function user_oauth()
{
require_once 'OAuth.php';
session_start();
$GLOBALS['user']['type'] = 'oauth';
if ($oauth_token = $_GET['oauth_token']) {
$params = array('oauth_verifier' => $_GET['oauth_verifier']);
$response = twitter_process('https://api.twitter.com/oauth/access_token', $params);
unset($_SESSION['oauth_request_token_secret']);
parse_str($response, $token);
// 判断 user 是否在列表中
if (INVITE && !_is_user_invited($token['screen_name'])) {
unset($GLOBALS['user']);
exit('对不起,您不是受邀用户,无法登录(如果你有邀请码,<a href="' . BASE_URL . 'invite.php">请自行添加</a>)');
}
$GLOBALS['user']['username'] = $token['screen_name'];
$GLOBALS['user']['password'] = $token['oauth_token'] . '|' . $token['oauth_token_secret'];
_user_save_cookie();
header('Location: ' . BASE_URL);
return;
}
$params = array('oauth_callback' => BASE_URL . 'oauth');
$response = twitter_process('https://api.twitter.com/oauth/request_token', $params);
parse_str($response, $token);
$_SESSION['oauth_request_token_secret'] = $token['oauth_token_secret'];
$authorise_url = 'https://api.twitter.com/oauth/authorize?oauth_token=' . $token['oauth_token'];
header('Location: ' . $authorise_url);
}
function user_oauth()
{
require_once 'OAuth.php';
session_start();
$GLOBALS['user']['type'] = 'oauth';
if ($oauth_token = $_GET['oauth_token']) {
$params = array('oauth_verifier' => $_GET['oauth_verifier']);
$response = twitter_process('https://api.twitter.com/oauth/access_token', $params);
parse_str($response, $token);
$GLOBALS['user']['password'] = $token['oauth_token'] . '|' . $token['oauth_token_secret'];
unset($_SESSION['oauth_request_token_secret']);
$user = twitter_process('https://api.twitter.com/account/verify_credentials.json');
$GLOBALS['user']['username'] = $user->screen_name;
_user_save_cookie(1);
header('Location: ' . BASE_URL);
exit;
} else {
$params = array('oauth_callback' => BASE_URL . 'oauth');
$response = twitter_process('https://api.twitter.com/oauth/request_token', $params);
parse_str($response, $token);
$_SESSION['oauth_request_token_secret'] = $token['oauth_token_secret'];
$authorise_url = 'https://api.twitter.com/oauth/authorize?oauth_token=' . $token['oauth_token'];
header("Location: {$authorise_url}");
}
}
function user_oauth()
{
//require_once ('codebird.php');
$cb = \Codebird\Codebird::getInstance();
// Flag forces twitter_process() to use OAuth signing
// $GLOBALS['user']['type'] = 'oauth';
// If there's no OAuth Token, take the user to Twiter's sign in page
if (!isset($_SESSION['oauth_token'])) {
// get the request token
$reply = $cb->oauth_requestToken(array('oauth_callback' => SERVER_NAME . $_SERVER['REQUEST_URI']));
// store the token
$cb->setToken($reply->oauth_token, $reply->oauth_token_secret);
$_SESSION['oauth_token'] = $reply->oauth_token;
$_SESSION['oauth_token_secret'] = $reply->oauth_token_secret;
$_SESSION['oauth_verify'] = true;
// redirect to auth website
$auth_url = $cb->oauth_authorize();
header('Location: ' . $auth_url);
die;
} elseif (isset($_GET['oauth_verifier']) && isset($_SESSION['oauth_verify'])) {
// verify the token
$cb->setToken($_SESSION['oauth_token'], $_SESSION['oauth_token_secret']);
unset($_SESSION['oauth_verify']);
// get the access token
$reply = $cb->oauth_accessToken(array('oauth_verifier' => $_GET['oauth_verifier']));
// store the token (which is different from the request token!)
