public function handleRequest()
{
$result = null;
$response = new RESTApiResponse();
try {
$request = new RESTApiRequest();
$request->init();
$response->setRequest($request);
try {
$access = OAuth\AuthAccessHandler::getAccessSchema($request);
$access->checkRequest();
} catch (OAuth\AuthUnauthorized $access_exception) {
throw new RESTUnauthorized($access_exception->getMessage());
} catch (OAuth\AuthBadRequest $access_exception) {
throw new RESTBadRequest($access_exception->getMessage());
} catch (OAuth\AuthForbidden $access_exception) {
throw new RESTForbidden($access_exception->getMessage());
}
$session = $access->getSession();
\User::getInstance($session['uid']);
$target_resolver = new RESTApiTargetResolver();
$target = $target_resolver->getTarget($request);
$result = $target->execute($request);
} catch (\Exception $e) {
$response->setError($e);
}
$response->setBody($result);
$response->send();
}
<?php
ob_start();
require_once "../server/common.php";
use Stalker\Lib\OAuth\AuthAccessHandler;
$error = false;
$access_handler = new AuthAccessHandler();
if (empty($_GET['response_type']) || empty($_GET['client_id']) || $_GET['response_type'] != 'token') {
$error = 'invalid_request';
} else {
if (!$access_handler->isClient($_GET['client_id'])) {
$error = 'unauthorized_client';
} else {
if (!empty($_POST) && (empty($_POST['username']) || empty($_POST['password']))) {
$error = 'access_denied';
} else {
if (!empty($_POST)) {
if ($access_handler->checkUserAuth($_POST['username'], $_POST['password'])) {
$auth = array("access_token" => $access_handler->generateUniqueToken($_POST['username']));
if (Config::getSafe("api_v2_access_type", "bearer") == "bearer") {
$access = array("token_type" => "bearer");
} else {
$access = array("token_type" => "mac", "mac_key" => $access_handler->getSecretKey($_POST['username']), "mac_algorithm" => "hmac-sha-256");
}
$auth = array_merge($auth, $access);
$additional = $access_handler->getAdditionalParams($_POST['username']);
$auth = array_merge($auth, $additional);
$auth = http_build_query($auth);
} else {
$error = 'access_denied';
}
/**
* Save event in database
*
*/
protected function saveInDb()
{
if (is_array($this->param['user_list']) && count($this->param['user_list']) > 0) {
$data = array();
foreach ($this->param['user_list'] as $uid) {
$data[] = array('uid' => $uid, 'event' => $this->param['event'], 'header' => $this->param['header'], 'addtime' => 'NOW()', 'eventtime' => $this->param['eventtime'], 'need_confirm' => $this->param['need_confirm'], 'reboot_after_ok' => $this->param['reboot_after_ok'], 'msg' => $this->param['msg'], 'priority' => $this->param['priority'], 'auto_hide_timeout' => $this->param['auto_hide_timeout'], 'param1' => $this->param['param1'], 'post_function' => $this->param['post_function']);
if ($this->param['event'] == 'cut_off') {
\Stalker\Lib\OAuth\AuthAccessHandler::setInvalidAccessTokenByUid($uid);
}
}
if ($this->param['event'] == 'send_msg' && $this->param['reboot_after_ok'] == 1) {
Mysql::getInstance()->query('delete from events where uid in(' . implode(',', $this->param['user_list']) . ') and event="send_msg" and sended=0 and reboot_after_ok=1');
}
$this->db->insert('events', $data);
}
}
