/**
* attempt to build up a request from what was passed to the server
*/
public static function from_request($http_method = NULL, $http_url = NULL, $parameters = NULL)
{
$scheme = !isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on" ? 'http' : 'https';
$http_url = $http_url ? $http_url : $scheme . '://' . $_SERVER['SERVER_NAME'] . ':' . $_SERVER['SERVER_PORT'] . $_SERVER['REQUEST_URI'];
$http_method = $http_method ? $http_method : $_SERVER['REQUEST_METHOD'];
// We weren't handed any parameters, so let's find the ones relevant to
// this request.
// If you run XML-RPC or similar you should use this to provide your own
// parsed parameter-list
if (!$parameters) {
// Find request headers
$request_headers = OAuthUtil::get_headers();
// Parse the query-string to find GET parameters
$parameters = OAuthUtil::parse_parameters($_SERVER['QUERY_STRING']);
// It's a POST request of the proper content-type, so parse POST
// parameters and add those overriding any duplicates from GET
if ($http_method == "POST" && isset($request_headers['Content-Type']) && strstr($request_headers['Content-Type'], 'application/x-www-form-urlencoded')) {
$post_data = OAuthUtil::parse_parameters(file_get_contents(self::$POST_INPUT));
$parameters = array_merge($parameters, $post_data);
}
// We have a Authorization-header with OAuth data. Parse the header
// and add those overriding any duplicates from GET or POST
if (isset($request_headers['Authorization']) && substr($request_headers['Authorization'], 0, 6) == 'OAuth ') {
$header_parameters = OAuthUtil::split_header($request_headers['Authorization']);
$parameters = array_merge($parameters, $header_parameters);
}
}
return new OAuthRequest($http_method, $http_url, $parameters);
}
public function testGetHeaders()
{
if (function_exists('apache_request_headers')) {
$this->markTestSkipped('We assume the apache module is well tested. Since this module is present, no need testing our suplement');
}
$_SERVER['HTTP_HOST'] = 'foo';
$_SERVER['HTTP_X_WHATEVER'] = 'bar';
$this->assertEquals(array('Host' => 'foo', 'X-Whatever' => 'bar'), OAuthUtil::get_headers());
}
/**
* gets security token string from get, post or auth header
* @return string
*/
public static function getTokenStringFromRequest()
{
if (self::$rawToken) {
return self::$rawToken;
}
$headers = OAuthUtil::get_headers();
self::$rawToken = isset($_GET['st']) ? $_GET['st'] : (isset($_POST['st']) ? $_POST['st'] : (isset($headers['Authorization']) ? self::parseAuthorization($headers['Authorization']) : ''));
return self::$rawToken;
}
function handleOAuthBodyPOST($oauth_consumer_key, $oauth_consumer_secret)
{
$request_headers = OAuthUtil::get_headers();
// print_r($request_headers);
// Must reject application/x-www-form-urlencoded
if ($request_headers['Content-type'] == 'application/x-www-form-urlencoded' ) {
throw new Exception("OAuth request body signing must not use application/x-www-form-urlencoded");
}
if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
$header_parameters = OAuthUtil::split_header($request_headers['Authorization']);
// echo("HEADER PARMS=\n");
// print_r($header_parameters);
$oauth_body_hash = $header_parameters['oauth_body_hash'];
// echo("OBH=".$oauth_body_hash."\n");
}
if ( ! isset($oauth_body_hash) ) {
throw new Exception("OAuth request body signing requires oauth_body_hash body");
}
// Verify the message signature
$store = new TrivialOAuthDataStore();
$store->add_consumer($oauth_consumer_key, $oauth_consumer_secret);
$server = new OAuthServer($store);
$method = new OAuthSignatureMethod_HMAC_SHA1();
$server->add_signature_method($method);
$request = OAuthRequest::from_request();
global $LastOAuthBodyBaseString;
$LastOAuthBodyBaseString = $request->get_signature_base_string();
// echo($LastOAuthBodyBaseString."\n");
try {
$server->verify_request($request);
} catch (Exception $e) {
$message = $e->getMessage();
throw new Exception("OAuth signature failed: " . $message);
}
$postdata = file_get_contents('php://input');
// echo($postdata);
$hash = base64_encode(sha1($postdata, TRUE));
if ( $hash != $oauth_body_hash ) {
throw new Exception("OAuth oauth_body_hash mismatch");
}
return $postdata;
}
/**
* attempt to build up a request from what was passed to the server
*/
public static function from_request($http_method = NULL, $http_url = NULL, $parameters = NULL)
{
$scheme = !isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on" ? 'http' : 'https';
$port = "";
if ($_SERVER['SERVER_PORT'] != "80" && $_SERVER['SERVER_PORT'] != "443" && strpos(':', $_SERVER['HTTP_HOST']) < 0) {
$port = ':' . $_SERVER['SERVER_PORT'];
}
@$http_url or $http_url = $scheme . '://' . $_SERVER['HTTP_HOST'] . $port . $_SERVER['REQUEST_URI'];
@$http_method or $http_method = $_SERVER['REQUEST_METHOD'];
// We weren't handed any parameters, so let's find the ones relevant to
// this request.
