function IAuthVerify($pTmp)
{
$ip = getAndCheck($pTmp, 'ip');
$sig = getAndCheck($pTmp, 'sig');
$url = getAndCheck($pTmp, 'url');
$client = array('appid' => getAndCheck($pTmp, 'appid'), 'hash' => getAndCheck($pTmp, 'hash'), 'hashmethod' => getAndCheck($pTmp, 'hashmethod'), 'time' => getAndCheck($pTmp, 'time'), 'nonce' => getAndCheck($pTmp, 'nonce'), 'version' => getAndCheck($pTmp, 'version'), 'sigmethod' => getAndCheck($pTmp, 'sigmethod'), 'token' => getAndCheck($pTmp, 'token'));
$apiInfo = GetAPI($url);
$rpid = $apiInfo['owner_id'];
$api_id = $apiInfo['api_id'];
$rpSecret = GetAppInfo($rpid, 'app_secret');
$accessInfo = GetAccessInfo($client['appid'], $client['token']);
$accessSecret = $accessInfo['access_secret'];
$faile_t = $accessInfo['faile_t'];
$rights = $accessInfo['rights'];
$uid = $accessInfo['user_id'];
$appSecret = GetAppInfo($client['appid'], 'app_secret');
$secret = $appSecret . '&' . $accessSecret;
$base_str = 'POST&' . $url . '&' . CoString($client);
if ($sig != signature($base_str, $secret, $client['sigmethod'])) {
throw new IAuthException('sig not match', $base_str);
}
$client['limit_seconds'] = $apiInfo['limit_seconds'];
$client['limit_counts'] = $apiInfo['limit_counts'];
CheckReplayAttack($client, 'verify');
VerifyAccessRight($api_id, $rights);
newVerifier('verify', $client['appid'], $uid, $client['token'], date('Y-m-d H:i:s', $client['time']), $client['nonce'], $ip, $api_id);
$rpRequest = $pTmp;
$rpRequest['uid'] = $uid;
$rpSig = signature(CoString($rpRequest), $rpid . '&' . $rpSecret, 'MD5');
echo 'uid=' . $uid . '&sig=' . $rpSig;
/* echo '<br />'; */
/* echo CoString($rpRequest); */
}
function IAUTH_auth($appid, $uid, $rightStr, $state = '', $faile_t = '2036-12-31 23:59:59')
{
Check($appid, 'appid');
Check($uid, 'uid');
if (intval($uid) <= 0) {
showError('use manage function instead');
}
Check($faile_t, 'faile_t');
$rights = Check($rightStr, 'rights');
$appType = GetAppInfo($appid, 'app_type');
IAUTH_remove_auth($uid, $appid);
if ($appType == 'WSC') {
Check($state, 'state');
$callback = GetAppInfo($appid, 'call_back');
$verifier = newVerifier('auth', $appid, $uid, $rights, $faile_t, '', '', $state);
accessLog('AUTH ' . $appid . ' ' . $uid . ' ' . $rightStr . ' ' . $faile_t . ' ' . $state);
return URL($callback) . 'verifier=' . $verifier . '&state=' . $state;
}
if ($appType == 'UAC') {
$verifier = newVerifier('auth', $appid, $uid, $rights, $faile_t);
accessLog('AUTH ' . $appid . ' ' . $uid . ' ' . $rightStr . ' ' . $faile_t);
return $verifier;
}
throw new IAuthException('db error');
}
function SSOlogin($appid, $state, $uid)
{
Check($appid, 'appid');
if (!empty($state)) {
Check($state, 'state');
Check($uid, 'uid');
$authed = CheckUserAuthed($appid, $uid);
$appType = GetAppInfo($appid, 'app_type');
$autoAuth = GetAppInfo($appid, 'auto_auth');
if ($appType == 'WSC') {
if ($authed == FALSE && $autoAuth == FALSE) {
//用户没有授权,且应用不是自动授权,跳转到应用大厅
if (!empty($_GET['s']) && $_GET['s'] == '1') {
/* 加参数跳转到精简版界面 */
return IAUTH_SIMPLE_AUTH_CONFIRM_PAGE . '&appsid=' . $appid . '&state=' . $state;
}
return URL(IAUTH_APP_INFO_PAGE) . 'appsid=' . $appid . '&state=' . $state . '&showconfirm=yes#confirm';
}
if ($authed == FALSE && $autoAuth == TRUE) {
//用户没有授权,但是应用是自动授权,直接跳回应用的auth_call_back
$authCallBack = GetAppInfo($appid, 'call_back');
$rights = Check('2:3:7:11', 'rights');
/* 由于没有应用大厅,权限被写死 */
$faile_t = '2036-12-31 23:59:59';
$verifier = newVerifier('auth', $appid, $uid, $rights, $faile_t, '', '', $state);
accessLog('AUTH ' . $appid . ' ' . $uid . ' 2:3:7:11 ' . $faile_t . ' ' . $state);
return URL($authCallBack) . 'verifier=' . $verifier . '&state=' . $state;
}
if ($authed == TRUE) {
/* 用户已经授权,直接跳转回login_call_back */
$loginCallBack = GetAppInfo($appid, 'login_url');
$verifier = newVerifier('login', $appid, $uid, 'FROM_CLIENT', '', '', '', $state);
return URL($loginCallBack) . 'verifier=' . $verifier . '&state=' . $state;
}
}
/* END WSC */
}
/* END !EMPTY state */
/* 其他情况,跳到应用大厅 */
return URL(IAUTH_APP_INFO_PAGE) . 'appsid=' . $appid;
}
