Exemple #1
0
 function index()
 {
     $this->load->model('User_Model', '', TRUE);
     $this->load->model('FreakAuth_light/usermodel');
     $data = array();
     $token = get_oauth_token();
     //echo "<pre>token: " . $token->oauth_token . "\ntoken secret: " . $token->oauth_token_secret . "</pre>\n";
     if ($token && $token->oauth_token && $token->oauth_token_secret) {
         // stuff
         set_oauth_usertoken($token->oauth_token, $token->oauth_token_secret);
         $user_name = "@" . get_screen_name();
         $password = $token->oauth_token . "," . $token->oauth_token_secret;
         $user = $this->User_Model->get_user_by_name($user_name);
         if (isset($user["user_name"])) {
             // update tokens in db
             $user = $this->User_Model->update_user_by_name($user_name, array("oauth" => $password, 'password' => $this->freakauth_light->_encode($password)));
             $_POST["user_name"] = $user_name;
             $_POST["password"] = $password;
             $data['fal'] = $this->fal_front->login();
             //echo "User exists<br />";
         } else {
             // create new user
             //$user = $this->Usermodel->insertUser(array("user_name"=>$user_name, "oauth"=>$password, "role"=>"user"));
             $_POST["user_name"] = $user_name;
             $_POST["password"] = $password;
             $data['fal'] = $this->fal_front->register();
             //echo "User '$user_name' does not exist<br />\n";
             //echo "<pre>" . print_r($user, true) . "</pre>\n";
         }
     }
     //echo "<pre>" . print_r($data, true) . "</pre>";
     //redirect('', 'location');
 }
Exemple #2
0
 function TPSession()
 {
     // define the DB store.
     if (!$this->store) {
         $this->store = OAuthStore::instance('MySQL', get_db_options());
     }
     // determine who this user is (from this site's cookie alone)
     $this->user_id = get_user_id(COOKIE_NAME);
     debug("[TPSession::TPSesssion], user_id = " . $this->user_id);
     // If there's no user_id in the cookie, then there's no session -- not logged in.
     if (!$this->user_id) {
         return 0;
     }
     // This method look up the OAuth token in one of two ways:
     //   1. the _GET parameters -- if this is the last step of the OAuth dance.
     //   2. the Database -- if the user already completed the OAuth dance.
     $this->oauth_token = get_oauth_token(COOKIE_NAME, $_GET, $this->store);
     //      debug ("OAUTH TOKEN = " . $this->oauth_token);
     // Somebody wanted to log out!  You should let them.
     if (array_key_exists('logout', $_GET)) {
         $this->log_out();
     } else {
         if (array_key_exists('oauth_verifier', $_GET)) {
             $this->verify_access_token();
         }
     }
     // Also update the local author record if all goes well...
     if (!$this->author and $this->is_logged_in()) {
         $this->update_author_record();
     }
 }
if (!CLIENT_ENABLED) {
    $this->wpoa_end_login("This third-party authentication provider has not been enabled. Please notify the admin or try again later.");
} elseif (!CLIENT_ID || !CLIENT_SECRET) {
    // do not proceed if id or secret is null:
    $this->wpoa_end_login("This third-party authentication provider has not been configured with an API key/secret. Please notify the admin or try again later.");
} elseif (isset($_GET['error_description'])) {
    // do not proceed if an error was detected:
    $this->wpoa_end_login($_GET['error_description']);
} elseif (isset($_GET['error_message'])) {
    // do not proceed if an error was detected:
    $this->wpoa_end_login($_GET['error_message']);
} elseif (isset($_GET['code'])) {
    // post-auth phase, verify the state:
    if ($_SESSION['WPOA']['STATE'] == $_GET['state']) {
        // get an access token from the third party provider:
        get_oauth_token($this);
        // get the user's third-party identity and attempt to login/register a matching wordpress user account:
        $oauth_identity = get_oauth_identity($this);
        $this->wpoa_login_user($oauth_identity);
    } else {
        // possible CSRF attack, end the login with a generic message to the user and a detailed message to the admin/logs in case of abuse:
        // TODO: report detailed message to admin/logs here...
