Authored by hf

do fixes bug to qq login oauth bugs

... ... @@ -38,7 +38,7 @@ class Oauth{
// $this->recorder->write('state',$state);
//$_SESSION['qqstate'] = $state;
Session::start('yohobuy_qq_session', null, 'yohobuy.com')->__set('qqstate', $state);
setcookie('_QQ_STATE', $state, 0, '/', '.yohobuy.com');
//-------构造请求参数列表
$keysArr = array(
... ... @@ -59,8 +59,7 @@ class Oauth{
//--------验证state防止CSRF攻击
// if($_GET['state'] != $state){
$state = Session::start('yohobuy_qq_session', null, 'yohobuy.com')->__get('qqstate');
echo $state, '+++', $_GET['state'];
$state = isset($_COOKIE['_QQ_STATE']) ? $_COOKIE['_QQ_STATE'] : null;
if ($_GET['state'] != $state) {
$this->error->showError("30001");
}
... ...
... ... @@ -8,8 +8,6 @@
require_once(QC_CLASS_PATH . 'ErrorCase.class.php');
use Hood\Session;
class Recorder
{
... ... @@ -28,12 +26,8 @@ class Recorder
$this->error->showError("20001");
}
$userData = Session::start('yohobuy_qq_session', null, 'yohobuy.com')->__get('QC_userData');
if (empty($userData)) {
self::$data = array();
} else {
self::$data = $userData;
}
// if(empty($_SESSION['QC_userData'])){
// self::$data = array();
// }else{
... ... @@ -71,8 +65,8 @@ class Recorder
function __destruct()
{
self::$data = null;
//$_SESSION['QC_userData'] = self::$data;
Session::start('yohobuy_qq_session', null, 'yohobuy.com')->__set('QC_userData', self::$data);
}
}
... ...