/** * @ Project paypal login * @ Author jiangjianhe * @ Date 2015-04-03 */ Class paypallogin { // Sandbox token link Private $ _ sanbox_oauth2_auth_uri = 'https: // www.sandbox.paypal.com/web#/auth/protocol/openidconnect/v1/authorize '; Private $ _ live_oauth2_auth_uri = 'https: // www.paypal.com/web#/auth/protocol/openidconnect/v1/authorize '; Private $ _ acquire_user_profile_sandbox_url = 'https: // www.sandbox.paypal.com/web#/auth/protocol/openidconnect/v1/userinfo? Schema = openid & access_token = '; Private $ _ acquire_user_profile_live_url = 'https: // www.paypal.com/web#/auth/protocol/openidconnect/v1/userinfo? Schema = openid & access_token = '; // Sandbox token link Private $ _ token_service_sandbox_url = 'https: // www.sandbox.paypal.com/web#/auth/protocol/openidconnect/v1/tokenservice '; Private $ _ token_service_live_url = 'https: // www.paypal.com/web#/auth/protocol/openidconnect/v1/tokenservice '; Private $ _ sanbox_flag = true; Private $ _ client_id = null; Private $ _ client_secret = null; Private $ _ redirect_uri = null; Private $ _ state = ''; Private $ _ scope = 'openid email phone profile address https://uri.paypal.com/services/paypalattributes'; // detailed description of parameters that determine the access permission of the access token url;: https://www.paypal-biz.com/product/login-with-paypal/index.html#configureButton Public $ token = null; Public $ protocol = "http "; /** * @ Name constructor * @ Param $ flag whether the sandbox environment is used */ Public function _ construct ($ redirect_uri, $ client_id, $ client_secret, $ scope, $ state, $ flag = true) { $ This-> _ sanbox_flag = $ flag; $ This-> _ redirect_uri = $ redirect_uri; $ This-> _ client_id = $ client_id; $ This-> _ client_secret = $ client_secret; $ This-> _ scope = $ scope; $ This-> _ state = $ state; } /** * Create a paypal request url * @ Return string */ Public function create_request_url () { $ Oauth2_auth_uri = $ this-> _ sanbox_flag? $ This-> _ sanbox_oauth2_auth_uri: $ this-> _ live_oauth2_auth_uri; $ Url = $ oauth2_auth_uri .'? '. Http_build_query ( Array ( 'Client _ id' => $ this-> _ client_id, // unique client identifier obtained through the application registration process. Required. 'Response _ type' => 'code', // indicates that the authorization code is sent to the response URL returned by the program. We recommend that you usecode A value. If you want to receive both the authorization code and id_token in the response, pass the code + id_token. Another possible value of response_type is token, which is mostly used by public clients such as javascript and mobile clients. 'Process' => $ this-> _ scope, //; implode (',', $ this-> scope ), 'Redirect _ url' => urlencode ($ this-> _ redirect_uri), // The URL returned by the application. The structure, host name, and Port must match the returned URL you set when registering the application. 'Nonce '=> time (). rand (), // untransparent random identifier to reduce the risk of replay attacks. The simple function is: (timestamp + Base64 encoding (random \ [16 \]). 'State' => $ this-> _ state, // CSRF verification code ) ); Return $ url; } /** * Get PayPal access token * @ Param string $ code? * @ Return string access token */ Public function acquire_access_token ($ code ){ $ AccessToken = null; Try { $ Postvals = sprintf ("client_id = % s & client_secret = % s & grant_type = authorization_code & code = % s", $ this-> _ client_id, $ this-> _ client_secret, $ code ); If ($ this-> _ sanbox_flag) $ Ch = curl_init ($ this-> _ token_service_sandbox_url ); Else $ Ch = curl_init ($ this-> _ token_service_live_url ); $ Options = array ( CURLOPT_POST => 1, CURLOPT_VERBOSE => 1, CURLOPT_POSTFIELDS => $ postvals, CURLOPT_RETURNTRANSFER => 1, CURLOPT_SSL_VERIFYPEER => FALSE, // CURLOPT_SSLVERSION => 2 ); Curl_setopt_array ($ ch, $ options ); $ Response = curl_exec ($ ch ); $ Error = curl_error ($ ch ); Curl_close ($ ch ); If (! $ Response ){ Throw new Exception ("Error retrieving access token:". curl_error ($ ch )); } $ JsonResponse = json_decode ($ response ); If (isset ($ jsonResponse-> access_token )){ $ AccessToken = $ jsonResponse-> access_token; } } Catch (Exception $ e ){ Throw new Exception ($ e-> getMessage (), 1 ); } Return $ accessToken; } /** * Get the PayPal user profile, decoded * @ Param string $ accessToken * @ Return object */ Public function acquire_paypal_user_profile ($ accessToken ){ Try { If ($ this-> _ sanbox_flag) $ Url = $ this-> _ acquire_user_profile_sandbox_url. $ accessToken; Else $ Url = $ this-> _ acquire_user_profile_live_url. $ accessToken; $ Ch = curl_init ($ url ); $ Options = array ( CURLOPT_RETURNTRANSFER => 1, CURLOPT_SSL_VERIFYPEER => FALSE, // CURLOPT_SSLVERSION => 2 ); Curl_setopt_array ($ ch, $ options ); $ Response = curl_exec ($ ch ); $ Error = curl_error ($ ch ); Curl_close ($ ch ); If (! $ Response) { Return false; } Return json_decode ($ response ); } Catch (Exception $ e ){ Return false; } } } ?> |