<?php require_once dirname(__FILE__) . '/IAuthConfig.php'; require_once dirname(__FILE__) . "/IAuthCommon.php"; try { $pTmp = GetHeaderParams(); IAuthException::$Info = $pTmp; IAuthVerify($pTmp); } catch (IAuthException $e) { showError($e); } exit; function IAuthVerify($pTmp) { $ip = getAndCheck($pTmp, 'ip'); $sig = getAndCheck($pTmp, 'sig'); $url = getAndCheck($pTmp, 'url'); $client = array('appid' => getAndCheck($pTmp, 'appid'), 'hash' => getAndCheck($pTmp, 'hash'), 'hashmethod' => getAndCheck($pTmp, 'hashmethod'), 'time' => getAndCheck($pTmp, 'time'), 'nonce' => getAndCheck($pTmp, 'nonce'), 'version' => getAndCheck($pTmp, 'version'), 'sigmethod' => getAndCheck($pTmp, 'sigmethod'), 'token' => getAndCheck($pTmp, 'token')); $apiInfo = GetAPI($url); $rpid = $apiInfo['owner_id']; $api_id = $apiInfo['api_id']; $rpSecret = GetAppInfo($rpid, 'app_secret'); $accessInfo = GetAccessInfo($client['appid'], $client['token']); $accessSecret = $accessInfo['access_secret']; $faile_t = $accessInfo['faile_t']; $rights = $accessInfo['rights']; $uid = $accessInfo['user_id']; $appSecret = GetAppInfo($client['appid'], 'app_secret'); $secret = $appSecret . '&' . $accessSecret; $base_str = 'POST&' . $url . '&' . CoString($client); if ($sig != signature($base_str, $secret, $client['sigmethod'])) {
function iauth_verify($url = '') { if ($url == '') { switch ($_SERVER['SERVER_PORT']) { case '80': $url = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['SCRIPT_NAME']; break; case '443': $url = 'https://' . $_SERVER['SERVER_NAME'] . $_SERVER['SCRIPT_NAME']; break; default: $url = 'http://' . $_SERVER['SERVER_NAME'] . ':' . $_SERVER['SERVER_PORT'] . $_SERVER['SCRIPT_NAME']; break; } } /*################ 检查hash ################*/ $pTmp = array_merge($_GET, $_POST); $hash = md5(CoString($pTmp)); /*################ 生成header ################*/ $params = GetHeaderParams(); if (empty($params['hash']) || $params['hash'] != $hash) { die('hash not match: ' . CoString($pTmp)); } $params['url'] = $url; $params['ip'] = $_SERVER['REMOTE_ADDR']; $header = array('Authorization:' . CoString($params, ',', '"')); /* print_r($params); */ /* print_r($header); */ /* echo IAUTH_VERIFY_URL; */ /*################ 使用curl发送header ################*/ $curl = curl_init(); curl_setopt($curl, CURLOPT_HTTPHEADER, $header); curl_setopt($curl, CURLOPT_URL, IAUTH_VERIFY_URL); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_TIMEOUT, 30); curl_setopt($curl, CURLINFO_HEADER_OUT, true); curl_setopt($curl, CURLINFO_HEADER, true); curl_setopt($curl, CURLOPT_FAILONERROR, false); curl_setopt($curl, CURLOPT_HTTP200ALIASES, array(400, 500)); $html = curl_exec($curl); curl_close($curl); if ($html === false) { header('Content-Type: text/plain; charset=utf-8'); var_dump(curl_error($curl)); print_r($header); print_r(curl_getinfo($curl)); die('请求失败 '); } /* echo $html . '<br />'; */ /* print_r($_SERVER); */ /* exit(); */ /*################ 从返回数据中提取参数 ################*/ $tmp = preg_match('/uid=([0-9]+)&sig=([0-9a-zA-Z]{32})/', $html, $match); if ($tmp == 0) { die('请求校验失败 ' . $html); } $uid = $match[1]; $sig = $match[2]; $params['uid'] = $uid; if (md5(CoString($params) . '&' . IAUTH_RP_ID . '&' . IAUTH_RP_SECRET) != $sig) { die('请求校验失败 sig not match' . $html); } return $uid; }