如何使我的PHP客户端成为唯一可以从我的PHP服务器获取数据的客户端
Hello I have this simple code:
Client
<?php
function get_url($request_url) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $request_url);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$response = curl_exec($ch);
curl_close($ch);
return $response;
}
$request_url = 'http://localhost:8080/vb/dashboard/Marketing_dashboard/vb_server.php?function=somefunction';
$response = get_url($request_url);
print_r($response);
Server
if(isset($_GET['function']) && $_GET['function'] == 'somefunction')
{
echo somefunction();
}
function somefunction()
{
return "this is the output of the server";
}
Now I need to add security so that only my client is able to get the data. I thought of a pair keys so I send some hash encripted with the clients private key and the decode it with the public key on the server. But I dont lnow how to implement this. I don't know how to get the keys and I don't know how to do the code.
I'm open to options. How can I make my client the only one able to get the data from that server?
您好我有这个简单的代码: p>
客户端 p> \ n
&lt;?php
function get_url($ request_url){
$ ch = curl_init();
curl_setopt($ ch,CURLOPT_URL,$ request_url);
curl_setopt($ ch,CURLOPT_CONNECTTIMEOUT,10);
curl_setopt($ ch,CURLOPT_RETURNTRANSFER,1);
$ response = curl_exec($ ch);
curl_close($ ch);
返回$ response;
} \ n
$ request_url ='http:// localhost:8080 / vb / dashboard / Marketing_dashboard / vb_server.php?function = somefunction';
$ response = get_url($ request_url);
print_r($ response);
code> pre>
服务器 p>
if(isset($ _ GET ['function'])&amp;&amp; $ _GET ['function'] =='somefunction')
{
echo somefunction();
}
function somefunction()
{
返回“这是服务器的输出”;
}
code> pre>
现在我需要添加安全性,以便只有我的客户端才能获取数据。 我想到了一对密钥,所以我发送一些带有客户私钥的哈希,并用服务器上的公钥对其进行解码。 但我不知道如何实现这一点。 我不知道如何获取密钥,我不知道如何做代码。 p>
我愿意接受选择。 如何让我的客户端成为唯一能够从该服务器获取数据的客户端? p>
div>
For starters, make the client connect to an https endpoint so it's encrypted. Next, you could pass in a token via an HTTP header and check it on the client side.
The Rackspace APIs use the following header:
X-Auth-Token: asdflkjasdflkjasdflkjsadflkjasdf
Then you can grab the headers, validate the token is correct. If so, execute the function. If not, return a blank page or something else.
You'll set your header like this:
curl_setopt($c, CURLOPT_HTTPHEADER, array('X-Auth-Token: asdflkjasdflkjasdflkjsadflkjasdf'));
Check it like:
$headers = getallheaders();
if($headers['X-Auth-Token'] == 'asdflkjasdflkjasdflkjsadflkjasdf')
{
if(isset($_GET['function']) && $_GET['function'] == 'somefunction')
{
echo somefunction();
}
}
else
{
echo "BAD TOKEN!";
}
function somefunction()
{
return "this is the output of the server";
}
Tested output:
root@app01:/var/www/vhosts/application# curl -s http://localhost/headers.php -H "X-Auth-Token: asdflkjasdflkjasdflkjsadflkjasdf"
User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
Host: localhost
Accept: */*
X-Auth-Token: stuff
BAD TOKEN!
root@app01:/var/www/vhosts/application# curl -s http://localhost/headers.php -H "X-Auth-Token: asdflkjasdflkjasdflkjsadflkjasdf"
User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
Host: localhost
Accept: */*
X-Auth-Token: asdflkjasdflkjasdflkjsadflkjasdf
DO STUFF
You can setup a client certificate as well so that it uses the certificate that your client presents to do the authentication. It may be a bit of overkill depending on what you are trying to do. See the section "Client Authentication and Access Control"