doudoulb1234 2016-05-02 13:14
浏览 55
已采纳

从ajax jquery安全调用PHP Web服务函数,添加身份验证

jQuery.ajax({
type: "POST",
url: 'your_functions_address.php',
dataType: 'json',
data: {functionname: 'add', arguments: [1, 2]},

success: function (obj, textstatus) {
              if( !('error' in obj) ) {
                  yourVariable = obj.result;
              }
              else {
                  console.log(obj.error);
              }
        }
   });

and your_functions_address.php like this:

<?php

header('Content-Type: application/json');

$aResult = array();

if( !isset($_POST['functionname']) ) { $aResult['error'] = 'No function name!'; }

if( !isset($_POST['arguments']) ) { $aResult['error'] = 'No function arguments!'; }

if( !isset($aResult['error']) ) {

    switch($_POST['functionname']) {
        case 'add':
           if( !is_array($_POST['arguments']) || (count($_POST['arguments']) < 2) ) {
               $aResult['error'] = 'Error in arguments!';
           }
           else {
               $aResult['result'] = add(floatval($_POST['arguments'][0]), floatval($_POST['arguments'][1]));
           }
           break;

        default:
           $aResult['error'] = 'Not found function '.$_POST['functionname'].'!';
           break;
    }

}

 echo json_encode($aResult);
 ?>

How to avoid that anybody who find the url : 'your_functions_address.php' can call any function on the web service ?

is there a way of adding an authentication or security ?

I am applying SSL security of course but does SSL solve this problem ?

  • 写回答

1条回答 默认 最新

  • douzai9405 2016-05-02 13:24
    关注

    You can implement login function that will return a token that need to be send to other functions:

    session_start();
if( !isset($aResult['error']) ) {

    switch($_POST['functionname']) {
        case 'login':
           if( !is_array($_POST['arguments']) || (count($_POST['arguments']) < 2) ) {
               $aResult['error'] = 'Error in arguments!';
           }
           else {
               if ($_POST['arguments'][0] == 'user' && $_POST['arguments'][1] == 'passsword') {
                   $time = array_sum(explode(' ', microtime()));
                   $aResult['result'] = md5($time);
                   $_SESSION['token'] = $aResult['result'];
               }
           }
           break;
        case 'add':
           if( !is_array($_POST['arguments']) || (count($_POST['arguments']) < 2) ) {
               $aResult['error'] = 'Error in arguments!';
           }
           else {
               if ($_SESSION['token'] == $_POST['arguments'][0]) {
                   $aResult['result'] = add(floatval($_POST['arguments'][1]), floatval($_POST['arguments'][2]));
               }
           }
           break;

        default:
           $aResult['error'] = 'Not found function '.$_POST['functionname'].'!';
           break;
    }

}

    then in javascript you first call login function to get the token and then pass it as first argument to other functions:

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥50 易语言把MYSQL数据库中的数据添加至组合框
  • ¥20 求数据集和代码#有偿答复
  • ¥15 关于下拉菜单选项关联的问题
  • ¥20 java-OJ-健康体检
  • ¥15 rs485的上拉下拉,不会对a-b<-200mv有影响吗,就是接受时,对判断逻辑0有影响吗
  • ¥15 使用phpstudy在云服务器上搭建个人网站
  • ¥15 应该如何判断含间隙的曲柄摇杆机构,轴与轴承是否发生了碰撞?
  • ¥15 vue3+express部署到nginx
  • ¥20 搭建pt1000三线制高精度测温电路
  • ¥15 使用Jdk8自带的算法,和Jdk11自带的加密结果会一样吗,不一样的话有什么解决方案,Jdk不能升级的情况