//数据库操作 if (!isset($_POST['token'])) { if (isset($_POST['app_key']) && isset($_POST['app_secret'])) { $appkey = htmlspecialchars($_POST['app_key']); $appsecret = htmlspecialchars($_POST['app_secret']); $data = $auth->CheckAuth($appkey, $appsecret); $id = $data[0]['id']; if ($data[0]['id'] == false) { return false; //未授权的站点 } $time = date('Y-m-d H-i-s', time()); $token = md5(rand(1000, 100000) . $time . rand(1000, 100000)); $lifetime = ''; //可以设置存活期--永久使用即可 $auth->SaveToken($id, $token); //保存token echo $token; //返回给授权站点 } } else { $token = htmlspecialchars($_POST['token']); $data = $auth->CheckToken($token); if ($data[0]['token'] != false) { echo $token; //授权过的站点 } else { return false; //未授权的站点 } }
<?php /** * * User: chao * Date: 2016/4/14 * Time: 10:41 */ header("Content-type: text/html; charset=utf-8"); session_start(); require_once 'service.auth.php'; $auth = new AuthService(); //数据库操作 $token = htmlspecialchars($_GET['token']); $backurl = htmlspecialchars($_GET['backurl']); $user = ''; $is_token = $auth->CheckToken($token); //检测token是否正确 不一致返回false if ($is_token[0]['token'] == false) { return false; } if (isset($_SESSION['user_name'])) { $user = $_SESSION['user_name']; } else { $user = ''; } $url = $backurl . '?token=' . $token . '&user=' . $user; header("location:{$url}");