// If you run XML-RPC or similar you should use this to provide your own
// parsed parameter-list
if (!$parameters) {
// Find request headers
$request_headers = OAuthUtil::get_headers();
// Parse the query-string to find GET parameters
$parameters = OAuthUtil::parse_parameters($_SERVER['QUERY_STRING']);
$ourpost = $_POST;
// Deal with magic_quotes
// http://www.php.net/manual/en/security.magicquotes.disabling.php
if (get_magic_quotes_gpc()) {
$outpost = array();
foreach ($_POST as $k => $v) {
$v = stripslashes($v);
$ourpost[$k] = $v;
}
}
// Add POST Parameters if they exist
$parameters = array_merge($parameters, $ourpost);
// We have a Authorization-header with OAuth data. Parse the header
// and add those overriding any duplicates from GET or POST
if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
$header_parameters = OAuthUtil::split_header($request_headers['Authorization']);
$parameters = array_merge($parameters, $header_parameters);
}
}
return new OAuthRequest($http_method, $http_url, $parameters);
}
function handle_oauth_body_post($oauthconsumerkey, $oauthconsumersecret, $body, $requestheaders = null)
{
if ($requestheaders == null) {
$requestheaders = OAuthUtil::get_headers();
}
// Must reject application/x-www-form-urlencoded.
if (isset($requestheaders['Content-type'])) {
if ($requestheaders['Content-type'] == 'application/x-www-form-urlencoded') {
throw new OAuthException("OAuth request body signing must not use application/x-www-form-urlencoded");
}
}
if (@substr($requestheaders['Authorization'], 0, 6) == "OAuth ") {
$headerparameters = OAuthUtil::split_header($requestheaders['Authorization']);
$oauthbodyhash = $headerparameters['oauth_body_hash'];
}
if (!isset($oauthbodyhash)) {
throw new OAuthException("OAuth request body signing requires oauth_body_hash body");
}
// Verify the message signature.
