PHP implements third-party login function

With the development of the Internet, more and more websites are beginning to support third-party login functions. Through third-party login, users can use their existing social accounts (such as WeChat, QQ, Weibo, etc.) as login credentials, avoiding the trouble of repeated registration and remembering various account passwords, which greatly improves the user experience. This article describes how to use PHP to implement the third-party login function, taking WeChat login as an example.

Step one: Obtain a WeChat open platform account

To log in with WeChat, you first need to have a WeChat open platform account. After registering an account on the WeChat open platform, you need to create a new application and fill in the basic information of the application in "Development-Basic Configuration", including application ID, application key, etc.

After creating the application, WeChat public account authentication or WeChat login authentication is also required. This article only describes WeChat login authentication. After authentication, your application will be authorized to obtain basic information of WeChat users, including avatars, nicknames, etc.

Step 2: Create a login link

After obtaining the application ID and application key, you can create a WeChat login link for the user. After the user clicks this link, it will jump to the WeChat web page authorization page. After the user confirms the authorization, it will automatically jump back to the URL address we set and return an authorization code.

The following is the PHP code to create a login link:

$login_url = ‘https://open.weixin.qq.com/connect/oauth2/authorize?appid=’ . $appid . ‘&redirect_uri=’ . urlencode($redirect_uri) . ‘&response_type=code&scope=snsapi_login&state=STATE#wechat_redirect’;

Among them, $appid is the application ID, and $redirect_uri is the URL address to jump to. It should be noted that $redirect_uri cannot carry any parameters and can only be escaped with urlencode and then spliced ​​into the URL. Otherwise, the authorization code will not be received correctly.

Step 3: Obtain access_token

Access_token and openid can be obtained through the code returned in the second step. Access_token is the unique identifier used by WeChat to identify users and can be used to obtain higher-level user information. The specific PHP code to obtain access_token is as follows:

$token_url = ‘https://api.weixin.qq.com/sns/oauth2/access_token?appid=’ . $appid . ‘&secret=’ . $secret . ‘&code=’ . $code . ‘&grant_type=authorization_code’;
$resp = file_get_contents($token_url);
$resp_arr = json_decode($resp, true);
$access_token = $resp_arr[‘access_token’];

Among them, $secret is the application key and $code is the authorization code. The file_get_contents function is used here to send an HTTP request, parse the returned JSON string into an array, and obtain the access_token.

Step 4: Obtain user information

After obtaining the access_token, you can use this access_token to obtain the user's detailed information. By accessing the following link, you can obtain the user's openid, nickname, avatar and other information.

$userinfo_url = ‘https://api.weixin.qq.com/sns/userinfo?access_token=’ . $access_token . ‘&openid=’ . $openid . ‘&lang=zh_CN’;
$userinfo_resp = file_get_contents($userinfo_url);
$userinfo = json_decode($userinfo_resp, true);
$nickname = $userinfo[‘nickname’];

So far, we have implemented the WeChat login function through PHP. You can use the above code to implement third-party login to other social networking sites. You only need to replace the corresponding API interface and obtain the corresponding user information.

It should be noted that the security of third-party login needs to be considered, and measures to prevent CSRF attacks should be added during the login process to avoid being exploited by hackers.

The above is the detailed content of PHP implements third-party login function. For more information, please follow other related articles on the PHP Chinese website!