/**
* Server means the SITE to which user is connecting to
* Get the server's info as array. Also, intialize the user to the server
*/
public static function server($api_key, $redirect_url)
{
$sql = self::$OP->dbh->prepare("SELECT * FROM `opth_sites` WHERE `api_key` = ? AND `redirect_url` LIKE ?");
$sql->execute(array($api_key, "%{$redirect_url}%"));
if ($sql->rowCount() == 0) {
return false;
} else {
$data = $sql->fetch(PDO::FETCH_ASSOC);
self::$sid = $data["id"];
return $data;
}
}
<?php
require_once "{$docRoot}/inc/class.opth.php";
if (isset($_POST['api_key']) && isset($_POST['api_secret']) && isset($user_token) && isset($what)) {
$sid = Opth::exists($_POST['api_key'], $_POST['api_secret']);
if ($sid == false) {
echo "false";
exit;
}
Opth::$sid = $sid;
if (Opth::authorized($user_token) == false) {
echo "false";
exit;
}
$sql = $OP->dbh->prepare("SELECT `uid`, `permissions` FROM `opth_session` WHERE `access_token` = ? AND `sid` = ?");
$sql->execute(array($user_token, $sid));
$data = $sql->fetch(PDO::FETCH_ASSOC);
$uid = $data['uid'];
$given_scopes = array_flip(unserialize($data['permissions']));
$scope_to_values = array("read-name" => "name");
$obtainable_values = array("info" => array("read-name"), "email" => array("email-send"));
if (substr($what, 0, 7) == "action-") {
$what = substr_replace($what, "", 0, 7);
if (isset($obtainable_values[$what])) {
if ($what == "email" && isset($given_scopes[$obtainable_values[$what][0]]) && isset($_POST['subject']) && isset($_POST['body']) && $_POST['subject'] != null && $_POST['body'] != null) {
$sql = $OP->dbh->prepare("SELECT `username` FROM `users` WHERE `id` = ?");
$sql->execute(array($uid));
$email = $sql->fetchColumn();
$status = $OP->sendEMail($email, $_POST['subject'], $_POST['body'], true);
echo $status == true ? "true" : "false";
} else {
