Detailed explanation of website access to QQ, WeChat and Weibo third-party login
The overall idea of three-party login isGet the openid in the third party, then associate it with the user (store it in the database), and log in. This article mainly shares with you the detailed explanation of third-party login for website access to QQ, WeChat, and Weibo. I hope it can help everyone.
The current requirement is: two (or more) first-level domain names, such as maxiye.cn and yexima.com, and each domain name has multiple Second-level domain name distribution, such as: app.maxiye.cn, new.maxiye.cn, old.maxiye.cn, app.yexima.com, new.yexima.com, old.yexima.com.. .etc., but these domain names use the same code (yes, the vest) and share the database and session. At the same time, each of its domain names includes PC, ios, and Android terminals. How to access all third-party logins?
QQ, WeChat, Weibo access points:
1.Application entrance: QQ is QQ Internet, WeChat is WeChat open platform, and Weibo is Weibo open platform;
2.Callback domain setting: QQ can set a first-level domain name and there can be multiple, it must start with http:// and end with ;, such as http://maxiye.cn;http://yexima.com;; WeChat can only be set to a second-level domain name and only one, the format is: app.maxiye.cn;
Weibo can also set a first-level domain name and it is one: maxiye.cn;
3.unionid acquisition: multiple apps (same ) shared database under developer account, so unionid needs to be used to confirm identity. QQ needs to apply for additional permissions to obtain uuid. For details, please refer to how to connect different appid applications under the same developer account; WeChat already has a unionid acquisition interface; Weibo uses uid as unionid;
pit:
1.QQ Many of the results returned by the interface are in jsonp format, which needs to be stripped manuallycallback();
2. Weibo acquisitionobtain access_tokenactually must be used post, shocked;
3. WeChat does not support filling in the first-level domain name for the callback address, so you need to use unified domain name (agent) as the callback address, and then redirect internally to the person who sent the application Domain name;
The following is a written tool class:
<?php
/* PHP SDK 第三方登录授权验证
* @version 1.0.0
* @author zyl
* @copyright
*/
namespace app\helpers;
use yii\helpers\Url;
use Yii;
class OauthLogin
{
public $server = '';//接入第三方的域名
public $proxy = 'app.maxiye.cn';//微信登录代理中转站点
private $type = '';//第三方类型:qq,weixin,weibo
private $app_id = '';//分配给网站的appid。
private $app_secret = '';//分配给网站的appkey。
private $state = '';//client端的状态值。用于第三方应用防止CSRF攻击,成功授权后回调时会原样带回。请务必严格按照流程检查用户与state参数状态的绑定。
private $code = '';//用户成功登录并授权,则会跳转到指定的回调地址,并在URL中带上Authorization Code。
private $access_token;
private $config = [//配置多个网站的appid&appkey
'maxiye.cn' => [
'qq' => [
'app_id' => '100000000',
'app_secret' => 'f9038c3d07c*******7884edf3e31708',
],
'weixin' => [
'app_id' => 'wxee7c90a7744c2002',
'app_secret' => '13e649627894*******7a85a0e2f50e7',
],
'weibo' => [
'app_id' => '1200000000',
'app_secret' => 'e074de8*******d3818d0df9ca28c459',
],
],
'yexima.com' => [
'qq' => [
'app_id' => '101111244',
'app_secret' => '6ca59c6a1b1*******77e636a10ac334',
],
'weixin' => [
'app_id' => 'wx0b822222ea9ee323',
'app_secret' => '7f9cbd*******f37ce7b4c267bdde029',
],
'weibo' => [
'app_id' => '911111998',
'app_secret' => '5b21c452f88e2982*******1722d8fcd',
],
],
];
function __construct($params = [])
{
$this->type = $params['type'];
$this->server = $_SERVER['SERVER_NAME'];
