public function handleRequest() { $result = null; $response = new RESTApiResponse(); try { $request = new RESTApiRequest(); $request->init(); $response->setRequest($request); try { $access = OAuth\AuthAccessHandler::getAccessSchema($request); $access->checkRequest(); } catch (OAuth\AuthUnauthorized $access_exception) { throw new RESTUnauthorized($access_exception->getMessage()); } catch (OAuth\AuthBadRequest $access_exception) { throw new RESTBadRequest($access_exception->getMessage()); } catch (OAuth\AuthForbidden $access_exception) { throw new RESTForbidden($access_exception->getMessage()); } $session = $access->getSession(); \User::getInstance($session['uid']); $target_resolver = new RESTApiTargetResolver(); $target = $target_resolver->getTarget($request); $result = $target->execute($request); } catch (\Exception $e) { $response->setError($e); } $response->setBody($result); $response->send(); }
<?php ob_start(); require_once "../server/common.php"; use Stalker\Lib\OAuth\AuthAccessHandler; $error = false; $access_handler = new AuthAccessHandler(); if (empty($_GET['response_type']) || empty($_GET['client_id']) || $_GET['response_type'] != 'token') { $error = 'invalid_request'; } else { if (!$access_handler->isClient($_GET['client_id'])) { $error = 'unauthorized_client'; } else { if (!empty($_POST) && (empty($_POST['username']) || empty($_POST['password']))) { $error = 'access_denied'; } else { if (!empty($_POST)) { if ($access_handler->checkUserAuth($_POST['username'], $_POST['password'])) { $auth = array("access_token" => $access_handler->generateUniqueToken($_POST['username'])); if (Config::getSafe("api_v2_access_type", "bearer") == "bearer") { $access = array("token_type" => "bearer"); } else { $access = array("token_type" => "mac", "mac_key" => $access_handler->getSecretKey($_POST['username']), "mac_algorithm" => "hmac-sha-256"); } $auth = array_merge($auth, $access); $additional = $access_handler->getAdditionalParams($_POST['username']); $auth = array_merge($auth, $additional); $auth = http_build_query($auth); } else { $error = 'access_denied'; }
/** * Save event in database * */ protected function saveInDb() { if (is_array($this->param['user_list']) && count($this->param['user_list']) > 0) { $data = array(); foreach ($this->param['user_list'] as $uid) { $data[] = array('uid' => $uid, 'event' => $this->param['event'], 'header' => $this->param['header'], 'addtime' => 'NOW()', 'eventtime' => $this->param['eventtime'], 'need_confirm' => $this->param['need_confirm'], 'reboot_after_ok' => $this->param['reboot_after_ok'], 'msg' => $this->param['msg'], 'priority' => $this->param['priority'], 'auto_hide_timeout' => $this->param['auto_hide_timeout'], 'param1' => $this->param['param1'], 'post_function' => $this->param['post_function']); if ($this->param['event'] == 'cut_off') { \Stalker\Lib\OAuth\AuthAccessHandler::setInvalidAccessTokenByUid($uid); } } if ($this->param['event'] == 'send_msg' && $this->param['reboot_after_ok'] == 1) { Mysql::getInstance()->query('delete from events where uid in(' . implode(',', $this->param['user_list']) . ') and event="send_msg" and sended=0 and reboot_after_ok=1'); } $this->db->insert('events', $data); } }