通过PHP REST API检索加密的JSON
在localhost中,我试图开发和测试我的restapi。 我有一段代码,它向RESTAPI发送一个经过加密的JSON通过PHP REST API检索加密的JSON,php,rest,encryption,php-curl,Php,Rest,Encryption,Php Curl,在localhost中,我试图开发和测试我的restapi。 我有一段代码,它向RESTAPI发送一个经过加密的JSON //The url i wish to send the POST request to $url = "http://localhost/api/2.php"; $headers = array( "Accept: application/json", "Content-Type: application/json&
//The url i wish to send the POST request to
$url = "http://localhost/api/2.php";
$headers = array(
"Accept: application/json",
"Content-Type: application/json",
);
// Key
$encryption_key = "43274689933404c4bd47190b395f5e3a2c668fcca603c40ceb074c970047402d";
$iv = "274f5f54eff39aee1e4d2c614ccd99c9";
$method = "AES-256-CBC";
//The data to send via POST
$data = [
'username' => "RERERE",
'password' => "bbbb"
];
// Encrypted data
$encrypted = base64_encode(openssl_encrypt($data, $method, $encryption_key, 0, $iv));
//open connection
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch,CURLOPT_POSTFIELDS, $encrypted);
curl_setopt($ch,CURLOPT_RETURNTRANSFER, true);
//execute post
$result = curl_exec($ch);
echo $result;
现在在2.php文件中,我无法检索内容,我使用了下面类似的内容,但得到了NULL
// Key
$encryption_key = "43274689933404c4bd47190b395f5e3a2c668fcca603c40ceb074c970047402d";
$iv = "274f5f54eff39aee1e4d2c614ccd99c9";
$method = "AES-256-CBC";
$json = file_get_contents('php://input',true);
$array = json_decode($json);
$decrypted = openssl_decrypt(base64_decode($array), $method, $encryption_key, 0, $iv);
echo $decrypted;
有人能帮我弄清楚什么是错的,如果这是正确的方法吗?最后我用这种方法得出了结果: 记录发送请求的人
//The url you wish to send the POST request to
$url = "http://localhost/api/2.php";
$headers = array(
"Accept: application/json",
"Content-Type: application/json",
);
$username = "aaaaaa";
$password = "bbbbbb";
// Key
$encryption_key = "43274689933404c4bd47190b395f5e3a2c668fcca603c40ceb074c970047402d";
$iv = "274f5f54eff39aee1e4d2c614ccd99c9";
$method = "AES-256-CBC";
$usernameEncrypted = base64_encode(openssl_encrypt($username, $method, $encryption_key, 0, $iv));
$passwordEncrypted = base64_encode(openssl_encrypt($password, $method, $encryption_key, 0, $iv));
//The data to send via POST
$fields = [
'username' => $usernameEncrypted,
'password' => $passwordEncrypted
];
$fields = json_encode($fields);
//open connection
$ch = curl_init();
//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch,CURLOPT_POST, true);
curl_setopt($ch,CURLOPT_POSTFIELDS, $fields);
//So that curl_exec returns the contents of the cURL; rather than echoing it
curl_setopt($ch,CURLOPT_RETURNTRANSFER, true);
if(curl_errno($ch)){
echo 'Curl error: ' . curl_error($ch);
}
//execute post
$result = curl_exec($ch);
echo $result;
以及接收请求并发送echo()的文件
$encryption_key=“4327468933404C4BD47190B395F5E3A2C668FCCA603C40CEB074C970047402D”;
$iv=“274f5f54eff39aee1e4d2c614ccd99c9”;
$method=“AES-256-CBC”;
$datiInArray=json\u decode(文件\u获取\u内容(“php://input"(对),;
$usernameCrypted=$datiInArray[“username”];
$passwordCrypted=$datiInArray[“password”];
$username=openssl_decrypt(base64_decode($usernamecypted),$method,$encryption_key,0,$iv);
$password=openssl_decrypt(base64_decode($passwordCrypted),$method,$encryption_key,0,$iv);
//这里是对结果的回应
echo$username.“
”$password;
我看不出您在任何地方都将内容定义为JSON,因此尝试JSON\u解码
毫无意义。您是否尝试过转储文件获取内容的结果('php://input“,true)
要查看它到底是什么,请不要使用自己的加密。伊万:是的。使用HTTPS。不要使用自己的加密。看看使用这种方法需要什么!!!!!!如果你让我用这个,你必须告诉我Encryption\u key
和iv
,换句话说,你必须送出皇冠上的珠宝。简言之,它就像发动机上的烟灰缸一样安全Cycle@Ivan-取决于您的Web服务器。因为您使用的是PHP,所以答案可能是“选择一个默认启用的托管计划”。有更复杂的答案,但需要根据您计划如何托管和部署代码进行定制。
$encryption_key = "43274689933404c4bd47190b395f5e3a2c668fcca603c40ceb074c970047402d";
$iv = "274f5f54eff39aee1e4d2c614ccd99c9";
$method = "AES-256-CBC";
$datiInArray = json_decode(file_get_contents("php://input"),true);
$usernameCrypted = $datiInArray["username"];
$passwordCrypted = $datiInArray["password"];
$username = openssl_decrypt(base64_decode($usernameCrypted), $method, $encryption_key, 0, $iv);
$password = openssl_decrypt(base64_decode($passwordCrypted), $method, $encryption_key, 0, $iv);
// Here echo the result
echo $username."<br>".$password;