Home > Article > Backend Development > qq login api php class_PHP tutorial
/**
* QQ operation class
* $Author: shunzi $
* $Id: cls_qq.php 17171 2011-05-30 06:14:00Z shunzi $
*/
class qq_api
{
var $appid = ”;
var $appkey = ”;
var $callback = ”;
var $login_type = 1;
/**
* Constructor
*
* @access public
* @param string $ver version number
*
* @return void
*/
function qq_api($appid, $appkey,$callback,$login_type)
{
$this->appid = $appid;
$this->appkey = $appkey;
$this->callback = $callback;
$this->login_type = $login_type;
}
/**
* @brief Jump to the QQ login page. The request needs to be URL encoded. Please follow RFC 1738
when encoding.
*
* @param $appid
* @param $appkey
* @param $callback
*
* @return The returned string format is: oauth_token=xxx&openid=xxx&oauth_signature=xxx×tamp=xxx&oauth_vericode=xxx
*/
function redirect_to_login()
{
//Jump to the interface address of the QQ login page, do not change it!!
$redirect = “http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_consumer_key=”.$this->appid.”&”;
//Call the get_request_token interface to obtain the unauthorized temporary token
$result = array();
$request_token = $this->get_request_token();
parse_str($request_token, $result);
//request token, request token secret need to be saved
//In the demo, save it directly in the global variable.
//In order to avoid the problem of session being unable to be shared caused by multiple subdomains on the website or the same main domain name and different servers
//Developers are requested to make necessary modifications to session.php according to the comments in comm/session.php in this SDK to solve the above two problems,
$_SESSION["token"] = $result["oauth_token"];
$_SESSION["secret"] = $result["oauth_token_secret"];
//print_r($_SESSION);
if ($result["oauth_token"] == "")
{
//Error conditions are not handled in the sample code. In real situations, websites need to handle error situations themselves
exit;
}
////Construct request URL
$redirect .= “oauth_token=".$result["oauth_token"]."&oauth_callback=".rawurlencode($this->callback);
header(“Location:$redirect”);
}
/**
* @brief Requests a temporary token. The request needs to be URL encoded. Please follow RFC 1738
when encoding.
*
* @param $appid
* @param $appkey
*
* @return The returned string format is: oauth_token=xxx&oauth_token_secret=xxx
*/
function get_request_token()
{
//Interface address for requesting temporary token, do not change!!
$url = “http://openapi.qzone.qq.com/oauth/qzoneoauth_request_token?”;
//Generate oauth_signature signature value. For details on how to generate a signature value, see (http://wiki.opensns.qq.com/wiki/[QQ Login] Description of the signature parameter oauth_signature)
//(1) Construct the source string to generate the signature value (HTTP request method & urlencode(uri) & urlencode(a=x&b=y&…))
$sigstr = “GET”.”&”.rawurlencode(“http://openapi.qzone.qq.com/oauth/qzoneoauth_request_token”).”&”;
//Required parameters
$params = array();
$params["oauth_version"] = “1.0″;
$params["oauth_signature_method"] = “HMAC-SHA1″;
$params["oauth_timestamp"] = time();
$params["oauth_nonce"] = mt_rand();
$params["oauth_consumer_key"] = $this->appid;
//Serialize the parameters in ascending alphabetical order
$normalized_str = $this->get_normalized_string($params);
$sigstr .= rawurlencode($normalized_str);
//(2) Construct key
$key = $this->appkey.”&”;
//(3) Generate oauth_signature signature value. Here you need to ensure that the PHP version supports the hash_hmac function
$signature = $this->get_signature($sigstr, $key);
//Construct request url
$url .= $normalized_str.”&”.”oauth_signature=”.rawurlencode($signature);
//echo “$sigstrn”;
//echo “$urln”;
return file_get_contents($url);
}
/*
* @brief Get user information. The request needs to be URL encoded. Please follow RFC 1738
when encoding.
*
* @param $appid
* @param $appkey
* @param $access_token
* @param $access_token_secret
* @param $openid
*
*/
function get_user_info($access_token, $access_token_secret, $openid)
{
//Interface address for obtaining user information, do not change!!
$url = “http://openapi.qzone.qq.com/user/get_user_info”;
$info = $this->do_get($url, $access_token, $access_token_secret, $openid);
$arr = array();
$arr = json_decode($info, true);
return $arr;
}
/**
* @brief Get access_token. The request needs to be URL encoded. Please follow RFC 1738
when encoding.
