/**
* 检查签名
* @param String $power_id 资源ID
* @param String $signature 签名
* @return bool
*/
private function check_power_key()
{
$this->load->model('accessModel/Power_model', 'power');
$power = $this->power->get($this->power_id);
if (empty($power)) {
log_message('debug', sprintf("%s---power_id:%s,signature:%s, power_id is not exists", $this->session_id, $this->power_id, $this->signature));
return FALSE;
}
//组织签名数据
$post = $this->input->post();
unset($post['signature']);
if (isset($post['callback'])) {
$post['callback'] = urlencode($post['callback']);
}
if (isset($post['username'])) {
$post['username'] = urlencode($post['username']);
}
//比对签名
$this->load->helper('signature');
$t_signature = get_signature($post, $power['power_key']);
//var_dump($t_signature);
log_message('debug', sprintf("%s--signature:%s,t_signature:%s", $this->session_id, $this->signature, $t_signature));
$cmp_resut = strcmp($this->signature, $t_signature);
if ($cmp_resut == 0) {
return TRUE;
} else {
log_message('ERROR', sprintf("%s--signature:%s,t_signature:%s", $this->session_id, $this->signature, $t_signature));
return FALSE;
}
}
/**
* @brief 请求临时token.请求需经过URL编码,编码时请遵循 RFC 1738
*
* @param $appid
* @param $appkey
*
* @return 返回字符串格式为:oauth_token=xxx&oauth_token_secret=xxx
*/
function get_request_token($appid, $appkey)
{
//请求临时token的接口地址, 不要更改!!
$url = "http://openapi.qzone.qq.com/oauth/qzoneoauth_request_token?";
//生成oauth_signature签名值。签名值生成方法详见(http://wiki.opensns.qq.com/wiki/【QQ登录】签名参数oauth_signature的说明)
//(1) 构造生成签名值的源串(HTTP请求方式 & urlencode(uri) & urlencode(a=x&b=y&...))
$sigstr = "GET" . "&" . rawurlencode("http://openapi.qzone.qq.com/oauth/qzoneoauth_request_token") . "&";
//必要参数
$params = array();
$params["oauth_version"] = "1.0";
$params["oauth_signature_method"] = "HMAC-SHA1";
$params["oauth_timestamp"] = time();
$params["oauth_nonce"] = mt_rand();
$params["oauth_consumer_key"] = $appid;
//对参数按照字母升序做序列化
$normalized_str = get_normalized_string($params);
$sigstr .= rawurlencode($normalized_str);
//(2)构造密钥
$key = $appkey . "&";
//(3)生成oauth_signature签名值。这里需要确保PHP版本支持hash_hmac函数
$signature = get_signature($sigstr, $key);
//构造请求url
$url .= $normalized_str . "&" . "oauth_signature=" . rawurlencode($signature);
//echo "$sigstr\n";
//echo "$url\n";
//echo $url;
return file_get_contents($url);
}
/**
* @brief 获取access_token。请求需经过URL编码,编码时请遵循 RFC 1738
*
* @param $appid
* @param $appkey
* @param $request_token
* @param $request_token_secret
* @param $vericode
*
* @return 返回字符串格式为:oauth_token=xxx&oauth_token_secret=xxx&openid=xxx&oauth_signature=xxx&oauth_vericode=xxx×tamp=xxx
*/
function get_access_token($appid, $appkey, $request_token, $request_token_secret, $vericode)
{
global $global_arg;
//请求具有Qzone访问权限的access_token的接口地址, 不要更改!!
$url = "http://openapi.qzone.qq.com/oauth/qzoneoauth_access_token?";
//生成oauth_signature签名值。签名值生成方法详见(http://wiki.opensns.qq.com/wiki/【QQ登录】签名参数oauth_signature的说明)
//(1) 构造生成签名值的源串(HTTP请求方式 & urlencode(uri) & urlencode(a=x&b=y&...))
$sigstr = "GET" . "&" . QQConnect_urlencode("http://openapi.qzone.qq.com/oauth/qzoneoauth_access_token") . "&";
//必要参数,不要随便更改!!
