do fixes bug to qq login oauth bugs
Showing
1 changed file
with
8 additions
and
3 deletions
@@ -8,6 +8,7 @@ | @@ -8,6 +8,7 @@ | ||
8 | require_once(QC_CLASS_PATH.'Recorder.class.php'); | 8 | require_once(QC_CLASS_PATH.'Recorder.class.php'); |
9 | require_once(QC_CLASS_PATH.'URL.class.php'); | 9 | require_once(QC_CLASS_PATH.'URL.class.php'); |
10 | require_once(QC_CLASS_PATH.'ErrorCase.class.php'); | 10 | require_once(QC_CLASS_PATH.'ErrorCase.class.php'); |
11 | +use Hood\Session; | ||
11 | 12 | ||
12 | class Oauth{ | 13 | class Oauth{ |
13 | 14 | ||
@@ -35,7 +36,9 @@ class Oauth{ | @@ -35,7 +36,9 @@ class Oauth{ | ||
35 | //-------生成唯一随机串防CSRF攻击 | 36 | //-------生成唯一随机串防CSRF攻击 |
36 | $state = md5(uniqid(rand(), TRUE)); | 37 | $state = md5(uniqid(rand(), TRUE)); |
37 | // $this->recorder->write('state',$state); | 38 | // $this->recorder->write('state',$state); |
38 | - $_SESSION['qqstate'] = $state; | 39 | + //$_SESSION['qqstate'] = $state; |
40 | + | ||
41 | + Session::start('yohobuy_qq_session', null, 'yohobuy.com')->__set('qqstate', $state); | ||
39 | 42 | ||
40 | //-------构造请求参数列表 | 43 | //-------构造请求参数列表 |
41 | $keysArr = array( | 44 | $keysArr = array( |
@@ -52,11 +55,13 @@ class Oauth{ | @@ -52,11 +55,13 @@ class Oauth{ | ||
52 | } | 55 | } |
53 | 56 | ||
54 | public function qq_callback(){ | 57 | public function qq_callback(){ |
55 | - $state = $this->recorder->read("state"); | 58 | + //$state = $this->recorder->read("state"); |
56 | 59 | ||
57 | //--------验证state防止CSRF攻击 | 60 | //--------验证state防止CSRF攻击 |
58 | // if($_GET['state'] != $state){ | 61 | // if($_GET['state'] != $state){ |
59 | - if ($_GET['state'] != $_SESSION['qqstate']) { | 62 | + $state = Session::start('yohobuy_qq_session', null, 'yohobuy.com')->__get('qqstate'); |
63 | + | ||
64 | + if ($_GET['state'] != $state) { | ||
60 | $this->error->showError("30001"); | 65 | $this->error->showError("30001"); |
61 | } | 66 | } |
62 | 67 |
-
Please register or login to post a comment