<?php require_once "{$docRoot}/inc/class.opth.php"; if (isset($_POST['api_key']) && isset($_POST['api_secret']) && isset($user_token) && isset($what)) { $sid = Opth::exists($_POST['api_key'], $_POST['api_secret']); if ($sid == false) { echo "false"; exit; } Opth::$sid = $sid; if (Opth::authorized($user_token) == false) { echo "false"; exit; } $sql = $OP->dbh->prepare("SELECT `uid`, `permissions` FROM `opth_session` WHERE `access_token` = ? AND `sid` = ?"); $sql->execute(array($user_token, $sid)); $data = $sql->fetch(PDO::FETCH_ASSOC); $uid = $data['uid']; $given_scopes = array_flip(unserialize($data['permissions'])); $scope_to_values = array("read-name" => "name"); $obtainable_values = array("info" => array("read-name"), "email" => array("email-send")); if (substr($what, 0, 7) == "action-") { $what = substr_replace($what, "", 0, 7); if (isset($obtainable_values[$what])) { if ($what == "email" && isset($given_scopes[$obtainable_values[$what][0]]) && isset($_POST['subject']) && isset($_POST['body']) && $_POST['subject'] != null && $_POST['body'] != null) { $sql = $OP->dbh->prepare("SELECT `username` FROM `users` WHERE `id` = ?"); $sql->execute(array($uid)); $email = $sql->fetchColumn(); $status = $OP->sendEMail($email, $_POST['subject'], $_POST['body'], true); echo $status == true ? "true" : "false"; } else {
<?php require_once "{$docRoot}/inc/class.opth.php"; if (isset($_POST['api_key']) && isset($_POST['api_secret']) && isset($_POST['token'])) { $api_key = $_POST['api_key']; $api_secret = $_POST['api_secret']; $token = $_POST['token']; $sid = Opth::exists($api_key, $api_secret); if ($sid !== false) { $sql = $OP->dbh->prepare("SELECT `access_token` FROM `opth_session` WHERE `server_token` = ? AND `sid` = ?"); $sql->execute(array($token, $sid)); if ($sql->rowCount() == 0) { echo "false"; } else { echo $sql->fetchColumn(); $sql = $OP->dbh->prepare("DELETE FROM `opth_tokens` WHERE `sid` = ? AND `token` = ?"); $sql->execute(array($sid, $token)); } } else { echo "false"; } }