/** * 检查 token 对应的用户是否有权限访问接口 * * @param string $token 用于API权限验证的 token * @param string $action 控制器类名及方法(不包含命名空间) * @param \App\Http\Request $req HTTP 请求对象 * @return array */ public function valid_token($token, $action, &$req = null) : array { if (!$token || strlen($token) !== 32) { return [-101, '请提供有效的 token']; } $dateline = time(); $uid = mem_get('api_' . $token); if ($uid === false) { $m_al = new ApiLogin(); $api_login = $m_al->find(['token' => $token, 'dateline >=' => $dateline - self::CACHE_TIME], 'uid, token, dateline'); if ($api_login) { $uid = $api_login['uid']; mem_set('api_' . $token, $uid, self::CACHE_TIME); } else { return [-102, 'token不匹配']; } } // 检查权限 $key_rights = 'api_rights_' . $uid; $key_allowed_ip = 'api_allowed_ip_' . $uid; $uid_rights = mem_get($key_rights); $allowed_ip = mem_get($key_allowed_ip); if ($uid_rights === false) { $m_au = new ApiUser(); $api_user = $m_au->find(['uid' => $uid], 'rights, allowed_ip'); if (!$api_user) { return [-103, 'token 对应的用户不存在']; } $uid_rights = $api_user['rights']; $allowed_ip = $api_user['allowed_ip']; mem_set($key_rights, $uid_rights, self::CACHE_TIME); mem_set($key_allowed_ip, $allowed_ip, self::CACHE_TIME); } list($controller, $method) = explode(':', $action, 2); if (!$this->check_rights($uid_rights, $controller, $method)) { return [-104, '您没有权限访问该接口']; } // 检查IP是否允许 $ip = $_SERVER['REMOTE_ADDR']; if ($allowed_ip && strpos($allowed_ip, $ip) === false) { return [-105, '您的IP无权限访问接口']; } $req = $this->set_extra_args($req, $uid_rights, $action); return [0, $uid]; }
function sendVitality($user, $session, $badges) { //echo "session"; //print_r($session); $badge_names = array("agg.twitter" => "Tweetoo", "avatars" => "Beharupia", "buzz" => "Buzzooka", "y.mybloglog" => "BloggY!", "socialite" => "Socialite", "newbie1" => "Newbie"); $badge_desc = array("agg.twitter" => "You've shared 5 twitter updates!", "avatars" => "You've created a Yahoo! avatar", "buzz" => "You've buzed up 3 times", "y.mybloglog" => "You've shared 10 blog updates", "socialite" => "You've updates from 8 different sources", "newbie1" => "Congrats! On sharing your updates"); foreach ($badges as $source => $count) { $mem_key = "{$user->guid}:{$source}"; if (!record($user->guid, $source)) { continue; } $title = "just unlocked the badge " . $badge_names[$source] . " on Updatesville"; $description = $badge_desc[$source]; $imgURL = "http://hacks.saurabhsahni.com/updatesville/icons/{$source}.png"; $imgWidth = "64"; $imgHeight = "67"; $iconURL = "http://hacks.saurabhsahni.com/updatesville/vitality_bigger2.gif"; $link = "http://pulse.yahoo.com/y/apps/7BNRkt42/"; // $updatesQuery = "INSERT INTO social.updates(guid,title,description,imgURL,imgWidth,imgHeight,iconURL,link) values ('{$user->guid}','$title','$description','$imgURL','$imgWidth','$imgHeight','$iconURL','$link')"; // error_log($updatesQuery); // $updates = $session->query($updatesQuery); $updates = $user->insertUpdate(md5($source), $title, $link, $description, $imgURL, $imgWidth, $imgHeight, $iconURL, time()); mem_set($mem_key, "1"); // echo $updatesQuery; // print_r($updates); // error_log(print_r($updates,true)); } }
function query_cache($sql, $cache_key = '', $cache_time = '3600', $isupdate = '0') { $is_cache = 0; $t1 = microtime(1); if ($cache_key) { if (strpos($cache_key, '_')) { $mem_sql_key = $cache_key; } else { $mem_sql_key = $cache_key . "_" . md5($sql); } } else { $mem_sql_key = md5($sql); } $arrs = mem_get($mem_sql_key); if (!is_array($arrs) || $isupdate) { if ($isupdate) { unset($arrs); if ($isupdate == 2) { mem_delete($mem_sql_key); return; } } if (!$this->link) { $this->connect(); } $arrs = array(); if ($query = mysqli_query($this->link, $sql)) { if ($mem_sql_key == $cache_key) { $arrs = $this->fetch_array($query); } else { while ($arr = $this->fetch_array($query)) { $arrs[] = $arr; } } /****add by jeffy.woo*****/ } else { $this->halt('MySQL Query Error', $sql); /****add by jeffy.woo*****/ } mem_set($mem_sql_key, $arrs, $cache_time); } else { $is_cache = 1; } if (isset($_COOKIE['admin_auth']) || ENV != 'prod') { $t2 = microtime(1); $spendtime = number_format(($t2 - $t1) * 1000, 1); if ($is_cache) { $this->query_cache_num++; $this->query_cache_time += $spendtime; $this->queryinfo .= $spendtime . "ms --- Cache {$sql}<br>"; } else { $this->query_db_num++; $this->query_db_time += $spendtime; $this->queryinfo .= $spendtime . "ms --- {$sql}<br>"; } } return $arrs; }
define("CONSUMER_SECRET", "c42a4292e6ebdeca8fa69dd12d0480e636140346"); define("APP_ID", "7BNRkt42"); // Enable debugging. Errors are reported to Web server's error log. // YahooLogger::setDebug(true); // Initializes session and redirects user to Yahoo! to sign in and // then authorize app $yahoo_session = YahooSession::requireSession(CONSUMER_KEY, CONSUMER_SECRET, APP_ID); if ($yahoo_session == NULL) { fatal_error("yahoo_session"); } $fren_updates_key = "fren:v1:updates"; $fren_updates = mem_get($fren_updates_key); if (!$fren_updates) { $data_orig = $yahoo_session->query('select * from social.updates.search where source="APP.7BNRkt42" limit 10'); $fren_updates = $data_orig->query->results->update; mem_set($fren_updates_key, $fren_updates, 3600); } $leaders = doEverything($yahoo_session); foreach ($leaders as $leader) { $me = $leader; break; } $badge_names = array("agg.twitter" => "Tweetoo", "avatars" => "Beharupia", "buzz" => "Buzzooka", "y.mybloglog" => "BloggY!", "socialite" => "Socialite", "newbie1" => "Newbie"); $badge_desc = array("agg.twitter" => "You've shared 5 twitter updates!", "avatars" => "You've creating a Yahoo! avatar", "buzz" => "You've buzed up 3 times", "y.mybloglog" => "You've sharing 10 blog updates", "socialite" => "You've updates from 8 different sources", "newbie1" => "Congrats! On sharing your updates"); krsort($leaders); track($me["nickname"], $me["guid"], $me["count"]); // $me=array("count"=>20); ?> <style> h1 { color:#E57F3E;