/cms_install/vendor/houdunwang/qq/src/build/Oauth.php

https://github.com/houdunwang/video · PHP · 128 lines · 80 code · 32 blank · 16 comment · 6 complexity · 1d571fc65b16b6a0c81858f5d0c256d7 MD5 · raw file 

    

  1. <?php namespace houdunwang\qq\build;

    2. 

  2. 	/* PHP SDK

    3. 

  3. 	 * @version 2.0.0

    4. 

  4. 	 * @author connect@qq.com

    5. 

  5. 	 * @copyright © 2013, Tencent Corporation. All rights reserved.

    6. 

  6. 	 */

    7. 

  7. 

    8. 

  8. //require_once(CLASS_PATH."Recorder.class.php");

    9. 

  9. //require_once(CLASS_PATH."URL.class.php");

    10. 

  10. //require_once(CLASS_PATH."ErrorCase.class.php");

    11. 

  11. 

    12. 

  12. class Oauth {

    13. 

  13. 

    14. 

  14. 	const VERSION = "2.0";

    15. 

  15. 	const GET_AUTH_CODE_URL = "https://graph.qq.com/oauth2.0/authorize";

    16. 

  16. 	const GET_ACCESS_TOKEN_URL = "https://graph.qq.com/oauth2.0/token";

    17. 

  17. 	const GET_OPENID_URL = "https://graph.qq.com/oauth2.0/me";

    18. 

  18. 

    19. 

  19. 	protected $recorder;

    20. 

  20. 	public $urlUtils;

    21. 

  21. 	protected $error;

    22. 

  22. 

    23. 

  23. 

    24. 

  24. 	function __construct( $config ) {

    25. 

  25. 		$this->config( $config );

    26. 

  26. 		$this->urlUtils = new URL();

    27. 

  27. 		$this->error    = new ErrorCase();

    28. 

  28. 	}

    29. 

  29. 

    30. 

  30. 	public function config( $config ) {

    31. 

  31. 		$this->recorder = new Recorder( $config );

    32. 

  32. 	}

    33. 

  33. 

    34. 

  34. 	public function qq_login() {

    35. 

  35. 		$appid    = $this->recorder->readInc( "appid" );

    36. 

  36. 		$callback = $this->recorder->readInc( "callback" );

    37. 

  37. 		$scope    = $this->recorder->readInc( "scope" );

    38. 

  38. 

    39. 

  39. 		//-------生成唯一随机串防CSRF攻击

    40. 

  40. 		$state = md5( uniqid( rand(), true ) );

    41. 

  41. 		$this->recorder->write( 'state', $state );

    42. 

  42. 

    43. 

  43. 		//-------构造请求参数列表

    44. 

  44. 		$keysArr = [

    45. 

  45. 			"response_type" => "code",

    46. 

  46. 			"client_id"     => $appid,

    47. 

  47. 			"redirect_uri"  => $callback,

    48. 

  48. 			"state"         => $state,

    49. 

  49. 			"scope"         => $scope

    50. 

  50. 		];

    51. 

  51. 

    52. 

  52. 		$login_url = $this->urlUtils->combineURL( self::GET_AUTH_CODE_URL, $keysArr );

    53. 

  53. 

    54. 

  54. 		header( "Location:$login_url" );

    55. 

  55. 	}

    56. 

  56. 

    57. 

  57. 	public function qq_callback() {

    58. 

  58. 		$state = $this->recorder->read( "state" );

    59. 

  59. 

    60. 

  60. 		//--------验证state防止CSRF攻击

    61. 

  61. 		if ( $_GET['state'] != $state ) {

    62. 

  62. 			$this->error->showError( "30001" );

    63. 

  63. 		}

    64. 

  64. 

    65. 

  65. 		//-------请求参数列表

    66. 

  66. 		$keysArr = [

    67. 

  67. 			"grant_type"    => "authorization_code",

    68. 

  68. 			"client_id"     => $this->recorder->readInc( "appid" ),

    69. 

  69. 			"redirect_uri"  => urlencode( $this->recorder->readInc( "callback" ) ),

    70. 

  70. 			"client_secret" => $this->recorder->readInc( "appkey" ),

    71. 

  71. 			"code"          => $_GET['code']

    72. 

  72. 		];

    73. 

  73. 

    74. 

  74. 		//------构造请求access_token的url

    75. 

  75. 		$token_url = $this->urlUtils->combineURL( self::GET_ACCESS_TOKEN_URL, $keysArr );

    76. 

  76. 		$response  = $this->urlUtils->get_contents( $token_url );

    77. 

  77. 

    78. 

  78. 		if ( strpos( $response, "callback" ) !== false ) {

    79. 

  79. 

    80. 

  80. 			$lpos     = strpos( $response, "(" );

    81. 

  81. 			$rpos     = strrpos( $response, ")" );

    82. 

  82. 			$response = substr( $response, $lpos + 1, $rpos - $lpos - 1 );

    83. 

  83. 			$msg      = json_decode( $response );

    84. 

  84. 

    85. 

  85. 			if ( isset( $msg->error ) ) {

    86. 

  86. 				$this->error->showError( $msg->error, $msg->error_description );

    87. 

  87. 			}

    88. 

  88. 		}

    89. 

  89. 

    90. 

  90. 		$params = [ ];

    91. 

  91. 		parse_str( $response, $params );

    92. 

  92. 

    93. 

  93. 		$this->recorder->write( "access_token", $params["access_token"] );

    94. 

  94. 

    95. 

  95. 		return $params["access_token"];

    96. 

  96. 

    97. 

  97. 	}

    98. 

  98. 

    99. 

  99. 	public function get_openid() {

    100. 

  100. 

    101. 

  101. 		//-------请求参数列表

    102. 

  102. 		$keysArr = [

    103. 

  103. 			"access_token" => $this->recorder->read( "access_token" )

    104. 

  104. 		];

    105. 

  105. 

    106. 

  106. 		$graph_url = $this->urlUtils->combineURL( self::GET_OPENID_URL, $keysArr );

    107. 

  107. 		$response  = $this->urlUtils->get_contents( $graph_url );

    108. 

  108. 

    109. 

  109. 		//--------检测错误是否发生

    110. 

  110. 		if ( strpos( $response, "callback" ) !== false ) {

    111. 

  111. 

    112. 

  112. 			$lpos     = strpos( $response, "(" );

    113. 

  113. 			$rpos     = strrpos( $response, ")" );

    114. 

  114. 			$response = substr( $response, $lpos + 1, $rpos - $lpos - 1 );

    115. 

  115. 		}

    116. 

  116. 

    117. 

  117. 		$user = json_decode( $response );

    118. 

  118. 		if ( isset( $user->error ) ) {

    119. 

  119. 			$this->error->showError( $user->error, $user->error_description );

    120. 

  120. 		}

    121. 

  121. 

    122. 

  122. 		//------记录openid

    123. 

  123. 		$this->recorder->write( "openid", $user->openid );

    124. 

  124. 

    125. 

  125. 		return $user->openid;

    126. 

  126. 

    127. 

  127. 	}

    128. 

  128. }
    129.