/**
* Execute the Api Resource operation.
*
* @return mixed RApi object with information on success, boolean false on failure.
*
* @since 1.2
*/
public function apiResource()
{
$scopeToCheck = $this->options->get('scope', '');
$scopes = array();
if (is_array($scopeToCheck) && count($scopeToCheck) > 0) {
$scopes = $scopeToCheck;
$scopeToCheck = null;
}
// Handle a request for an OAuth2.0 Access Token and send the response to the client
if (!$this->server->verifyResourceRequest(OAuth2\Request::createFromGlobals(), null, $scopeToCheck)) {
$this->response = $this->server->getResponse();
return $this;
}
$token = $this->server->getResourceController()->getToken();
if (!empty($scopes)) {
$requestValid = false;
// Check all scopes
foreach ($scopes as $scope) {
if (!empty($scope) && !empty($token["scope"]) && $this->server->getScopeUtil()->checkScope($scope, $token['scope'])) {
$requestValid = true;
break;
}
}
if (!$requestValid) {
$this->response = $this->server->getResponse();
$this->response->setError(403, 'insufficient_scope', JText::_('LIB_REDCORE_API_OAUTH2_SERVER_INSUFFICIENT_SCOPE'));
$this->response->addHttpHeaders(array('WWW-Authenticate' => sprintf('%s realm="%s", scope="%s", error="%s", error_description="%s"', $this->server->getTokenType()->getTokenType(), $this->serverConfig['www_realm'], implode(', ', $scopes), $this->response->getParameter('error'), $this->response->getParameter('error_description'))));
return $this;
}
}
$this->response = json_encode(array('success' => true, 'user_id' => $token['user_id'], 'message' => JText::_('LIB_REDCORE_API_OAUTH2_SERVER_ACCESS_SUCCESS')));
return $this;
}
/**
* Awesomeness for 3rd party support
*
* Filter; determine_current_user
* Other Filter: check_authentication
*
* This creates a hook in the determine_current_user filter that can check for a valid access_token
* and user services like WP JSON API and WP REST API.
* @param [type] $user_id User ID to
*
* @author Mauro Constantinescu Modified slightly but still a contribution to the project.
*/
public function _wo_authenicate_bypass($user_id)
{
if ($user_id && $user_id > 0) {
return (int) $user_id;
}
/** Extra code but if the user is already logged in, there is no need to re query the DB */
$o = get_option('wo_options');
if ($o['enabled'] == 0) {
return (int) $user_id;
}
require_once dirname(WPOAUTH_FILE) . '/library/OAuth2/Autoloader.php';
OAuth2\Autoloader::register();
$server = new OAuth2\Server(new OAuth2\Storage\Wordpressdb());
$request = OAuth2\Request::createFromGlobals();
if ($server->verifyResourceRequest($request)) {
$token = $server->getAccessTokenData($request);
if (isset($token['user_id']) && $token['user_id'] > 0) {
return (int) $token['user_id'];
// If the token key is there but the ID is either 0 or empty
// we will assume it is a valid client access token and will need to investigate the
// request further.
} elseif (isset($token['user_id']) && $token['user_id'] === 0) {
}
}
}
/**
* Awesomeness for 3rd party support
*
* Filter; determine_current_user
* Other Filter: check_authentication
*
* This creates a hook in the determine_current_user filter that can check for a valid access_token and
* user services like WP JSON API and WP REST API.
* @param [type] $o [description]
* @return [type] [description]
*
* @author Mauro Constantinescu Modified slightly but still a contribution to the project.
*/
public function _wo_authenicate_bypass($user_id)
{
if ($user_id && $user_id > 0) {
return (int) $user_id;
}
/** Extra code but if the user is already logged in, there is no need to re query the DB */
$o = get_option('wo_options');
if ($o['enabled'] == 0) {
return (int) $user_id;
}
require_once dirname(WPOAUTH_FILE) . '/library/OAuth2/Autoloader.php';
OAuth2\Autoloader::register();
$server = new OAuth2\Server(new OAuth2\Storage\Wordpressdb());
$request = OAuth2\Request::createFromGlobals();
if ($server->verifyResourceRequest($request)) {
$token = $server->getAccessTokenData($request);
if (isset($token['user_id']) && $token['user_id'] > 0) {
return (int) $token['user_id'];
}
}
}
|
| @todo Document and tighten up error messages. All error messages will soon be
| controlled through apply_filters so start planning for a filter error list to
| allow for developers to customize error messages.