foreach ($this->config as $k => $v) {
if (stristr($this->server, $k) && isset($v[$this->type])) {
$this->app_id = $v[$this->type]['app_id'];
$this->app_secret = $v[$this->type]['app_secret'];
}
}
if (isset($params['code'])) {
$this->code = $params['code'];
}
}
/**
* 获取用户授权验证的链接
* @return string
*/
public function getOauthUrl()
{
$this->state = md5(uniqid(rand(), TRUE));
Yii::$app->session->setFlash('oauth_state', $this->state);
$redirect_uri = urlencode(Url::to(['login-by-openid', 'type' => $this->type, true));
if ($this->type == 'weixin' && $this->server != $this->proxy) {//微信回调多域名代理处理
$redirect_uri = str_replace($this->server, $this->proxy, $redirect_uri) . '%26redirect%3D' . $this->server;
}
$url = '';
switch ($this->type) {
case 'qq'://qq回调域填写一级域名并以“;”结束:http://maxiye.cn;http://yexima.com;
$url = "https://graph.qq.com/oauth/show?which=Login&display=pc&response_type=code&client_id={$this->app_id}&state={$this->state}&display=web&redirect_uri={$redirect_uri}";
break;
case 'weixin'://app.maxiye.cn不支持只填写二级域名
$url = "https://open.weixin.qq.com/connect/qrconnect?response_type=code&appid={$this->app_id}&state={$this->state}&scope=snsapi_login&redirect_uri={$redirect_uri}#wechat_redirect";
break;
case 'weibo'://微博设置安全域名:maxiye.cn
$url = "https://api.weibo.com/oauth2/authorize?response_type=code&client_id={$this->app_id}&state={$this->state}&display=web&redirect_uri={$redirect_uri}";
break;
default:
break;
}
return $url;
}
/**
* 获取针对开发者账号的惟一uuid
* @return string unionid或uid
*/
public function getUuid()
{
$openid = '';
if ($this->type == 'qq') {
$this->getAccessToken();
} else {
$openid = $this->getOpenid();
}
$access_token = $this->access_token;
$uuid = '';
if ($access_token) {
switch ($this->type) {
case 'qq':
$url = "https://graph.qq.com/oauth2.0/me?access_token={$access_token}&unionid=1";
// 返回示例...
/*callback({
"client_id":"YOUR_APPID",
"openid":"YOUR_OPENID",
"unionid":"YOUR_UNIONID"
});*/
$result = $this->get_contents($url);
if (strpos($result, "callback") !== false) {
$lpos = strpos($result, "(");
$rpos = strrpos($result, ")");
$result = json_decode(substr($result, $lpos + 1, $rpos - $lpos - 1), true);
$uuid = isset($result['unionid']) ? $result['unionid'] : '';
}
return $uuid;
// return $openid;
break;
case 'weixin':
$url = "https://api.weixin.qq.com/sns/userinfo?access_token={$access_token}&openid={$openid}";
// 返回示例
/*{
"openid":"OPENID",
"nickname":"NICKNAME",
"sex":1,
"province":"PROVINCE",
"city":"CITY",
"country":"COUNTRY",
"headimgurl": "http://wx.qlogo.cn/mmopen/g3MonUZtNHkdmzicIlibx6iaFqAc56vxLSUfpb6n5WKSYVY0ChQKkiaJSgQ1dZuTOgvLLrhJbERQQ4eMsv84eavHiaiceqxibJxCfHe/0",
"privilege":[
"PRIVILEGE1",
"PRIVILEGE2"
],
"unionid": " o6_bmasdasdsad6_2sgVt7hMZOPfL"
}*/
$result = json_decode($this->get_contents($url), true);
return isset($result['unionid']) ? $result['unionid'] : '';
break;
case 'weibo':
return $openid;
break;
default:
break;
}
}
return $uuid;
}
/**
* 获取access_token
* @param boolean $true false表示获取原始结果,true获取真正的access_token
* @return string json包|string
*/
public function getAccessToken($true = true)
{
//验证state
if (Yii::$app->request->get('state', '') != Yii::$app->session->getFlash('oauth_state')) {
return '';
}
$redirect_uri = urlencode(Url::to(['login-by-openid', 'type' => $this->type], true));
$url = '';
switch ($this->type) {
case 'qq':
$url = "https://graph.qq.com/oauth2.0/token?grant_type=authorization_code&code={$this->code}&client_id={$this->app_id}&client_secret={$this->app_secret}&redirect_uri={$redirect_uri}";
//返回示例...