$store = new TrivialOAuthDataStore();
$store->add_consumer($oauthconsumerkey, $oauthconsumersecret);
$server = new OAuthServer($store);
$method = new OAuthSignatureMethod_HMAC_SHA1();
$server->add_signature_method($method);
$request = OAuthRequest::from_request();
try {
$server->verify_request($request);
} catch (\Exception $e) {
$message = $e->getMessage();
throw new OAuthException("OAuth signature failed: " . $message);
}
$postdata = $body;
$hash = base64_encode(sha1($postdata, true));
if ($hash != $oauthbodyhash) {
throw new OAuthException("OAuth oauth_body_hash mismatch");
}
return $postdata;
}
public static function from_request($http_method = null, $http_url = null, $parameters = null)
{
$scheme = !isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on" ? 'http' : 'https';
@$http_url or $http_url = $scheme . '://' . $_SERVER['HTTP_HOST'] . ':' . $_SERVER['SERVER_PORT'] . $_SERVER['REQUEST_URI'];
@$http_method or $http_method = $_SERVER['REQUEST_METHOD'];
if (!$parameters) {
$request_headers = OAuthUtil::get_headers();
$parameters = OAuthUtil::parse_parameters($_SERVER['QUERY_STRING']);
if ($http_method == "POST" && @strstr($request_headers["Content-Type"], "application/x-www-form-urlencoded")) {
$post_data = OAuthUtil::parse_parameters(file_get_contents(self::$POST_INPUT));
$parameters = array_merge($parameters, $post_data);
}
if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
$header_parameters = OAuthUtil::split_header($request_headers['Authorization']);
$parameters = array_merge($parameters, $header_parameters);
}
}
return new OAuthRequest($http_method, $http_url, $parameters);
}
public function testGetHeaders()
{
if (function_exists('apache_request_headers')) {
$this->markTestSkipped('We assume the apache module is well tested. Since this module is present, no need testing our suplement');
}
$_SERVER['HTTP_HOST'] = 'foo';
$_SERVER['HTTP_X_WHATEVER'] = 'bar';
$this->assertEquals(array('Host' => 'foo', 'X-Whatever' => 'bar'), OAuthUtil::get_headers());
// Test picking up the Content-Type of POST requests running as an Apache module but not having the ARH method
$_SERVER['CONTENT_TYPE'] = 'application/x-www-form-urlencoded';
$this->assertEquals(array('Host' => 'foo', 'X-Whatever' => 'bar', 'Content-Type' => 'application/x-www-form-urlencoded'), OAuthUtil::get_headers());
// Test picking up the Content-Type of POST requests when using CGI
unset($_SERVER['CONTENT_TYPE']);
$this->assertEquals(array('Host' => 'foo', 'X-Whatever' => 'bar'), OAuthUtil::get_headers());
$_ENV['CONTENT_TYPE'] = 'application/x-www-form-urlencoded';
$this->assertEquals(array('Host' => 'foo', 'X-Whatever' => 'bar', 'Content-Type' => 'application/x-www-form-urlencoded'), OAuthUtil::get_headers());
}
private function transparent_mode()
{
$this->uri_fixer();
$ch = curl_init($this->request_uri);
$this->request_headers = OAuthUtil::get_headers();
if ($this->api_type == 'search') {
$this->request_headers['Host'] = 'search.twitter.com';
} else {
$this->request_headers['Host'] = 'api.twitter.com';
}
if (isset($this->request_headers['Content-Type']) && $this->request_headers['Content-Type'] == 'application/x-www-form-urlencoded') {
$this->parameters = $this->get_parameters(false);
} else {
$this->parameters = $this->get_parameters(true);
}
$forwarded_headers = array('Host', 'User-Agent', 'Authorization', 'Content-Type', 'X-Forwarded-For', 'Expect');
foreach ($forwarded_headers as $header) {
if (isset($this->request_headers[$header])) {
$this->forwarded_headers[] = $header . ': ' . $this->request_headers[$header];
}
}
if (!isset($this->forwarded_headers['Expect'])) {
$this->forwarded_headers[] = 'Expect:';
}
curl_setopt($ch, CURLOPT_HTTPHEADER, $this->forwarded_headers);
curl_setopt($ch, CURLOPT_HEADERFUNCTION, array($this, 'headerfunction'));
if ($this->method != 'GET') {
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $this->method);
curl_setopt($ch, CURLOPT_POSTFIELDS, $this->parameters);
}
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$ret = curl_exec($ch);
//fixme:redirect request back to twip,this is nasty and insecure...
