/**
* API Login via basic-auth or OAuth
*/
function api_login(&$a)
{
$record = null;
require_once 'include/oauth.php';
// login with oauth
try {
$oauth = new ZotOAuth1();
$req = OAuth1Request::from_request();
list($consumer, $token) = $oauth->verify_request($req);
if (!is_null($token)) {
$oauth->loginUser($token->uid);
App::set_oauth_key($consumer->key);
call_hooks('logged_in', App::$user);
return;
}
killme();
} catch (Exception $e) {
logger($e->getMessage());
}
// workarounds for HTTP-auth in CGI mode
if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6));
if (strlen($userpass)) {
list($name, $password) = explode(':', $userpass);
$_SERVER['PHP_AUTH_USER'] = $name;
$_SERVER['PHP_AUTH_PW'] = $password;
}
}
if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6));
if (strlen($userpass)) {
list($name, $password) = explode(':', $userpass);
$_SERVER['PHP_AUTH_USER'] = $name;
$_SERVER['PHP_AUTH_PW'] = $password;
}
}
require_once 'include/auth.php';
require_once 'include/security.php';
// process normal login request
if (isset($_SERVER['PHP_AUTH_USER'])) {
$channel_login = 0;
$record = account_verify_password($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
if ($record && $record['channel']) {
$channel_login = $record['channel']['channel_id'];
}
}
if ($record['account']) {
authenticate_success($record['account']);
if ($channel_login) {
change_channel($channel_login);
}
$_SESSION['allow_api'] = true;
return true;
} else {
$_SERVER['PHP_AUTH_PW'] = '*****';
logger('API_login failure: ' . print_r($_SERVER, true), LOGGER_DEBUG);
log_failed_login('API login failure');
retry_basic_auth();
}
}
function api_content(&$a)
{
if (App::$cmd == 'api/oauth/authorize') {
/*
* api/oauth/authorize interact with the user. return a standard page
*/
App::$page['template'] = "minimal";
// get consumer/client from request token
try {
$request = OAuth1Request::from_request();
} catch (Exception $e) {
echo "<pre>";
var_dump($e);
killme();
}
if (x($_POST, 'oauth_yes')) {
$app = oauth_get_client($request);
if (is_null($app)) {
return "Invalid request. Unknown token.";
}
$consumer = new OAuth1Consumer($app['client_id'], $app['pw'], $app['redirect_uri']);
$verifier = md5($app['secret'] . local_channel());
set_config("oauth", $verifier, local_channel());
if ($consumer->callback_url != null) {
$params = $request->get_parameters();
$glue = "?";
if (strstr($consumer->callback_url, $glue)) {
$glue = "?";
}
goaway($consumer->callback_url . $glue . "oauth_token=" . OAuth1Util::urlencode_rfc3986($params['oauth_token']) . "&oauth_verifier=" . OAuth1Util::urlencode_rfc3986($verifier));
killme();
}
$tpl = get_markup_template("oauth_authorize_done.tpl");
$o = replace_macros($tpl, array('$title' => t('Authorize application connection'), '$info' => t('Return to your app and insert this Securty Code:'), '$code' => $verifier));
return $o;
}
if (!local_channel()) {
//TODO: we need login form to redirect to this page
notice(t('Please login to continue.') . EOL);
return login(false, 'api-login', $request->get_parameters());
}
//FKOAuth1::loginUser(4);
$app = oauth_get_client($request);
if (is_null($app)) {
return "Invalid request. Unknown token.";
}
$tpl = get_markup_template('oauth_authorize.tpl');
$o = replace_macros($tpl, array('$title' => t('Authorize application connection'), '$app' => $app, '$authorize' => t('Do you want to authorize this application to access your posts and contacts, and/or create new posts for you?'), '$yes' => t('Yes'), '$no' => t('No')));
//echo "<pre>"; var_dump($app); killme();
return $o;
}
echo api_call($a);
killme();
}
/**
* Format and sign an OAuth / API request
*/
function oAuthRequest($url, $method, $parameters)
{
if (strrpos($url, 'https://') !== 0 && strrpos($url, 'http://') !== 0) {
$url = "{$this->host}{$url}.{$this->format}";
}
$request = OAuth1Request::from_consumer_and_token($this->consumer, $this->token, $method, $url, $parameters);
$request->sign_request($this->sha1_method, $this->consumer, $this->token);
switch ($method) {
case 'GET':
return $this->http($request->to_url(), 'GET');
default:
return $this->http($request->get_normalized_http_url(), $method, $request->to_postdata());
}
}
function api_oauth_access_token($a, $type)
{
try {
$oauth = new ZotOAuth1();
$req = OAuth1Request::from_request();
$r = $oauth->fetch_access_token($req);
} catch (Exception $e) {
echo "error=" . OAuth1Util::urlencode_rfc3986($e->getMessage());
killme();
}
echo $r;
killme();
}
/**
* pretty much a helper function to set up the request
*/
public static function from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters = NULL)
{
@$parameters or $parameters = array();
$defaults = array("oauth_version" => OAuth1Request::$version, "oauth_nonce" => OAuth1Request::generate_nonce(), "oauth_timestamp" => OAuth1Request::generate_timestamp(), "oauth_consumer_key" => $consumer->key);
if ($token) {
$defaults['oauth_token'] = $token->key;
}
$parameters = array_merge($defaults, $parameters);
return new OAuth1Request($http_method, $http_url, $parameters);
}
