Exemple #1
0
<?php

require_once 'vendor/autoload.php';
session_start();
$provider = new League\OAuth2\Client\Provider\Github(['clientId' => '12d07069b2df91c0e52f', 'clientSecret' => '13c275356c9eadfb73d4a13f14b2539a5d6a74b7', 'redirectUri' => 'https://gitpay.org/oauth.php']);
$options = ['state' => rand(1, 999999999), 'scope' => ['user']];
if (!isset($_GET['code'])) {
    // If we don't have an authorization code then get one
    $authUrl = $provider->getAuthorizationUrl($options);
    $_SESSION['oauth2state'] = $provider->getState();
    header('Location: ' . $authUrl);
    exit;
    // Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || $_GET['state'] != $_SESSION['oauth2state']) {
    echo "state is : " . $_GET['state'];
    echo "session state is : " . $_SESSION['oauth2state'];
    //unset($_SESSION['oauth2state']);
    exit('Invalid state');
} else {
    // Try to get an access token (using the authorization code grant)
    $token = $provider->getAccessToken('authorization_code', ['code' => $_GET['code']]);
    // Optional: Now you have a token you can look up a users profile data
    try {
        // We got an access token, let's now get the user's details
        $user = $provider->getResourceOwner($token);
        // Use these details to create a new profile
        //printf('Hello %s - testing - login functionality coming soon ...!', $user->getNickname());
        $_SESSION['loggedin'] = 'true';
        $_SESSION['login'] = $user->getNickname();
        $scheme = 'https://';
        header("Location: " . $scheme . $_SERVER['SERVER_NAME'] . dirname($_SERVER['REQUEST_URI']) . $user->getNickname());
function handle_oauth()
{
    // If the form was just submitted, save the values
    // (Step 1 above)
    if (isset($_POST["client_id"]) && isset($_POST["client_secret"])) {
        update_option("client_id", $_POST["client_id"], TRUE);
        update_option("client_secret", $_POST["client_secret"], TRUE);
    }
    // Get the saved application info
    $client_id = get_option("client_id");
    $client_secret = get_option("client_secret");
    if ($client_id && $client_secret) {
        $provider = new League\OAuth2\Client\Provider\Github(["clientId" => $client_id, "clientSecret" => $client_secret, "redirectUri" => admin_url("options-general.php?page=github")]);
    }
    // If this is a form submission start the workflow...
    // (Step 2)
    if (!isset($_GET["code"]) && $_SERVER["REQUEST_METHOD"] === "POST") {
        // If we don"t have an authorization code then get one
        $authUrl = $provider->getAuthorizationUrl();
        $_SESSION["oauth2state"] = $provider->getState();
        header("Location: " . $authUrl);
        exit;
        // Check given state against previously stored one to mitigate CSRF attack
        // (Step 3 just happened and the user was redirected back)
    } elseif (empty($_GET["state"]) || $_GET["state"] !== $_SESSION["oauth2state"]) {
        unset($_SESSION["oauth2state"]);
        exit("Invalid state");
    } else {
        // Try to get an access token (using the authorization code grant)
        // (Step 4)
        $token = $provider->getAccessToken("authorization_code", ["code" => $_GET["code"]]);
        // Save the token for future use
        update_option("github_token", $token->getToken(), TRUE);
    }
}