if (strpos($this->request_uri, 'oauth/authorize?oauth_token=') !== NULL) {
$ret = str_replace('<form action="https://api.twitter.com/oauth/authorize"', '<form action="' . $this->base_url . 't/oauth/authorize"', $ret);
$ret = str_replace('<div id="signin_form">', '<h1><strong style="color:red">Warning!This page is proxied by twip and therefore you may leak your password to API proxy owner!</strong></h1><div id="signin_form">', $ret);
}
echo $ret;
}
/**
* attempt to build up a request from what was passed to the server
*/
public static function from_request($http_method = NULL, $http_url = NULL, $parameters = NULL)
{
$scheme = !isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on" ? 'http' : 'https';
@$http_url or $http_url = $scheme . '://' . $_SERVER['HTTP_HOST'] . ':' . $_SERVER['SERVER_PORT'] . $_SERVER['REQUEST_URI'];
@$http_method or $http_method = $_SERVER['REQUEST_METHOD'];
// We weren't handed any parameters, so let's find the ones relevant to
// this request.
// If you run XML-RPC or similar you should use this to provide your own
// parsed parameter-list
if (!$parameters) {
// Find request headers
$request_headers = OAuthUtil::get_headers();
// Parse the query-string to find GET parameters
$parameters = OAuthUtil::parse_parameters($_SERVER['QUERY_STRING']);
// It's a POST request of the proper content-type, so parse POST
// parameters and add those overriding any duplicates from GET
if ($http_method == "POST" && @strstr($request_headers["Content-Type"], "application/x-www-form-urlencoded")) {
$post_data = OAuthUtil::parse_parameters(file_get_contents(self::$POST_INPUT));
$parameters = array_merge($parameters, $post_data);
}
// We have a Authorization-header with OAuth data. Parse the header
// and add those overriding any duplicates from GET or POST
if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
$header_parameters = OAuthUtil::split_header($request_headers['Authorization']);
$parameters = array_merge($parameters, $header_parameters);
}
}
// fix for friendica redirect system
// FIXME or don't, but figure out if this is absolutely necessary and act accordingly
$http_url = substr($http_url, 0, strpos($http_url, $parameters['q']) + strlen($parameters['q']));
unset($parameters['q']);
return new OAuthRequest($http_method, $http_url, $parameters);
}
/**
* attempt to build up a request from what was passed to the server
*/
public static function from_request($http_method = NULL, $http_url = NULL, $parameters = NULL)
{
$scheme = !isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on" ? 'http' : 'https';
// $port = "";
// if ( $_SERVER['SERVER_PORT'] != "80" && $_SERVER['SERVER_PORT'] != "443" ) {
// $port = ':' . $_SERVER['SERVER_PORT'] ;
// }
@$http_url or $http_url = $scheme . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
@$http_method or $http_method = $_SERVER['REQUEST_METHOD'];
// We weren't handed any parameters, so let's find the ones relevant to
// this request.
// If you run XML-RPC or similar you should use this to provide your own
// parsed parameter-list
if (!$parameters) {
// Find request headers
$request_headers = OAuthUtil::get_headers();
// Parse the query-string to find GET parameters
$parameters = OAuthUtil::parse_parameters($_SERVER['QUERY_STRING']);
// Add POST Parameters if they exist
$parameters = array_merge($parameters, $_POST);
// We have a Authorization-header with OAuth data. Parse the header
// and add those overriding any duplicates from GET or POST
if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
$header_parameters = OAuthUtil::split_header($request_headers['Authorization']);
$parameters = array_merge($parameters, $header_parameters);
}
}
return new OAuthRequest($http_method, $http_url, $parameters);
}
<?php
$filterName = basename(__FILE__, '.php');
$this->filters[$filterName] = function ($args) {
$url = sprintf("https://api.twitter.com/%s", $args['path']);
$headers = OAuthUtil::get_headers();
// Check actually media uplaod
if (strpos(@$headers['Content-Type'], 'multipart/form-data') === FALSE or count($_FILES) == 0 or !isset($_FILES['media'])) {
header('HTTP/1.0 400 Bad Request');
return;
}
$auth_headers = $args['self']->connection->getOAuthRequest($url, $args['method'], null)->to_header();
$forwarded_headers = array("Host: api.twitter.com", $auth_headers, "Expect:");
$parameters = preg_replace('/^@/', "@", $_POST);
$media = $_FILES['media'];
$fn = is_array($media['tmp_name']) ? $media['tmp_name'][0] : $media['tmp_name'];
$parameters["media[]"] = '@' . $fn;
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $forwarded_headers);
curl_setopt($ch, CURLOPT_HEADERFUNCTION, array($args['self'], 'headerfunction'));
curl_setopt($ch, CURLOPT_POSTFIELDS, $parameters);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$ret = curl_exec($ch);
return $ret;
};
function oauth_get_params()
{
global $CONFIG;
// Find request headers
$request_headers = OAuthUtil::get_headers();
// start with an empty array
$parameters = array();
