下面是我的登录代码,它非常标准。为什么一个用户会按登录蒸汽社区。下面的代码是我拼凑的一个快速调试输出,它表明尽管正在发送2个AuthURL,但由于某种原因,LightOpenID正在将第一个返回的结果应用于每个试图在类似时间通过steam进行身份验证的用户。即进入蒸汽社区并登录。
<?
ob_start();
session_start();
if(isset($_GET['logout']))
{
if(isset($_COOKIE[session_name()])):
setcookie(session_name(), '', time()-7000000, '/');
endif;
if(isset($_COOKIE['login_user'])):
setcookie('login_user', '', time()-7000000, '/');
endif;
session_unset();
session_destroy();
header("Location: index.php");
}
include "kern/apikey.php";
include "kern/openid.php";
$OpenID = new LightOpenID("xxxxxx.com");
if(!$OpenID->mode)
{
if(isset($_GET['login']))
{
$OpenID->identity = "http://steamcommunity.com/openid";
header("Location: " . $OpenID->authUrl());
}
if(!isset($_SESSION['SteamAuth']))
{
$login = "<div id="login">In order to access the panel, you must <br /><br /> <a href="?login"><img src="http://cdn.steamcommunity.com/public/images/signinthroughsteam/sits_large_noborder.png"/></a></div>";
}
} else if ($OpenID->mode == "cancel")
{
echo "Authentication Cancelled...";
} else {
if($OpenID->validate())
{
$id = $OpenID->identity;
$_SESSION['SteamID64'] = str_replace("http://steamcommunity.com/openid/id/", "", $id);
$_SESSION['SteamAuth'] = true;
$Steam64 = str_replace("http://steamcommunity.com/openid/id/", "", $id);
$profile = file_get_contents("http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key={$api}&steamids={$Steam64}");
$steam = json_decode($profile, true);
$communityid = $steam['response']['players'][0]['steamid'];
$authserver = bcsub($communityid, '76561197960265728') & 1;
$authid = (bcsub($communityid, '76561197960265728')-$authserver)/2;
$_SESSION['SteamID'] = "STEAM_0:" . $authserver . ":" . $authid;
$_SESSION['SteamName'] = $steam['response']['players'][0]['personaname'];
header("Location: index.php");
} else {
echo "User is not logged in";
}
}
?>
<html>
<body>
<div id="title">Login</div>
<div id="content">
<?
echo $login;
?>
</div>
</body>
</html>
请参阅下面的日志文件,该文件指示AuthURL被发送了两次,但实际上只使用了一个响应:
[09-Nov-2014 14:09:52 America/Chicago] Begin login!
[09-Nov-2014 14:09:52 America/Chicago] Sent authurl!xxxxx
[09-Nov-2014 14:10:03 America/Chicago] Begin login!
[09-Nov-2014 14:10:03 America/Chicago] Sent authurl!xxxxx
[09-Nov-2014 14:10:10 America/Chicago] Begin login!
[09-Nov-2014 14:10:11 America/Chicago] Got identity!http://steamcommunity.com/openid/id/xxxx
[09-Nov-2014 14:10:11 America/Chicago] Using Steam64!xxxx
[09-Nov-2014 14:10:11 America/Chicago] Using string steam64!xxxx
正如你所看到的,尽管两个AuthURL在类似的时间发送,但一旦返回一个身份,它就会将其应用于两个用户,这意味着人们会登录到不正确的帐户。
使用https://github.com/SmItH197/SteamAuthenticationPHP示例。
复制步骤:1.第一个用户点击"通过steam登录",挂在steamcommunity.com OpenID登录。2.第二个用户点击"登录steam",登陆steamcommunity.com。3.然后两个用户都点击通过,其中一个将作为另一个登录。
在外部Web服务器上测试了这一点,结果发现这似乎是由于服务器/PHP配置造成的,不完全确定为什么会发生这种情况或原因是什么,所以我的解决方案是暂时将我的steamauth移到另一台服务器。