php 与oauth,php 与 OAuth2 与 QQ login Testing.

转自：http://www.heui.org/archives/454

/**

*

* qq登录

* @author http://www.heui.org

*

*/

class Oauth_qq

{

private static $_instance;

private $config = array();

private function __construct($config)

{

$this->Oauth_qq($config);

}

public static function getInstance($config)

{

if(!isset(self::$_instance))

{

$c=__CLASS__;

self::$_instance = new $c($config);

}

return self::$_instance;

}

private function Oauth_qq($config)

{

$this->config = $config;

$_SESSION["appid"] = $this->config['appid'];

$_SESSION["appkey"] = $this->config['appkey'];

$_SESSION["callback"] = $this->config['callback'];

$_SESSION["scope"] = "get_user_info,add_share,list_album,add_album,upload_pic,add_topic,add_one_blog,add_weibo";

}

function login()

{

$_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection

$login_url = "https://graph.qq.com/oauth2.0/authorize?response_type=code&client_id="

. $_SESSION["appid"] . "&redirect_uri=" . urlencode($_SESSION["callback"])

. "&state=" . $_SESSION['state']

. "&scope=".$_SESSION["scope"];

header("Location:$login_url");

}

function callback()

{

if($_REQUEST['state'] == $_SESSION['state']) //csrf

{

$token_url = "https://graph.qq.com/oauth2.0/token?grant_type=authorization_code&"

. "client_id=" . $_SESSION["appid"]. "&redirect_uri=" . urlencode($_SESSION["callback"])

. "&client_secret=" . $_SESSION["appkey"]. "&code=" . $_REQUEST["code"];

$response = get_url_contents($token_url);

if (strpos($response, "callback") !== false)

{

$lpos = strpos($response, "(");

$rpos = strrpos($response, ")");

$response = substr($response, $lpos + 1, $rpos - $lpos -1);

$msg = json_decode($response);

if (isset($msg->error))

{

echo "

error:

" . $msg->error;

echo "

msg :

" . $msg->error_description;

exit;

}

}

$params = array();

parse_str($response, $params);

$_SESSION["access_token"] = $params["access_token"];

}

else

{

echo("The state does not match. You may be a victim of CSRF.");

}

}

function get_openid()

{

$graph_url = "https://graph.qq.com/oauth2.0/me?access_token="

. $_SESSION['access_token'];

$str = get_url_contents($graph_url);

if (strpos($str, "callback") !== false)

{

$lpos = strpos($str, "(");

$rpos = strrpos($str, ")");

$str = substr($str, $lpos + 1, $rpos - $lpos -1);

}

$user = json_decode($str);

if (isset($user->error))

{

echo "

error:

" . $user->error;

echo "

msg :

" . $user->error_description;

exit;

}

//set openid to session

return $_SESSION["openid"] = $user->openid;

}

function get_user_info()

{

$get_user_info = "https://graph.qq.com/user/get_user_info?"

. "access_token=" . $_SESSION['access_token']

. "&oauth_consumer_key=" . $_SESSION["appid"]

. "&openid=" . $_SESSION["openid"]

. "&format=json";

$info = get_url_contents($get_user_info);

$arr = json_decode($info, true);

return $arr;

}

public function __clone()

{

trigger_error('Clone is not allow' ,E_USER_ERROR);

}

}

/* 公用函数 */

if (!function_exists("do_post"))

{

function do_post($url, $data)

{

$ch = curl_init();

curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);

curl_setopt($ch, CURLOPT_POST, TRUE);

curl_setopt($ch, CURLOPT_POSTFIELDS, $data);

curl_setopt($ch, CURLOPT_URL, $url);

$ret = curl_exec($ch);

curl_close($ch);

return $ret;

}

}

if (!function_exists("get_url_contents"))

{

function get_url_contents($url)

{

if (ini_get("allow_url_fopen") == "1")

return file_get_contents($url);

$ch = curl_init();

curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);

curl_setopt($ch, CURLOPT_URL, $url);

$result = curl_exec($ch);

curl_close($ch);

return $result;

}

}

进行实例化测试：

$config['appid'] = '';

$config['appkey'] = '';

$config['callback'] = '';

$o_qq = Oauth_qq::getInstance($config);

//then

$o_qq->login();

//or

$o_qq->callback();

$o_qq->get_openid();

$o_qq->get_user_info();