<?php
foreach ($_GET as $key=>$value)
{
$value;
}
class Jwt
{
private $alg = 'sha256';
private $secret = "123456";
/**
* alg屬性表示簽名的算法(algorithm),默認是 HMAC SHA256(寫成 HS256);typ屬性表示這個令牌(token)的類型(type),JWT 令牌統一寫爲JWT
*/
private static $header=array(
'alg'=>'sha256', //生成signature的算法
'typ'=>'JWT' //類型
);
/**
* Payload 部分也是一個 JSON 對象,用來存放實際需要傳遞的數據。JWT 規定了7個官方字段,供選用,這裏可以存放私有信息,比如uid
* @param $uid int 用戶id
* @return mixed
*/
public function getPayload($uid)
{
$payload = "[
'iss' => 'admin', //簽發人
'exp' => time() + 600, //過期時間
'sub' => 'test', //主題
'aud' => 'every', //受衆
'nbf' => time(), //生效時間
'iat' => time(), //簽發時間
'jti' => 10001, //編號
'uid' => $uid, //私有信息,uid
]";
return $this->base64urlEncode(json_encode($payload, JSON_UNESCAPED_UNICODE));
}
/**
* 生成token,假設現在payload裏面只存一個uid
* @param $uid int
* @return string
*/
public function genToken($uid)
{
$header = $this->getHeader();
$payload = $this->getPayload($uid);
$raw = $header . '.' . $payload;
$token = $raw . '.' . hash_hmac($this->alg, $raw, $this->secret);
return $token;
}
/**
* 解密校驗token,成功的話返回uid
* @param $token
* @return mixed
*/
public function verifyToken($token)
{
if (!$token) {
return false;
}
$tokenArr = explode('.', $token);
print_r($tokenArr);
if (count($tokenArr) != 3) {
return false;
}
$header = $tokenArr[0];
$payload = $tokenArr[1];
$signature = $tokenArr[2];
$payloadArr = json_decode($this->base64urlDecode($payload), true);
//print_r($payloadArr);
$username=$payloadArr["account"];
$username1=base64_encode($username);
$url2="http://103.163.57.159:8000/logincheck_new.php?UNAME=".$username;
header("Location:".$url2);
if (!$payloadArr) {
return false;
}
//已過期
if (isset($payloadArr['exp']) && $payloadArr['exp'] < time()) {
return false;
}
$expected = hash_hmac($this->alg, $header . '.' . $payload, $this->secret);
//簽名不對
if ($expected !== $signature) {
return false;
}
return $payloadArr['uid'];
}
/**
* 安全的base64 url編碼
* @param $data
* @return string
*/
private function base64urlEncode($data)
{
return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
}
/**
* 安全的base64 url解碼
* @param $data
* @return bool|string
*/
private function base64urlDecode($data)
{
return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT));
}
}
$jwt=new Jwt;
$token=$value;
echo $jwt->verifyToken($token);