recorder = new Recorder(); $this->urlUtils = new URL(); $this->error = new ErrorCase(); } public function qq_login($ref,$type='pc'){ $appid = $this->recorder->readInc("appid"); $callback = $this->recorder->readInc("callback"); if($type == 'touch'){ $callback = $this->recorder->readInc("callback_touch"); } $scope = $this->recorder->readInc("scope"); //-------生成唯一随机串防CSRF攻击 $state = md5(uniqid(rand(), TRUE)); $this->recorder->write('state',$state); //-------构造请求参数列表 $keysArr = array( "response_type" => "code", "client_id" => $appid, "redirect_uri" => $callback."?ref=".$ref, "state" => $state, "scope" => $scope ); $login_url = $this->urlUtils->combineURL(self::GET_AUTH_CODE_URL, $keysArr); header("Location:$login_url"); } public function qq_callback(){ $state = $this->recorder->read("state"); //--------验证state防止CSRF攻击 if($_GET['state'] != $state){ $this->error->showError("30001"); } //-------请求参数列表 $keysArr = array( "grant_type" => "authorization_code", "client_id" => $this->recorder->readInc("appid"), "redirect_uri" => urlencode($this->recorder->readInc("callback")), "client_secret" => $this->recorder->readInc("appkey"), "code" => $_GET['code'] ); //------构造请求access_token的url $token_url = $this->urlUtils->combineURL(self::GET_ACCESS_TOKEN_URL, $keysArr); $response = $this->urlUtils->get_contents($token_url); if(strpos($response, "callback") !== false){ $lpos = strpos($response, "("); $rpos = strrpos($response, ")"); $response = substr($response, $lpos + 1, $rpos - $lpos -1); $msg = json_decode($response); if(isset($msg->error)){ $this->error->showError($msg->error, $msg->error_description); } } $params = array(); parse_str($response, $params); $this->recorder->write("access_token", $params["access_token"]); return $params["access_token"]; } public function get_openid(){ //-------请求参数列表 $keysArr = array( "access_token" => $this->recorder->read("access_token") ); $graph_url = $this->urlUtils->combineURL(self::GET_OPENID_URL, $keysArr); $response = $this->urlUtils->get_contents($graph_url); //--------检测错误是否发生 if(strpos($response, "callback") !== false){ $lpos = strpos($response, "("); $rpos = strrpos($response, ")"); $response = substr($response, $lpos + 1, $rpos - $lpos -1); } $user = json_decode($response); if(isset($user->error)){ $this->error->showError($user->error, $user->error_description); } //------记录openid $this->recorder->write("openid", $user->openid); return $user->openid; } }