检查内部调用HASH是否有效
boolean Core_Core::check_system_request_allow( )
boolean protected static function check_system_request_allow()
{
$hash = $_SERVER['HTTP_X_MYQEE_SYSTEM_HASH']; // 请求验证HASH
$time = $_SERVER['HTTP_X_MYQEE_SYSTEM_TIME']; // 请求验证时间
$rstr = $_SERVER['HTTP_X_MYQEE_SYSTEM_RSTR']; // 请求随机字符串
$project = $_SERVER['HTTP_X_MYQEE_SYSTEM_PROJECT']; // 请求的项目
$path_info = $_SERVER['HTTP_X_MYQEE_SYSTEM_PATHINFO']; // 请求的path_info
$isadmin = $_SERVER['HTTP_X_MYQEE_SYSTEM_ISADMIN']; // 是否ADMIN
$isrest = $_SERVER['HTTP_X_MYQEE_SYSTEM_ISREST']; // 是否RESTFul请求
if (!$hash || !$time || !$rstr || !$project || !$path_info) return false;
// 请求时效检查
if (microtime(1) - $time > 600)
{
Core::log('system request timeout', 'system-request');
return false;
}
// 验证IP
if ('127.0.0.1'!=HttpIO::IP && HttpIO::IP != $_SERVER["SERVER_ADDR"])
{
$allow_ip = Core::config('core.system_exec_allow_ip');
if (is_array($allow_ip) && $allow_ip)
{
$allow = false;
foreach ($allow_ip as $ip)
{
if (HttpIO::IP == $ip)
{
$allow = true;
break;
}
if (strpos($allow_ip, '*'))
{
// 对IP进行匹配
if (preg_match('#^' . str_replace('\\*', '[^\.]+', preg_quote($allow_ip, '#')) . '$#', HttpIO::IP))
{
$allow = true;
break;
}
}
}
if (!$allow)
{
Core::log('system request not allow ip:' . HttpIO::IP, 'system-request');
return false;
}
}
}
$body = http_build_query(HttpIO::POST(null, HttpIO::PARAM_TYPE_OLDDATA));
// 系统调用密钥
$system_exec_pass = Core::config('system_exec_key');
$key = Core::config()->get('system_exec_key', 'system', true);
if (!$key || abs(TIME-$key['time'])>86400*10)
{
return false;
}
$other = $path_info .'_'. ($isadmin?1:0) .'_'. ($isrest?1:0) . $key['str'];
if ($system_exec_pass && strlen($system_exec_pass) >= 10)
{
// 如果有则使用系统调用密钥
$newhash = sha1($body . $time . $system_exec_pass . $rstr .'_'. $other);
}
else
{
// 没有,则用系统配置和数据库加密
$newhash = sha1($body . $time . serialize(Core::config('core')) . serialize(Core::config('database')) . $rstr .'_'. $other);
}
if ($newhash==$hash)
{
return true;
}
else
{
Core::log('system request hash error', 'system-request');
return false;
}
}