Esempio n. 1
0
function IAuthVerify($pTmp)
{
    $ip = getAndCheck($pTmp, 'ip');
    $sig = getAndCheck($pTmp, 'sig');
    $url = getAndCheck($pTmp, 'url');
    $client = array('appid' => getAndCheck($pTmp, 'appid'), 'hash' => getAndCheck($pTmp, 'hash'), 'hashmethod' => getAndCheck($pTmp, 'hashmethod'), 'time' => getAndCheck($pTmp, 'time'), 'nonce' => getAndCheck($pTmp, 'nonce'), 'version' => getAndCheck($pTmp, 'version'), 'sigmethod' => getAndCheck($pTmp, 'sigmethod'), 'token' => getAndCheck($pTmp, 'token'));
    $apiInfo = GetAPI($url);
    $rpid = $apiInfo['owner_id'];
    $api_id = $apiInfo['api_id'];
    $rpSecret = GetAppInfo($rpid, 'app_secret');
    $accessInfo = GetAccessInfo($client['appid'], $client['token']);
    $accessSecret = $accessInfo['access_secret'];
    $faile_t = $accessInfo['faile_t'];
    $rights = $accessInfo['rights'];
    $uid = $accessInfo['user_id'];
    $appSecret = GetAppInfo($client['appid'], 'app_secret');
    $secret = $appSecret . '&' . $accessSecret;
    $base_str = 'POST&' . $url . '&' . CoString($client);
    if ($sig != signature($base_str, $secret, $client['sigmethod'])) {
        throw new IAuthException('sig not match', $base_str);
    }
    $client['limit_seconds'] = $apiInfo['limit_seconds'];
    $client['limit_counts'] = $apiInfo['limit_counts'];
    CheckReplayAttack($client, 'verify');
    VerifyAccessRight($api_id, $rights);
    newVerifier('verify', $client['appid'], $uid, $client['token'], date('Y-m-d H:i:s', $client['time']), $client['nonce'], $ip, $api_id);
    $rpRequest = $pTmp;
    $rpRequest['uid'] = $uid;
    $rpSig = signature(CoString($rpRequest), $rpid . '&' . $rpSecret, 'MD5');
    echo 'uid=' . $uid . '&sig=' . $rpSig;
    /* echo '<br />'; */
    /* echo CoString($rpRequest); */
}
Esempio n. 2
0
function iauth_verify($url = '')
{
    if ($url == '') {
        switch ($_SERVER['SERVER_PORT']) {
            case '80':
                $url = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['SCRIPT_NAME'];
                break;
            case '443':
                $url = 'https://' . $_SERVER['SERVER_NAME'] . $_SERVER['SCRIPT_NAME'];
                break;
            default:
                $url = 'http://' . $_SERVER['SERVER_NAME'] . ':' . $_SERVER['SERVER_PORT'] . $_SERVER['SCRIPT_NAME'];
                break;
        }
    }
    /*################ 检查hash ################*/
    $pTmp = array_merge($_GET, $_POST);
    $hash = md5(CoString($pTmp));
    /*################ 生成header ################*/
    $params = GetHeaderParams();
    if (empty($params['hash']) || $params['hash'] != $hash) {
        die('hash not match: ' . CoString($pTmp));
    }
    $params['url'] = $url;
    $params['ip'] = $_SERVER['REMOTE_ADDR'];
    $header = array('Authorization:' . CoString($params, ',', '"'));
    /* print_r($params); */
    /* print_r($header); */
    /* echo IAUTH_VERIFY_URL; */
    /*################ 使用curl发送header ################*/
    $curl = curl_init();
    curl_setopt($curl, CURLOPT_HTTPHEADER, $header);
    curl_setopt($curl, CURLOPT_URL, IAUTH_VERIFY_URL);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($curl, CURLOPT_TIMEOUT, 30);
    curl_setopt($curl, CURLINFO_HEADER_OUT, true);
    curl_setopt($curl, CURLINFO_HEADER, true);
    curl_setopt($curl, CURLOPT_FAILONERROR, false);
    curl_setopt($curl, CURLOPT_HTTP200ALIASES, array(400, 500));
    $html = curl_exec($curl);
    curl_close($curl);
    if ($html === false) {
        header('Content-Type: text/plain; charset=utf-8');
        var_dump(curl_error($curl));
        print_r($header);
        print_r(curl_getinfo($curl));
        die('请求失败 ');
    }
    /* echo $html . '<br />'; */
    /* print_r($_SERVER); */
    /* exit(); */
    /*################ 从返回数据中提取参数 ################*/
    $tmp = preg_match('/uid=([0-9]+)&sig=([0-9a-zA-Z]{32})/', $html, $match);
    if ($tmp == 0) {
        die('请求校验失败 ' . $html);
    }
    $uid = $match[1];
    $sig = $match[2];
    $params['uid'] = $uid;
    if (md5(CoString($params) . '&' . IAUTH_RP_ID . '&' . IAUTH_RP_SECRET) != $sig) {
        die('请求校验失败  sig not match' . $html);
    }
    return $uid;
}
Esempio n. 3
0
function makeBaseString($method, $params)
{
    Check($method, 'httpmethod');
    if ($_SERVER['SERVER_PORT'] == 80) {
        $url_path = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['SCRIPT_NAME'];
    } else {
        $url_path = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['SERVER_PORT'] . $_SERVER['SCRIPT_NAME'];
    }
    $base_str = strtoupper($method) . '&' . $url_path . '&';
    $base_str .= CoString($params);
    return $base_str;
}