        $this->wpoa_end_login("Sorry, we couldn't log you in. Please notify the admin or try again later.");
    }
} else {
    // pre-auth, start the auth process:
    if (empty($_SESSION['WPOA']['EXPIRES_AT']) || time() > $_SESSION['WPOA']['EXPIRES_AT']) {
        // expired token; clear the state:
        $this->wpoa_clear_login_state();
    }
    get_oauth_code($this);
if (!CLIENT_ENABLED) {
    $this->wpoa_end_login("This third-party authentication provider has not been enabled. Please notify the admin or try again later.");
} elseif (!CLIENT_ID || !CLIENT_SECRET) {
    // do not proceed if id or secret is null:
    $this->wpoa_end_login("This third-party authentication provider has not been configured with an API key/secret. Please notify the admin or try again later.");
} elseif (isset($_GET['error_description'])) {
    // do not proceed if an error was detected:
    $this->wpoa_end_login($_GET['error_description']);
} elseif (isset($_GET['error_message'])) {
    // do not proceed if an error was detected:
    $this->wpoa_end_login($_GET['error_message']);
} elseif (isset($_GET['code'])) {
    // post-auth phase, verify the state:
    if ($_SESSION['WPOA']['STATE'] == $_GET['state']) {
        // get an access token from the third party provider:
        $oauth_identity = get_oauth_token($this);
        // get the user's third-party identity and attempt to login/register a matching wordpress user account:
        //$oauth_identity = get_oauth_identity($this);
        $this->wpoa_login_user($oauth_identity);
    } else {
        // possible CSRF attack, end the login with a generic message to the user and a detailed message to the admin/logs in case of abuse:
        // TODO: report detailed message to admin/logs here...
        $this->wpoa_end_login("Sorry, we couldn't log you in. Please notify the admin or try again later.");
    }
} else {
    // pre-auth, start the auth process:
    if (empty($_SESSION['WPOA']['EXPIRES_AT']) || time() > $_SESSION['WPOA']['EXPIRES_AT']) {
        // expired token; clear the state:
        $this->wpoa_clear_login_state();
    }
    get_oauth_code($this);
Exemple #5
0
 } elseif (substr($options[0], 9, 12) == 'importgoogle') {
     $optfind = "config.env." . substr($options[0], 9);
     $Setting =& $db->model('Setting');
     $s1 = $Setting->find_by(array('name' => $optfind));
     $scope = 'https://mail.google.com/mail/feed/atom/';
     $base_url = $request->base;
     $endpoint = $scope;
     $parsed = parse_url($endpoint);
     $params = array();
     parse_str($parsed['query'], $params);
     lib_include('twitteroauth');
     $key = environment('googleKey');
     $secret = environment('googleSecret');
     $consumer = new OAuthConsumer($key, $secret, NULL);
     $hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
     $token = get_oauth_token(get_option('google_key', $s1->profile_id), get_option('google_secret', $s1->profile_id));
     $oauth_req = OAuthRequest::from_consumer_and_token($consumer, $token, "GET", $endpoint, $params);
     $oauth_req->sign_request($hmac_method, $consumer, $token);
     $responseString = send_signed_request($oauth_req->get_normalized_http_method(), $endpoint, $oauth_req->to_header(), NULL, false);
     $data = $responseString;
     $xml = new SimpleXmlElement($data);
     foreach ($xml as $k1 => $v1) {
         $values = array();
         foreach ($v1 as $k2 => $v2) {
             if ($k2 == 'title') {
                 $values['title'] = (string) $v2;
             } elseif ($k2 == 'link') {
                 $values['url'] = (string) $v2['href'];
                 $parsed = parse_url($values['url']);
                 $params = array();
                 parse_str($parsed['query'], $params);