www.gusucode.com > Carbon Forum PHP轻论坛系统 v3.6.5源码程序 > Carbon-Forum-3.6.5/oauth.php
<?php require(__DIR__ . '/common.php'); require(__DIR__ . '/language/' . ForumLanguage . '/oauth.php'); function CheckOpenID() { global $DB, $Prefix, $AppID, $OauthObject, $TimeStamp, $SALT, $Config, $CurUserID, $Lang; $OauthUserID = $DB->single("SELECT UserID FROM " . $Prefix . "app_users WHERE AppID=:AppID AND OpenID = :OpenID", array( 'AppID' => $AppID, 'OpenID' => $OauthObject->OpenID )); // 当前openid已存在,直接登陆 if ($OauthUserID) { $OauthUserInfo = $DB->row("SELECT * FROM " . $Prefix . "users WHERE ID = :UserID", array( "UserID" => $OauthUserID )); $TemporaryUserExpirationTime = 30 * 86400 + $TimeStamp; //默认保持30天登陆状态 SetCookies(array( 'UserID' => $OauthUserID, 'UserExpirationTime' => $TemporaryUserExpirationTime, 'UserCode' => md5($OauthUserInfo['Password'] . $OauthUserInfo['Salt'] . $TemporaryUserExpirationTime . $SALT) ), 30); header('location: ' . $Config['WebsitePath'] . '/'); exit(); }elseif ($CurUserID) { // 如果已登陆,直接绑定当前账号 //Insert App user if( $DB->query('INSERT INTO `' . $Prefix . 'app_users` (`ID`, `AppID`, `OpenID`, `AppUserName`, `UserID`, `Time`) VALUES (:ID, :AppID, :OpenID, :AppUserName, :UserID, :Time)', array( 'ID' => null, 'AppID' => $AppID, 'OpenID' => $OauthObject->OpenID, 'AppUserName' => htmlspecialchars($OauthObject->NickName), 'UserID' => $CurUserID, 'Time' => $TimeStamp ))){ AlertMsg($Lang['Binding_Success'], $Lang['Binding_Success']); }else{ AlertMsg($Lang['Binding_Failure'], $Lang['Binding_Failure']); } } } $AppID = intval(Request('Get', 'app_id')); $AppInfo = $DB->row('SELECT * FROM ' . $Prefix . 'app WHERE ID=:ID', array( 'ID' => $AppID )); if (!file_exists(__DIR__ . '/includes/Oauth.' . $AppInfo['AppName'] . '.class.php') || !$AppInfo) { AlertMsg('404 Not Found', '404 Not Found', 404); } else { require(__DIR__ . '/includes/Oauth.' . $AppInfo['AppName'] . '.class.php'); $OauthObject = new Oauth($AppInfo['AppKey']); } $Code = Request('Get', 'code'); $State = Request('Get', 'state'); session_start(); if ($_SERVER['REQUEST_METHOD'] == 'GET') { //如果不是认证服务器跳转回的回调页,则跳转回授权服务页 if (!$Code || !$State || empty($_SESSION[$Prefix . 'OauthState']) || $State != $_SESSION[$Prefix . 'OauthState']) { //生成State值防止CSRF $SendState = md5(uniqid(rand(), TRUE)); $_SESSION[$Prefix . 'OauthState'] = $SendState; // 授权地址 $AuthorizeURL = Oauth::AuthorizeURL('http://' . $_SERVER['HTTP_HOST'] . $Config['WebsitePath'], $AppID, $AppInfo['AppKey'], $SendState); header("HTTP/1.1 301 Moved Permanently"); header("Status: 301 Moved Permanently"); header("Location: " . $AuthorizeURL); exit(); } $Message = ''; //下面是回调页面的处理 if (!$OauthObject->GetAccessToken('http://' . $_SERVER['HTTP_HOST'] . $Config['WebsitePath'], $AppID, $AppInfo['AppSecret'], $Code)) { AlertMsg('400 Bad Request', '400 Bad Request', 400); } if (!$OauthObject->GetOpenID()) { AlertMsg('400 Bad Request', '400 Bad Request', 400); } // 非Post页,储存AccessToken $_SESSION[$Prefix . 'OauthAccessToken'] = $OauthObject->AccessToken; // 释放session防止阻塞 session_write_close(); $OauthUserID = $DB->single("SELECT UserID FROM " . $Prefix . "app_users WHERE AppID=:AppID AND OpenID = :OpenID", array( 'AppID' => $AppID, 'OpenID' => $OauthObject->OpenID )); $OauthObject->GetUserInfo(); CheckOpenID(); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (!ReferCheck(Request('Post', 'FormHash')) || empty($_SESSION[$Prefix . 'OauthAccessToken']) || !$State || empty($_SESSION[$Prefix . 'OauthState']) || $State != $_SESSION[$Prefix . 'OauthState']) { AlertMsg($Lang['Error_Unknown_Referer'], $Lang['Error_Unknown_Referer'], 403); } // 读入Access Token $OauthObject->AccessToken = $_SESSION[$Prefix . 'OauthAccessToken']; // 释放session防止阻塞 session_write_close(); if (!$OauthObject->GetOpenID()) { AlertMsg('400 Bad Request', '400 Bad Request', 400); } $OauthUserInfo = $OauthObject->GetUserInfo(); CheckOpenID(); $UserName = strtolower(Request('Post', 'UserName')); if ($UserName && IsName($UserName)) { $UserExist = $DB->single("SELECT ID FROM " . $Prefix . "users WHERE UserName = :UserName", array( 'UserName' => $UserName )); if (!