最近在弄一款小程序，今天得空，把登录授权这一块整理一下，网上搜的话，也有很多，但总觉得自己在项目上使用后，才理解的更加透彻。

前端的逻辑：首次登录->获取rd3_session->拿着rd3检查是否过期（当然也可以设置为永久，这取决于后端设置）->如果过期，则再次登录;

后端主要的也就是登录和检测是否过期。

下面是后台的code:

/**     * 小程序登录     */   public function onlogin(){        $code = I('code');        $appId ="xxxx";        $appSecret="xxx";        $url = "https://api.weixin.qq.com/sns/jscode2session?appid=$appId&secret=$appSecret&js_code={$code}&grant_type=authorization_code";       $arr = $this->vegt($url);// 返回值：[session_key] => PzY6sFpTsKKPrpl0BtEH2w== [openid] => osIjD5Pa5Z6GbonT5U-Z7Ed4kr6U       $rd3_str = $this->randomFromDev(16);        $rd3_str = trim($rd3_str);       //放入数据库       $find = D('users')->where('openid',$arr['openid'])->find();       if($find){           //更新           $list['rd3_session'] = $rd3_str;           $save = D('users')->where('openid',$arr['openid'])->save($list);       }else{           //新增           $list['openid'] = $arr['openid'];           $list['rd3_session'] = $rd3_str;           $insert = D('users')->add($list);       }       die(json_encode(['rd3_session'=>$rd3_str]));    }    /**     * 检验是否过期     */    public function check_3rdsession(){        $rd3_session_str = I('rd3_session');        $rd3_session = D('users')->where('rd3_session',$rd3_session_str)->find();        if($rd3_session){            $rd3 = 1;        }else{            $rd3 = -1;        }        die(json_encode($rd3));    }    /**     * 写入用户信息     * update_info 更新用户信息     */    public function setUserInfo(){        $rd3_session_str = I('rd3_session');        $update['nickname'] =I('nickName');        $update['sex'] = I('gender');        $update['head_pic'] = I('avatarUrl');        $find = D('users')->where('rd3_session',$rd3_session_str)->save($update);        if($find){            die(json_encode(['code'=>1,'msg'=>'ok']));        }else{            die(json_encode(['code'=>0,'msg'=>'error']));        }    }

其中用到了两个函数：

    /**     * 通过此方法获取随机数     */    public function randomFromDev($len)    {        $fp = @fopen('/dev/urandom','rb');        $result = '';        if ($fp !== FALSE) {            $result .= @fread($fp, $len);            @fclose($fp);        }        else        {            trigger_error('Can not open /dev/urandom.');        }// convert from binary to string        $result = base64_encode($result);// remove none url chars        $result = strtr($result, '+/', '-_');// Remove = from the end        $result = str_replace('=', ' ', $result);        return $result;    }    public function vegt($url){        $info = curl_init();        curl_setopt($info,CURLOPT_RETURNTRANSFER,true);        curl_setopt($info,CURLOPT_HEADER,0);        curl_setopt($info,CURLOPT_NOBODY,0);        curl_setopt($info,CURLOPT_SSL_VERIFYPEER, false);        curl_setopt($info,CURLOPT_SSL_VERIFYHOST, false);        curl_setopt($info,CURLOPT_URL,$url);        $output= curl_exec($info);        curl_close($info);        return json_decode($output, true);    }

如有问题，欢迎指正！