server/Gameserver/Amfphp/process/PreProc.php

<?php

namespace loyalsoft;

/**
 * Description of PreProc
 * 预处理流程
 * 提供数据包预处理机制、加解密、合法化判定等等
 * @author jgao
 */
class PreProc {

    /**
     * tk判定
     * @param Req $req
     * @return int 返回操作结果，0：成功，其余为错误码
     */
    public static function tk($req) {
        my_Assert(!config::Inst()->isBaned($req->uid), ErrCode::err_server_updating); # 检查封号 
        # 检查是否处于更新阶段，暂停对玩家请求的响应。
        if (GAME_ONLINE                                                         # 外网
                && self::isUpdating()                                           # 更新
                && !config::Inst()->isTester($req->uid)) {                      # 排除测试号
            return ErrCode::err_server_updating;
        }
        $ssd = GameConfig::service_schedule_getItem(1);                         # 服务计划(固定只有1条)
        if (now() > $ssd->startts && now() < $ssd->endts) {                     # 在维护期间
//            return ErrCode::err_server_maintaining;
            Err(ErrCode::err_server_maintaining, $ssd->reason);
        }
//        if (!GAME_ONLINE || config::Inst()->isTester($req->uid)) {                      # 内网不做token校验操作
        return ErrCode::ok;
//        }
        if ($req->cmd == CmdCode::cmd_user_getzonelist) {                       # 如果是获取分区列表的消息初始化tk信息,不做校验
            $siginfo = SigInfo::InitSig($req);                                  # 初始化sigInfo
            $req->sig = $siginfo->sig;                                          # 每次resp会从req上取sig值返回
            $req->msgid = PreProc::createMsgId($siginfo);                       # 初始化msgid
            $siginfo->msgid = SigInfo::calcMsgid($siginfo, $req);               # sigInfo和本次的$req身上的msgid，用于下次消息校验，
            self::updateUserSigInfo($req, $siginfo);                            # 写入Cmem,下次登录的时候校验
            return ErrCode::ok;
        }
        # 其余消息，全部进行校验
        $siginfo = self::getUserSigInfo($req);                                  # 1.从Cmem读取证书验证信息
        if ($siginfo == null) {
            return ErrCode::err_signo;
        }
        if ($req->sig != $siginfo->sig) {                                       # 2.如果一次性证书不一致，则证明已经在其他地方登录
            return ErrCode::err_anotherlogin;
        }
        if ($siginfo->msgid != SigInfo::calcMsgid($siginfo, $req)) {            # 3.如果消息id错位，则证明该条消息非法
            return ErrCode::err_illegal;
        }
        if (now() - $req->ts > OFFSET_MSGTIME) {                                # 4.如果服务端客户端时间戳超过规定误差，则消息非法
            return ErrCode::err_outtime;
        }
        # 更新siginfo
        $siginfo->msgnum++;                                                     # 消息编号递增
        $req->msgid = PreProc::createMsgId($siginfo);                           # ...
        $siginfo->msgid = SigInfo::calcMsgid($siginfo, $req);                   # 计算新的
        self::updateUserSigInfo($req, $siginfo);                                # 回写siginfo
        return ErrCode::ok;                                                     # 返回操作结果，0：成功，其余为错误码
    }

    public static function createMsgId($siginfo) {
        $temp = 8888 - $siginfo->msgnum;
        return substr(md5(substr($siginfo->uid, 2, 20) . $temp . substr($siginfo->sig, 5, 15)), 7, 23);
    }

    /**
     *  返回是否处于更新中
     * @return boolean
     */
    public static function isUpdating() {
        $ts = now();
        if ($ts > glc()->updatingBeginTs && $ts < glc()->updatingEndTs) {
            return true;
        }
        return false;
    }

    /**
     * 把玩家的SigInfo写入数据库
     * @param Req $req
     * @param SigInfo $siginfo
     */
    public static function updateUserSigInfo($req, $siginfo) {
        gMem()->set(MemKey_User::Sig($req->zoneid, $siginfo->uid), $siginfo);
    }

    /**
     * 从Cmem中读取玩家的SigInfo数据
     * @param Req $req
     * @return SigInfo
     */
    public static function getUserSigInfo($req) {
        return gMem()->get(MemKey_User::Sig($req->zoneid, $req->uid));
    }

}

/**
 * 校验信息
 */
class SigInfo {

    public $uid;
    public $zoneid;
    public $sig;
    public $msgnum;
    public $msgid;

    /**
     *
     * @param SigInfo $siginfo
     * @param Req $req
     */
    public static function calcMsgid($siginfo, $req) {
        return substr(md5($siginfo->sig . $req->msgid), 0, 32);
    }

    /**
     * 玩家登陆的时候初始化sig
     * @param Req $req
     */
    public static function InitSig($req) {
        $paras = array();
        $paras["openid"] = $req->uid;
        $paras["ep"] = HttpUtil::getClientEP();
        $paras["ts"] = now();
        $self_url_path = "atomsoft.com";
        $siginfo = new SigInfo();
        $siginfo->uid = $req->uid;
        $siginfo->zoneid = $req->zoneid;
        $siginfo->sig = self::makeSig('post', $self_url_path, $paras, PROJECTNAME);
        $siginfo->msgnum = 0;
        return $siginfo;
    }

    /**
     * 生成签名
     *
     * @param string 	$method 请求方法 "get" or "post"
     * @param string 	$url_path
     * @param array 	$params 表单参数
     * @param string 	$secret 密钥
     */
    public static function makeSig($method, $url_path, $params, $secret) {
        $mk = self::makeSource($method, $url_path, $params);
        $my_sign = hash_hmac("sha1", $mk, strtr($secret, '-_', '+/'), true);
        $my_sign = base64_encode($my_sign);
        return $my_sign;
    }

    private static function makeSource($method, $url_path, $params) {
        $strs = strtoupper($method) . '&' . rawurlencode($url_path) . '&';

        ksort($params);
        $query_string = array();
        foreach ($params as $key => $val) {
            array_push($query_string, $key . '=' . $val);
        }
        $query_string = join('&', $query_string);

        return $strs . str_replace('~', '%7E', rawurlencode($query_string));
    }

}