/**
* Server means the SITE to which user is connecting to
* Get the server's info as array. Also, intialize the user to the server
*/
public static function server($api_key, $redirect_url)
{
$sql = self::$OP->dbh->prepare("SELECT * FROM `opth_sites` WHERE `api_key` = ? AND `redirect_url` LIKE ?");
$sql->execute(array($api_key, "%{$redirect_url}%"));
if ($sql->rowCount() == 0) {
return false;
} else {
$data = $sql->fetch(PDO::FETCH_ASSOC);
self::$sid = $data["id"];
return $data;
}
}
?>
</head>
<body>
<?php
include "{$docRoot}/inc/header.php";
?>
<div class="wrapper">
<div class="content">
<h1>Opth Sites</h1>
<?php
if (isset($_POST['registerSite'])) {
$title = $_POST['title'];
$url = $_POST['url'];
$description = $_POST['description'];
$redirect_url = $_POST['redirect_url'];
$register = Opth::register($title, $url, $description, $redirect_url);
if ($register === true) {
$OP->sss("Registered", "The site is registered.");
} else {
if ($register == "exists") {
$OP->ser("Registered Already", "The site is registered already.", "html", false);
} else {
$OP->ser("Problems", "Something occured, please try again or contact support team.", "html", false);
}
}
}
?>
<p>Sites you registered with Opth :</p>
<?php
$sql = $OP->dbh->prepare("SELECT * FROM `opth_sites` WHERE `uid` = ?");
$sql->execute(array($who));
include "{$docRoot}/inc/header.php";
?>
<div class="wrapper">
<div class="content">
<?php
if (!isset($error)) {
?>
<h1>Opth Login</h1>
<p>Would you like to authorize <?php
echo $server_name;
?>
to do these processes :</p>
<ul>
<?php
foreach ($scope as $item) {
echo "<li>" . Opth::readable_scope($item) . "</li>";
}
?>
</ul>
<div class="auth_buttons">
<form method="POST" action="<?php
echo \Fr\LS::curPageURL();
?>
">
<button class="button b-green" name="authorize">I Authorize</button>
</form>
<form method="POST" action="<?php
echo \Fr\LS::curPageURL();
?>
">
<button class="button b-red" name="deny">No, I don't</button>
<?php
require_once "{$docRoot}/inc/class.opth.php";
if (isset($_POST['api_key']) && isset($_POST['api_secret']) && isset($user_token) && isset($what)) {
$sid = Opth::exists($_POST['api_key'], $_POST['api_secret']);
if ($sid == false) {
echo "false";
exit;
}
Opth::$sid = $sid;
if (Opth::authorized($user_token) == false) {
echo "false";
exit;
}
$sql = $OP->dbh->prepare("SELECT `uid`, `permissions` FROM `opth_session` WHERE `access_token` = ? AND `sid` = ?");
$sql->execute(array($user_token, $sid));
$data = $sql->fetch(PDO::FETCH_ASSOC);
$uid = $data['uid'];
$given_scopes = array_flip(unserialize($data['permissions']));
$scope_to_values = array("read-name" => "name");
$obtainable_values = array("info" => array("read-name"), "email" => array("email-send"));
if (substr($what, 0, 7) == "action-") {
$what = substr_replace($what, "", 0, 7);
if (isset($obtainable_values[$what])) {
if ($what == "email" && isset($given_scopes[$obtainable_values[$what][0]]) && isset($_POST['subject']) && isset($_POST['body']) && $_POST['subject'] != null && $_POST['body'] != null) {
$sql = $OP->dbh->prepare("SELECT `username` FROM `users` WHERE `id` = ?");
$sql->execute(array($uid));
$email = $sql->fetchColumn();
$status = $OP->sendEMail($email, $_POST['subject'], $_POST['body'], true);
echo $status == true ? "true" : "false";
} else {
$sql = $OP->dbh->prepare("SELECT * FROM `opth_session` WHERE `uid` = ?");
$sql->execute(array($who));
$sites = $sql->fetchAll(PDO::FETCH_ASSOC);
if (count($sites) == 0) {
$OP->sss("No Sites", "You haven't authorized any site through Opth.");
} else {
echo "<table>\n <thead>\n <tr>\n <td>Site</td>\n <td>Permissions</td>\n <td>Authorized</td>\n <td>Expires</td>\n <td></td>\n </tr>\n </thead>\n <tbody>";
foreach ($sites as $site) {
$site_info = $OP->dbh->prepare("SELECT `title` FROM `opth_sites` WHERE `id` = ?");
$site_info->execute(array($site['sid']));
$site_info = $site_info->fetch(PDO::FETCH_ASSOC);
echo "<tr>";
echo "<td>{$site_info['title']}</td>";
echo "<td>";
foreach (unserialize($site['permissions']) as $perm) {
echo "<li>" . Opth::readable_scope($perm) . "</li>";
}
echo "</td>";
echo "<td>" . date("F j, Y", $site['created']) . "</td>";
echo "<td>" . date("F j, Y", $site['expiry']) . "</td>";
echo "<td><form method='POST'><input type='hidden' name='action' value='revoke' /><input type='hidden' name='id' value='{$site['sid']}' /><button class='red'>Revoke Access</button></form></td>";
echo "</tr>";
}
echo "</tbody></table>";
}
?>
<p style="color: red;">Note that after you revoke access, all data on the site being revoked will be lost.</p>
<h1>Opth Dev</h1>
<p>Would you like to implement Opth into your site ?</p>
<p>See <a href="<?php
echo HOST . "/opth/sites";
<?php
require_once "{$docRoot}/inc/class.opth.php";
if (isset($_POST['api_key']) && isset($_POST['api_secret']) && isset($_POST['token'])) {
$api_key = $_POST['api_key'];
$api_secret = $_POST['api_secret'];
$token = $_POST['token'];
$sid = Opth::exists($api_key, $api_secret);
if ($sid !== false) {
$sql = $OP->dbh->prepare("SELECT `access_token` FROM `opth_session` WHERE `server_token` = ? AND `sid` = ?");
$sql->execute(array($token, $sid));
if ($sql->rowCount() == 0) {
echo "false";
} else {
echo $sql->fetchColumn();
$sql = $OP->dbh->prepare("DELETE FROM `opth_tokens` WHERE `sid` = ? AND `token` = ?");
$sql->execute(array($sid, $token));
}
} else {
echo "false";
}
}
