header('HTTP/1.0 403 Forbidden');
echo "The state parameter didn't match what was passed in to the Clef button.";
exit;
} else {
unset($_SESSION['state']);
}
return $is_valid;
}
if (!session_id()) {
session_start();
}
if (isset($_GET["code"]) && $_GET["code"] != "") {
validate_state($_GET["state"]);
\Clef\Clef::initialize(CLEF_ID, CLEF_SECRET);
try {
$response = \Clef\Clef::get_login_information($_GET["code"]);
$result = $response->info;
// reset the user's session
if (isset($result->id) && $result->id != '') {
//remove all the variables in the session
session_unset();
// destroy the session
session_destroy();
if (!session_id()) {
session_start();
}
$clef_id = $result->id;
$clef_email = $result->email;
require_once 'classes/user.php';
$user = new User($config);
if ($clef_users = $user->select_user(array('clef' => $clef_id))) {
<?php
require 'config.php';
require_once 'vendor/autoload.php';
if (isset($_POST['logout_token'])) {
\Clef\Clef::initialize(APP_ID, APP_SECRET);
try {
$clef_id = \Clef\Clef::get_logout_information($_POST["logout_token"]);
require 'mysql.php';
update_logged_out_at($clef_id, time(), $mysql);
die(json_encode(array('success' => true)));
} catch (Exception $e) {
die(json_encode(array('error' => $e->getMessage())));
}
}
function logout(&$args)
{
$args->retval = false;
error_log('log out requested');
\Clef\Clef::initialize(AUTH_APPID, AUTH_SECRET);
if (isset($_POST['logout_token'])) {
try {
$id = \Clef\Clef::get_logout_information($_POST['logout_token']);
$user =& $this->_find_user($id);
if ($user !== NULL) {
$user['logged_out_at'] = time();
/* updated model so save */
// XXX: this isn't multi user safe - we write in once hit
$this->_teapot->put_model('users', $this->_users);
error_log('logged out via Clef: ' . $user['id'] . ', ' . $user['email']);
}
$args->retval = true;
} catch (Exception $e) {
/* pass */
}
} else {
/* not the result of a oauth logout - check session */
if ($_SESSION[Auth::AUTHORIZED] === true) {
$this->_user['logged_out_at'] = time();
session_destroy();
// this session is done, discard
session_start();
// new shiny session
$this->_clear_session();
/* updated model so save */
// XXX: this isn't multi user safe - we write in once hit
$this->_teapot->put_model('users', $this->_users);
$args->retval = true;
error_log('logged out: ' . $this->_user['id'] . ', ' . $this->_user['email']);
}
}
}
public static function generate_session_state_parameter()
{
if (!session_id()) {
session_start();
}
if (isset($_SESSION['state'])) {
return $_SESSION['state'];
} else {
$state = Clef::base64url_encode(openssl_random_pseudo_bytes(32));
$_SESSION['state'] = $state;
return $state;
}
}
