doudoulb1234 2016-05-02 13:14
浏览 55
已采纳

从ajax jquery安全调用PHP Web服务函数,添加身份验证

jQuery.ajax({
type: "POST",
url: 'your_functions_address.php',
dataType: 'json',
data: {functionname: 'add', arguments: [1, 2]},

success: function (obj, textstatus) {
              if( !('error' in obj) ) {
                  yourVariable = obj.result;
              }
              else {
                  console.log(obj.error);
              }
        }
   });

and your_functions_address.php like this:

<?php

header('Content-Type: application/json');

$aResult = array();

if( !isset($_POST['functionname']) ) { $aResult['error'] = 'No function name!'; }

if( !isset($_POST['arguments']) ) { $aResult['error'] = 'No function arguments!'; }

if( !isset($aResult['error']) ) {

    switch($_POST['functionname']) {
        case 'add':
           if( !is_array($_POST['arguments']) || (count($_POST['arguments']) < 2) ) {
               $aResult['error'] = 'Error in arguments!';
           }
           else {
               $aResult['result'] = add(floatval($_POST['arguments'][0]), floatval($_POST['arguments'][1]));
           }
           break;

        default:
           $aResult['error'] = 'Not found function '.$_POST['functionname'].'!';
           break;
    }

}

 echo json_encode($aResult);
 ?>

How to avoid that anybody who find the url : 'your_functions_address.php' can call any function on the web service ?

is there a way of adding an authentication or security ?

I am applying SSL security of course but does SSL solve this problem ?

  • 写回答

1条回答 默认 最新

  • douzai9405 2016-05-02 13:24
    关注

    You can implement login function that will return a token that need to be send to other functions:

    session_start();
if( !isset($aResult['error']) ) {

    switch($_POST['functionname']) {
        case 'login':
           if( !is_array($_POST['arguments']) || (count($_POST['arguments']) < 2) ) {
               $aResult['error'] = 'Error in arguments!';
           }
           else {
               if ($_POST['arguments'][0] == 'user' && $_POST['arguments'][1] == 'passsword') {
                   $time = array_sum(explode(' ', microtime()));
                   $aResult['result'] = md5($time);
                   $_SESSION['token'] = $aResult['result'];
               }
           }
           break;
        case 'add':
           if( !is_array($_POST['arguments']) || (count($_POST['arguments']) < 2) ) {
               $aResult['error'] = 'Error in arguments!';
           }
           else {
               if ($_SESSION['token'] == $_POST['arguments'][0]) {
                   $aResult['result'] = add(floatval($_POST['arguments'][1]), floatval($_POST['arguments'][2]));
               }
           }
           break;

        default:
           $aResult['error'] = 'Not found function '.$_POST['functionname'].'!';
           break;
    }

}

    then in javascript you first call login function to get the token and then pass it as first argument to other functions:

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥35 平滑拟合曲线该如何生成
  • ¥100 c语言,请帮蒟蒻写一个题的范例作参考
  • ¥15 名为“Product”的列已属于此 DataTable
  • ¥15 安卓adb backup备份应用数据失败
  • ¥15 eclipse运行项目时遇到的问题
  • ¥15 关于#c##的问题:最近需要用CAT工具Trados进行一些开发
  • ¥15 南大pa1 小游戏没有界面,并且报了如下错误,尝试过换显卡驱动,但是好像不行
  • ¥15 自己瞎改改,结果现在又运行不了了
  • ¥15 链式存储应该如何解决
  • ¥15 没有证书,nginx怎么反向代理到只能接受https的公网网站