$v) { $params[$k] = $v; } // 2. 获取url参数 $queryMap = self::getQueryMap(); foreach ($queryMap as $k => $v) { $params[$k] = $v; } // 3. 获取form参数 if ($form == null && $body == null) { $formMap = self::getFormMap(); foreach ($formMap as $k => $v) { $params[$k] = $v; } } else if ($form != null) { foreach ($form as $k => $v) { $params[$k] = $v; } } if ($body == null) { $body = file_get_contents('php://input'); } $remoteSign = $queryMap["sign"]; $localSign = self::sign($params, $body, $secret); if (strcmp($remoteSign, $localSign) == 0) { return true; } else { $paramStr = self::getParamStrFromMap($params); self::logCommunicationError($remoteSign, $localSign, $paramStr, $body); return false; } } private static function getHeaderMap() { $headerMap = array(); $signList = $_SERVER['HTTP_TOP_SIGN_LIST']; // 只获取参与签名的头部字段 $signList = trim($signList); if (strlen($signList) > 0) { $params = split(",", $signList); foreach ($_SERVER as $k => $v) { if (substr($k, 0, 5) == 'HTTP_') { foreach ($params as $kk) { $upperkey = strtoupper($kk); if (self::endWith($k, $upperkey)) { $headerMap[$kk] = $v; } } } } } return $headerMap; } private static function getQueryMap() { $queryStr = $_SERVER["QUERY_STRING"]; $resultArray = array(); foreach (explode('&', $queryStr) as $pair) { list($key, $value) = explode('=', $pair); if (strpos($key, '.') !== false) { list($subKey, $subVal) = explode('.', $key); if (preg_match('/(?P\w+)\[(?P\w+)\]/', $subKey, $matches)) { $resultArray[$matches['name']][$matches['index']][$subVal] = $value; } else { $resultArray[$subKey][$subVal] = urldecode($value); } } else { $resultArray[$key] = urldecode($value); } } return $resultArray; } private static function checkRemoteIp() { $remoteIp = $_SERVER["REMOTE_ADDR"]; foreach (self::$header_real_ip as $k) { $realIp = $_SERVER[$k]; $realIp = trim($realIp); if (strlen($realIp) > 0 && strcasecmp("unknown", $realIp)) { $remoteIp = $realIp; break; } } return self::startsWith($remoteIp, "140.205.144.") || self::startsWith($remoteIp, "40.205.145."); } private static function getFormMap() { $resultArray = array(); foreach ($_POST as $key => $v) { $resultArray[$k] = $v; } return $resultArray; } private static function startsWith($haystack, $needle) { return $needle === "" || strpos($haystack, $needle) === 0; } private static function endWith($haystack, $needle) { $length = strlen($needle); if ($length == 0) { return true; } return (substr($haystack, -$length) === $needle); } private static function checkTimestamp() { $ts = $_POST['timestamp']; if ($ts) { $clientTimestamp = strtotime($ts); $current = $_SERVER['REQUEST_TIME']; return ($current - $clientTimestamp) <= 5 * 60 * 1000; } else { return false; } } private static function getParamStrFromMap($params) { ksort($params); $stringToBeSigned = ""; foreach ($params as $k => $v) { if (strcmp("sign", $k) != 0) { $stringToBeSigned .= "$k$v"; } } unset($k, $v); return $stringToBeSigned; } private static function sign($params, $body, $secret) { ksort($params); $stringToBeSigned = $secret; $stringToBeSigned .= self::getParamStrFromMap($params); if ($body) { $stringToBeSigned .= $body; } $stringToBeSigned .= $secret; return strtoupper(md5($stringToBeSigned)); } protected static function logCommunicationError($remoteSign, $localSign, $paramStr, $body) { $localIp = isset($_SERVER["SERVER_ADDR"]) ? $_SERVER["SERVER_ADDR"] : "CLI"; $logger = new TopLogger; $logger->conf["log_file"] = rtrim(TOP_SDK_WORK_DIR, '\\/').'/'."logs/top_comm_err_".date("Y-m-d").".log"; $logger->conf["separator"] = "^_^"; $logData = array( "checkTopSign error", "remoteSign=".$remoteSign, "localSign=".$localSign, "paramStr=".$paramStr, "body=".$body ); $logger->log($logData); } private static function clear_blank($str, $glue = '') { $replace = array(" ", "\r", "\n", "\t"); return str_replace($replace, $glue, $str); } } ?>