<?php
 
/**
 * @project   paypal login
 * @author   jiangjianhe 
 * @date   2015-04-03
 */
 
 
class paypallogin
{
 
  //沙箱token鏈接
  private $_sanbox_oauth2_auth_uri = 'https://www.sandbox.paypal.com/webapps/auth/protocol/openidconnect/v1/authorize';
  private $_live_oauth2_auth_uri = 'https://www.paypal.com/webapps/auth/protocol/openidconnect/v1/authorize';
   
  private $_acquire_user_profile_sandbox_url = 'https://www.sandbox.paypal.com/webapps/auth/protocol/openidconnect/v1/userinfo?schema=openid&access_token=';
  private $_acquire_user_profile_live_url = 'https://www.paypal.com/webapps/auth/protocol/openidconnect/v1/userinfo?schema=openid&access_token=';
 
  //沙箱token鏈接
  private $_token_service_sandbox_url = 'https://www.sandbox.paypal.com/webapps/auth/protocol/openidconnect/v1/tokenservice'; 
  private $_token_service_live_url = 'https://www.paypal.com/webapps/auth/protocol/openidconnect/v1/tokenservice';
  private $_sanbox_flag = true;
  private $_client_id = null;
  private $_client_secret = null;
  private $_redirect_uri = null;
  private $_state = '';
  private $_scope = 'openid email phone profile address https://uri.paypal.com/services/paypalattributes'; //scope 參數(shù)決定訪問令牌的訪問權(quán)限 各個參數(shù)詳解url;:https://www.paypal-biz.com/product/login-with-paypal/index.html#configureButton
 
  public $token = null;
  public $protocol = "http";
 
 
  /**
  * @name 構(gòu)造函數(shù)
  * @param $flag 是否沙箱環(huán)境
  */
  public function __construct($redirect_uri, $client_id,$client_secret,$scope,$state,$flag = true)
  {
    $this->_sanbox_flag = $flag;
    $this->_redirect_uri = $redirect_uri;
    $this->_client_id = $client_id;
    $this->_client_secret = $client_secret;
    $this->_scope = $scope;
    $this->_state = $state;
  }
 
  /**
   * 創(chuàng)建paypal request url
   * @return string
   */
  public function create_request_url()
  {
    $oauth2_auth_uri = $this->_sanbox_flag ? $this->_sanbox_oauth2_auth_uri :$this->_live_oauth2_auth_uri;
    $url = $oauth2_auth_uri.'?'.
    http_build_query(
      array(
        'client_id' => $this->_client_id, //通過應(yīng)用程序注冊流程獲得的唯一客戶端標(biāo)識符。必需。
        'response_type' =>'code', //表明授權(quán)代碼被發(fā)送回應(yīng)用程序返回URL。為了使訪問令牌在用戶代理中不可見， 建議使用<code>code</code>一值。如果您希望在響應(yīng)中同時收到授權(quán)代碼和 id_token ，請傳遞 code+id_token。另一個可能的 response_type 值是 token ——大部分由javascript和移動客戶端等公共客戶端使用。
        'scope' => $this->_scope,//;implode(',', $this->scope),
        'redirect_uri' => urlencode($this->_redirect_uri), //應(yīng)用程序的返回URL。結(jié)構(gòu)、主機名和端口必須與您在注冊應(yīng)用程序時設(shè)置的返回URL相符。
        'nonce' => time().rand(), //不透明的隨機標(biāo)識符，可減少重放攻擊風(fēng)險。簡單的函數(shù)是：(timestamp + Base64 encoding (random\[16\]))。
        'state' => $this->_state, // CSRF驗證碼
      )
    );
    return $url;
  }
 
  /**
   * get PayPal access token
   * @param string $code ?
   * @return string    access token
   */
  public function acquire_access_token($code ) {
    $accessToken = null;
 
    try {
      $postvals = sprintf("client_id=%s&client_secret=%s&grant_type=authorization_code&code=%s",$this->_client_id,$this->_client_secret,$code);
      if($this->_sanbox_flag)
        $ch = curl_init($this->_token_service_sandbox_url);
      else
        $ch = curl_init($this->_token_service_live_url); 
 
      $options = array(
        CURLOPT_POST      => 1,
        CURLOPT_VERBOSE    => 1,
        CURLOPT_POSTFIELDS   => $postvals,
        CURLOPT_RETURNTRANSFER => 1,
        CURLOPT_SSL_VERIFYPEER => FALSE,
        //CURLOPT_SSLVERSION => 2
      );
 
      curl_setopt_array($ch, $options);
      $response = curl_exec($ch);
      $error = curl_error($ch);
 
      curl_close( $ch );
 
      if (!$response ) {
        throw new Exception( "Error retrieving access token: " . curl_error($ch));
      }
      $jsonResponse = json_decode($response );
 
      if ( isset( $jsonResponse->access_token) ) {
        $accessToken = $jsonResponse->access_token;
      }
 
    } catch( Exception $e) {
      throw new Exception($e->getMessage(), 1);
    }
 
    return $accessToken;
  }
 
  /**
   * get the PayPal user profile, decoded
   * @param string $accessToken
   * @return object
   */
  public function acquire_paypal_user_profile($accessToken ) {
    try {
      if($this->_sanbox_flag)
        $url = $this->_acquire_user_profile_sandbox_url . $accessToken;
      else
        $url = $this->_acquire_user_profile_live_url . $accessToken;  
 
      $ch = curl_init( $url );
      $options = array(
        CURLOPT_RETURNTRANSFER => 1,
        CURLOPT_SSL_VERIFYPEER => FALSE,
        //CURLOPT_SSLVERSION => 2
      );
      curl_setopt_array($ch, $options);
 
      $response = curl_exec($ch);
      $error = curl_error( $ch);
      curl_close( $ch );
 
      if (!$response ) 
      {
        return false;
      }
      return json_decode($response);
    } catch( Exception $e ) {
      return false;
    }
  }
}
?>