$params = array();
$params["oauth_version"] = "1.0";
$params["oauth_signature_method"] = "HMAC-SHA1";
$params["oauth_timestamp"] = time();
$params["oauth_nonce"] = mt_rand();
$params["oauth_consumer_key"] = $appid;
$params["oauth_token"] = $request_token;
$params["oauth_vericode"] = $vericode;
//对参数按照字母升序做序列化
$normalized_str = get_normalized_string($params);
$sigstr .= QQConnect_urlencode($normalized_str);
//echo "sigstr = $sigstr";
//(2)构造密钥
$key = $appkey . "&" . $request_token_secret;
//(3)生成oauth_signature签名值。这里需要确保PHP版本支持hash_hmac函数
$signature = get_signature($sigstr, $key);
//构造请求url
$url .= $normalized_str . "&" . "oauth_signature=" . QQConnect_urlencode($signature);
$global_arg = $url;
return file_get_contents($url);
}
/**
* @brief 所有post 请求都可以使用这个方法
*
* @param $url
* @param $appid
* @param $appkey
* @param $access_token
* @param $access_token_secret
* @param $openid
*
*/
function do_post($url, $appid, $appkey, $access_token, $access_token_secret, $openid)
{
//构造签名串.源串:方法[GET|POST]&uri&参数按照字母升序排列
$sigstr = "POST" . "&" . rawurlencode($url) . "&";
//必要参数,不要随便更改!!
$params = $_POST;
$params["oauth_version"] = "1.0";
$params["oauth_signature_method"] = "HMAC-SHA1";
$params["oauth_timestamp"] = time();
$params["oauth_nonce"] = mt_rand();
$params["oauth_consumer_key"] = $appid;
$params["oauth_token"] = $access_token;
$params["openid"] = $openid;
unset($params["oauth_signature"]);
//对参数按照字母升序做序列化
$sigstr .= rawurlencode(get_normalized_string($params));
//签名,需要确保php版本支持hash_hmac函数
$key = $appkey . "&" . $access_token_secret;
$signature = get_signature($sigstr, $key);
$params["oauth_signature"] = $signature;
$postdata = get_urlencode_string($params);
//echo "$sigstr******\n";
//echo "$postdata\n";
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt($ch, CURLOPT_URL, $url);
$ret = curl_exec($ch);
curl_close($ch);
return $ret;
}
?>
<!--PRINT CIRTIFICATE -->
<div id="printForm" style="display: none;" >
<img src="<?php
echo Yii::app()->baseUrl;
?>
/cert/<?php
echo $model[0]['cert_picture'];
?>
">
<?php
$cname = $model[0]['firstname'] . " " . $model[0]['lastname'];
$grade = $model[0]['cirtificate_grade'];
$gno = $model[0]['cirtificate_no'];
$signature1 = get_signature($model[0]['signature1'], $signature);
$signature2 = get_signature($model[0]['signature2'], $signature);
$model[0]['course_cirtificate'] = str_replace("[SIGNATURE1]", $signature1, $model[0]['course_cirtificate']);
$model[0]['course_cirtificate'] = str_replace("[SIGNATURE2]", $signature2, $model[0]['course_cirtificate']);
$model[0]['course_cirtificate'] = str_replace("[NAME]", $name, $model[0]['course_cirtificate']);
$model[0]['course_cirtificate'] = str_replace("[GRADE]", $grade, $model[0]['course_cirtificate']);
$model[0]['course_cirtificate'] = str_replace("[GNO]", $gno, $model[0]['course_cirtificate']);
$model[0]['course_cirtificate'] = str_replace("[CERTNO]", 'MECT/' . $course_abbr . '-' . $cert_no, $model[0]['course_cirtificate']);
$model[0]['course_cirtificate'] = str_replace("[DOB]", $dob, $model[0]['course_cirtificate']);
$model[0]['course_cirtificate'] = str_replace("[CDC]", $CDCNO, $model[0]['course_cirtificate']);
$model[0]['course_cirtificate'] = str_replace("[INDOS]", $INDOSNO, $model[0]['course_cirtificate']);
$model[0]['course_cirtificate'] = str_replace("[PASSPORT]", $passportno, $model[0]['course_cirtificate']);
$model[0]['course_cirtificate'] = str_replace("[STRTDT]", date("d-m-Y", strtotime($model[0]['start_date'])), $model[0]['course_cirtificate']);
$model[0]['course_cirtificate'] = str_replace("[ENDDT]", date("d-m-Y", strtotime($model[0]['end_date'])), $model[0]['course_cirtificate']);
echo $model[0]['course_cirtificate'];
function get_signature($id, $signature)
{
/**
* @brief get a request token by appid and appkey
* rfc1738 urlencode
* @param $appid
* @param $appkey
*
* @return a string, the format as follow:
* oauth_token=xxx&oauth_token_secret=xxx
*/
function get_request_token($appid, $appkey)
{
//获取request token接口, 不要随便更改!!