$UserExist) { $NewUserSalt = mt_rand(100000, 999999); $NewUserPassword = 'zzz' . substr(md5(md5(mt_rand(1000000000, 2147483647)) . $NewUserSalt), 0, -3); $NewUserData = array( 'ID' => null, 'UserName' => $UserName, 'Salt' => $NewUserSalt, 'Password' => $NewUserPassword, 'UserMail' => '', 'UserHomepage' => '', 'PasswordQuestion' => '', 'PasswordAnswer' => '', 'UserSex' => 0, 'NumFavUsers' => 0, 'NumFavTags' => 0, 'NumFavTopics' => 0, 'NewMessage' => 0, 'Topics' => 0, 'Replies' => 0, 'Followers' => 0, 'DelTopic' => 0, 'GoodTopic' => 0, 'UserPhoto' => '', 'UserMobile' => '', 'UserLastIP' => $CurIP, 'UserRegTime' => $TimeStamp, 'LastLoginTime' => $TimeStamp, 'LastPostTime' => $TimeStamp, 'BlackLists' => '', 'UserFriend' => '', 'UserInfo' => '', 'UserIntro' => '', 'UserIM' => '', 'UserRoleID' => 1, 'UserAccountStatus' => 1, 'Birthday' => date("Y-m-d", $TimeStamp) ); $DB->query('INSERT INTO `' . $Prefix . 'users` (`ID`, `UserName`, `Salt`, `Password`, `UserMail`, `UserHomepage`, `PasswordQuestion`, `PasswordAnswer`, `UserSex`, `NumFavUsers`, `NumFavTags`, `NumFavTopics`, `NewMessage`, `Topics`, `Replies`, `Followers`, `DelTopic`, `GoodTopic`, `UserPhoto`, `UserMobile`, `UserLastIP`, `UserRegTime`, `LastLoginTime`, `LastPostTime`, `BlackLists`, `UserFriend`, `UserInfo`, `UserIntro`, `UserIM`, `UserRoleID`, `UserAccountStatus`, `Birthday`) VALUES (:ID, :UserName, :Salt, :Password, :UserMail, :UserHomepage, :PasswordQuestion, :PasswordAnswer, :UserSex, :NumFavUsers, :NumFavTags, :NumFavTopics, :NewMessage, :Topics, :Replies, :Followers, :DelTopic, :GoodTopic, :UserPhoto, :UserMobile, :UserLastIP, :UserRegTime, :LastLoginTime, :LastPostTime, :BlackLists, :UserFriend, :UserInfo, :UserIntro, :UserIM, :UserRoleID, :UserAccountStatus, :Birthday)', $NewUserData); $CurUserID = $DB->lastInsertId(); //Insert App user $DB->query('INSERT INTO `' . $Prefix . 'app_users` (`ID`, `AppID`, `OpenID`, `AppUserName`, `UserID`, `Time`) VALUES (:ID, :AppID, :OpenID, :AppUserName, :UserID, :Time)', array( 'ID' => null, 'AppID' => $AppID, 'OpenID' => $OauthObject->OpenID, 'AppUserName' => htmlspecialchars($OauthObject->NickName), 'UserID' => $CurUserID, 'Time' => $TimeStamp )); //var_dump(htmlspecialchars($OauthObject->NickName)); //更新全站统计数据 $NewConfig = array( "NumUsers" => $Config["NumUsers"] + 1, "DaysUsers" => $Config["DaysUsers"] + 1 ); UpdateConfig($NewConfig); // 设置登录状态 $TemporaryUserExpirationTime = 30 * 86400 + $TimeStamp; //默认保持30天登陆状态 SetCookies(array( 'UserID' => $CurUserID, 'UserExpirationTime' => $TemporaryUserExpirationTime, 'UserCode' => md5($NewUserPassword . $NewUserSalt . $TemporaryUserExpirationTime . $SALT) ), 30); if ($OauthUserInfo) { //获取并缩放头像 require(__DIR__ . "/includes/ImageResize.class.php"); $UploadAvatar = new ImageResize('String', URL::Get($OauthObject->AvatarURL)); $LUploadResult = $UploadAvatar->Resize(256, 'upload/avatar/large/' . $CurUserID . '.png', 80); $MUploadResult = $UploadAvatar->Resize(48, 'upload/avatar/middle/' . $CurUserID . '.png', 90); $SUploadResult = $UploadAvatar->Resize(24, 'upload/avatar/small/' . $CurUserID . '.png', 90); }else{ if(extension_loaded('gd')){ require(__DIR__ . "/includes/MaterialDesign.Avatars.class.php"); $Avatar = new MDAvtars(mb_substr($UserName, 0, 1, "UTF-8"), 256); $Avatar->Save('upload/avatar/large/' . $CurUserID . '.png', 256); $Avatar->Save('upload/avatar/middle/' . $CurUserID . '.png', 48); $Avatar->Save('upload/avatar/small/' . $CurUserID . '.png', 24); $Avatar->Free(); } } header('location: ' . $Config['WebsitePath'] . '/'); exit(); } else { $Message = $Lang['This_User_Name_Already_Exists']; } } else { $Message = $Lang['UserName_Error']; } } $DB->CloseConnection(); $PageTitle = $Lang['Set_Your_Username']; $ContentFile = $TemplatePath . 'oauth.php'; include($TemplatePath . 'layout.php');