Esempio n. 1
0
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
    //如果不是认证服务器跳转回的回调页,则跳转回授权服务页
    if (!$Code || !$State || empty($_SESSION[$Prefix . 'OauthState']) || $State != $_SESSION[$Prefix . 'OauthState']) {
        //生成State值防止CSRF
        $SendState = md5(uniqid(rand(), TRUE));
        $_SESSION[$Prefix . 'OauthState'] = $SendState;
        // 授权地址
        $AuthorizeURL = Oauth::AuthorizeURL($CurProtocol . $_SERVER['HTTP_HOST'] . $Config['WebsitePath'], $AppID, $AppInfo['AppKey'], $SendState);
        header("HTTP/1.1 301 Moved Permanently");
        header("Status: 301 Moved Permanently");
        header("Location: " . $AuthorizeURL);
        exit;
    }
    $Message = '';
    //下面是回调页面的处理
    if (!$OauthObject->GetAccessToken($CurProtocol . $_SERVER['HTTP_HOST'] . $Config['WebsitePath'], $AppID, $AppInfo['AppSecret'], $Code)) {
        AlertMsg('400 Bad Request', '400 Bad Request', 400);
    }
    if (!$OauthObject->GetOpenID()) {
        AlertMsg('400 Bad Request', '400 Bad Request', 400);
    }
    // 非Post页,储存AccessToken
    $_SESSION[$Prefix . 'OauthAccessToken'] = $OauthObject->AccessToken;
    // 释放session防止阻塞
    session_write_close();
    $OauthUserID = $DB->single("SELECT UserID FROM " . $Prefix . "app_users \n\t\tWHERE AppID=:AppID AND OpenID = :OpenID", array('AppID' => $AppID, 'OpenID' => $OauthObject->OpenID));
    $OauthObject->GetUserInfo();
    CheckOpenID();
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    if (!ReferCheck(Request('Post', 'FormHash')) || empty($_SESSION[$Prefix . 'OauthAccessToken']) || !$State || empty($_SESSION[$Prefix . 'OauthState']) || $State != $_SESSION[$Prefix . 'OauthState']) {