


Share the pitfalls encountered when connecting php to QQ to log in to OAuth2.0
The following editor will bring you a brief discussion of the pitfalls encountered in the process of PHP access (third-party login) QQ login OAuth2.0. The editor thinks it is quite good, so I will share it with you now and give it as a reference for everyone. Let’s follow the editor and take a look.
Preface
Most websites have integrated third-party login, lowering the registration threshold and enhancing user experience. Recently I looked at the interface documentation for QQ login on QQ Internet. The general process of accessing QQ login is as follows: first apply as a developer -> then create an application (get a set of AppId and AppKey) -> get access_token -> get openid -> call openApi to access or modify User Info.
However, from the time you apply for an individual developer, pitfalls begin.
1. Apply for (individual) developer
The page for applying for developer information on the QQ Internet is too simple and lacks details. , for example, there was no description at all about the shooting details of the front-facing ID card photo. I directly uploaded the "ID card front-facing photo" at that time, and then waited for 3 days. Three days later, I received an email notification from Tencent Open Platform saying that the review had not been passed and I needed to Holding ID card. Okay, let’s reshoot it~~. After asking customer service, I determined the correct posture for taking the "holding ID card" shot. Then I changed the platform, changed my application information in the Tencent Open Platform, and re-uploaded the ID card. I noticed that there was a photo below the upload box. Tip, I took a look at the photo of a young lady holding her ID card. It’s pretty good-looking, and the prompts are friendly. It’s much better than the application page on QQ Internet. After another 2 days, the review was approved.
So, if you are applying for a developer, it is best to apply on the Tencent Open Platform. The information is relatively detailed and more friendly. QQ Internet feels like it has not been maintained for a long time.
2. Interface call - publish Weibo
(1) Interface add_t for publishing Weibo: the required parameter is content Weibo content . When calling, the parameters must be passed in in the form of array key-value pairs, otherwise an error will be reported saying that no parameters are provided.
$qc = new QC('你的access_token', '你的openid'); $weibo = [ 'content' => '微博内容' ]; $result = $qc->add_t($weibo);
(2) Interface for publishing Weibo with pictures add_pic_t: The required parameters are content Weibo content and pic Weibo picture. When calling, parameters are also passed in key-value pairs. Moreover, the image is uploaded in the form of a binary stream. I have never found any interface examples about it in the documentation. Finally, I used the CURLFIle class to implement image stream upload.
$qc = new QC('你的access_token', '你的openid'); $weibo = [ 'content' => '微博内容', 'pic' => new CURLFile('要上传的图片路径') ]; $result = $qc->add_pic_t($weibo);
Note that the pic parameter value is an instance of the CURLFile class (the image path is preferably an absolute path). Some information on the Internet introduces the file(image_path) and file_get_contents(image_path) methods to set the pic parameter, but I have not succeeded here (weibo posted successfully, but there is no picture).
Summary
The main pitfalls are these two, the review platform issue and the Weibo image upload issue. It may be used in the future, so I’ll record it here as a memo.
The above is the detailed content of Share the pitfalls encountered when connecting php to QQ to log in to OAuth2.0. For more information, please follow other related articles on the PHP Chinese website!

PHPidentifiesauser'ssessionusingsessioncookiesandsessionIDs.1)Whensession_start()iscalled,PHPgeneratesauniquesessionIDstoredinacookienamedPHPSESSIDontheuser'sbrowser.2)ThisIDallowsPHPtoretrievesessiondatafromtheserver.

The security of PHP sessions can be achieved through the following measures: 1. Use session_regenerate_id() to regenerate the session ID when the user logs in or is an important operation. 2. Encrypt the transmission session ID through the HTTPS protocol. 3. Use session_save_path() to specify the secure directory to store session data and set permissions correctly.

PHPsessionfilesarestoredinthedirectoryspecifiedbysession.save_path,typically/tmponUnix-likesystemsorC:\Windows\TemponWindows.Tocustomizethis:1)Usesession_save_path()tosetacustomdirectory,ensuringit'swritable;2)Verifythecustomdirectoryexistsandiswrita

ToretrievedatafromaPHPsession,startthesessionwithsession_start()andaccessvariablesinthe$_SESSIONarray.Forexample:1)Startthesession:session_start().2)Retrievedata:$username=$_SESSION['username'];echo"Welcome,".$username;.Sessionsareserver-si

The steps to build an efficient shopping cart system using sessions include: 1) Understand the definition and function of the session. The session is a server-side storage mechanism used to maintain user status across requests; 2) Implement basic session management, such as adding products to the shopping cart; 3) Expand to advanced usage, supporting product quantity management and deletion; 4) Optimize performance and security, by persisting session data and using secure session identifiers.

The article explains how to create, implement, and use interfaces in PHP, focusing on their benefits for code organization and maintainability.

The article discusses the differences between crypt() and password_hash() in PHP for password hashing, focusing on their implementation, security, and suitability for modern web applications.

Article discusses preventing Cross-Site Scripting (XSS) in PHP through input validation, output encoding, and using tools like OWASP ESAPI and HTML Purifier.


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Hot Tools

Dreamweaver CS6
Visual web development tools

EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function

DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software

MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.

Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
