//数据库操作
if (!isset($_POST['token'])) {
if (isset($_POST['app_key']) && isset($_POST['app_secret'])) {
$appkey = htmlspecialchars($_POST['app_key']);
$appsecret = htmlspecialchars($_POST['app_secret']);
$data = $auth->CheckAuth($appkey, $appsecret);
$id = $data[0]['id'];
if ($data[0]['id'] == false) {
return false;
//未授权的站点
}
$time = date('Y-m-d H-i-s', time());
$token = md5(rand(1000, 100000) . $time . rand(1000, 100000));
$lifetime = '';
//可以设置存活期--永久使用即可
$auth->SaveToken($id, $token);
//保存token
echo $token;
//返回给授权站点
}
} else {
$token = htmlspecialchars($_POST['token']);
$data = $auth->CheckToken($token);
if ($data[0]['token'] != false) {
echo $token;
//授权过的站点
} else {
return false;
//未授权的站点
}
}
<?php
/**
* * User: chao
* Date: 2016/4/14
* Time: 10:41
*/
header("Content-type: text/html; charset=utf-8");
session_start();
require_once 'service.auth.php';
$auth = new AuthService();
//数据库操作
$token = htmlspecialchars($_GET['token']);
$backurl = htmlspecialchars($_GET['backurl']);
$user = '';
$is_token = $auth->CheckToken($token);
//检测token是否正确 不一致返回false
if ($is_token[0]['token'] == false) {
return false;
}
if (isset($_SESSION['user_name'])) {
$user = $_SESSION['user_name'];
} else {
$user = '';
}
$url = $backurl . '?token=' . $token . '&user=' . $user;
header("location:{$url}");
