Beispiel #1
0
 private function _detect_format()
 {
     // A format has been passed as an argument in the URL and it is supported
     if (\Input::get_post('format') and $this->_supported_formats[\Input::get_post('format')]) {
         return \Input::get_post('format');
     }
     // Otherwise, check the HTTP_ACCEPT (if it exists and we are allowed)
     if (\Config::get('rest.ignore_http_accept') === false and \Input::server('HTTP_ACCEPT')) {
         // Check all formats against the HTTP_ACCEPT header
         foreach (array_keys($this->_supported_formats) as $format) {
             // Has this format been requested?
             if (strpos(\Input::server('HTTP_ACCEPT'), $format) !== false) {
                 // If not HTML or XML assume its right and send it on its way
                 if ($format != 'html' and $format != 'xml') {
                     return $format;
                 } else {
                     // If it is truely HTML, it wont want any XML
                     if ($format == 'html' and strpos(\Input::server('HTTP_ACCEPT'), 'xml') === false) {
                         return $format;
                     } elseif ($format == 'xml' and strpos(\Input::server('HTTP_ACCEPT'), 'html') === false) {
                         return $format;
                     }
                 }
             }
         }
     }
     // End HTTP_ACCEPT checking
     // Well, none of that has worked! Let's see if the controller has a default
     if (!empty($this->rest_format)) {
         return $this->rest_format;
     }
     // Just use the default format
     return \Config::get('rest.default_format');
 }
Beispiel #2
0
 public function callback()
 {
     // Create an consumer from the config
     $this->consumer = \OAuth\Consumer::forge($this->config);
     // Load the provider
     $this->provider = \OAuth\Provider::forge($this->provider);
     if ($token = \Cookie::get('oauth_token')) {
         // Get the token from storage
         $this->token = unserialize(base64_decode($token));
     }
     if ($this->token and $this->token->access_token !== \Input::get_post('oauth_token')) {
         // Delete the token, it is not valid
         \Cookie::delete('oauth_token');
         // Send the user back to the beginning
         exit('invalid token after coming back to site');
     }
     // Get the verifier
     $verifier = \Input::get_post('oauth_verifier');
     // Store the verifier in the token
     $this->token->verifier($verifier);
     // Exchange the request token for an access token
     return $this->provider->access_token($this->consumer, $this->token);
 }
Beispiel #3
0
 /**
  * read a cookie
  *
  * @access	private
  * @return  void
  */
 protected function _get_cookie()
 {
     // was the cookie posted?
     $cookie = \Input::get_post($this->config['post_cookie_name'], false);
     // if not found, fetch the regular cookie
     if ($cookie === false) {
         $cookie = \Cookie::get($this->config['cookie_name'], false);
     }
     if ($cookie !== false) {
         // fetch the payload
         $cookie = $this->_unserialize(\Crypt::decode($cookie));
         // validate the cookie
         if (!isset($cookie[0])) {
             // not a valid cookie payload
         } elseif ($cookie[0]['updated'] + $this->config['expiration_time'] <= $this->time->get_timestamp()) {
             // session has expired
         } elseif ($this->config['match_ip'] && $cookie[0]['ip_hash'] !== md5(\Input::ip() . \Input::real_ip())) {
             // IP address doesn't match
         } elseif ($this->config['match_ua'] && $cookie[0]['user_agent'] !== \Input::user_agent()) {
             // user agent doesn't match
         } else {
             // session is valid, retrieve the session keys
             if (isset($cookie[0])) {
                 $this->keys = $cookie[0];
             }
             // and return the cookie payload
             array_shift($cookie);
             return $cookie;
         }
     }
     // no payload
     return false;
 }
 /**
  * To JSONP conversion
  *
  * @param mixed $data
  * @return string
  */
 public function to_jsonp($data = null)
 {
     $callback = \Input::get_post('callback', null);
     is_null($callback) and $callback = 'response';
     return $callback . '(' . $this->to_json($data) . ')';
 }
Beispiel #5
0
 /**
  * Fetch an item from the POST array
  *
  * @param   string  The index key
  * @param   mixed   The default value
  * @param  array Array of filters - if empty then all filter will be used
  * 
  * @return  string|array
  */
 public static function secured_get_post($index = null, $default = null, $filters = array('strip_tags', 'htmlentities', 'xss_clean'))
 {
     return \Security::clean(\Input::get_post($index, $default), $filters);
 }
Beispiel #6
0
	private function _detect_format()
	{
		$pattern = '/\.(' . implode( '|', array_keys($this->_supported_formats) ) . ')$/';

		// Check if a file extension is used
		if (preg_match($pattern, end($_GET), $matches))
		{
			// The key of the last argument
			$last_key = end(array_keys($_GET));

			// Remove the extension from arguments too
			$_GET[$last_key] = preg_replace($pattern, '', \Input::get($last_key));

			return $matches[1];
		}

		// A format has been passed as an argument in the URL and it is supported
		if (\Input::get_post('format') and $this->_supported_formats[\Input::get_post('format')])
		{
			return \Input::get_post('format');
		}

		// Otherwise, check the HTTP_ACCEPT (if it exists and we are allowed)
		if (\Config::get('rest.ignore_http_accept') === false and \Input::server('HTTP_ACCEPT'))
		{
			// Check all formats against the HTTP_ACCEPT header
			foreach(array_keys($this->_supported_formats) as $format)
			{
				// Has this format been requested?
				if (strpos(\Input::server('HTTP_ACCEPT'), $format) !== false)
				{
					// If not HTML or XML assume its right and send it on its way
					if ($format != 'html' and $format != 'xml')
					{
						return $format;
					}

					// HTML or XML have shown up as a match
					else
					{
						// If it is truely HTML, it wont want any XML
						if ($format == 'html' and strpos(\Input::server('HTTP_ACCEPT'), 'xml') === false)
						{
							return $format;
						}

						// If it is truely XML, it wont want any HTML
						elseif ($format == 'xml' and strpos(\Input::server('HTTP_ACCEPT'), 'html') === false)
						{
							return $format;
						}
					}
				}
			}

		} // End HTTP_ACCEPT checking

		// Well, none of that has worked! Let's see if the controller has a default
		if ( ! empty($this->rest_format))
		{
			return $this->rest_format;
		}

		// Just use the default format
		return \Config::get('rest.default_format');
	}
Beispiel #7
0
	/**
	 * Exchange the request token for an access token.
	 *
	 *     $token = $provider->access_token($consumer, $token);
	 *
	 * @param   Consumer       consumer
	 * @param   Token_Request  token
	 * @param   array                additional request parameters
	 * @return  Token_Access
	 */
	public function access_token(Consumer $consumer, Token_Request $token, array $params = NULL)
	{
		// Create a new GET request for a request token with the required parameters
		$request = Request::forge('access', 'GET', $this->url_access_token(), array(
			'oauth_consumer_key' => $consumer->key,
			'oauth_token'        => $token->access_token,
			'oauth_verifier'     => $token->verifier,
		));

		if ($params)
		{
			// Load user parameters
			$request->params($params);
		}

		// Sign the request using only the consumer, no token is available yet
		$request->sign($this->signature, $consumer, $token);

		// Create a response from the request
		$response = $request->execute();
		
		// Store this token somewhere useful
		return Token::forge('access', array(
			'access_token'  => $response->param('oauth_token'),
			'secret' => $response->param('oauth_token_secret'),
			'uid' => $response->param($this->uid_key) ?: \Input::get_post($this->uid_key),
		));
	}