我正在尝试使用暴雪的API从他们的JSON服务中检索数据(身份验证文档 - http://blizzard.github.io/api-wow-docs/#features/authentication)。我目前有以下功能来处理我的cURL请求:
function get_json($url) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
我已经查看了身份验证要求并获得了公钥和私钥。他们提供这个来解释这个过程:
UrlPath = <HTTP-Request-URI, from the port to the query string> StringToSign = HTTP-Verb + "\n" + Date + "\n" + UrlPath + "\n"; Signature = Base64( HMAC-SHA1( UTF-8-Encoding-Of( PrivateKey ), StringToSign ) ); Header = "Authorization: BNET" + " " + PublicKey + ":" + Signature;
我曾尝试研究PHP处理cURL身份验证,但它让我更加困惑。我的问题是如何在get_json函数中包含身份验证?
答案 0 :(得分:2)
由http://sourceforge.net/projects/wowarmoryapi/
的人发现此代码private function getByKeys($url,$region){
$pubkey = $GLOBALS['wowarmory']['keys']['public'];
$privkey = $GLOBALS['wowarmory']['keys']['private'];
$url = preg_replace('/^http/', 'https', $url);
$date = date('D, d M Y G:i:s T',time());
$stringtosign = "GET\n".$date."\n".$url."\n";
$signature = base64_encode(hash_hmac('sha1', $stringtosign, $privkey,true));
$header = array("Host: ".$this->regions[$region],"Date: ". $date,"\nAuthorization: BNET ". $pubkey.":". base64_encode(hash_hmac('sha1', "GET\n".$date."\n".$url."\n", $privkey, true))."\n");
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
$response = curl_exec($ch);
$headers = curl_getinfo($ch);
return $response;
}