/***
*** This next part is a hack. This ignores the QUERY_STRING because it
*** gets messed up by the apache mod_rewrite rules for page views, and
*** you end up with 'handler' and 'request' variables on the parameters
*** stack. This in turn messes up OAuth's signature base string
*** generation algorithm, causing things to fail. I have a feeling
*** that this is going to bite me back some day, but I'm not sure
*** how or where, especially if this pam module gets called from
*** somewhere other than the API chain in a way that makes any sense.
***/
// parse query parameters
$querystr = '';
if ($_SERVER['REQUEST_URI']) {
$qparts = explode('?', $_SERVER['REQUEST_URI'], 2);
// split on the question mark to get the real query parameters before Apache mangles them
if (count($qparts) == 2) {
$querystr = $qparts[1];
}
}
$parameters = OAuthUtil::parse_parameters($querystr);
/***
***
***/
// It's a POST request of the proper content-type, so parse POST
// parameters and add those overriding any duplicates from GET
if (@strstr($request_headers["Content-Type"], "application/x-www-form-urlencoded")) {
$post_data = OAuthUtil::parse_parameters(file_get_contents(OAuthRequest::$POST_INPUT));
$parameters = array_merge($parameters, $post_data);
}
// We have a Authorization-header with OAuth data. Parse the header
// and add those overriding any duplicates from GET or POST
if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
$header_parameters = OAuthUtil::split_header($request_headers['Authorization']);
$parameters = array_merge($parameters, $header_parameters);
}
return $parameters;
}
/**
* HTTP リクエストが mixi から送信された正当なものであるかどうかを検証します。
* mixi モバイルアプリを実装する上で、このメソッドはリクエスト毎に必ず実行して下さい。
*
* @param int $type 署名方式。Mars_OAuthProvider::SIGNATURE_* 定数を指定。
* @throws Mars_UnsupportedException サポートされていない署名形式が指定された場合に発生。
* @link http://developer.mixi.co.jp/appli/spec/mob/validate-oauth-signature OAuth Signature の検証方法について
* @link http://developer.mixi.co.jp/appli/spec/mob/for_partners/photo_upload_api アプリからフォトアップロード機能について
* @link http://developer.mixi.co.jp/appli/spec/mob/for_partners/lifecycle_event ライフサイクルイベントについて
* @see Mars_OAuthProvider::isAuthorizaed()
* @author Naomichi Yamakita <*****@*****.**>
*/
public function isAuthorized($type = self::SIGNATURE_HMAC)
{
$result = FALSE;
switch ($type) {
case self::SIGNATURE_HMAC:
$authorization = $this->request->getHeader('Authorization');
// Authorization ヘッダに含まれるパラメータを連想配列に変換
preg_match_all('/([a-z_]+)="([^"]+)"/', $authorization, $matches);
if (sizeof($matches[0])) {
$attributes = array_combine($matches[1], $matches[2]);
$parameters = array();
$parameters['oauth_nonce'] = $attributes['oauth_nonce'];
$parameters['oauth_signature_method'] = $attributes['oauth_signature_method'];
$parameters['oauth_timestamp'] = $attributes['oauth_timestamp'];
$parameters['oauth_version'] = $attributes['oauth_version'];
$parameters['opensocial_app_id'] = Mars_MixiMobileApp::getApplicationId();
$parameters['opensocial_owner_id'] = Mars_MixiMobileApp::getOwnerId();
$parameters += $this->request->getQuery();
$method = $this->request->getRequestMethod();
$uri = $this->request->getURL(FALSE);
$request = OAuthRequest::from_consumer_and_token($this->_consumer, NULL, $method, $uri, $parameters);
$request->sign_request(new OAuthSignatureMethod_HMAC_SHA1(), $this->_consumer, NULL);
$buildSignature = @$request->get_parameter('oauth_signature');
$requestSignature = urldecode($attributes['oauth_signature']);
