[PHP] Oauth授权和本地加密

1.Oauth（开放授权）是一个开放标准，允许用户让第三方应用访问该用户在某一网站上存储的私密资源（如照片，视频，联系人列表），而无需将用户名和密码提供给第三方

 

关键字：appKey appSecret token(令牌)

 

2.SSO授权

如果本地手机装有微博客户端，则直接跳转到微博客户端，只需点击授权按钮，就可以登陆了

 

qq第三方登陆使用Oauth2.0实现，测试代码

点击下面的连接

https://graph.qq.com/oauth2.0/authorize?response_type=code&client_id=101334262&redirect_uri=http://www.qingguow.cn/sso.php

 

具体代码sso.php文件：

<?php
// qq登陆类
class Sso{
    const APP_ID="101334262";
    const APP_KEY="xxxxxxxxxxxxxxx";
    //初始化
    public static function init(){
        header("content-type:text/html;charset=utf-8");
    }
        //主函数
    public static function main(){
        //请求控制
        $action=$_GET['action'];
        if(!empty($action)){
            Sso::$action();
            return;
        }
       
        $par = 'grant_type=authorization_code'
        . '&client_id='.Sso::APP_ID
        . '&client_secret='.Sso::APP_KEY
        . '&code='.$_REQUEST['code']
        . '&redirect_uri='.urlencode('http://www.qingguow.cn/sso.php');
        $rec=Sso::postUrlContents("https://graph.qq.com/oauth2.0/token",$par);
        if(strpos($rec, 'access_token') !== false) {
            parse_str($rec, $accessToken);
            $openidJson=Sso::getUrlContents("https://graph.qq.com/oauth2.0/me?callback=callback&access_token={$accessToken['access_token']}");
            $openidJson=str_replace("callback( ", "", $openidJson);
            $openidJson=str_replace(");", "", $openidJson);
            $openidJson=json_decode($openidJson,true);
            header("location:sso.php?action=getQQinfo&openid={$openidJson['openid']}&access_token={$accessToken['access_token']}");
        }
    }
    //获取用户信息
    public static function getQQinfo(){
        Sso::init();
        $openid=$_GET['openid'];
        $access_token=$_GET['access_token'];
        $userJson=Sso::getUrlContents("https://graph.qq.com/user/get_user_info?openid={$openid}&access_token={$access_token}&oauth_consumer_key=".Sso::APP_ID);
        $user=json_decode($userJson,true);
        print_r($user);
    }
    //get方式请求数据
    public static function getUrlContents($url){
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
        curl_setopt($ch, CURLOPT_HEADER, false);
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_REFERER, $url);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
        $result = curl_exec($ch);
        curl_close($ch);
        return $result;
    }
    //post请求数据
    public static function postUrlContents($url,$data = null){
        $curl = curl_init();
        curl_setopt($curl, CURLOPT_URL, $url);
        curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
        curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, FALSE);
        if (!empty($data)){
        curl_setopt($curl, CURLOPT_POST, 1);
        curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
        }
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
        $output = curl_exec($curl);
        curl_close($curl);
        return $output;
    }

}
Sso::main();