function TPSession() { // define the DB store. if (!$this->store) { $this->store = OAuthStore::instance('MySQL', get_db_options()); } // determine who this user is (from this site's cookie alone) $this->user_id = get_user_id(COOKIE_NAME); debug("[TPSession::TPSesssion], user_id = " . $this->user_id); // If there's no user_id in the cookie, then there's no session -- not logged in. if (!$this->user_id) { return 0; } // This method look up the OAuth token in one of two ways: // 1. the _GET parameters -- if this is the last step of the OAuth dance. // 2. the Database -- if the user already completed the OAuth dance. $this->oauth_token = get_oauth_token(COOKIE_NAME, $_GET, $this->store); // debug ("OAUTH TOKEN = " . $this->oauth_token); // Somebody wanted to log out! You should let them. if (array_key_exists('logout', $_GET)) { $this->log_out(); } else { if (array_key_exists('oauth_verifier', $_GET)) { $this->verify_access_token(); } } // Also update the local author record if all goes well... if (!$this->author and $this->is_logged_in()) { $this->update_author_record(); } }
function get_session() { // $session = array('user' => '', 'begin_time' => 0, 'permissions' => array('admin' => false, 'add' => false, 'update' => false, 'view' => false), 'identification' => array('provider' => '')); $auth_conf_file = file_get_contents('./auth_conf.json'); if ($auth_conf_file) { // auth_conf.json file is compulsory, so that a possibly sensitive // data won't get open simply by accidentally removing the file. $auth_conf = json_decode($auth_conf_file, true); if (isset($_GET['auth_t'])) { $key = pg_escape_string($_GET['auth_t']); // Find the session from the database $db_opts = get_db_options(); $mongodb = connectMongoDB($db_opts['mongo_db_name']); $sessions = $mongodb->_sessions; $session = $sessions->findOne(array("_id" => $key), array("_id" => false)); } if ($auth_conf['open_data']) { // everybody can view open data $session['permissions']['view'] = true; } } return $session; }
<?php /* * Project: FI-WARE * Copyright (c) 2014 Center for Internet Excellence, University of Oulu, All Rights Reserved * For conditions of distribution and use, see copyright notice in LICENSE */ require_once 'db.php'; require_once 'data_manager.php'; require_once 'util.php'; if ($_SERVER['REQUEST_METHOD'] == 'DELETE') { if (isset($_GET['poi_id'])) { $uuid = pg_escape_string($_GET['poi_id']); $db_opts = get_db_options(); $pgcon = connectPostgreSQL($db_opts["sql_db_name"]); $fw_core_tbl = $db_opts['fw_core_table_name']; $del_stmt = "DELETE FROM {$fw_core_tbl} WHERE uuid='{$uuid}'"; $del_result = pg_query($del_stmt); if (!$del_result) { header("HTTP/1.0 500 Internal Server Error"); $error = pg_last_error(); die($error); } $rows_deleted = pg_affected_rows($del_result); if ($rows_deleted != 1) { header("HTTP/1.0 400 Bad Request"); die("The specified UUID was not found from the database!"); } $components = get_supported_components(); $m_db = connectMongoDB($db_opts['mongo_db_name']); foreach ($components as $component) {