doudoulb1234 2016-05-02 13:14
浏览 55
已采纳

从ajax jquery安全调用PHP Web服务函数,添加身份验证

jQuery.ajax({
type: "POST",
url: 'your_functions_address.php',
dataType: 'json',
data: {functionname: 'add', arguments: [1, 2]},

success: function (obj, textstatus) {
              if( !('error' in obj) ) {
                  yourVariable = obj.result;
              }
              else {
                  console.log(obj.error);
              }
        }
   });

and your_functions_address.php like this:

<?php

header('Content-Type: application/json');

$aResult = array();

if( !isset($_POST['functionname']) ) { $aResult['error'] = 'No function name!'; }

if( !isset($_POST['arguments']) ) { $aResult['error'] = 'No function arguments!'; }

if( !isset($aResult['error']) ) {

    switch($_POST['functionname']) {
        case 'add':
           if( !is_array($_POST['arguments']) || (count($_POST['arguments']) < 2) ) {
               $aResult['error'] = 'Error in arguments!';
           }
           else {
               $aResult['result'] = add(floatval($_POST['arguments'][0]), floatval($_POST['arguments'][1]));
           }
           break;

        default:
           $aResult['error'] = 'Not found function '.$_POST['functionname'].'!';
           break;
    }

}

 echo json_encode($aResult);
 ?>

How to avoid that anybody who find the url : 'your_functions_address.php' can call any function on the web service ?

is there a way of adding an authentication or security ?

I am applying SSL security of course but does SSL solve this problem ?

  • 写回答

1条回答 默认 最新

  • douzai9405 2016-05-02 13:24
    关注

    You can implement login function that will return a token that need to be send to other functions:

    session_start();
    if( !isset($aResult['error']) ) {
    
        switch($_POST['functionname']) {
            case 'login':
               if( !is_array($_POST['arguments']) || (count($_POST['arguments']) < 2) ) {
                   $aResult['error'] = 'Error in arguments!';
               }
               else {
                   if ($_POST['arguments'][0] == 'user' && $_POST['arguments'][1] == 'passsword') {
                       $time = array_sum(explode(' ', microtime()));
                       $aResult['result'] = md5($time);
                       $_SESSION['token'] = $aResult['result'];
                   }
               }
               break;
            case 'add':
               if( !is_array($_POST['arguments']) || (count($_POST['arguments']) < 2) ) {
                   $aResult['error'] = 'Error in arguments!';
               }
               else {
                   if ($_SESSION['token'] == $_POST['arguments'][0]) {
                       $aResult['result'] = add(floatval($_POST['arguments'][1]), floatval($_POST['arguments'][2]));
                   }
               }
               break;
    
            default:
               $aResult['error'] = 'Not found function '.$_POST['functionname'].'!';
               break;
        }
    
    }
    

    then in javascript you first call login function to get the token and then pass it as first argument to other functions:

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥21 matlab怎么求时域信号的二阶导数
  • ¥15 判断两个表是否完全相同
  • ¥15 java map类型数据格式,如何快速通过前缀匹配元素
  • ¥15 stc12c5a60s2、QMC5883L、LCD1602组合测量磁场所需程序
  • ¥15 vba参数转c++ SAFEARRAY
  • ¥20 Win11测试yolov4,“找不到nvcuda.dll”怎么办?
  • ¥15 simulink绘制bode图
  • ¥15 php_network_getaddresses: getaddrinfo failed: Name or service not known
  • ¥15 用msg发消息出现的问题
  • ¥15 unity3d机械臂