当前位置: 首页 » php

REST API Authorization & Authentication (web + mobile)

I've read about oAuth, Amazon REST API, HTTP Basic/Digest and so on but can't get it all into "single piece". This is probably the closest situation - Creating an API for mobile applications - Authentication and Authorization I would like to built API-centric website - service. So (in the beginning) I would have an API in center and website (PHP + MySQL) would connect via cU

2018-06-07 04:18:47

REST API授权和认证(网页+手机)

我已阅读oAuth,亚马逊REST API,HTTP基本/摘要等,但无法将它全部纳入“单件”。 这可能是最接近的情况 - 为移动应用程序创建API - 身份验证和授权 我想建立以API为中心的网站 - 服务。 所以(一开始)我会在中心和网站 (PHP + MySQL)通过网络接口通过cURL , Android和iPhone进行连接。 所以3个主要客户 - 3个API密钥。 而任何其他开发人员也可以通过API接口进行开发,他们将获得他们自己的API密钥。 根据userLevel状

2018-06-07 04:18:47

token based authentication in php

I have an REST service on my webserver, written in php. I was wondering, what would be the best authentication (besides basic http access authentication). I've heared of token-based auth, and would like to ask if someone could explain the main steps. On a GET: Is the token send visible? (isn't that unsafe?) How do I make the token only valid for a specific time? ... Client: And

2018-06-07 03:49:31

PHP中基于令牌的身份验证

我的web服务器上有一个REST服务,用php编写。 我想知道,什么是最好的认证(除了基本的http访问认证)。 我听说过基于令牌的身份验证,并想问是否有人可以解释主要步骤。 在GET上:令牌是否可见? (这不是不安全吗?) 如何让令牌只在特定时间有效? ... 客户端:Android /浏览器; 服务器:Apache,PHP5 它可以以任何方式完成,并且GET请求中的值实际上比POST请求中的值更加可见。 如果有人能够“看到”(即拦截)

2018-06-07 03:49:31

REST user authentication

OK... the basic idea is to have SERVER and CLIENT physically separated (two systems). My idea is to build a stand-alone web service (REST, XML, API-KEY) that will provide Authentication: User login, logout Data: Get list of products Then I will create clients in different languages (Flash, PHP, JavaScript). Data will be served only to authenticated users. Tipical communication for user

2018-06-07 03:36:04

REST用户认证

好的......基本的想法是让SERVER和CLIENT物理分离(两个系统)。 我的想法是构建一个将提供的独立Web服务(REST,XML,API-KEY) 身份验证:用户登录,注销 数据:获取产品列表 然后我将创建不同语言的客户端(Flash,PHP,JavaScript)。 数据将仅供认证用户使用。 用户获取产品列表的Tipical通信将是: (1个请求)登录/开始会话 (1请求)获取产品清单 (1请求)获取产品清单 ... 好的...现在我遇到的问

2018-06-07 03:36:04

How to pass token in rest API?

This question already has an answer here: RESTful Authentication 13 answers How you can see in the request_headers I can see correctly in the header, but I can't catch it through the use of $_SERVER['Authorization'] or $_SERVER['HTTP_Authorization'] Every time you need to see the the headers, or even any other information that you think should be available, I suggest you

2018-06-07 03:27:47

如何在其他API中传递令牌?

这个问题在这里已经有了答案: RESTful认证13个答案 如何在request_headers中看到我可以在标题中正确看到,但我无法通过使用$ _SERVER ['Authorization']或$ _SERVER ['HTTP_Authorization']来捕捉它 每当您需要查看标题,或者您认为应该可用的任何其他信息时,我建议您像这样调试它: var_dump($_SERVER); 很可能你会发现它: $_SERVER['HTTP_AUTHORIZATION'] 注意:这是区分大小写的! Php

2018-06-07 03:27:47

How do I expire a PHP session after 30 minutes?

我需要保持一个会话30分钟,然后销毁它。 You should implement a session timeout of your own. Both options mentioned by others (session.gc_maxlifetime and session.cookie_lifetime) are not reliable. I'll explain the reasons for that. First: session.gc_maxlifetime session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and cleaned up. Garb

2018-06-07 03:26:45

30分钟后如何过期PHP会话?

