0

下面是我的登录代码,非常标准。为什么用户会在 Steam 社区上按登录。这段代码下面是我汇总的快速调试输出,它表明虽然发送了 2 个 AuthURL,但出于某种原因,LightOpenID 将第一个返回的结果应用于同时尝试通过 Steam 进行身份验证的每个用户。即进入 Steam 社区并登录。

 <?
 ob_start();
 session_start();
if(isset($_GET['logout']))
{
    if(isset($_COOKIE[session_name()])):
        setcookie(session_name(), '', time()-7000000, '/');
    endif;

    if(isset($_COOKIE['login_user'])):
        setcookie('login_user', '', time()-7000000, '/');
    endif;

    session_unset();

    session_destroy();

    header("Location: index.php");
}

include "kern/apikey.php";
include "kern/openid.php";
$OpenID = new LightOpenID("xxxxxx.com");

if(!$OpenID->mode)
{
    if(isset($_GET['login']))
    {
        $OpenID->identity = "http://steamcommunity.com/openid";
        header("Location: " . $OpenID->authUrl());
    }
    if(!isset($_SESSION['SteamAuth']))
    {
        $login = "<div id=\"login\">In order to access the panel, you must <br /><br /> <a href=\"?login\"><img src=\"http://cdn.steamcommunity.com/public/images/signinthroughsteam/sits_large_noborder.png\"/></a></div>";
    }
} else if ($OpenID->mode == "cancel")
{
    echo "Authentication Cancelled...";
} else {
    if($OpenID->validate())
    {


        $id = $OpenID->identity;

        $_SESSION['SteamID64'] = str_replace("http://steamcommunity.com/openid/id/", "", $id);
        $_SESSION['SteamAuth'] = true;

        $Steam64 = str_replace("http://steamcommunity.com/openid/id/", "", $id);
        $profile = file_get_contents("http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key={$api}&steamids={$Steam64}");
        $steam = json_decode($profile, true);
        $communityid = $steam['response']['players'][0]['steamid'];
        $authserver = bcsub($communityid, '76561197960265728') & 1;
        $authid = (bcsub($communityid, '76561197960265728')-$authserver)/2;
        $_SESSION['SteamID'] = "STEAM_0:" . $authserver . ":" . $authid;
        $_SESSION['SteamName'] = $steam['response']['players'][0]['personaname'];

        header("Location: index.php");
    } else {
        echo "User is not logged in";
    }
}

?>

<html>
<body>
<div id="title">Login</div>
<div id="content">
<?
    echo $login;
?>
</div>
</body>
</html>

请参阅下面的日志文件,该文件表明 AuthURL 被发送了两次,但实际上只使用了一个响应:

[09-Nov-2014 14:09:52 America/Chicago] Begin login!
[09-Nov-2014 14:09:52 America/Chicago] Sent authurl!xxxxx

[09-Nov-2014 14:10:03 America/Chicago] Begin login!
[09-Nov-2014 14:10:03 America/Chicago] Sent authurl!xxxxx

[09-Nov-2014 14:10:10 America/Chicago] Begin login!
[09-Nov-2014 14:10:11 America/Chicago] Got identity!http://steamcommunity.com/openid/id/xxxx

[09-Nov-2014 14:10:11 America/Chicago] Using Steam64!xxxx

[09-Nov-2014 14:10:11 America/Chicago] Using string steam64!xxxx

如您所见,尽管同时发送了 2 个 AuthURL,但一旦返回一个身份,它就会将其应用于两个用户,这意味着人们登录到了错误的帐户。

使用https://github.com/SmItH197/SteamAuthentication PHP 示例,这个问题似乎完全可以重现。

重现步骤: 1. 第一个用户点击“通过steam登录”,在steamcommunity.com OpenID登录时挂起。2.第二个用户点击“通过steam登录”,在steamcommunity.com登录。3. 两个用户都点进去,一个人会以另一个人的身份登录。

4

1 回答 1

0

在外部网络服务器上对此进行了测试,结果似乎是由于服务器/PHP 配置下线,不完全确定它发生的原因或原因是什么,所以我的解决方案是现在将我的 steamauth 移动到另一台服务器。

于 2014-11-11T21:40:35.813 回答