AlertMsg('404 Not Found', '404 Not Found', 404); } else { require __DIR__ . '/includes/Oauth.' . $AppInfo['AppName'] . '.class.php'; $OauthObject = new Oauth($AppInfo['AppKey']); } $Code = Request('Get', 'code'); $State = Request('Get', 'state'); session_start(); if ($_SERVER['REQUEST_METHOD'] == 'GET') { //如果不是认证服务器跳转回的回调页,则跳转回授权服务页 if (!$Code || !$State || empty($_SESSION[$Prefix . 'OauthState']) || $State != $_SESSION[$Prefix . 'OauthState']) { //生成State值防止CSRF $SendState = md5(uniqid(rand(), TRUE)); $_SESSION[$Prefix . 'OauthState'] = $SendState; // 授权地址 $AuthorizeURL = Oauth::AuthorizeURL($CurProtocol . $_SERVER['HTTP_HOST'] . $Config['WebsitePath'], $AppID, $AppInfo['AppKey'], $SendState); header("HTTP/1.1 301 Moved Permanently"); header("Status: 301 Moved Permanently"); header("Location: " . $AuthorizeURL); exit; } $Message = ''; //下面是回调页面的处理 if (!$OauthObject->GetAccessToken($CurProtocol . $_SERVER['HTTP_HOST'] . $Config['WebsitePath'], $AppID, $AppInfo['AppSecret'], $Code)) { AlertMsg('400 Bad Request', '400 Bad Request', 400); } if (!$OauthObject->GetOpenID()) { AlertMsg('400 Bad Request', '400 Bad Request', 400); } // 非Post页,储存AccessToken $_SESSION[$Prefix . 'OauthAccessToken'] = $OauthObject->AccessToken;
AlertMsg('404 Not Found', '404 Not Found', 404); } else { require dirname(__FILE__) . '/includes/Oauth.' . $AppInfo['AppName'] . '.class.php'; $OauthObject = new Oauth($AppInfo['AppKey']); } $Code = Request('Get', 'code'); $State = Request('Get', 'state'); session_start(); if ($_SERVER['REQUEST_METHOD'] == 'GET') { //如果不是认证服务器跳转回的回调页,则跳转回授权服务页 if (!$Code || !$State || empty($_SESSION[$Prefix . 'OauthState']) || $State != $_SESSION[$Prefix . 'OauthState']) { //生成State值防止CSRF $SendState = md5(uniqid(rand(), TRUE)); $_SESSION[$Prefix . 'OauthState'] = $SendState; // 授权地址 $AuthorizeURL = Oauth::AuthorizeURL('http://' . $_SERVER['HTTP_HOST'] . $Config['WebsitePath'], $AppID, $AppInfo['AppKey'], $SendState); header("HTTP/1.1 301 Moved Permanently"); header("Status: 301 Moved Permanently"); header("Location: " . $AuthorizeURL); exit; } $Message = ''; //下面是回调页面的处理 if (!$OauthObject->GetAccessToken('http://' . $_SERVER['HTTP_HOST'] . $Config['WebsitePath'], $AppID, $AppInfo['AppSecret'], $Code)) { AlertMsg('400 Bad Request', '400 Bad Request', 400); } if (!$OauthObject->GetOpenID()) { AlertMsg('400 Bad Request', '400 Bad Request', 400); } $OpenID = $OauthObject->OpenID; //var_dump($OauthObject->GetAvatarURL());