我需要保持一个会话30分钟,然后销毁它。 你应该实现你自己的会话超时。 其他人提到的两个选项(session.gc_maxlifetime和session.cookie_lifetime)都不可靠。 我会解释原因。 第一: 的session.gc_maxlifetime session.gc_maxlifetime指定数据将被视为“垃圾”并清理后的秒数。 垃圾收集发生在会话开始时。 但垃圾收集器仅以session.gc_probability除以session.gc_divisor的概率开始。 使用这些选项的默认值(分别为

2018-06-07 03:26:45

How to convert android JSON data into PHP array

I have an JSON data in format of [{"product_id":"33","amount":"1"},{"product_id":"34","amount":"3"},{"product_id":"10","amount":"1"},{"username":"test"}] now i want to fetch those data in my PHP web system. I am sending those data into PHP server from an android application.I am using below code to send it to web server. public JSONObject sendAndGetJSONfromURL(String url,List<NameValuePa

2018-06-07 03:23:39

如何将android JSON数据转换为PHP数组

我有格式的JSON数据 [{"product_id":"33","amount":"1"},{"product_id":"34","amount":"3"},{"product_id":"10","amount":"1"},{"username":"test"}] 现在我想在我的PHP Web系统中获取这些数据。 我将这些数据从android应用程序发送到PHP服务器。我使用下面的代码将它发送到Web服务器。 public JSONObject sendAndGetJSONfromURL(String url,List<NameValuePair> params){ InputStream is = null; St

2018-06-07 03:23:38

How to send javascript variable data to php

This question already has an answer here: JavaScript post request like a form submit 26 answers 等待$.post()成功。 function wl(){ window.location = "http://localhost/file/handler.php"; } var base64 = this.tobase64(); // store base64 value to this variable $.post('/js/uploadify/effectsuploadify.php',{ basevalue: base64, success: wl, }); POST only sends the value of form's feilds to ne

2018-06-07 03:13:20

如何发送JavaScript变量数据到php

这个问题在这里已经有了答案: JavaScript发布请求,如表单提交26个答案 等待$.post()成功。 function wl(){ window.location = "http://localhost/file/handler.php"; } var base64 = this.tobase64(); // store base64 value to this variable $.post('/js/uploadify/effectsuploadify.php',{ basevalue: base64, success: wl, }); POST仅将表单的域的值发送到下一页。 为了将图像发送到下一页,请将其指定给隐藏字

2018-06-07 03:13:19

Pass Javascript Variable to PHP POST

Possible Duplicate: JavaScript post request like a form submit I have a value calculated in JS that I'd like to pass as part of an input form to a PHP script. How can I get a value the JS value to the PHP as a POST parameter? Basically, on submit, I need the total var to be passed via post to the next script. The first idea that comes to mind is create an invisible input form that ha

2018-06-07 03:12:18

将Javascript变量传递给PHP POST

可能重复: JavaScript提交请求,如表单提交 我有一个计算在JS中的值,我想将它作为输入表单的一部分传递给PHP脚本。 我怎样才能将JS的值作为POST参数获得值? 基本上,在提交时,我需要将total变量通过邮件传递给下一个脚本。 想到的第一个想法是创建一个无形的输入表单,它具有其中的价值并与表单一起输入,这可能吗? 是的,您可以使用<input type="hidden" />并在JavaScript代码中设置该隐藏字段的

2018-06-07 03:12:18

PHP "Remember Me" security flaw?

I'm in the middle of coding a 'remember me'-equipped login form, and so far the tutorials I've read (partly to make sure I'm doing it right) all say to store the encrypted password in a cookie along with the username. Then, each time PHP checks if the current user is not logged in, check their cookies and look for those values. If the username matches the password, you'r

2018-06-07 02:57:51

PHP“记住我”的安全漏洞?

我正在编写一个“记住我”的登录表单,到目前为止,我阅读的教程(部分是为了确保我正确地做到了这一点)都表示将加密密码存储在cookie中与用户名。 然后,每次PHP检查当前用户是否未登录时,检查他们的cookie并查找这些值。 如果用户名与密码匹配,则表示您已经进入。 对我来说,这是一个巨大的安全漏洞。 如果有人要破解数据库或以某种方式访问​​加密密码,他们甚至不需要破解它们。 只需设置你自己的cookies并去。 我是

2018-06-07 02:57:51

PHP: Remember Me and security?

During the time I've spent taking breaks from learning how PHP supports Unicode I've been delving into making my "Remember Me" cookies a bit more secure. However there are a few things I don't understand and a few of my own musings I'd like some suggestions and opinions on. 1) Is there any method to adopting a "Remember Me" feature that doesn't involve c

2018-06-07 02:55:46

PHP:记得我和安全吗?

在我花时间学习PHP如何支持Unicode的过程中,我一直在努力使我的“记住我”Cookie变得更加安全。 然而,有一些我不明白的东西,还有一些我自己的想法,我想提出一些建议和意见。 1)是否有任何方法采用不记录Cookie的“记住我”功能? 很好奇,因为存储身份验证Cookie存在明显的安全漏洞。 并不是说每件事都没有安全风险。 2)由于我没有使用银行或“高度敏感”的信息,是否有必要要求用户输入他们的密码以用于更“高调”的区域?

2018-06-07 02:55:46