我如何确保http调用每次我从我的应用程序,也需要有超时,以便任何其他用户不能使用相同的链接从任何浏览器。
我正在寻找android解决方案,特别是html形式。
请帮帮我。无法解决这个问题,不知道该往哪个方向走。
Thanks in Advance.
我附加了PHP和Android的代码,其中发布请求并返回响应,但没有安全附加,任何用户都可以通过调用相同的HTTP响应从浏览器随时获得相同的响应…
Android代码:public class CustomizedListView extends Activity {
// All static variables
static final String URL = "http://example.com/getmsgs/strno=123";
// XML node keys
static final String KEY_SONG = "song"; // parent node
static final String KEY_ID = "id";
static final String KEY_TITLE = "title";
static final String KEY_ARTIST = "artist";
static final String KEY_DURATION = "duration";
static final String KEY_THUMB_URL = "thumb_url";
ListView list;
LazyAdapter adapter;
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.main);
ArrayList<HashMap<String, String>> songsList = new ArrayList<HashMap<String, String>>();
JSONObject json = JSONfunctions.getJSONfromURL(URL);
try {
JSONObject arr2 = json.getJSONObject("feed");
JSONArray arr = arr2.getJSONArray("entry");
for (int i = 0; i < arr.length(); i++) {
JSONObject e1 = arr.getJSONObject(i);
JSONArray arr3 = e1.getJSONArray("im:image");
JSONObject arr8 = e1.getJSONObject("im:name");
JSONObject arr10 = e1.getJSONObject("im:artist");
JSONObject e12 = arr3.getJSONObject(0);
// creating new HashMap
HashMap<String, String> map = new HashMap<String, String>();
map.put(KEY_THUMB_URL, e12.getString("label"));
map.put(KEY_ARTIST, arr8.getString("label"));
map.put(KEY_TITLE, arr10.getString("label"));
// adding HashList to ArrayList
songsList.add(map);
}
} catch (JSONException e) {
// Log.e("log_tag", "Error parsing data "+e.toString());
Toast.makeText(getBaseContext(),
"Network communication error!", 5).show();
}
list=(ListView)findViewById(R.id.list);
// Getting adapter by passing xml data ArrayList
adapter=new LazyAdapter(this, songsList);
list.setAdapter(adapter);
// Click event for single list row
list.setOnItemClickListener(new OnItemClickListener() {
@SuppressWarnings("unchecked")
@Override
public void onItemClick(AdapterView<?> parent, View view,
int position, long id) {
HashMap<String, String> o = (HashMap<String, String>) list.getItemAtPosition(position);
Toast.makeText(CustomizedListView.this, "ID '" + o.get("KEY_TITLE") + "' was clicked.", Toast.LENGTH_SHORT).show();
}
});
}
}
<?php
$strno=$_GET['strno'];
if (isset($strno))
{
$connect=mysql_connect("localhost","test","test") or die ('Connection error!!!');
mysql_select_db("test") or die ('Database error!!!');
$query=mysql_query("select sno FROM users where strno='$strno';");
while($row = mysql_fetch_assoc($query))
{
$jsonoutput='{"json":{
"image":"'.$row['image'].'",
"artist":"'.$row['artist'].'",
"name":"'.$row['name'].'"
}}';
}
}
echo trim($jsonoutput);
mysql_close($connect) or die ('Unable to close connection-error!!!');
}
?>
尝试在您的请求中添加一些参数,如时间
http://example.com/getmsgs/strno=123&time=20130416130256&key=....
,
key = md5('20130416130256' + 'secret_string');
'secret_string'是你的应用程序和服务器的秘密,第一个字符串的格式是gmt时间(年月日小时分秒)
在服务器端你可以测试时间(它必须像服务器时间)和测试密钥(它必须是正确的md5)
服务器端可以像这样:
$strno = $_GET['strno'];
$stime = $_GET['time'];
$secret = 'secret_string';
$skey = $_GET['key'];
if( md5($stime . $secret) != $skey ) {
die('Bad key');
}
$nCurTime = (int) gmdate('YmdHis');
if( ($stime > $nCurTime) || ($stime < ($nCurTime - 20) ) ) {
die('Bad time');
}
// your code here ...
但是我不知道如何使用md5函数和获取时间
添加:
一些google搜索(android md5)给出md5():
public static final String md5(final String s) {
try {
// Create MD5 Hash
MessageDigest digest = java.security.MessageDigest
.getInstance("MD5");
digest.update(s.getBytes());
byte messageDigest[] = digest.digest();
// Create Hex String
StringBuffer hexString = new StringBuffer();
for (int i = 0; i < messageDigest.length; i++) {
String h = Integer.toHexString(0xFF & messageDigest[i]);
while (h.length() < 2)
h = "0" + h;
hexString.append(h);
}
return hexString.toString();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return "";
}