Home Esplora Aiuto
Accedi
dream
/
platform
2
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Albero (Tree): a53fcaeb45
Rami (Branch) Tag
platform
/
app
/
source
/
auth
/
session.ctrl.php

session.ctrl.php 5.5 KB
Cronologia Originale

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171 
  1. <?php
    2. 

  2. /**
    3. 

  3.  * [WeEngine System] Copyright (c) 2014 WE7.CC
    4. 

  4.  * WeEngine is NOT a free software, it under the license terms, visited http://www.we7.cc/ for more details.
    5. 

  5.  */
    6. 

  6. 

  7. defined('IN_IA') or exit('Access Denied');
    8. 

  8. 

  9. load()->model('mc');
    10. 

  10. 

  11. $dos = array('openid', 'userinfo', 'check');
    12. 

  12. $do = in_array($do, $dos) ? $do : 'openid';
    13. 

  13. 

  14. $account_api = WeAccount::createByUniacid();
    15. 

  15. if ($do == 'openid') {
    16. 

  16. 	
    17. 

  17. 	$code = $_GPC['code'];
    18. 

  18. 	$openid = $_GPC['openid'];
    19. 

  19. 	
    20. 

  20. 	if (empty($openid) && !empty($_W['openid'])) {
    21. 

  21. 		$openid = $_W['openid'];
    22. 

  22. 	}
    23. 

  23. 	
    24. 

  24. 	if (empty($_W['account']['oauth']) || (empty($code) && empty($openid))) {
    25. 

  25. 		exit('通信错误,请在微信中重新发起请求');
    26. 

  26. 	}
    27. 

  27. 	
    28. 

  28. 	if (!empty($openid)) {
    29. 

  29. 		$_SESSION['openid'] = $oauth['openid'];
    30. 

  30. 		$fans = mc_fansinfo($openid);
    31. 

  31. 		if (!empty($fans)) {
    32. 

  32. 			$account_api->result(0, '', array('sessionid' => $_W['session_id'], 'userinfo' => $fans));
    33. 

  33. 		} else {
    34. 

  34. 			$account_api->result(1, 'openid不存在');
    35. 

  35. 		}
    36. 

  36. 	}
    37. 

  37. 	$oauth = $account_api->getOauthInfo($code);
    38. 

  38. 	if (!empty($oauth) && !is_error($oauth)) {
    39. 

  39. 		$_SESSION['openid'] = $oauth['openid'];
    40. 

  40. 		$_SESSION['session_key'] = $oauth['session_key'];
    41. 

  41. 				$fans = mc_fansinfo($oauth['openid']);
    42. 

  42. 		if (empty($fans)) {
    43. 

  43. 			$record = array(
    44. 

  44. 				'openid' => $oauth['openid'],
    45. 

  45. 				'unionid' => $oauth['unionid'],
    46. 

  46. 				'uid' => 0,
    47. 

  47. 				'acid' => $_W['acid'],
    48. 

  48. 				'uniacid' => $_W['uniacid'],
    49. 

  49. 				'salt' => random(8),
    50. 

  50. 				'updatetime' => TIMESTAMP,
    51. 

  51. 				'nickname' => '',
    52. 

  52. 				'follow' => '1',
    53. 

  53. 				'followtime' => TIMESTAMP,
    54. 

  54. 				'unfollowtime' => 0,
    55. 

  55. 				'tag' => '',
    56. 

  56. 			);
    57. 

  57. 			$email = md5($oauth['openid']).'@we7.cc';
    58. 

  58. 			$email_exists_member = pdo_getcolumn('mc_members', array('email' => $email, 'uniacid' => $_W['uniacid']), 'uid');
    59. 

  59. 			if (!empty($email_exists_member)) {
    60. 

  60. 				$uid = $email_exists_member;
    61. 

  61. 			} else {
    62. 

  62. 				$default_groupid = pdo_fetchcolumn('SELECT groupid FROM ' .tablename('mc_groups') . ' WHERE uniacid = :uniacid AND isdefault = 1', array(':uniacid' => $_W['uniacid']));
    63. 

  63. 				$data = array(
    64. 

  64. 					'uniacid' => $_W['uniacid'],
    65. 

  65. 					'email' => $email,
    66. 

  66. 					'salt' => random(8),
    67. 

  67. 					'groupid' => $default_groupid,
    68. 

  68. 					'createtime' => TIMESTAMP,
    69. 

  69. 					'password' => md5($message['from'] . $data['salt'] . $_W['config']['setting']['authkey']),
    70. 

  70. 					'nickname' => '',
    71. 

  71. 					'avatar' => '',
    72. 

  72. 					'gender' => '',
    73. 

  73. 					'nationality' => '',
    74. 

  74. 					'resideprovince' => '',
    75. 

  75. 					'residecity' => '',
    76. 

  76. 				);
    77. 

  77. 				pdo_insert('mc_members', $data);
    78. 

  78. 				$uid = pdo_insertid();
    79. 

  79. 			}
    80. 

  80. 			$record['uid'] = $uid;
    81. 

  81. 			$_SESSION['uid'] = $uid;
    82. 

  82. 			pdo_insert('mc_mapping_fans', $record);
    83. 

  83. 		} else {
    84. 

  84. 			$userinfo = $fans['tag'];
    85. 

  85. 			$uid = $fans['uid'];
    86. 

  86. 		}
    87. 

  87. 		if (empty($userinfo)) {
    88. 

  88. 			$userinfo = array(
    89. 

  89. 				'openid' => $oauth['openid'],
    90. 

