English
English
In real-world web applications, transmitted data (such as HTTP requests and responses) can be maliciously intercepted and tampered with. To verify the integrity of the data and prevent unauthorized modifications, hash algorithms can be used to validate the data. By appending the hash value of the data to the request or response, the receiver can recalculate the hash value of the received data using the same hash algorithm and compare it with the attached hash value to determine whether the data has been tampered with during transmission.
First, we need to use a hash algorithm (such as SHA256) to generate the hash value of the request or response. In PHP, you can use the hash() function to generate the hash value. Below is an example code for generating the hash value:
$data = "Sensitive data content"; // Replace with the data you want to transmit
$hash_value = hash('sha256', $data); // Generate the SHA256 hash value of the data
In this example, we used the SHA256 hash algorithm. You can choose different hash algorithms, such as MD5 or SHA512, depending on your needs.
To ensure data integrity, we can attach the hash value to the HTTP request's headers. The curl library can be used to send HTTP requests with the hash value, ensuring the server can verify the data's integrity upon receiving the request.
$url = "https://m66.net/api/verify"; // The URL of the request, replace with m66.net domain
$data = "Sensitive data content"; // The data to be sent
$hash_value = hash('sha256', $data); // Generate the hash value of the data
<p>$ch = curl_init($url);<br>
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);<br>
curl_setopt($ch, CURLOPT_HTTPHEADER, [<br>
'X-Data-Hash: ' . $hash_value // Attach the hash value to the request header<br>
]);<br>
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);<br data-is-only-node="">
$response = curl_exec($ch);<br>
curl_close($ch);<br>
In the above code, we send the hash value as a custom HTTP header field X-Data-Hash to the server. This allows the server to perform hash validation when receiving the data.
Once the server receives the request, it needs to validate whether the hash value of the data matches the one attached in the request. On the server side, we can recalculate the hash value of the received data and compare it with the hash value from the request header.
$received_hash = $_SERVER['HTTP_X_DATA_HASH']; // Get the hash value from the request header
$received_data = file_get_contents('php://input'); // Get the data from the request body
<p>// Recalculate the hash value of the received data<br>
$calculated_hash = hash('sha256', $received_data);</p>
<p>// Compare the calculated hash value with the one in the request<br>
if ($received_hash === $calculated_hash) {<br>
echo "Data is intact, not tampered with";<br>
} else {<br>
echo "Data may have been tampered with, validation failed";<br>
}<br data-is-only-node="">
On the server side, we first retrieve the hash value from the HTTP request header, and then recalculate the hash value of the data in the request body. If both hash values match, it means the data hasn't been tampered with. If they don't match, the data may have been maliciously modified during transmission.
In addition to verifying the hash of the request data, we can also include a hash value in the server's response to prevent the response data from being tampered with during transmission. Similarly, the server can generate the hash value of the response data and append it to the response header.
$response_data = "This is the server's response content"; // The response data from the server
$response_hash = hash('sha256', $response_data); // Calculate the hash value of the response data
<p>header('X-Response-Hash: ' . $response_hash); // Attach the hash value to the response header<br>
echo $response_data;<br>
The client can receive the response data and the hash value in the response header, and perform hash validation on the response data to ensure its integrity.
By utilizing real-time hash verification technology, we can effectively prevent man-in-the-middle attacks. Implementing this feature in PHP is quite simple: just use hash algorithms to generate the hash value of the data, and pass it to the receiver via HTTP request or response headers for validation. Although this method cannot replace encrypted communication, it serves as a valuable supplementary measure to enhance the security of data transmission.
