function user_oauth() { require_once 'OAuth.php'; session_start(); $GLOBALS['user']['type'] = 'oauth'; if ($oauth_token = $_GET['oauth_token']) { $params = array('oauth_verifier' => $_GET['oauth_verifier']); $response = twitter_process('https://api.twitter.com/oauth/access_token', $params); unset($_SESSION['oauth_request_token_secret']); parse_str($response, $token); // 判断 user 是否在列表中 if (INVITE && !_is_user_invited($token['screen_name'])) { unset($GLOBALS['user']); exit('对不起,您不是受邀用户,无法登录(如果你有邀请码,<a href="' . BASE_URL . 'invite.php">请自行添加</a>)'); } $GLOBALS['user']['username'] = $token['screen_name']; $GLOBALS['user']['password'] = $token['oauth_token'] . '|' . $token['oauth_token_secret']; _user_save_cookie(); header('Location: ' . BASE_URL); return; } $params = array('oauth_callback' => BASE_URL . 'oauth'); $response = twitter_process('https://api.twitter.com/oauth/request_token', $params); parse_str($response, $token); $_SESSION['oauth_request_token_secret'] = $token['oauth_token_secret']; $authorise_url = 'https://api.twitter.com/oauth/authorize?oauth_token=' . $token['oauth_token']; header('Location: ' . $authorise_url); }
function user_oauth() { require_once 'OAuth.php'; session_start(); $GLOBALS['user']['type'] = 'oauth'; if ($oauth_token = $_GET['oauth_token']) { $params = array('oauth_verifier' => $_GET['oauth_verifier']); $response = twitter_process('https://api.twitter.com/oauth/access_token', $params); parse_str($response, $token); $GLOBALS['user']['password'] = $token['oauth_token'] . '|' . $token['oauth_token_secret']; unset($_SESSION['oauth_request_token_secret']); $user = twitter_process('https://api.twitter.com/account/verify_credentials.json'); $GLOBALS['user']['username'] = $user->screen_name; _user_save_cookie(1); header('Location: ' . BASE_URL); exit; } else { $params = array('oauth_callback' => BASE_URL . 'oauth'); $response = twitter_process('https://api.twitter.com/oauth/request_token', $params); parse_str($response, $token); $_SESSION['oauth_request_token_secret'] = $token['oauth_token_secret']; $authorise_url = 'https://api.twitter.com/oauth/authorize?oauth_token=' . $token['oauth_token']; header("Location: {$authorise_url}"); } }
function user_oauth() { //require_once ('codebird.php'); $cb = \Codebird\Codebird::getInstance(); // Flag forces twitter_process() to use OAuth signing // $GLOBALS['user']['type'] = 'oauth'; // If there's no OAuth Token, take the user to Twiter's sign in page if (!isset($_SESSION['oauth_token'])) { // get the request token $reply = $cb->oauth_requestToken(array('oauth_callback' => SERVER_NAME . $_SERVER['REQUEST_URI'])); // store the token $cb->setToken($reply->oauth_token, $reply->oauth_token_secret); $_SESSION['oauth_token'] = $reply->oauth_token; $_SESSION['oauth_token_secret'] = $reply->oauth_token_secret; $_SESSION['oauth_verify'] = true; // redirect to auth website $auth_url = $cb->oauth_authorize(); header('Location: ' . $auth_url); die; } elseif (isset($_GET['oauth_verifier']) && isset($_SESSION['oauth_verify'])) { // verify the token $cb->setToken($_SESSION['oauth_token'], $_SESSION['oauth_token_secret']); unset($_SESSION['oauth_verify']); // get the access token $reply = $cb->oauth_accessToken(array('oauth_verifier' => $_GET['oauth_verifier'])); // store the token (which is different from the request token!) $_SESSION['oauth_token'] = $reply->oauth_token; $_SESSION['oauth_token_secret'] = $reply->oauth_token_secret; $cb->setToken($_SESSION['oauth_token'], $_SESSION['oauth_token_secret']); // Verify and get the username $user = $cb->account_verifyCredentials(); $GLOBALS['user']['username'] = $user->screen_name; // Store ACCESS tokens in COOKIE $GLOBALS['user']['password'] = $_SESSION['oauth_token'] . '|' . $_SESSION['oauth_token_secret']; _user_save_cookie(1); // send to same URL, without oauth GET parameters header('Location: ' . BASE_URL); die; } header('Location: ' . BASE_URL); }
