url类function validateHash( $paramsArray , $userHash ){$data = '';$ret = array();#构造加密字符串foreach( $paramsArray as $key => $value ){$data .= $key . $value;}$cryptor = new Crypt_HMAC2( HASH_KEY , 'md5' );$hash = $cryptor->hash( $data );#验证url传过来的hash值是否与加密hash值相等return $hash == $userHash ? TRUE : FALSE;}if( isset( $_GET['id'] ) && isset( $_GET['hash'] ) ){$id = $_GET['id'];$hash = $_GET['hash'];$result = validateHash( array( 'id' => $id ) , $hash );if( $result ){echo 'good guy, you didn\'t touch my url';} else{echo 'bad guy, don\'t touch my url';}} else{die( 'parameter missed' );}?>