$url = "http://openapi.qzone.qq.com/oauth/qzoneoauth_request_token?";
//构造签名串.源串:方法[GET|POST]&uri&参数按照字母升序排列
$sigstr = "GET" . "&" . rawurlencode("http://openapi.qzone.qq.com/oauth/qzoneoauth_request_token") . "&";
//必要参数,不要随便更改!!
$params = array();
$params["oauth_version"] = "1.0";
$params["oauth_signature_method"] = "HMAC-SHA1";
$params["oauth_timestamp"] = time();
$params["oauth_nonce"] = mt_rand();
$params["oauth_consumer_key"] = $appid;
//对参数按照字母升序做序列化
$normalized_str = get_normalized_string($params);
$sigstr .= rawurlencode($normalized_str);
//签名,需要确保php版本支持hash_hmac函数
$key = $appkey . "&";
$signature = get_signature($sigstr, $key);
//构造请求url
$url .= $normalized_str . "&" . "oauth_signature=" . rawurlencode($signature);
//echo "$sigstr\n";
//echo "$url\n";
return file_get_contents($url);
}
function topTen($nodeId, $rGroup)
{
global $cg;
$request = 'AWSAccessKeyId=' . $cg['AWSAccessKeyId'];
$request .= '&AssociateTag=' . $cg['AssociateTag'];
$request .= '&Version=2011-08-01';
$request .= '&Operation=BrowseNodeLookup';
$request .= '&ResponseGroup=' . $rGroup;
$request .= '&BrowseNodeId=' . $nodeId;
// url encode the comma and colon
$request = str_replace(',', '%2C', $request);
$request = str_replace(':', '%3A', $request);
// explode the query string
$x = explode("&", $request);
// requirement when building a signature is to sort by byte value
sort($x);
// sort on byte value;
// reconstruct the query string, should now be sorted
$string_to_sign = implode("&", $x);
$signature = get_signature($string_to_sign);
$request = $cg['amazonUrl'] . '?' . $string_to_sign;
$request .= "&Signature=" . $signature;
$response = curl_string($request);
if ($response) {
$xml = array();
$res = simplexml_load_string($response);
echo '<pre>';
print_r($res);
exit;
}
}
//$displaySI = $searchIndex;
if (!in_array($searchIndex, $categories)) {
$keyword .= ' ' . $searchIndex;
$searchIndex = 'All';
// reassign All
}
$keyword = str_replace(" ", "+", $keyword);
$keyword = urlencode($keyword);
$operation = 'ItemSearch';
//$searchIndex = 'All';
$service = 'AWSECommerceService';
$version = '2011-08-01';
$responseGroup = 'ItemAttributes,Images';
$browseNode = $nodeID;
$string_to_sign = build_request($keyword, $searchIndex, $operation, $service, $version, $responseGroup, 0, $browseNode);
$signature = get_signature($string_to_sign);
$request = $cg['amazonUrl'] . '?' . $string_to_sign;
$request .= "&Signature=" . $signature;
$maxPage = $searchIndex == 'All' ? 5 : 10;
//$response = file_get_contents($request);
$response = curl_string($request);
} else {
$response = false;
}
if ($response) {
$xml = array();
$res = simplexml_load_string($response);
//echo '<meta charset="utf-8">';
//echo $string_to_sign . '<br/>';
//echo '<pre>';
//print_r($res);
$algo = strtolower($algo);
$pack = 'H' . strlen($algo('test'));
$size = 64;
$opad = str_repeat(chr(0x5c), $size);
$ipad = str_repeat(chr(0x36), $size);
if (strlen($key) > $size) {
$key = str_pad(pack($pack, $algo($key)), $size, chr(0x0));
} else {
$key = str_pad($key, $size, chr(0x0));
}
for ($i = 0; $i < strlen($key) - 1; $i++) {
$opad[$i] = $opad[$i] ^ $key[$i];
$ipad[$i] = $ipad[$i] ^ $key[$i];
}
$output = $algo($opad . pack($pack, $algo($ipad . $data)));
return $raw_output ? pack($pack, $output) : $output;
}
function get_signature($str, $key)
{
$signature = "";
if (function_exists('hash_hmac')) {
$signature = hash_hmac("sha1", $str, $key);
} else {
$signature = custom_hmac("sha1", $str, $key);
}
return $signature;
}
echo get_signature("img_url=http://s1.bdstatic.com/r/www/cache/xmas2012/images/car.png&nickname=anything&profile_url=http://3g.ganji.com&user_id=500011302", "bd9c83161441a1e68fa309455f09bf59");
?>