  90. 			);
    91. 

  91. 		}
    92. 

  92. 		$_SESSION['userinfo'] = base64_encode(iserializer($userinfo));
    93. 

  93. 		$account_api->result(0, '', array('sessionid' => $_W['session_id'], 'userinfo' => $fans, 'openid' => $oauth['openid']));
    94. 

  94. 	} else {
    95. 

  95. 		$account_api->result(1, $oauth['message']);
    96. 

  96. 	}
    97. 

  97. } elseif ($do == 'userinfo') {
    98. 

  98. 	$encrypt_data = $_GPC['encryptedData'];
    99. 

  99. 	$iv = $_GPC['iv'];
    100. 

  100. 	if (empty($_SESSION['session_key']) || empty($encrypt_data) || empty($iv)) {
    101. 

  101. 		$account_api->result(1, '请先登录');
    102. 

  102. 	}
    103. 

  103. 	$sign = sha1($_POST['rawData'].$_SESSION['session_key']);
    104. 

  104. 	if ($sign !== $_GPC['signature']) {
    105. 

  105. 		$account_api->result(1, '签名错误');
    106. 

  106. 	}
    107. 

  107. 

  108. 	$userinfo = $account_api->pkcs7Encode($encrypt_data, $iv);
    109. 

  109. 	$userinfo['nickname'] = $userinfo['nickName'];
    110. 

  110. 	$_SESSION['userinfo'] = base64_encode(iserializer($userinfo));
    111. 

  111. 

  112. 	$fans = mc_fansinfo($userinfo['openId']);
    113. 

  113. 	$fans_update = array(
    114. 

  114. 		'nickname' => $userinfo['nickName'],
    115. 

  115. 		'unionid' => $userinfo['unionId'],
    116. 

  116. 		'tag' => base64_encode(iserializer(array(
    117. 

  117. 			'subscribe' => 1,
    118. 

  118. 			'openid' => $userinfo['openId'],
    119. 

  119. 			'nickname' => $userinfo['nickName'],
    120. 

  120. 			'sex' => $userinfo['gender'],
    121. 

  121. 			'language' => $userinfo['language'],
    122. 

  122. 			'city' => $userinfo['city'],
    123. 

  123. 			'province' => $userinfo['province'],
    124. 

  124. 			'country' => $userinfo['country'],
    125. 

  125. 			'headimgurl' => $userinfo['avatarUrl'],
    126. 

  126. 		))),
    127. 

  127. 	);
    128. 

  128. 		/*if (!empty($userinfo['unionId'])) {
    129. 

  129. 		$union_fans = pdo_get('mc_mapping_fans', array('unionid' => $userinfo['unionId'], 'openid !=' => $userinfo['openId']));
    130. 

  130. 		if (!empty($union_fans['uid'])) {
    131. 

  131. 			if (!empty($fans['uid'])) {
    132. 

  132. 				
    133. 

  133. 			}
    134. 

  134. 			$fans_update['uid'] = $union_fans['uid'];
    135. 

  135. 			$_SESSION['uid'] = $union_fans['uid'];
    136. 

  136. 		}
    137. 

  137. 	}*/
    138. 

  138. 	
    139. 

  139. 	$member = mc_fetch($fans['uid']);
    140. 

  140. 	if (!empty($member)) {
    141. 

  141. 		pdo_update('mc_members', array('nickname' => $userinfo['nickName'], 'avatar' => $userinfo['avatarUrl'], 'gender' => $userinfo['gender']), array('uid' => $fans['uid']));
    142. 

  142. 	} else {
    143. 

  143. 		$default_groupid = pdo_fetchcolumn('SELECT groupid FROM ' .tablename('mc_groups') . ' WHERE uniacid = :uniacid AND isdefault = 1', array(':uniacid' => $_W['uniacid']));
    144. 

  144. 		$member = array(
    145. 

  145. 			'uniacid' => $_W['uniacid'],
    146. 

  146. 			'email' => md5($_SESSION['openid']).'@we7.cc',
    147. 

  147. 			'salt' => random(8),
    148. 

  148. 			'groupid' => $default_groupid,
    149. 

  149. 			'createtime' => TIMESTAMP,
    150. 

  150. 			'password' => md5($userinfo['openId'] . $member['salt'] . $_W['config']['setting']['authkey']),
    151. 

  151. 			'nickname' => $userinfo['nickName'],
    152. 

  152. 			'avatar' => $userinfo['avatarUrl'],
    153. 

  153. 			'gender' => $userinfo['gender'],
    154. 

  154. 			'nationality' => '',
    155. 

  155. 			'resideprovince' => '',
    156. 

  156. 			'residecity' => '',
    157. 

  157. 		);
    158. 

  158. 		pdo_insert('mc_members', $member);
    159. 

  159. 		$fans_update['uid'] = pdo_insertid();
    160. 

  160. 	}
    161. 

  161. 	pdo_update('mc_mapping_fans', $fans_update, array('fanid' => $fans['fanid']));
    162. 

  162. 	unset($member['password']);
    163. 

  163. 	unset($member['salt']);
    164. 

  164. 	$account_api->result(0, '', $member);
    165. 

  165. } elseif ($do == 'check') {
    166. 

  166. 	if (!empty($_W['openid'])) {
    167. 

  167. 		$account_api->result(0);
    168. 

  168. 	} else {
    169. 

  169. 		$account_api->result(1, 'session失效,请重新发起登录请求');
    170. 

  170. 	}
    171. 

  171. }
    172.