签名算法如下：对所有请求参数进行字典升序排列；

2. 将以上排序后的参数表进行字符串连接，如key1value1key2value2key3value3...keyNvalueN；

3. app secret作为后缀，对该字符串进行SHA-1计算，并转换成16进制编码；

4. 转换为全大写形式后即获得签名串

生成签名代码：

$serverstr = "";

foreach ($serverArray as $k => $v) {

$serverstr.= $k.$v;

}

$reserverstr=$serverstr.$serverSecret;

$reserverSign = strtoupper(sha1($reserverstr));    // sha1  md5

if($clientSign!=$reserverSign){

die('非法请求');

}else{

//    your code continue;

}

2.hmac_md5 生成签名 可逆向校验

function HmacMd5($data=array()) {

$secret_key = 'lidianzjm666';

/*两种方式调用*/

if (!$data) {

$data = $this->request->post();

}

/*将数组转为字符串*/

$data = implode('&',$data);

$key = iconv("GB2312","UTF-8",$secret_key);

$data = iconv("GB2312","UTF-8",$data);

$b = 64;

if (strlen($key) > $b) {

$key = pack("H*",md5($key));

}

$key = str_pad($key, $b, chr(0x00));

$ipad = str_pad('', $b, chr(0x36));

$opad = str_pad('', $b, chr(0x5c));

$k_ipad = $key ^ $ipad ;

$k_opad = $key ^ $opad;

$sign['sign'] = md5($k_opad . pack("H*",md5($k_ipad . $data)));

return json_encode(array('code' => 1000, 'msg' => 'success', 'data' =>$sign),JSON_UNESCAPED_UNICODE);

}