Need help passing session using header redirect

时间:2017-06-15 10:37:32

标签: php arrays session oauth associative-array

I am trying to create a 3rd party app for a game I like (EVE Online) which requires oauth. I have decided to do the oauth handling in it's own script and once resolved, put an associative array into the session based on the CharacterID retrieved from oauth.

I am able to successfully output the desired contents of the session array from the /callback/index.php' that handles the oauth requests at the end of the script. However, I want to keep this script "in the background" and somewhat secret, and redirect most of the activity to a '../main.php' in the directory just below.

However, when I finally get to main.php, printing the session returns an empty array. What am I doing wrong? I have searched all day for solutions and have implemented every one of them.

Below are the relevant files:

session.php

<?php
    if (!empty($_GET['ID'])) {
        session_id($_GET['ID']);
    }
    if (session_status() == PHP_SESSION_NONE) {
        session_start();
    } else {
        $sLocation="http://eve.oriigen.com/eClt";
        header("Location: ".$sLocation);
        exit();
    }

?>

/callback/index.php

<?php require_once '../src/session.php' ?>
<?php require_once 'secret.php' ?>
<?php

    function auth_error($error_message)
    {
        print "There's been an error";
        error_log($error_message);
        exit();
    }

    $sUserAgent = "EVE Contact List Toolkit [eClt]";

    $post_url = "https://login.eveonline.com/oauth/token";
    $get_url = "https://login.eveonline.com/oauth/verify";

    $client_id="Basic ".base64_encode($sClientId.":".$sSecretKey);
    $content_type = "application/x-www-form-urlencoded";
    $host_url = "login.eveonline.com";

    $aHeaders = array("Authorization: ".$client_id,
                    "Content-type: ".$content_type,
                    "Host: ".$host_url);

    $aPostFields = array("grant_type"=>"authorization_code",
                         "code"=>$_GET["code"]);


    $oCurlRequest = curl_init();
    curl_setopt($oCurlRequest, CURLOPT_URL, $post_url);
    curl_setopt($oCurlRequest, CURLOPT_USERAGENT, $sUserAgent);
    curl_setopt($oCurlRequest, CURLOPT_HTTPHEADER, $aHeaders);
    curl_setopt($oCurlRequest, CURLOPT_POST, count($aPostFields));
    curl_setopt($oCurlRequest, CURLOPT_POSTFIELDS, http_build_query($aPostFields));
    curl_setopt($oCurlRequest, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($oCurlRequest, CURLOPT_SSL_VERIFYPEER, true);
    curl_setopt($oCurlRequest, CURLOPT_SSL_VERIFYHOST, 2);
    $oResult = curl_exec($oCurlRequest);

    if ($oResult===false) {
        auth_error(curl_error($oCurlRequest));
    }

    curl_close($oCurlRequest);

    $aResponse=json_decode($oResult);
    unset($oCurlRequest);
    unset($oResult);


    $sTokenType=$aResponse->token_type;
    $sAuthToken=$aResponse->access_token;
    $iAuthTokenExpire=$aResponse->expires_in;
    $sRefreshToken=$aResponse->refresh_token;

    $sGetHeader="Authorization: ".$sTokenType." ".$sAuthToken;
    $oCurlRequest = curl_init();
    curl_setopt($oCurlRequest, CURLOPT_URL, $get_url);
    curl_setopt($oCurlRequest, CURLOPT_USERAGENT, $sUserAgent);
    curl_setopt($oCurlRequest, CURLOPT_HTTPHEADER, array($sGetHeader));
    curl_setopt($oCurlRequest, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($oCurlRequest, CURLOPT_SSL_VERIFYPEER, true);
    curl_setopt($oCurlRequest, CURLOPT_SSL_VERIFYHOST, 2);
    $oResult = curl_exec($oCurlRequest);

    if ($oResult===false) {
        auth_error(curl_error($oCurlRequest));
    }
    curl_close($oCurlRequest);
    $aResponse=json_decode($oResult);
    unset($oCurlRequest);
    unset($oResult);

    $sCharId=(string)$aResponse->CharacterID;
    $sCharacterName=$aResponse->CharacterName;
    $sExpiresOn=$aResponse->ExpiresOn;
    $sTokenType=$aResponse->TokenType;
    $sCharacterOwnerHash=$aResponse->CharacterOwnerHash;
    $sIntellectualProperty=$aResponse->IntellectualProperty;

/*    $aCharInfo=array("CharID"=>(int)$sCharId,
                    "CharName"=>$sCharacterName,
                    "CharOwnerHash"=>$sCharacterOwnerHash,
                    "ExpiresOn"=>$sExpiresOn,
                    "AuthToken"=>$sAuthToken,
                    "AuthTokenExpIn"=>$iAuthTokenExpire,
                    "RefreshToken"=>$sRefreshToken);*/

    if (!isset($_SESSION[(string)$sCharId])) {
        $_SESSION[(string)$sCharId]=array("CharID"=>(int)$sCharId,
                    "CharName"=>$sCharacterName,
                    "CharOwnerHash"=>$sCharacterOwnerHash,
                    "ExpiresOn"=>$sExpiresOn,
                    "AuthToken"=>$sAuthToken,
                    "AuthTokenExpIn"=>$iAuthTokenExpire,
                    "RefreshToken"=>$sRefreshToken);
    } else {
        $_SESSION["moo"]=0;
    }

    session_write_close();
    $sRedirect="../main.php?ID=".session_id();
    header("Location: ".$sRedirect);
    exit();

/*    echo "<pre>";
    print_r($_SESSION);
    echo "</pre>";
    echo "<hr />";
    echo gettype($iCharId);
    echo "<hr />";
    echo "<pre>";
    print_r($aCharInfo);
    echo "</pre>";*/
?>

../main.php

<?php require_once './src/session.php' ?>
<?php
    //echo "SessionId: ".session_id()."<br />";
    //echo "<hr/>";
    //echo "<pre>";
    print_r($_SESSION);
    //echo "</pre>";
?>
[ <a href="logout.php">Logout</a> ]

As you can see from the commented sections, I have tried every diagnostic printout I can think of. So, where am I going wrong?

1 个答案:

答案 0 :(得分:1)

解决了它 - 根据我在发布此问题后发现的相关问题:

来自here

  

PHP会话存储机制最初是围绕&#34;注册&#34;变量,因此$ _SESSION中的键必须是可以作为变量处理的名称。这意味着$ _SESSION [10]无效,因为$ 10不是有效的变量名,并且因为$ foo [10]和$ foo [&#39; 10&#39;]指的是同一个东西, $ _SESSION [&#39; 10&#39;]也无效。

CharacterID是int的字符串版本的int和int,显然PHP会话不喜欢它们的数组键中的数字......

相关问题
最新问题