if ($buildSignature === $requestSignature) {
$result = TRUE;
}
}
break;
case self::SIGNATURE_RSA_PC:
$request = OAuthRequest::from_request(NULL, NULL, array_merge($_GET, $_POST));
// 不正なリクエスト時に 'Undefined index: oauth_signature' エラーが起こる不具合 (r525 で確認済み) があるため、エラー制御演算子を付けておく
$signature = @$request->get_parameter('oauth_signature');
if (!is_null($signature)) {
$signatureMethod = new Mars_MixiPCSignature();
$result = $signatureMethod->check_signature($request, NULL, NULL, $signature);
}
break;
case self::SIGNATURE_RSA_TOUCH:
$request = OAuthRequest::from_request(NULL, NULL, array_merge($_GET, $_POST));
$signature = @$request->get_parameter('oauth_signature');
if (!is_null($signature)) {
$signatureMethod = new Mars_MixiTouchSignature();
$result = $signatureMethod->check_signature($request, NULL, NULL, $signature);
}
break;
case self::SIGNATURE_RSA_PHOTO_UPLOAD:
$request = OAuthRequest::from_request();
$signature = @$request->get_parameter('oauth_signature');
if (!is_null($signature)) {
$signatureMethod = new Mars_MixiFileUploadSignature();
$result = $signatureMethod->check_signature($request, NULL, NULL, $signature);
}
break;
case self::SIGNATURE_RSA_LIFECYCLE_EVENT:
if ($this->request->getParameter('opensocial_owner_id') !== NULL) {
break;
}
if ($this->request->getParameter('opensocial_viewer_id') !== NULL) {
break;
}
// ライフサイクルイベントは mixi から POST リクエストが送信される
// (OAuth の仕様上は POST データを署名生成のアルゴリズムに使用することが規定されているが、mixi アプリが仕様に準拠していないため QueryString のみを使用する)
$requestHeaders = OAuthUtil::get_headers();
$parameters = OAuthUtil::parse_parameters($this->request->getEnvironment('QUERY_STRING'));
if (isset($requestHeaders['Authorization']) && substr($requestHeaders['Authorization'], 0, 6) == 'OAuth ') {
$headerParameters = OAuthUtil::split_header($requestHeaders['Authorization'], FALSE);
$parameters = array_merge($parameters, $headerParameters);
$request = OAuthRequest::from_request(NULL, NULL, $parameters);
$signature = $request->get_parameter('oauth_signature');
if (!is_null($signature)) {
$signatureMethod = new Mars_MixiLifecycleEventSignature();
$result = $signatureMethod->check_signature($request, NULL, NULL, $signature);
}
}
break;
default:
$message = sprintf('Signature format is not supported. [%s]', $type);
throw new Mars_UnsupportedException($message);
break;
}
return $result;
}
// echo("YO ". $errorno . $errstr . "\n");
if (strpos($errstr, 'deprecated') !== false) {
return true;
}
return false;
}
ini_set("display_errors", 1);
if (!isset($_REQUEST['b64'])) {
die("Missing b64 parameter");
}
$b64 = $_REQUEST['b64'];
session_id(md5($b64));
session_start();
require_once "../util/lti_util.php";
// For my application, We only allow application/xml
$request_headers = OAuthUtil::get_headers();
$hct = $request_headers['Content-Type'];
if (!isset($hct)) {
$hct = $request_headers['Content-type'];
}
if (strpos($hct, 'application/xml') === false) {
header('Content-Type: text/plain');
// print_r($request_headers);
die("Must be content type xml, found " . $hct);
}
header('Content-Type: application/xml; charset=utf-8');
// Get skeleton response
$response = getPOXResponse();
// Pull out the key and secret from the parameter
$b64dec = base64_decode($b64);
$b64 = explode(":::", $b64dec);
/**
* attempt to build up a request from what was passed to the server
*/
public static function from_request($http_method = NULL, $http_url = NULL, $parameters = NULL)
{
$scheme = !isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on" ? 'http' : 'https';
