微信和QQ網頁授權登錄

一：微信授權

//用戶授權

public function is_weixin(){ $url = "https://open.weixin.qq.com/connect/oauth2/authorize?appid=xxxxxxxxxxxxxxx&redirect_uri=http://xxx.xxxxx.com/index.php/privilege/getWeixinUser&response_type=code&scope=snsapi_userinfo&state=1#wechat_redirect"; redirect($url); }

 

上面的$url 中有5個get參數，前面2個get參數的值由我們指定,即appid 和 redirect_uri 

　　appid="微信APP_ID"

　　redirect_uri="回調地址"

以上例子中 is_weixin 方法執行后瀏覽器會訪問 redirect_uri所填寫的地址，也就是會執行privilege中的getWeixinUser方法

 

public function getWeixinUser(){ $appid = "xxxxxxxxxxxxxxxxxxxxxxx"; $secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; $code = $_GET["code"]; $get_token_url = 'https://api.weixin.qq.com/sns/oauth2/access_token?appid='.$appid.'&secret='.$secret.'&code='.$code.'&grant_type=authorization_code'; $ch = curl_init(); curl_setopt($ch,CURLOPT_URL,$get_token_url); curl_setopt($ch,CURLOPT_HEADER,0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 ); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); $res = curl_exec($ch); curl_close($ch); $json_obj = json_decode($res,true); //根據openid和access_token查詢用戶信息 
$access_token = $json_obj['access_token']; $openid = $json_obj['openid']; $get_user_info_url = 'https://api.weixin.qq.com/sns/userinfo?access_token='.$access_token.'&openid='.$openid.'&lang=zh_CN'; $ch = curl_init(); curl_setopt($ch,CURLOPT_URL,$get_user_info_url); curl_setopt($ch,CURLOPT_HEADER,0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 ); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); $res = curl_exec($ch); curl_close($ch); //解析json
$user_obj = json_decode($res,true); // array( // [openid] => o3ushwi5OiaBfCNA2F187BKPdnfU // [nickname] => xxx // [sex] => 1 // [language] => zh_CN // [city] => 深圳 // [province] => 廣東 // [country] => 中國 // [headimgurl] => http://wx.qlogo.cn/mmopen/qibdIUkiaxRnic3D9icdBOonZxI3HibH1sP1xKchqhlDOnQibVuxhfNxHVvRJCrfz9jOkR5uZxsWiaToMIQQ0spkRNfG325j8NaGO67/0 // );
 }

getWeixinUser方法中最終得到的$user_obj就是一個包含了用戶微信基本信息的數組。

 

二：QQ授權

 第一步，跳轉到QQ授權頁面,獲取(Authorization) Code值

/*QQ登陸*/
public function qqlogin(){ $appid = 'xxxxxxxxxxx'; $appkey = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';
 $scope = "get_user_info";
 //成功授權后的回調地址,需要進行urlencode
$my_url = "http://www.nightlostk.com/index.php/privilege/callback"; set_sess('state',md5(uniqid(rand(), TRUE))); $login_url = "https://graph.qq.com/oauth2.0/authorize?response_type=code&client_id=".$appid."&redirect_uri=" .urlencode($my_url)."&state=".get_sess('state')."&scope=".$scope; redirect($login_url); }

 

代碼運行后會跳轉到類似如下頁面:

　用戶點擊QQ頭像即表示授權並登錄。頁面將會跳轉到 上面代碼中的回調地址

　　//成功授權后的回調地址,需要進行urlencode
　　$my_url = "http://www.nightlostk.com/index.php/privilege/callback";

實際上回調地址會附帶一些上get參數。 實際的地址為: http://www.nightlostk.com/index.php/privilege/callback?code=xxxxxxxxxxxx&state=xxxxxxxxxxxxxx

可以理解為第一步就是為了獲取到返回的get參數 code的值

第二步, 通過Authorization Code獲取Access Token->openid->用戶基本信息

在第一步中，頁面最后跳轉到

http://www.nightlostk.com/index.php/privilege/callback?code=xxxxxxxxxxxx&state=xxxxxxxxxxxxxx
在PHP中會執行 privilege中的 callback方法

/*QQ登陸回調地址*/
    public function callback(){ $appid = '101261269'; $appkey = 'adcaacfadd912ecc5991aa6936aafe0d'; $my_url = "http://m.etripbon.com/index.php/privilege/callback"; //Step2：通過Authorization Code獲取Access Token
        if($_REQUEST['state'] == get_sess('state')) { $code = $_REQUEST["code"]; //拼接URL 
            $token_url = "https://graph.qq.com/oauth2.0/token?grant_type=authorization_code&"."client_id=".$appid."&redirect_uri=".urlencode($my_url)."&client_secret=".$appkey."&code=".$code; $response = $this->https_request($token_url); //Step3：使用Access Token來獲取用戶的OpenID
            $params = array(); parse_str($response, $params); $graph_url = "https://graph.qq.com/oauth2.0/me?access_token=".$params['access_token']; $access_token = $params["access_token"];         
            $str = $this->https_request($graph_url); $user = json_decode($str);$openid = $user->openid; $url = "https://graph.qq.com/user/get_user_info?access_token=".$access_token."&oauth_consumer_key=".$appid."&openid=".$openid; $output = $this->https_request($url); $jsoninfo = json_decode($output, true);  }else{ echo("The state does not match. You may be a victim of CSRF."); } }

  

public function https_request($url,$data = null){
        if(function_exists('curl_init')){
            $curl = curl_init();
            curl_setopt($curl, CURLOPT_URL, $url);
            curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
            curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, FALSE);
            curl_setopt($curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
            if (!empty($data)){
                curl_setopt($curl, CURLOPT_POST, 1);
                curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
            }
            curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
            $output = curl_exec($curl);
            curl_close($curl);
            return $output;
        }else{
            return false;
        }
    }

 

  在callback方法中，通過第一步獲取的code值來組裝好url

https://graph.qq.com/oauth2.0/token?grant_type=authorization_code&"."client_id=".$appid."&redirect_uri=".urlencode($my_url)."&client_secret=".$appkey."&code=".$code

請求這個url 獲取到 Access Token

Access Token 有了以后組裝出如下url

$graph_url = "https://graph.qq.com/oauth2.0/me?access_token=".$params['access_token']

請求這個url 獲取到用戶的 openid

openid 有了以后組裝出如下url

$url = "https://graph.qq.com/user/get_user_info?access_token=".$access_token."&oauth_consumer_key=".$appid."&openid=".$openid;

請求這個url 獲取到用戶的基本信息，到此為止，用戶的QQ基本信息就獲取到了。后續則是根據自己項目的業務需求來處理這些信息即可。

返回的QQ用戶基本信息如下圖所示