function IAuthVerify($pTmp) { $ip = getAndCheck($pTmp, 'ip'); $sig = getAndCheck($pTmp, 'sig'); $url = getAndCheck($pTmp, 'url'); $client = array('appid' => getAndCheck($pTmp, 'appid'), 'hash' => getAndCheck($pTmp, 'hash'), 'hashmethod' => getAndCheck($pTmp, 'hashmethod'), 'time' => getAndCheck($pTmp, 'time'), 'nonce' => getAndCheck($pTmp, 'nonce'), 'version' => getAndCheck($pTmp, 'version'), 'sigmethod' => getAndCheck($pTmp, 'sigmethod'), 'token' => getAndCheck($pTmp, 'token')); $apiInfo = GetAPI($url); $rpid = $apiInfo['owner_id']; $api_id = $apiInfo['api_id']; $rpSecret = GetAppInfo($rpid, 'app_secret'); $accessInfo = GetAccessInfo($client['appid'], $client['token']); $accessSecret = $accessInfo['access_secret']; $faile_t = $accessInfo['faile_t']; $rights = $accessInfo['rights']; $uid = $accessInfo['user_id']; $appSecret = GetAppInfo($client['appid'], 'app_secret'); $secret = $appSecret . '&' . $accessSecret; $base_str = 'POST&' . $url . '&' . CoString($client); if ($sig != signature($base_str, $secret, $client['sigmethod'])) { throw new IAuthException('sig not match', $base_str); } $client['limit_seconds'] = $apiInfo['limit_seconds']; $client['limit_counts'] = $apiInfo['limit_counts']; CheckReplayAttack($client, 'verify'); VerifyAccessRight($api_id, $rights); newVerifier('verify', $client['appid'], $uid, $client['token'], date('Y-m-d H:i:s', $client['time']), $client['nonce'], $ip, $api_id); $rpRequest = $pTmp; $rpRequest['uid'] = $uid; $rpSig = signature(CoString($rpRequest), $rpid . '&' . $rpSecret, 'MD5'); echo 'uid=' . $uid . '&sig=' . $rpSig; /* echo '<br />'; */ /* echo CoString($rpRequest); */ }
function GetLoginToken($pTmp) { $sig = getAndCheck($pTmp, 'sig'); $params = array('state' => getAndCheck($pTmp, 'state'), 'appid' => getAndCheck($pTmp, 'appid'), 'time' => getAndCheck($pTmp, 'time'), 'sigmethod' => getAndCheck($pTmp, 'sigmethod'), 'version' => getAndCheck($pTmp, 'version'), 'verifier' => getAndCheck($pTmp, 'verifier')); if (GetAppInfo($params['appid'], 'ip_check') == 'enable') { $params['ip'] = getAndCheck($pTmp, 'ip'); } $appSecret = GetAppInfo($params['appid'], 'app_secret'); VerifySignature($params, $appSecret, $sig); /* 确保对参数的签名是有效的 */ $uid = CheckReplayAttack($params, 'login'); /* 检查重放攻击并记录 */ $accessToken = GetAccessToken($params['appid'], $uid); echo 'uid=' . $uid . '&access_token=' . $accessToken; exit; }
function NewAuthToken($pTmp) { $sig = getAndCheck($pTmp, 'sig'); $params = array('state' => getAndCheck($pTmp, 'state'), 'appid' => getAndCheck($pTmp, 'appid'), 'time' => getAndCheck($pTmp, 'time'), 'sigmethod' => getAndCheck($pTmp, 'sigmethod'), 'version' => getAndCheck($pTmp, 'version'), 'verifier' => getAndCheck($pTmp, 'verifier')); if (GetAppInfo($params['appid'], 'ip_check') == 'enable') { $params['ip'] = getAndCheck($pTmp, 'ip'); } /* print_r($params); */ /* echo $params['appid'];exit(); */ $appSecret = GetAppInfo($params['appid'], 'app_secret'); VerifySignature($params, $appSecret, $sig); /* 确保对参数的签名是有效的 */ $authInfo = CheckReplayAttack($params, 'auth'); /* 检查重放攻击并记录 */ /* print_r($pTmp); */ $uid = $authInfo['uid']; $rights = $authInfo['rights']; $faile_t = $authInfo['faile_t']; $accessInfo = newAccessToken($uid, $params['appid'], $rights, $faile_t); echo 'uid=' . $uid . '&access_token=' . $accessInfo['accessToken'] . '&' . 'access_secret=' . $accessInfo['accessSecret']; exit; }