最近在弄一款小程序,今天得空,把登录授权这一块整理一下,网上搜的话,也有很多,但总觉得自己在项目上使用后,才理解的更加透彻。
前端的逻辑:首次登录->获取rd3_session->拿着rd3检查是否过期(当然也可以设置为永久,这取决于后端设置)->如果过期,则再次登录;
后端主要的也就是登录和检测是否过期。
下面是后台的code:
/**
* 小程序登录
*/
public function onlogin(){
$code = I('code');
$appId ="xxxx";
$appSecret="xxx";
$url = "https://api.weixin.qq.com/sns/jscode2session?appid=$appId&secret=$appSecret&js_code={$code}&grant_type=authorization_code";
$arr = $this->vegt($url);
// 返回值:[session_key] => PzY6sFpTsKKPrpl0BtEH2w== [openid] => osIjD5Pa5Z6GbonT5U-Z7Ed4kr6U
$rd3_str = $this->randomFromDev(16);
$rd3_str = trim($rd3_str);
//放入数据库
$find = D('users')->where('openid',$arr['openid'])->find();
if($find){
//更新
$list['rd3_session'] = $rd3_str;
$save = D('users')->where('openid',$arr['openid'])->save($list);
}else{
//新增
$list['openid'] = $arr['openid'];
$list['rd3_session'] = $rd3_str;
$insert = D('users')->add($list);
}
die(json_encode(['rd3_session'=>$rd3_str]));
}
/**
* 检验是否过期
*/
public function check_3rdsession(){
$rd3_session_str = I('rd3_session');
$rd3_session = D('users')->where('rd3_session',$rd3_session_str)->find();
if($rd3_session){
$rd3 = 1;
}else{
$rd3 = -1;
}
die(json_encode($rd3));
}
/**
* 写入用户信息
* update_info 更新用户信息
*/
public function setUserInfo(){
$rd3_session_str = I('rd3_session');
$update['nickname'] =I('nickName');
$update['sex'] = I('gender');
$update['head_pic'] = I('avatarUrl');
$find = D('users')->where('rd3_session',$rd3_session_str)->save($update);
if($find){
die(json_encode(['code'=>1,'msg'=>'ok']));
}else{
die(json_encode(['code'=>0,'msg'=>'error']));
}
}
其中用到了两个函数:
/**
* 通过此方法获取随机数
*/
public function randomFromDev($len)
{
$fp = @fopen('/dev/urandom','rb');
$result = '';
if ($fp !== FALSE) {
$result .= @fread($fp, $len);
@fclose($fp);
}
else
{
trigger_error('Can not open /dev/urandom.');
}
// convert from binary to string
$result = base64_encode($result);
// remove none url chars
$result = strtr($result, '+/', '-_');
// Remove = from the end
$result = str_replace('=', ' ', $result);
return $result;
}
public function vegt($url){
$info = curl_init();
curl_setopt($info,CURLOPT_RETURNTRANSFER,true);
curl_setopt($info,CURLOPT_HEADER,0);
curl_setopt($info,CURLOPT_NOBODY,0);
curl_setopt($info,CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($info,CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($info,CURLOPT_URL,$url);
$output= curl_exec($info);
curl_close($info);
return json_decode($output, true);
}
如有问题,欢迎指正!