@$http_url or $http_url = $scheme . '://' . $_SERVER['HTTP_HOST'] . ':' . $_SERVER['SERVER_PORT'] . $_SERVER['REQUEST_URI'];
@$http_method or $http_method = $_SERVER['REQUEST_METHOD'];
if (!$parameters) {
$request_headers = OAuthUtil::get_headers();
// Parse the query-string to find GET parameters
$parameters = OAuthUtil::parse_parameters($_SERVER['QUERY_STRING']);
// It's a POST request of the proper content-type, so parse POST
// parameters and add those overriding any duplicates from GET
if ($http_method == "POST" and @strstr($request_headers["Content-Type"], "application/x-www-form-urlencoded")) {
$post_data = OAuthUtil::parse_parameters(file_get_contents(self::$POST_INPUT));
$parameters = array_merge($parameters, $post_data);
}
// We have a Authorization-header with OAuth data. Parse the header
// and add those overriding any duplicates from GET or POST
if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
$header_parameters = OAuthUtil::split_header($request_headers['Authorization']);
$parameters = array_merge($parameters, $header_parameters);
}
}
return new OAuthRequest($http_method, $http_url, $parameters);
}
private function transparent_mode()
{
$this->uri_fixer();
$ch = curl_init($this->request_uri);
$this->request_headers = OAuthUtil::get_headers();
// Don't parse POST arguments as array if emulating a browser submit
if (isset($this->request_headers['Content-Type']) && strpos($this->request_headers['Content-Type'], 'application/x-www-form-urlencoded') !== FALSE) {
$this->parameters = $this->get_parameters(false);
} else {
$this->parameters = $this->get_parameters(true);
}
// Process Upload image (currently only first file will proxy to Twitter)
if (strpos($this->request_uri, 'statuses/update_with_media') !== FALSE && strpos(@$this->request_headers['Content-Type'], 'multipart/form-data') !== FALSE) {
$this->parameters = preg_replace('/^@/', "@", $_POST);
if (count($_FILES) > 0 && isset($_FILES['media'])) {
$media = $_FILES['media'];
$fn = is_array($media['tmp_name']) ? $media['tmp_name'][0] : $media['tmp_name'];
$this->parameters["media[]"] = '@' . $fn;
unset($this->request_headers['Content-Type']);
}
}
$forwarded_headers = array('User-Agent', 'Authorization', 'Content-Type', 'X-Forwarded-For', 'Expect');
foreach ($forwarded_headers as $header) {
if (isset($this->request_headers[$header])) {
$this->forwarded_headers[] = $header . ': ' . $this->request_headers[$header];
}
}
if (!isset($this->forwarded_headers['Expect'])) {
$this->forwarded_headers[] = 'Expect:';
}
curl_setopt($ch, CURLOPT_HTTPHEADER, $this->forwarded_headers);
curl_setopt($ch, CURLOPT_HEADERFUNCTION, array($this, 'headerfunction'));
if ($this->method != 'GET') {
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $this->method);
curl_setopt($ch, CURLOPT_POSTFIELDS, $this->parameters);
}
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$ret = curl_exec($ch);
//fixme:redirect request back to twip,this is nasty and insecure...
if (strpos($this->request_uri, 'oauth/authorize?oauth_token=') !== FALSE) {
$ret = str_replace('<form action="https://api.twitter.com/oauth/authorize"', '<form action="' . $this->base_url . 't/oauth/authorize"', $ret);
$ret = str_replace('<div id="signin_form">', '<h1><strong style="color:red">Warning!This page is proxied by twip and therefore you may leak your password to API proxy owner!</strong></h1><div id="signin_form">', $ret);
}
echo $ret;
}
