Authored by hf

do fixes bug to qq login oauth bugs

@@ -8,6 +8,7 @@ @@ -8,6 +8,7 @@
8 require_once(QC_CLASS_PATH.'Recorder.class.php'); 8 require_once(QC_CLASS_PATH.'Recorder.class.php');
9 require_once(QC_CLASS_PATH.'URL.class.php'); 9 require_once(QC_CLASS_PATH.'URL.class.php');
10 require_once(QC_CLASS_PATH.'ErrorCase.class.php'); 10 require_once(QC_CLASS_PATH.'ErrorCase.class.php');
  11 +use Hood\Session;
11 12
12 class Oauth{ 13 class Oauth{
13 14
@@ -35,7 +36,9 @@ class Oauth{ @@ -35,7 +36,9 @@ class Oauth{
35 //-------生成唯一随机串防CSRF攻击 36 //-------生成唯一随机串防CSRF攻击
36 $state = md5(uniqid(rand(), TRUE)); 37 $state = md5(uniqid(rand(), TRUE));
37 // $this->recorder->write('state',$state); 38 // $this->recorder->write('state',$state);
38 - $_SESSION['qqstate'] = $state; 39 + //$_SESSION['qqstate'] = $state;
  40 +
  41 + Session::start('yohobuy_qq_session', null, 'yohobuy.com')->__set('qqstate', $state);
39 42
40 //-------构造请求参数列表 43 //-------构造请求参数列表
41 $keysArr = array( 44 $keysArr = array(
@@ -52,11 +55,13 @@ class Oauth{ @@ -52,11 +55,13 @@ class Oauth{
52 } 55 }
53 56
54 public function qq_callback(){ 57 public function qq_callback(){
55 - $state = $this->recorder->read("state"); 58 + //$state = $this->recorder->read("state");
56 59
57 //--------验证state防止CSRF攻击 60 //--------验证state防止CSRF攻击
58 // if($_GET['state'] != $state){ 61 // if($_GET['state'] != $state){
59 - if ($_GET['state'] != $_SESSION['qqstate']) { 62 + $state = Session::start('yohobuy_qq_session', null, 'yohobuy.com')->__get('qqstate');
  63 +
  64 + if ($_GET['state'] != $state) {
60 $this->error->showError("30001"); 65 $this->error->showError("30001");
61 } 66 }
62 67