if ($_SERVER['REQUEST_METHOD'] == 'GET') {
//如果不是认证服务器跳转回的回调页,则跳转回授权服务页
if (!$Code || !$State || empty($_SESSION[$Prefix . 'OauthState']) || $State != $_SESSION[$Prefix . 'OauthState']) {
//生成State值防止CSRF
$SendState = md5(uniqid(rand(), TRUE));
$_SESSION[$Prefix . 'OauthState'] = $SendState;
// 授权地址
$AuthorizeURL = Oauth::AuthorizeURL($CurProtocol . $_SERVER['HTTP_HOST'] . $Config['WebsitePath'], $AppID, $AppInfo['AppKey'], $SendState);
header("HTTP/1.1 301 Moved Permanently");
header("Status: 301 Moved Permanently");
header("Location: " . $AuthorizeURL);
exit;
}
$Message = '';
//下面是回调页面的处理
if (!$OauthObject->GetAccessToken($CurProtocol . $_SERVER['HTTP_HOST'] . $Config['WebsitePath'], $AppID, $AppInfo['AppSecret'], $Code)) {
AlertMsg('400 Bad Request', '400 Bad Request', 400);
}
if (!$OauthObject->GetOpenID()) {
AlertMsg('400 Bad Request', '400 Bad Request', 400);
}
// 非Post页,储存AccessToken
$_SESSION[$Prefix . 'OauthAccessToken'] = $OauthObject->AccessToken;
// 释放session防止阻塞
session_write_close();
$OauthUserID = $DB->single("SELECT UserID FROM " . $Prefix . "app_users \n\t\tWHERE AppID=:AppID AND OpenID = :OpenID", array('AppID' => $AppID, 'OpenID' => $OauthObject->OpenID));
$OauthObject->GetUserInfo();
CheckOpenID();
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (!ReferCheck(Request('Post', 'FormHash')) || empty($_SESSION[$Prefix . 'OauthAccessToken']) || !$State || empty($_SESSION[$Prefix . 'OauthState']) || $State != $_SESSION[$Prefix . 'OauthState']) {