function IAuthVerify($pTmp)
{
$ip = getAndCheck($pTmp, 'ip');
$sig = getAndCheck($pTmp, 'sig');
$url = getAndCheck($pTmp, 'url');
$client = array('appid' => getAndCheck($pTmp, 'appid'), 'hash' => getAndCheck($pTmp, 'hash'), 'hashmethod' => getAndCheck($pTmp, 'hashmethod'), 'time' => getAndCheck($pTmp, 'time'), 'nonce' => getAndCheck($pTmp, 'nonce'), 'version' => getAndCheck($pTmp, 'version'), 'sigmethod' => getAndCheck($pTmp, 'sigmethod'), 'token' => getAndCheck($pTmp, 'token'));
$apiInfo = GetAPI($url);
$rpid = $apiInfo['owner_id'];
$api_id = $apiInfo['api_id'];
$rpSecret = GetAppInfo($rpid, 'app_secret');
$accessInfo = GetAccessInfo($client['appid'], $client['token']);
$accessSecret = $accessInfo['access_secret'];
$faile_t = $accessInfo['faile_t'];
$rights = $accessInfo['rights'];
$uid = $accessInfo['user_id'];
$appSecret = GetAppInfo($client['appid'], 'app_secret');
$secret = $appSecret . '&' . $accessSecret;
$base_str = 'POST&' . $url . '&' . CoString($client);
if ($sig != signature($base_str, $secret, $client['sigmethod'])) {
throw new IAuthException('sig not match', $base_str);
}
$client['limit_seconds'] = $apiInfo['limit_seconds'];
$client['limit_counts'] = $apiInfo['limit_counts'];
CheckReplayAttack($client, 'verify');
VerifyAccessRight($api_id, $rights);
newVerifier('verify', $client['appid'], $uid, $client['token'], date('Y-m-d H:i:s', $client['time']), $client['nonce'], $ip, $api_id);
$rpRequest = $pTmp;
$rpRequest['uid'] = $uid;
$rpSig = signature(CoString($rpRequest), $rpid . '&' . $rpSecret, 'MD5');
echo 'uid=' . $uid . '&sig=' . $rpSig;
/* echo '<br />'; */
/* echo CoString($rpRequest); */
}
function GetLoginToken($pTmp)
{
$sig = getAndCheck($pTmp, 'sig');
$params = array('state' => getAndCheck($pTmp, 'state'), 'appid' => getAndCheck($pTmp, 'appid'), 'time' => getAndCheck($pTmp, 'time'), 'sigmethod' => getAndCheck($pTmp, 'sigmethod'), 'version' => getAndCheck($pTmp, 'version'), 'verifier' => getAndCheck($pTmp, 'verifier'));
if (GetAppInfo($params['appid'], 'ip_check') == 'enable') {
$params['ip'] = getAndCheck($pTmp, 'ip');
}
$appSecret = GetAppInfo($params['appid'], 'app_secret');
VerifySignature($params, $appSecret, $sig);
/* 确保对参数的签名是有效的 */
$uid = CheckReplayAttack($params, 'login');
/* 检查重放攻击并记录 */
$accessToken = GetAccessToken($params['appid'], $uid);
echo 'uid=' . $uid . '&access_token=' . $accessToken;
exit;
}
function NewAuthToken($pTmp)
{
$sig = getAndCheck($pTmp, 'sig');
$params = array('state' => getAndCheck($pTmp, 'state'), 'appid' => getAndCheck($pTmp, 'appid'), 'time' => getAndCheck($pTmp, 'time'), 'sigmethod' => getAndCheck($pTmp, 'sigmethod'), 'version' => getAndCheck($pTmp, 'version'), 'verifier' => getAndCheck($pTmp, 'verifier'));
if (GetAppInfo($params['appid'], 'ip_check') == 'enable') {
$params['ip'] = getAndCheck($pTmp, 'ip');
}
/* print_r($params); */
/* echo $params['appid'];exit(); */
$appSecret = GetAppInfo($params['appid'], 'app_secret');
VerifySignature($params, $appSecret, $sig);
/* 确保对参数的签名是有效的 */
$authInfo = CheckReplayAttack($params, 'auth');
/* 检查重放攻击并记录 */
/* print_r($pTmp); */
$uid = $authInfo['uid'];
$rights = $authInfo['rights'];
$faile_t = $authInfo['faile_t'];
$accessInfo = newAccessToken($uid, $params['appid'], $rights, $faile_t);
echo 'uid=' . $uid . '&access_token=' . $accessInfo['accessToken'] . '&' . 'access_secret=' . $accessInfo['accessSecret'];
exit;
}
