|
...
|
...
|
@@ -8,6 +8,7 @@ |
|
|
|
require_once(QC_CLASS_PATH.'Recorder.class.php');
|
|
|
|
require_once(QC_CLASS_PATH.'URL.class.php');
|
|
|
|
require_once(QC_CLASS_PATH.'ErrorCase.class.php');
|
|
|
|
use Hood\Session;
|
|
|
|
|
|
|
|
class Oauth{
|
|
|
|
|
|
...
|
...
|
@@ -35,8 +36,10 @@ class Oauth{ |
|
|
|
//-------生成唯一随机串防CSRF攻击
|
|
|
|
$state = md5(uniqid(rand(), TRUE));
|
|
|
|
// $this->recorder->write('state',$state);
|
|
|
|
$_SESSION['qqstate'] = $state;
|
|
|
|
|
|
|
|
//$_SESSION['qqstate'] = $state;
|
|
|
|
|
|
|
|
Session::start('yohobuy_qq_session', null, 'yohobuy.com')->__set('qqstate', $state);
|
|
|
|
|
|
|
|
//-------构造请求参数列表
|
|
|
|
$keysArr = array(
|
|
|
|
"response_type" => "code",
|
|
...
|
...
|
@@ -52,11 +55,13 @@ class Oauth{ |
|
|
|
}
|
|
|
|
|
|
|
|
public function qq_callback(){
|
|
|
|
$state = $this->recorder->read("state");
|
|
|
|
//$state = $this->recorder->read("state");
|
|
|
|
|
|
|
|
//--------验证state防止CSRF攻击
|
|
|
|
// if($_GET['state'] != $state){
|
|
|
|
if ($_GET['state'] != $_SESSION['qqstate']) {
|
|
|
|
$state = Session::start('yohobuy_qq_session', null, 'yohobuy.com')->__get('qqstate');
|
|
|
|
|
|
|
|
if ($_GET['state'] != $state) {
|
|
|
|
$this->error->showError("30001");
|
|
|
|
}
|
|
|
|
|
...
|
...
|
|
