function IAuthVerify($pTmp) { $ip = getAndCheck($pTmp, 'ip'); $sig = getAndCheck($pTmp, 'sig'); $url = getAndCheck($pTmp, 'url'); $client = array('appid' => getAndCheck($pTmp, 'appid'), 'hash' => getAndCheck($pTmp, 'hash'), 'hashmethod' => getAndCheck($pTmp, 'hashmethod'), 'time' => getAndCheck($pTmp, 'time'), 'nonce' => getAndCheck($pTmp, 'nonce'), 'version' => getAndCheck($pTmp, 'version'), 'sigmethod' => getAndCheck($pTmp, 'sigmethod'), 'token' => getAndCheck($pTmp, 'token')); $apiInfo = GetAPI($url); $rpid = $apiInfo['owner_id']; $api_id = $apiInfo['api_id']; $rpSecret = GetAppInfo($rpid, 'app_secret'); $accessInfo = GetAccessInfo($client['appid'], $client['token']); $accessSecret = $accessInfo['access_secret']; $faile_t = $accessInfo['faile_t']; $rights = $accessInfo['rights']; $uid = $accessInfo['user_id']; $appSecret = GetAppInfo($client['appid'], 'app_secret'); $secret = $appSecret . '&' . $accessSecret; $base_str = 'POST&' . $url . '&' . CoString($client); if ($sig != signature($base_str, $secret, $client['sigmethod'])) { throw new IAuthException('sig not match', $base_str); } $client['limit_seconds'] = $apiInfo['limit_seconds']; $client['limit_counts'] = $apiInfo['limit_counts']; CheckReplayAttack($client, 'verify'); VerifyAccessRight($api_id, $rights); newVerifier('verify', $client['appid'], $uid, $client['token'], date('Y-m-d H:i:s', $client['time']), $client['nonce'], $ip, $api_id); $rpRequest = $pTmp; $rpRequest['uid'] = $uid; $rpSig = signature(CoString($rpRequest), $rpid . '&' . $rpSecret, 'MD5'); echo 'uid=' . $uid . '&sig=' . $rpSig; /* echo '<br />'; */ /* echo CoString($rpRequest); */ }
function IAUTH_auth($appid, $uid, $rightStr, $state = '', $faile_t = '2036-12-31 23:59:59') { Check($appid, 'appid'); Check($uid, 'uid'); if (intval($uid) <= 0) { showError('use manage function instead'); } Check($faile_t, 'faile_t'); $rights = Check($rightStr, 'rights'); $appType = GetAppInfo($appid, 'app_type'); IAUTH_remove_auth($uid, $appid); if ($appType == 'WSC') { Check($state, 'state'); $callback = GetAppInfo($appid, 'call_back'); $verifier = newVerifier('auth', $appid, $uid, $rights, $faile_t, '', '', $state); accessLog('AUTH ' . $appid . ' ' . $uid . ' ' . $rightStr . ' ' . $faile_t . ' ' . $state); return URL($callback) . 'verifier=' . $verifier . '&state=' . $state; } if ($appType == 'UAC') { $verifier = newVerifier('auth', $appid, $uid, $rights, $faile_t); accessLog('AUTH ' . $appid . ' ' . $uid . ' ' . $rightStr . ' ' . $faile_t); return $verifier; } throw new IAuthException('db error'); }
function SSOlogin($appid, $state, $uid) { Check($appid, 'appid'); if (!empty($state)) { Check($state, 'state'); Check($uid, 'uid'); $authed = CheckUserAuthed($appid, $uid); $appType = GetAppInfo($appid, 'app_type'); $autoAuth = GetAppInfo($appid, 'auto_auth'); if ($appType == 'WSC') { if ($authed == FALSE && $autoAuth == FALSE) { //用户没有授权,且应用不是自动授权,跳转到应用大厅 if (!empty($_GET['s']) && $_GET['s'] == '1') { /* 加参数跳转到精简版界面 */ return IAUTH_SIMPLE_AUTH_CONFIRM_PAGE . '&appsid=' . $appid . '&state=' . $state; } return URL(IAUTH_APP_INFO_PAGE) . 'appsid=' . $appid . '&state=' . $state . '&showconfirm=yes#confirm'; } if ($authed == FALSE && $autoAuth == TRUE) { //用户没有授权,但是应用是自动授权,直接跳回应用的auth_call_back $authCallBack = GetAppInfo($appid, 'call_back'); $rights = Check('2:3:7:11', 'rights'); /* 由于没有应用大厅,权限被写死 */ $faile_t = '2036-12-31 23:59:59'; $verifier = newVerifier('auth', $appid, $uid, $rights, $faile_t, '', '', $state); accessLog('AUTH ' . $appid . ' ' . $uid . ' 2:3:7:11 ' . $faile_t . ' ' . $state); return URL($authCallBack) . 'verifier=' . $verifier . '&state=' . $state; } if ($authed == TRUE) { /* 用户已经授权,直接跳转回login_call_back */ $loginCallBack = GetAppInfo($appid, 'login_url'); $verifier = newVerifier('login', $appid, $uid, 'FROM_CLIENT', '', '', '', $state); return URL($loginCallBack) . 'verifier=' . $verifier . '&state=' . $state; } } /* END WSC */ } /* END !EMPTY state */ /* 其他情况,跳到应用大厅 */ return URL(IAUTH_APP_INFO_PAGE) . 'appsid=' . $appid; }