$_SESSION['oauth_token'] = $reply->oauth_token;
$_SESSION['oauth_token_secret'] = $reply->oauth_token_secret;
$cb->setToken($_SESSION['oauth_token'], $_SESSION['oauth_token_secret']);
// Verify and get the username
$user = $cb->account_verifyCredentials();
$GLOBALS['user']['username'] = $user->screen_name;
// Store ACCESS tokens in COOKIE
$GLOBALS['user']['password'] = $_SESSION['oauth_token'] . '|' . $_SESSION['oauth_token_secret'];
_user_save_cookie(1);
// send to same URL, without oauth GET parameters
header('Location: ' . BASE_URL);
die;
}
header('Location: ' . BASE_URL);
}
function user_is_authenticated()
{
if (!isset($GLOBALS['user'])) {
if (array_key_exists('USER_AUTH', $_COOKIE)) {
_user_decrypt_cookie($_COOKIE['USER_AUTH']);
} else {
$GLOBALS['user'] = array();
}
}
// Auto-logout any users that aren't correctly using OAuth
if (user_current_username() && user_type() !== 'oauth') {
user_logout();
twitter_refresh('logout');
}
if (!user_current_username()) {
if ($_POST['username'] && $_POST['password']) {
$GLOBALS['user']['username'] = trim($_POST['username']);
$GLOBALS['user']['password'] = $_POST['password'];
$GLOBALS['user']['type'] = 'oauth';
$username = strtolower($GLOBALS['user']['username']);
if (ACCESS_USERS == 'MYSQL') {
$con = @mysql_connect(MYSQL_URL, MYSQL_USER, MYSQL_PASSWORD) || theme('error', '<p>Error failed to connect your MySQL Database.</p>');
@mysql_select_db(MYSQL_DB) || theme('error', '<p>Error failed to select your MySQL Database.</p>');
$sql = sprintf("SELECT * FROM user WHERE username=%s AND password=MD5(%s) LIMIT 1", check_input($username), check_input($GLOBALS['user']['password']));
$rs = @mysql_query($sql) or theme('error', '<p>Error failed to find your OAuth Information into your MySQL Database.</p><p>If this is your first time to use Dabr Password, please <a href="oauth">Sign in via Twitter.com</a> first. And then, visit the Dabr settings page to choose a password.</p>');
if ($rs && ($user = mysql_fetch_object($rs))) {
$GLOBALS['user']['password'] = $user->oauth_key . '|' . $user->oauth_secret;
} else {
theme('error', '<p>Invalid username or password.</p><p>If this is your first time to use Dabr Password, please <a href="oauth">Sign in via Twitter.com</a> first. And then, visit the Dabr settings page to choose a password.</p>');
}
}
if (ACCESS_USERS == 'FILE') {
$token = @glob(CACHE_FLODER . $username . '.*') or theme('error', '<p>No record.</p><p>If this is your first time to use Dabr Password, please <a href="oauth">Sign in via Twitter.com</a> first. And then, visit the Dabr settings page to choose a password.</p>');
if (!empty($token)) {
$str = @file_get_contents($token[0]) or theme('error', '<p>Error failed to read access_token file.</p><p>Please check if you have read permission to access_token file.</p>');
$user = json_decode($str);
if ($user && md5($GLOBALS['user']['password']) == $user->password) {
$GLOBALS['user']['password'] = $user->oauth_key . '|' . $user->oauth_secret;
} else {
theme('error', '<p>Invalid username or password.</p>');
}
} else {
theme('error', '<p>Error failed to read cache directory.</p><p>Please check if you have read permission to cache directory.</p>');
}
}
_user_save_cookie($_POST['stay-logged-in'] == 'yes');
header('Location: ' . BASE_URL);
exit;
} else {
return false;
}
}
return true;
}
function user_is_authenticated()
{
if (!isset($GLOBALS['user'])) {
if (array_key_exists('USER_AUTH', $_COOKIE)) {
_user_decrypt_cookie($_COOKIE['USER_AUTH']);
} else {
$GLOBALS['user'] = array();
}
}
// Auto-logout any users that aren't correctly using OAuth
if (user_current_username() && user_type() !== 'oauth') {
user_logout();
twitter_refresh('logout');
}
if (!user_current_username()) {
if ($_POST['username'] && $_POST['password']) {
$GLOBALS['user']['username'] = trim($_POST['username']);
$GLOBALS['user']['password'] = $_POST['password'];
$GLOBALS['user']['type'] = 'oauth';
$sql = sprintf("SELECT * FROM user WHERE username='******' AND password=MD5('%s') LIMIT 1", mysql_escape_string($GLOBALS['user']['username']), mysql_escape_string($GLOBALS['user']['password']));
$rs = mysql_query($sql);
if ($rs && ($user = mysql_fetch_object($rs))) {
$GLOBALS['user']['password'] = $user->oauth_key . '|' . $user->oauth_secret;
} else {
theme('error', 'Invalid username or password.');
}
_user_save_cookie($_POST['stay-logged-in'] == 'yes');
header('Location: ' . BASE_URL);
exit;
} else {
return false;
}
}
return true;
}
function user_is_authenticated()
{
if (!isset($GLOBALS['user'])) {
if (array_key_exists('USER_AUTH', $_COOKIE)) {
_user_decrypt_cookie($_COOKIE['USER_AUTH']);
} else {
$GLOBALS['user'] = array();
}
}
if (!$GLOBALS['user']['username']) {
if ($_POST['username'] && $_POST['password']) {
$GLOBALS['user']['username'] = trim($_POST['username']);
$GLOBALS['user']['password'] = $_POST['password'];
$GLOBALS['user']['type'] = 'normal';
_user_save_cookie($_POST['stay-logged-in'] == 'yes');
header('Location: ' . BASE_URL);
exit;
} else {
return false;
}
}
return true;
}