*
* @param $appid
* @param $appkey
* @param $request_token
* @param $request_token_secret
* @param $vericode
*
* @return The returned string format is: oauth_token=xxx&oauth_token_secret=xxx&openid=xxx&oauth_signature=xxx&oauth_vericode=xxx×tamp=xxx
*/
function get_access_token($request_token, $request_token_secret, $vericode)
{
//Request the interface address of access_token with Qzone access permission, do not change!!
$url = “http://openapi.qzone.qq.com/oauth/qzoneoauth_access_token?”;
//Generate oauth_signature signature value. For details on how to generate a signature value, see (http://wiki.opensns.qq.com/wiki/[QQ Login] Description of the signature parameter oauth_signature)
//(1) Construct the source string to generate the signature value (HTTP request method & urlencode(uri) & urlencode(a=x&b=y&…))
$sigstr = “GET”.”&”.rawurlencode(“http://openapi.qzone.qq.com/oauth/qzoneoauth_access_token”).”&”;
//Necessary parameters, do not change them casually!!
$params = array();
$params["oauth_version"] = “1.0″;
$params["oauth_signature_method"] = “HMAC-SHA1″;
$params["oauth_timestamp"] = time();
$params["oauth_nonce"] = mt_rand();
$params["oauth_consumer_key"] = $this->appid;
$params["oauth_token"] = $request_token;
$params["oauth_vericode"] = $vericode;
//Serialize the parameters in ascending alphabetical order
$normalized_str = $this->get_normalized_string($params);
$sigstr .= rawurlencode($normalized_str);
//echo “sigstr = $sigstr”;
//(2) Construct key
$key = $this->appkey.”&”.$request_token_secret;
//(3) Generate oauth_signature signature value. Here you need to ensure that the PHP version supports the hash_hmac function
$signature = $this->get_signature($sigstr, $key);
//Construct request url
$url .= $normalized_str.”&”.”oauth_signature=”.rawurlencode($signature);
return file_get_contents($url);
}
/**
* @brief Sort parameters in ascending dictionary order
*
* @param $params parameter list
*
* @return key-value pairs linked with & after sorting (key1=value1&key2=value2…)
*/
function get_normalized_string($params)
{
ksort($params);
$normalized = array();
foreach($params as $key => $val)
{
$normalized[] = $key.”=”.$val;
}
return implode(“&”, $normalized);
}
/**
* @brief Use HMAC-SHA1 algorithm to generate oauth_signature signature value
*
* @param $key Key
* @param $str source string
*
* @return signature value
*/
function get_signature($str, $key)
{
$signature = “”;
if (function_exists(‘hash_hmac’))
{
$signature = base64_encode(hash_hmac(“sha1″, $str, $key, true));
}
else
{
$blocksize = 64;
$hashfunc = ‘sha1′;
if (strlen($key) > $blocksize)
{
$key = pack(‘H*’, $hashfunc($key));
}
$key = str_pad($key,$blocksize,chr(0×00));
$ipad = str_repeat(chr(0×36),$blocksize);
$opad = str_repeat(chr(0x5c),$blocksize);
$hmac = pack(
‘H*’,$hashfunc(
($key^$opad).pack(
‘H*’,$hashfunc(
($key^$ipad).$str
)
)
)
);
$signature = base64_encode($hmac);
}
return $signature;
}
/**
* @brief URL-encodes the string, following rfc1738 urlencode
*
* @param $params
*
* @return URL-encoded string
*/
function get_urlencode_string($params)
{
ksort($params);
$normalized = array();
foreach($params as $key => $val)
{
$normalized[] = $key.”=”.rawurlencode($val);
}
return implode(“&”, $normalized);
}
/**
* @brief Check if openid is legal
*
* @param $openid corresponds to the user’s QQ number
* @param $timestamp Timestamp
* @param $sig Signature value
*
* @return true or false
*/
function is_valid_openid($openid, $timestamp, $sig)
{
$key = $this->appkey;
$str = $openid.$timestamp;
$signature = $this->get_signature($str, $key);
//echo “sig:$sign”;
//echo “str:$strn”;
return $sig == $signature;
}
/**
* @brief All Get requests can use this method
*
* @param $url
* @param $appid
* @param $appkey
* @param $access_token
* @param $access_token_secret
* @param $openid
*
* @return true or false
*/
function do_get($url, $access_token, $access_token_secret, $openid)
{
$sigstr = “GET”.”&”.rawurlencode(“$url”).”&”;
//必要参数, 不要随便更改!!
