}
// Step 4: Now the user has authenticated, do something with the permanent token and secret we received
function verify_credentials($tmhOAuth)
{
$tmhOAuth->config['user_token'] = $_SESSION['access_token']['oauth_token'];
$tmhOAuth->config['user_secret'] = $_SESSION['access_token']['oauth_token_secret'];
$code = $tmhOAuth->request('GET', $tmhOAuth->url('1/account/verify_credentials'));
if ($code == 200) {
echo $tmhOAuth->response['response'];
} else {
outputError($tmhOAuth);
}
}
/* Auth Flow */
if (isset($_REQUEST['wipe'])) {
// Logging out
wipe();
return;
}
if (isset($_REQUEST['start'])) {
// Let's start the OAuth dance
request_token($tmhOAuth);
} elseif (isset($_REQUEST['oauth_verifier'])) {
access_token($tmhOAuth);
} elseif (isset($_SESSION['access_token'])) {
// Some credentials already stored in this browser session.
verify_credentials($tmhOAuth);
} else {
// User's not logged in.
echo json_encode(array('loggedin' => false));
}
* See the License for the specific language governing permissions and
* limitations under the License.
*/
// Author: Jenny Murphy - http://google.com/+JennyMurphy
require_once 'config.php';
require_once 'mirror-client.php';
require_once 'google-api-php-client/src/Google_Client.php';
require_once 'google-api-php-client/src/contrib/Google_MirrorService.php';
require_once 'util.php';
$client = get_google_api_client();
// Authenticate if we're not already
if (!isset($_SESSION['userid']) || get_credentials($_SESSION['userid']) == null) {
header('Location: ' . $base_url . '/oauth2callback.php');
exit;
} else {
verify_credentials(get_credentials($_SESSION['userid']));
$client->setAccessToken(get_credentials($_SESSION['userid']));
}
// A glass service for interacting with the Mirror API
$mirror_service = new Google_MirrorService($client);
// But first, handle POST data from the form (if there is any)
switch ($_POST['operation']) {
case 'insertItem':
$new_timeline_item = new Google_TimelineItem();
$new_timeline_item->setText($_POST['message']);
$notification = new Google_NotificationConfig();
$notification->setLevel("DEFAULT");
$new_timeline_item->setNotification($notification);
if (isset($_POST['imageUrl']) && isset($_POST['contentType'])) {
insert_timeline_item($mirror_service, $new_timeline_item, $_POST['contentType'], file_get_contents($_POST['imageUrl']));
} else {
$code = $tmhOAuth->request('GET', $tmhOAuth->url('1/account/verify_credentials'));
if ($code == 200) {
$response = json_decode($tmhOAuth->response['response']);
$_SESSION['account']['users'][$id] = array('user_id' => $response->id, 'user_screen_name' => $response->screen_name, 'profile_image_url' => $response->profile_image_url, 'name' => $response->name, 'id' => $id);
} else {
outputError($tmhOAuth);
}
}
/* Auth Flow */
if (isset($_REQUEST['wipe'])) {
// Logging out
wipe();
return;
}
if (isset($_REQUEST['start'])) {
// Let's start the OAuth dance
request_token($tmhOAuth);
} elseif (isset($_REQUEST['oauth_verifier'])) {
access_token($tmhOAuth);
} elseif (isset($_SESSION['account'])) {
// Some credentials already stored in this browser session.
foreach ($_SESSION['account']['users'] as $id => $user) {
if (!isset($user['profile_image_url'])) {
verify_credentials($tmhOAuth, $id);
}
}
echo json_encode($_SESSION['account']);
} else {
// User's not logged in.
echo json_encode(array('loggedin' => false));
}
$jsonLogger->setIpAddress($_SERVER['REMOTE_ADDR']);
$jsonLogger->insert();
$jsonParser = new JSONParser();
try {
$jsonParser->parse($jsonString);
} catch (Exception $e) {
die("Exception: " . $e->getMessage());
}
} else {
function send401()
{
$realm = "Frogmod Database";
header('WWW-Authenticate: Basic realm="' . $realm . '"');
header('HTTP/1.1 401 Unauthorized');
die;
}
function verify_credentials($user, $password)
{
//check user and password here. Return true or false
return $user == Config::$auth['user'] && $password == Config::$auth['pass'];
}
if (!empty(Config::$auth['user'])) {
if (!array_key_exists('PHP_AUTH_USER', $_SERVER) || !array_key_exists('PHP_AUTH_PW', $_SERVER)) {
send401();
} elseif (!verify_credentials($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) {
send401();
}
}
include 'main.php';
exit;
}
function access_token($tmhOAuth)
{
$params = uri_params();
if ($params['oauth_token'] !== $_SESSION['oauth']['oauth_token']) {
error('The oauth token you started with doesn\'t match the one you\'ve been redirected with. do you have multiple tabs open?');
return;
}
if (!isset($params['oauth_verifier'])) {
error('The oauth verifier is missing so we cannot continue. did you deny the appliction access?');
return;
}
// update with the temporary token and secret
$tmhOAuth->reconfigure(array_merge($tmhOAuth->config, array('token' => $_SESSION['oauth']['oauth_token'], 'secret' => $_SESSION['oauth']['oauth_token_secret'])));
$code = $tmhOAuth->user_request(array('method' => 'POST', 'url' => $tmhOAuth->url('oauth/access_token', ''), 'params' => array('oauth_verifier' => trim($params['oauth_verifier']))));
if ($code == 200) {
$oauth_creds = $tmhOAuth->extract_params($tmhOAuth->response['response']);
verify_credentials($tmhOAuth, htmlspecialchars($oauth_creds['oauth_token']), htmlspecialchars($oauth_creds['oauth_token_secret']));
} else {
error("There was an error communicating with Twitter. {$tmhOAuth->response['response']}");
return;
}
}