function user_is_authenticated() { if (!isset($GLOBALS['user'])) { if (array_key_exists('USER_AUTH', $_COOKIE)) { _user_decrypt_cookie($_COOKIE['USER_AUTH']); } else { $GLOBALS['user'] = array(); } } // Auto-logout any users that aren't correctly using OAuth if (user_current_username() && user_type() !== 'oauth') { user_logout(); twitter_refresh('logout'); } if (!user_current_username()) { if ($_POST['username'] && $_POST['password']) { $GLOBALS['user']['username'] = trim($_POST['username']); $GLOBALS['user']['password'] = $_POST['password']; $GLOBALS['user']['type'] = 'oauth'; $username = strtolower($GLOBALS['user']['username']); if (ACCESS_USERS == 'MYSQL') { $con = @mysql_connect(MYSQL_URL, MYSQL_USER, MYSQL_PASSWORD) || theme('error', '<p>Error failed to connect your MySQL Database.</p>'); @mysql_select_db(MYSQL_DB) || theme('error', '<p>Error failed to select your MySQL Database.</p>'); $sql = sprintf("SELECT * FROM user WHERE username=%s AND password=MD5(%s) LIMIT 1", check_input($username), check_input($GLOBALS['user']['password'])); $rs = @mysql_query($sql) or theme('error', '<p>Error failed to find your OAuth Information into your MySQL Database.</p><p>If this is your first time to use Dabr Password, please <a href="oauth">Sign in via Twitter.com</a> first. And then, visit the Dabr settings page to choose a password.</p>'); if ($rs && ($user = mysql_fetch_object($rs))) { $GLOBALS['user']['password'] = $user->oauth_key . '|' . $user->oauth_secret; } else { theme('error', '<p>Invalid username or password.</p><p>If this is your first time to use Dabr Password, please <a href="oauth">Sign in via Twitter.com</a> first. And then, visit the Dabr settings page to choose a password.</p>'); } } if (ACCESS_USERS == 'FILE') { $token = @glob(CACHE_FLODER . $username . '.*') or theme('error', '<p>No record.</p><p>If this is your first time to use Dabr Password, please <a href="oauth">Sign in via Twitter.com</a> first. And then, visit the Dabr settings page to choose a password.</p>'); if (!empty($token)) { $str = @file_get_contents($token[0]) or theme('error', '<p>Error failed to read access_token file.</p><p>Please check if you have read permission to access_token file.</p>'); $user = json_decode($str); if ($user && md5($GLOBALS['user']['password']) == $user->password) { $GLOBALS['user']['password'] = $user->oauth_key . '|' . $user->oauth_secret; } else { theme('error', '<p>Invalid username or password.</p>'); } } else { theme('error', '<p>Error failed to read cache directory.</p><p>Please check if you have read permission to cache directory.</p>'); } } _user_save_cookie($_POST['stay-logged-in'] == 'yes'); header('Location: ' . BASE_URL); exit; } else { return false; } } return true; }
function user_is_authenticated() { if (!isset($GLOBALS['user'])) { if (array_key_exists('USER_AUTH', $_COOKIE)) { _user_decrypt_cookie($_COOKIE['USER_AUTH']); } else { $GLOBALS['user'] = array(); } } // Auto-logout any users that aren't correctly using OAuth if (user_current_username() && user_type() !== 'oauth') { user_logout(); twitter_refresh('logout'); } if (!user_current_username()) { if ($_POST['username'] && $_POST['password']) { $GLOBALS['user']['username'] = trim($_POST['username']); $GLOBALS['user']['password'] = $_POST['password']; $GLOBALS['user']['type'] = 'oauth'; $sql = sprintf("SELECT * FROM user WHERE username='******' AND password=MD5('%s') LIMIT 1", mysql_escape_string($GLOBALS['user']['username']), mysql_escape_string($GLOBALS['user']['password'])); $rs = mysql_query($sql); if ($rs && ($user = mysql_fetch_object($rs))) { $GLOBALS['user']['password'] = $user->oauth_key . '|' . $user->oauth_secret; } else { theme('error', 'Invalid username or password.'); } _user_save_cookie($_POST['stay-logged-in'] == 'yes'); header('Location: ' . BASE_URL); exit; } else { return false; } } return true; }
function user_is_authenticated() { if (!isset($GLOBALS['user'])) { if (array_key_exists('USER_AUTH', $_COOKIE)) { _user_decrypt_cookie($_COOKIE['USER_AUTH']); } else { $GLOBALS['user'] = array(); } } if (!$GLOBALS['user']['username']) { if ($_POST['username'] && $_POST['password']) { $GLOBALS['user']['username'] = trim($_POST['username']); $GLOBALS['user']['password'] = $_POST['password']; $GLOBALS['user']['type'] = 'normal'; _user_save_cookie($_POST['stay-logged-in'] == 'yes'); header('Location: ' . BASE_URL); exit; } else { return false; } } return true; }