<?php /** * 网站进行微信OAuth登陆 * 该页面可通过Redirect方式进行访问,或者直接在需要的地方include_once */ chdir(dirname(__FILE__)); //把工作目录切换到文件所在目录 include_once dirname(__FILE__) . '/__config__.php'; // state为交互时双方都会带着的get参数,用于做一些逻辑判断,如果没指定,则默认一个 if (!$state) { $state = "fromydwx"; } $redirect = YDWX_SITE_URL . 'ydwx/webauth.php'; if (!@$_GET['code'] && !@$_GET['state']) { ob_clean(); header("Location: https://open.weixin.qq.com/connect/qrconnect?appid=" . YDWX_WEIXIN_WEB_APP_ID . "&redirect_uri={$redirect}&response_type=code&scope=snsapi_login&state={$state}#wechat_redirect"); die; } if (!@$_GET['code'] && @$_GET['state']) { YDWXHook::do_hook(YDWXHook::AUTH_CANCEL); die; } $http = new YDHttp(); $info = json_decode($http->get("https://api.weixin.qq.com/sns/oauth2/access_token?appid=" . YDWX_WEIXIN_WEB_APP_ID . "&secret=" . YDWX_WEIXIN_WEB_APP_SECRET . "&code=" . $_GET['code'] . "&grant_type=authorization_code"), true); if (!@$info['openid']) { YDWXHook::do_hook(YDWXHook::AUTH_FAIL, YDWXAuthFailResponse::errMsg($info['errmsg'], $info['errcode'])); die; } YDWXHook::do_hook(YDWXHook::AUTH_WEB_SUCCESS, ydwx_sns_userinfo($info['access_token'], $info['openid'], $_GET['state']));
} //用户取消授权后返回本页面 if (!@$_GET['code'] && @$_GET['state']) { YDWXHook::do_hook(YDWXHook::AUTH_CANCEL); die; } //第二步,用户授权后返回,获取授权用户信息 if ($isAgent || YDWX_WEIXIN_ACCOUNT_TYPE != YDWX_WEIXIN_ACCOUNT_TYPE_CROP) { $http = new YDHttp(); $info = json_decode($http->get(sprintf($access_token_url, $_GET['code'])), true); if (!@$info['openid']) { YDWXHook::do_hook(YDWXHook::AUTH_FAIL, YDWXAuthFailResponse::errMsg($info['errmsg'], $info['errcode'])); die; } try { $user = ydwx_sns_userinfo($info['access_token'], $info['openid']); $user->state = $_GET['state']; $user->appid = $appid; YDWXHook::do_hook(YDWXHook::AUTH_INAPP_SUCCESS, $user); } catch (\Exception $e) { YDWXHook::do_hook(YDWXHook::AUTH_FAIL, YDWXAuthFailResponse::errMsg($e->getMessage(), $e->getCode())); } die; } //企业号返回的是code,可直接获取用户的信息.TODO 是否企业号也会托管,那这里是不是该拿托管的企业号token $access_token = YDWXHook::do_hook(YDWXHook::GET_ACCESS_TOKEN); if ($access_token) { YDWXHook::do_hook(YDWXHook::AUTH_CROP_SUCCESS, ydwx_crop_user_info($access_token, $_GET['code'], $_GET['state'])); } else { YDWXHook::do_hook(YDWXHook::AUTH_FAIL, YDWXAuthFailResponse::errMsg("未取得access token")); }