//access_token=15C0CE01C0311240F9091A7DB6828E62&expires_in=7776000&refresh_token=7BFCE2E5B773D4F5531561A10E1C2B2D
break;
case 'weixin':
$url = "https://api.weixin.qq.com/sns/oauth2/access_token?appid={$this->app_id}&secret={$this->app_secret}&code={$this->code}&grant_type=authorization_code";
//返回示例
/*{
"access_token":"ACCESS_TOKEN",
"expires_in":7200,
"refresh_token":"REFRESH_TOKEN",
"openid":"OPENID",
"scope":"SCOPE"
}*/
break;
case 'weibo':
$url = "https://api.weibo.com/oauth2/access_token?client_id={$this->app_id}&client_secret={$this->app_secret}&grant_type=authorization_code&redirect_uri={$redirect_uri}&code={$this->code}";//新浪微博
$post_data = [];
return $this->post($url, $post_data);//撒币制杖
//返回示例
/*{
"access_token": "SlAV32hkKG",
"remind_in": 3600,
"expires_in": 3600,
"uid":"12341234"
}*/
break;
default:
break;
}
if ($true) {
$res_access_token = $this->get_contents($url);
if ($this->type == 'qq' && strpos($res_access_token, "access_token") !== false) {
$token_result = ['access_token' => explode('=', explode('&', $res_access_token)[0])[1]];
} else {
$token_result = json_decode($res_access_token ?: '{}', true);
}
$access_token = !empty($token_result['access_token']) ? $token_result['access_token'] : '';
$this->access_token = $access_token;
return $access_token;
} else {
return $this->get_contents($url);
}
}
/**
* post
* post方式请求资源
* @param string $url 基于的baseUrl
* @param array $keysArr 请求的参数列表
* @param int $flag 标志位
* @return string 返回的资源内容
*/
public function post($url, $keysArr, $flag = 0)
{
$ch = curl_init();
if (!$flag) curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $keysArr);
curl_setopt($ch, CURLOPT_URL, $url);
$ret = curl_exec($ch);
curl_close($ch);
return $ret;
}
/**
* get_contents
* 服务器通过get请求获得内容
* @param string $url 请求的url,拼接后的
* @return string 请求返回的内容
*/
public function get_contents($url)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_URL, $url);
$response = curl_exec($ch);
curl_close($ch);
//-------请求为空
if (empty($response)) {
return '{}';
}
return $response;
}
/**
* 获取openid
* @return string openid
*/
public function getOpenid()
{
$res_access_token = $this->getAccessToken(false);
if ($this->type == 'qq' && strpos($res_access_token, "access_token") !== false) {
$access_token = ['access_token' => explode('=', explode('&', $res_access_token)[0])[1]];
} else {
$access_token = json_decode($res_access_token ?: '{}', true);
}
$openid = '';
if (isset($access_token['access_token'])) {
$this->access_token = $access_token['access_token'];
switch ($this->type) {
case 'qq':
$url = "https://graph.qq.com/oauth2.0/me?access_token={$access_token['access_token']}";
// 返回示例...
// callback( {"client_id":"101406183","openid":"6C611CBE0C72F765572AE2472C9B59A4"} );
$result = $this->get_contents($url);
if (strpos($result, "callback") !== false) {
$lpos = strpos($result, "(");
$rpos = strrpos($result, ")");
$result = json_decode(substr($result, $lpos + 1, $rpos - $lpos - 1), true);
$openid = isset($result['openid']) ? $result['openid'] : '';
}
break;
case 'weixin':
return $access_token['openid'];
break;
case 'weibo':
return $access_token['uid'];
/*$url = "https://api.weibo.com/oauth2/get_token_info?access_token={$access_token['access_token']}";
//返回示例
{
"uid": 1073880650,
"appkey": 1352222456,
"scope": null,
"create_at": 1352267591,
"expire_in": 157679471
}
$result = $this->get_contents($url);
$openid = isset($result['uid'])?$result['uid']:'';*/
break;
default:
break;
}
}
return $openid;
}
}The usage method is as follows:
//第三方登录界面处理
public function actionLoginByOpenid(){
Yii::$app->response->format= Response::FORMAT_HTML;
$params = Yii::$app->request->get();
$oauth = new OauthLogin($params);
if(empty($params['code'])){
$url = $oauth->getOauthUrl();
return $this->redirect($url);
}else{
//微信代理跳转处理
if(isset($params['redirect']) && $params['redirect'] != $oauth->server){
$proxy = $oauth->proxy;
$server = $params['redirect'];
return $this->redirect(str_replace($proxy, $server, Url::current(['redirect'=>null], 'http')));
}
$openid = $oauth->getUuid();
if (!$openid) {
//失败处理TODO
} else {
//成功处理TODO
}
}
}The specific process (qq as an example) is as follows:
1. User Click the QQ login icon and access the link http://app.maxiye.cn/site/login-by-openid?type=qq;
2. The server processes to obtain the QQ authorization link and redirect ;
3.QQ adds the code parameter (Authorization Code) in the callback address, callbackhttp://app.maxiye.cn/site/login-by-openid?type=qq&state=4a78***&code =1CA8DF***;
4. The server verifies the state according to the code parameter, obtains the access_token, then obtains the unionid (uid), and processes the result.
