1
This commit is contained in:
aozhiwei
parent
0b65f1d952
commit
817015072f
@ -121,6 +121,7 @@ class BaseAuthedController extends BaseController {
|
||||
phpcommon\sendError(1001, 'session expiration');
|
||||
die();
|
||||
}
|
||||
$this->safeApiVerify();
|
||||
$r = $this->_getRedis($this->_getAccountId());
|
||||
if (!(getReqVal('c', '') == 'User' && getReqVal('a', '') == 'login')) {
|
||||
if ((getReqVal('c', '') == 'Battle')) {
|
||||
@ -835,4 +836,42 @@ class BaseAuthedController extends BaseController {
|
||||
return $decVal;
|
||||
}
|
||||
|
||||
private function safeApiVerify() {
|
||||
$aLastChar = substr(getReqVal('a', ''), -1);
|
||||
if ($aLastChar != 'S') {
|
||||
return;
|
||||
}
|
||||
$params = $_REQUEST;
|
||||
ksort($params);
|
||||
$signData = '';
|
||||
$ignoreKeys = array(
|
||||
'__nonce',
|
||||
'__timestamp',
|
||||
'__sign'
|
||||
);
|
||||
foreach($params as $key => $val){
|
||||
if (!in_array($key, $ignoreKeys)) {
|
||||
$signData .= $key . '=' . $val . '&';
|
||||
}
|
||||
}
|
||||
$nonce = getReqVal('__nonce', '');
|
||||
$timeStamp = getReqVal('__timestamp', '');
|
||||
$sign = getReqVal('__sign', '');
|
||||
$postData = file_get_contents('php://input');
|
||||
if (intval($timeStamp) < myself()->_getNowTime() - 20 ||
|
||||
intval($timeStamp) < myself()->_getNowTime() + 10) {
|
||||
error_log('safeApiVerify timestamp error:' . $timeStamp . ' nowTime:' . myself()->_getNowTime());
|
||||
myself()->_rspErr(1007, "sign error1");
|
||||
die();
|
||||
}
|
||||
$signData .= $nonce . $timeStamp . $postData;
|
||||
foreach (SAPI_SECRET_KEYS as $val) {
|
||||
if (md5($signData . $val) == $sign) {
|
||||
return;
|
||||
}
|
||||
}
|
||||
myself()->_rspErr(1007, "sign error2");
|
||||
die();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -19,7 +19,6 @@ class BaseController {
|
||||
$this->timeZone = 0;
|
||||
|
||||
$this->nowtime = phpcommon\getNowTime();
|
||||
$this->safeApiVerify();
|
||||
}
|
||||
|
||||
public function _handlePre()
|
||||
@ -318,44 +317,6 @@ class BaseController {
|
||||
return implode("_",$str_list);
|
||||
}
|
||||
|
||||
private function safeApiVerify() {
|
||||
$aLastChar = substr(getReqVal('a', ''), -1);
|
||||
if ($aLastChar != 'S') {
|
||||
return;
|
||||
}
|
||||
$params = $_REQUEST;
|
||||
ksort($params);
|
||||
$signData = '';
|
||||
$ignoreKeys = array(
|
||||
'__nonce',
|
||||
'__timestamp',
|
||||
'__sign'
|
||||
);
|
||||
foreach($params as $key => $val){
|
||||
if (!in_array($key, $ignoreKeys)) {
|
||||
$signData .= $key . '=' . $val . '&';
|
||||
}
|
||||
}
|
||||
$nonce = getReqVal('__nonce', '');
|
||||
$timeStamp = getReqVal('__timestamp', '');
|
||||
$sign = getReqVal('__sign', '');
|
||||
$postData = file_get_contents('php://input');
|
||||
if (intval($timeStamp) < myself()->_getNowTime() - 20 ||
|
||||
intval($timeStamp) < myself()->_getNowTime() + 10) {
|
||||
error_log('safeApiVerify timestamp error:' . $timeStamp . ' nowTime:' . myself()->_getNowTime());
|
||||
myself()->_rspErr(1007, "sign error1");
|
||||
die();
|
||||
}
|
||||
$signData .= $nonce . $timeStamp . $postData;
|
||||
foreach (SAPI_SECRET_KEYS as $val) {
|
||||
if (md5($signData . $val) == $sign) {
|
||||
return;
|
||||
}
|
||||
}
|
||||
myself()->_rspErr(1007, "sign error2");
|
||||
die();
|
||||
}
|
||||
|
||||
public function _upgradeToSafeApi() {
|
||||
echo json_encode(array(
|
||||
'errcode' => 1006,
|
||||
|
||||
@ -28,14 +28,4 @@ class OpsController extends BaseController {
|
||||
));
|
||||
}
|
||||
|
||||
public function selfCheckingS()
|
||||
{
|
||||
echo json_encode(array(
|
||||
'errcode' => 0,
|
||||
'errmsg' => '',
|
||||
'healthy' => 1,
|
||||
'max_rundelay' => 1,
|
||||
));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user