微信扫码登录

/*
     * 红包问卷，扫码登录
     * example:问卷链接为http://cc/s/qwer
     * 用户点击上述连接，没有$GET['esurvey_token']就跳转到这里
     * 跳转到User/esurvey_scan_code,携带2个参数，1个是问卷链接，一个是问卷token=md5(pid.'sunjiuyang'),然后跳转去扫二维码。
     * 之后跳转到User/esurvey_scan_code_redirect
     */
    public function esurvey_scan_code($esurvey_url,$esurvey_token){
        $callback = C('USER_HOST')."/user.php/home/Wechat/esurvey_scan_code_redirect?esurvey_url=".$esurvey_url."&esurvey_token=".$esurvey_token;
        $callback = urlencode($callback);

        $state  = md5(uniqid(rand(100,999), TRUE)); //-------生成唯一随机串防CSRF攻击
        $_SESSION["wx_state"] = $state; //存到SESSION

        $wxurl = "https://open.weixin.qq.com/connect/qrconnect?appid=".self::APPID_SITE."&redirect_uri=".$callback."&response_type=code&scope=snsapi_login&state=".$state."#wechat_redirect";

        header("Location: $wxurl");
    }

    /*
     * js形式 扫码答问卷
     */
    public function esurvey_scan_code_by_js($esurvey_url,$esurvey_token){
        $callback = C('USER_HOST')."/user.php/home/Wechat/esurvey_scan_code_redirect?esurvey_url=".$esurvey_url."&esurvey_token=".$esurvey_token;
        $callback = urlencode($callback);

        $state  = md5(uniqid(rand(100,999), TRUE)); //-------生成唯一随机串防CSRF攻击
        $_SESSION["wx_state"] = $state; //存到SESSION

        $this->assign('callback',$callback);
        $this->assign('state',$state);
        $this->display();
    }
    /*
     * 红包问卷 扫码登录回调地址
     * 根据get的code参数，拿到openid和unionid
     * 若user表中没有unionid,说明是全新的微信用户，add到user表中.
     * 若有unionid,则取出user_id值
     * 跳转到答题页面，携带参数有2个，一个是uid,一个是esurvey_token
     * 答题页面首先验证esurvey_token是否正确，正确则可以答题。
     */
    public function esurvey_scan_code_redirect(){

        //防CSRF攻击
        if ($_GET['state'] != $_SESSION["wx_state"]) {
            exit("501");
        }
        if(!$_GET['code']){
            exit("微信回调没有code参数");
        }
        $esurvey_url = I('get.esurvey_url','','strval');
        $esurvey_token = I('get.esurvey_token','','strval');

        //调用http方法 得到access_token与openid与unionid
        $url = 'https://api.weixin.qq.com/sns/oauth2/access_token';
        $para['appid'] = self::APPID_SITE;
        $para['secret'] = self::SECRET_SITE;
        $para['code'] = $_GET['code'];
        $para['grant_type'] = 'authorization_code';
        $accessInfo = http($url,$para,$method = 'GET', $header = array(), $multi = false);

        //添加到数据库中用来调试
        $data['text'] = '扫码得access_token：'.$accessInfo;
        $data['time'] = date('Y-m-d H:i:s',time());
        M('aaa')->add($data);

        $accessInfo = json_decode($accessInfo);
        //验证user中是否有unionid
        $unionid = $accessInfo->unionid;
        if(!$unionid){
            $url = base64_decode(base64_decode($esurvey_url));
            $this->success('扫码登录失败，请重试',$url);
            exit;
        }

        $userInfo = M('user')->where("unionid = '%s' and status != 2",array($unionid))->find();

        if(!$userInfo){ //没有此unionid，新用户。
            $data['openid_user'] = $accessInfo->openid;
            $data['unionid'] = $accessInfo->unionid;
            $data['xcode']= md5(rand(100000,999999));
            $data['role_id'] = 1;
            $data['status'] = 1;
            $data['addtime'] = time();
            $data['login_num'] = 1;
            $data['last_login'] = time();
            $data['regist_type'] = 4;    //扫码
            $data['is_mobile'] = 2;      //没绑定手机
            $data['wx_type'] = 1;        //没有关注公众号

            $user_id = M('user')->add($data);
            $xcode = $data['xcode'];
            $role_id = 1;
        }else {//有unionid,
            if(!$userInfo['openid_user']){//没有user网站的openid,保存到user表中
                $data['openid_user'] = $accessInfo->openid;
                $data['status'] = 1;
                M('user')->where("unionid = '%s' and status != 2",array($unionid))->save($data);
            }
            $user_id = $userInfo['user_id'];
            $xcode = $userInfo['xcode'];
            $role_id = $userInfo['role_id'];
        }

        $row['uid'] = $user_id;
        $row['xcode'] = $xcode;
        $row['role_id'] = $role_id;
        $row['status'] = 1;
        $sid = md5($user_id.$xcode.time());
        $datas['sid'] = $sid;
        $datas['data'] = json_encode($row);
        M("sessions")->add($datas);

        //添加到数据库中用来调试
        $data['text'] = '扫码得sessions：'.json_encode($row);
        $data['time'] = date('Y-m-d H:i:s',time());
        M('aaa')->add($data);

        $_SESSION['sid'] = $sid;
        $_SESSION['xcode'] = $xcode;
        $_SESSION['user_id'] = $user_id;
        $_SESSION['regist_type'] = 4;
        $_SESSION['entry_login'] = 1;

        $domain = C("domain");
        setcookie("xcode",$xcode,time()+3156000,'/',$domain);
        setcookie("user_id",$user_id,time()+3156000,'/',$domain);
        setcookie("regist_type",4,time()+3156000,'/',$domain);
        setcookie('EYUID',$sid,time()+3156000,'/',$domain);
        setcookie('ENTRY_LOGIN',1,time()+3156000,'/',$domain);
        setcookie('GUID',$user_id,time()+3156000,'/',$domain);
        setcookie('role_id',1,time()+3156000,'/',$domain);

        //问卷链接解码后，添加esurvey_token参数
        $esurvey_url = base64_decode(base64_decode($esurvey_url));
        if(strpos($esurvey_url,'?')){
            $esurvey_url .= "&esurvey_token=".$esurvey_token;
        }else{
            $esurvey_url .= "?esurvey_token=".$esurvey_token;
        }

        header('location:'.$esurvey_url);
    }