$params = $_GET;
$params["oauth_version"] = “1.0″;
$params["oauth_signature_method"] = “HMAC-SHA1″;
$params["oauth_timestamp"] = time();
$params["oauth_nonce"] = mt_rand();
$params["oauth_consumer_key"] = $this->appid;
$params["oauth_token"] = $access_token;
$params["openid"] = $openid;
unset($params["oauth_signature"]);
//参数按照字母升序做序列化
$normalized_str = $this->get_normalized_string($params);
$sigstr .= rawurlencode($normalized_str);
//签名,确保php版本支持hash_hmac函数
$key = $this->appkey.”&”.$access_token_secret;
$signature = $this->get_signature($sigstr, $key);
$url .= “?”.$normalized_str.”&”.”oauth_signature=”.rawurlencode($signature);
//echo “$urln”;
return file_get_contents($url);
}
/**
* @brief All multi-part post requests can use this method
*
* @param $url
* @param $appid
* @param $appkey
* @param $access_token
* @param $access_token_secret
* @param $openid
*
*/
function do_multi_post($url, $appid, $appkey, $access_token, $access_token_secret, $openid)
{
//构造签名串.源串:方法[GET|POST]&uri&参数按照字母升序排列
$sigstr = “POST”.”&”.”$url”.”&”;
//必要参数,不要随便更改!!
$params = $_POST;
$params["oauth_version"] = “1.0″;
$params["oauth_signature_method"] = “HMAC-SHA1″;
$params["oauth_timestamp"] = time();
$params["oauth_nonce"] = mt_rand();
$params["oauth_consumer_key"] = $appid;
$params["oauth_token"] = $access_token;
$params["openid"] = $openid;
unset($params["oauth_signature"]);
//获取上传图片信息
foreach ($_FILES as $filename => $filevalue)
{
if ($filevalue["error"] != UPLOAD_ERR_OK)
{
//echo “upload file error $filevalue['error']n”;
//exit;
}
$params[$filename] = file_get_contents($filevalue["tmp_name"]);
}
//对参数按照字母升序做序列化
$sigstr .= $this->get_normalized_string($params);
//签名,需要确保php版本支持hash_hmac函数
$key = $appkey.”&”.$access_token_secret;
$signature = $this->get_signature($sigstr, $key);
$params["oauth_signature"] = $signature;
//处理上传图片
foreach ($_FILES as $filename => $filevalue)
{
$tmpfile = dirname($filevalue["tmp_name"])."/".$filevalue["name"];
move_uploaded_file($filevalue["tmp_name"], $tmpfile);
$params[$filename] = “@$tmpfile”;
}
/*
echo “len: “.strlen($sigstr).”n”;
echo “sig: $sigstrn”;
echo “key: $appkey&n”;
*/
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
curl_setopt($ch, CURLOPT_URL, $url);
$ret = curl_exec($ch);
//$httpinfo = curl_getinfo($ch);
//print_r($httpinfo);
curl_close($ch);
//Delete upload temporary files
unlink($tmpfile);
return $ret;
}
/**
* @brief All post requests can use this method
*
* @param $url
* @param $appid
* @param $appkey
* @param $access_token
* @param $access_token_secret
* @param $openid
*
*/
function do_post($url, $appid, $appkey, $access_token, $access_token_secret, $openid)
{
//Construct signature string. Source string: method [GET|POST]&uri& parameters are arranged in ascending alphabetical order
$sigstr = “POST”.”&”.rawurlencode($url).”&”;
//Necessary parameters, do not change them casually!!
$params = $_POST;
$params["oauth_version"] = “1.0″;
$params["oauth_signature_method"] = “HMAC-SHA1″;
$params["oauth_timestamp"] = time();
$params["oauth_nonce"] = mt_rand();
$params["oauth_consumer_key"] = $appid;
$params["oauth_token"] = $access_token;
$params["openid"] = $openid;
unset($params["oauth_signature"]);
//Serialize the parameters in ascending alphabetical order
$sigstr .= rawurlencode($this->get_normalized_string($params));
//Signature, you need to ensure that the php version supports the hash_hmac function
$key = $appkey.”&”.$access_token_secret;
$signature = $this->get_signature($sigstr, $key);
$params["oauth_signature"] = $signature;
$postdata = $this->get_urlencode_string($params);
//echo “$sigstr******n”;
//echo “$postdatan”;
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt($ch, CURLOPT_URL, $url);
$ret = curl_exec($ch);
curl_close($ch);
return $ret;
}
}
?>
Currently there is only login function, the method will continue to be updated in later projects
Excerpted from Shunzi Network PHP website construction