Related recommendations:
Add a third-party login PHP version to the website
##php QQ third-party login SDK program code_PHP tutorial
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1664
14
1422
52
1316
25
1267
29
1239
24
What is the difference between H5 page production and WeChat applets
Apr 05, 2025 pm 11:51 PM
H5 is more flexible and customizable, but requires skilled technology; mini programs are quick to get started and easy to maintain, but are limited by the WeChat framework.
Is the company's security software causing the application to fail to run? How to troubleshoot and solve it?
Apr 19, 2025 pm 04:51 PM
Troubleshooting and solutions to the company's security software that causes some applications to not function properly. Many companies will deploy security software in order to ensure internal network security. ...
The difference between H5 and mini-programs and APPs
Apr 06, 2025 am 10:42 AM
H5. The main difference between mini programs and APP is: technical architecture: H5 is based on web technology, and mini programs and APP are independent applications. Experience and functions: H5 is light and easy to use, with limited functions; mini programs are lightweight and have good interactiveness; APPs are powerful and have smooth experience. Compatibility: H5 is cross-platform compatible, applets and APPs are restricted by the platform. Development cost: H5 has low development cost, medium mini programs, and highest APP. Applicable scenarios: H5 is suitable for information display, applets are suitable for lightweight applications, and APPs are suitable for complex functions.
How to solve the problem of JS resource caching in enterprise WeChat?
Apr 04, 2025 pm 05:06 PM
Discussion on the JS resource caching issue of Enterprise WeChat. When upgrading project functions, some users often encounter situations where they fail to successfully upgrade, especially in the enterprise...
Ouyi Exchange app domestic download tutorial
Mar 21, 2025 pm 05:42 PM
This article provides a detailed guide to safe download of Ouyi OKX App in China. Due to restrictions on domestic app stores, users are advised to download the App through the official website of Ouyi OKX, or use the QR code provided by the official website to scan and download. During the download process, be sure to verify the official website address, check the application permissions, perform a security scan after installation, and enable two-factor verification. During use, please abide by local laws and regulations, use a safe network environment, protect account security, be vigilant against fraud, and invest rationally. This article is for reference only and does not constitute investment advice. Digital asset transactions are at your own risk.
What should I do if the company's security software conflicts with applications? How to troubleshoot HUES security software causes common software to fail to open?
Apr 01, 2025 pm 10:48 PM
Compatibility issues and troubleshooting methods for company security software and application. Many companies will install security software in order to ensure intranet security. However, security software sometimes...
What are the development tools for H5 and mini program?
Apr 06, 2025 am 09:54 AM
H5 development tools recommendations: VSCode, WebStorm, Atom, Brackets, Sublime Text; Mini Program Development Tools: WeChat Developer Tools, Alipay Mini Program Developer Tools, Baidu Smart Mini Program IDE, Toutiao Mini Program Developer Tools, Taro.
Detailed tutorial on how to buy and sell Binance virtual currency
Mar 18, 2025 pm 01:36 PM
This article provides a brief guide to buying and selling of Binance virtual currency updated in 2025, and explains in detail the operation steps of virtual currency transactions on the Binance platform. The guide covers fiat currency purchase USDT, currency transaction purchase of other currencies (such as BTC), and selling operations, including market trading and limit trading. In addition, the guide also specifically reminds key risks such as payment security and network selection for fiat currency transactions, helping users to conduct Binance transactions safely and efficiently. Through this article, you can quickly master the skills of buying and selling virtual currencies on the Binance platform and reduce transaction risks.