Download the PHP package entere/sign without Composer

On this page you can find all versions of the php package entere/sign. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package sign

安装

安装包文件

使用

php 实例:

Laravel5 实例:

说明

客户端与服务端的数据交互,大部分应用都采用的 RESTful API 的方式,那么如何确保 API 接口的安全性呢?URL 签名的方式可以确保请求的过程中参数不被修改。

签名的机制是由开发者在 API 客户端计算出系列参数组合的哈希值,将产生的信息添加到 URL 请求的 sign 参数。

例如 API 请求参数如下:

1、按参数名进行升序排列

access_key, timestamp, screen_name, format 其中不包括空值参数

排序后的参数为:

2、构造签名串

以secret字符串开头,追加排序后参数名称和值,格式:

secretkey1value1key2value2...

假设 secret的值为 f827182b1051075e601c73ac1ae329fa 应用到上述示例得到签名串为:

f827182b1051075e601c73ac1ae329faaccess_key7576762362formatjsonscreen_nameenteretimestamp1438279283630

3、计算签名

对上面的签名串进行 md5 签名:

md5(f827182b1051075e601c73ac1ae329faaccess_key7576762362formatjsonscreen_nameenteretimestamp1438279283630)

并把值转成小写:

927c0fc11caaf98840ed7773b348685c

4、添加签名

将计算的签名值以 sign 参数名,附加到 URL 请求中。一个典型的 API 请求如下所示

https://xxx.com/xxx?access_key=7576762362&format=json&screen_name=entere&timestamp=1438279283630&sign=927c0fc11caaf98840ed7773b348685c

5、服务器验证

验证请求者的身份:简单判断 access_key。

防止重放攻击:服务器端首先验证时间戳 timestamp 是否有效,比如是服务器时间戳 5 分钟之前的请求视为无效。

保护传输中的数据:服务端收到请求时,将基于相同签名方法(去掉 sign 参数)重新计算哈希,并将其与请求中包括的哈希值进行匹配。如果哈希值不匹配,服务器将返回 401(未授权被拒绝)错误码。

License

MIT


All versions of sign with dependencies

PHP Build Version
Package Version
Requires php Version >=5.4
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package entere/sign contains the following files

Loading the files please wait ....