|
*/
$ext_methods = apply_filters("wo_endpoints", null);
// Check to see if the method exists in the filter
if (array_key_exists($method, $ext_methods)) {
// If the method is is set to public, lets just run the method without
if (isset($ext_methods[$method]['public']) && $ext_methods[$method]['public']) {
call_user_func_array($ext_methods[$method]['func'], $_REQUEST);
exit;
}
$response = new OAuth2\Response();
if (!$server->verifyResourceRequest(OAuth2\Request::createFromGlobals())) {
$response->setError(400, 'invalid_request', 'Missing or invalid parameter(s)');
$response->send();
exit;
}
$token = $server->getAccessTokenData(OAuth2\Request::createFromGlobals());
if (is_null($token)) {
$server->getResponse()->send();
exit;
}
do_action('wo_endpoint_user_authenticated', array($token));
call_user_func_array($ext_methods[$method]['func'], array($token));
exit;
}
/**
* Server error response. End of line
function CheckLogin()
{
$this->Logger->Write('Starting CheckLogin');
switch ($this->CallType) {
case "open":
//user openregister no need authorization
if ($this->Code == 'openregisteruser' && $this->Module == 'user') {
return true;
}
$db_host = $this->Config['db_host'];
$db_name = $this->Config['db_name'];
$dsn = "mysql:dbname={$db_name};host={$db_host}";
$username = $this->Config['db_user'];
$password = $this->Config['db_pass'];
$storage = new OAuth2\Storage\Pdo(array('dsn' => $dsn, 'username' => $username, 'password' => $password));
$server = new OAuth2\Server($storage);
$response = new OAuth2\Response();
$request = OAuth2\Request::createFromGlobals();
if (!$server->verifyResourceRequest($request, $response)) {
$response->send();
exit;
} else {
//get current login id
//$this->Logger->Write('Invoke Open API:'.$this->Module.",".$this->Code);
$access_token = $request->request['access_token'];
if ($access_token && $access_token != '') {
$sql = "select token.user_id,u.uname from oauth_access_tokens token left join user u on u.uid=token.user_id where token.access_token='{$access_token}'";
$row = $this->DataBaseHandler->FetchFirst($sql);
if ($row) {
//$this->Logger->Write('Get user id:'.$row['user_id'].' for access token:'.$access_token);
$access_uid = $row['user_id'];
$this->User['uid'] = $access_uid;
$this->User['uname'] = $row['uname'];
$this->IsLogin = 1;
}
} else {
$error = array();
$error["error"] = "error";
$error["error_description"] = "access token is incorrect.";
echo json_encode($error);
exit;
}
}
return $this->IsLogin;
break;
case "localsite":
session_start();
if ($_SESSION['ip_point']) {
$this->IPLocation = $_SESSION['ip_point'];
} else {
$this->IPLocation = $this->BaiduMap->GetPointByIP(getIP());
$_SESSION['ip_point'] = $this->IPLocation;
}
//var_dump($this->IPLocation);
$auth = $this->CookieHandler->GetVar('authstr');
$post_auth = $this->Post['cookie_auth'] ? $this->Post['cookie_auth'] : $this->Get['cookie_auth'];
$login = 0;
if ($post_auth != '' && (!$auth || $auth == '')) {
$pid = 0;
$pwd = '';
list($pid, $pwd) = explode('*', $post_auth);
$user = $this->UserLogic->GetUser($pid);
if ($pwd == $user['password']) {
$login = 1;
$this->User = $user;
}
return $login;
}
if ($auth && $auth != '') {
$dauth = authcode($auth, 'DECODE', $this->Config['auth_key']);
//$dauth=urldecode($auth);
$uid = 0;
$password = '';
list($uid, $password) = explode('\\~', $dauth);
$this->TemplateHandler->AssignValue('auth', $uid . '*' . $password);
//need to verify the user id and password are valid in cookie;
$u = array();
if ($_SESSION['uid'] && $_SESSION['uid'] > 0) {
$u['uid'] = $_SESSION['uid'];
}
if ($_SESSION['uemail'] && $_SESSION['uemail'] != "") {
$u['uemail'] = $_SESSION['uemail'];
}
if ($_SESSION['uname']) {
$u['uname'] = $_SESSION['uname'];
}
if ($_SESSION['face_url']) {
$u['face_url'] = $_SESSION['face_url'];
}
if ($_SESSION['face_url_p']) {
$u['face_url_p'] = $_SESSION['face_url_p'];
}
if (count($u) > 0 && $u['uid'] > 0) {
$this->User = $u;
$this->SessionUser = $u;
$login = 1;
} else {
$user = $this->UserLogic->GetUser($uid);
if ($password == $user['password']) {
$this->User = $user;
$this->SessionUser = $user;
$_SESSION['uid'] = $uid;
$_SESSION['uemail'] = $email;
$_SESSION['uname'] = $user['uname'];
$_SESSION['face_url'] = $user['face_url'];
$_SESSION['face_url_p'] = $user['face_url_p'];
$login = 1;
$this->UserLogic->UpdateLoginInfo($user['uid'], time());
}
}
$name = $user['uname'] == '' ? $user['uemail'] : $user['uname'];
}
$this->IsLogin = $login;
$this->TemplateHandler->AssignValue('login', $login);
$this->TemplateHandler->AssignValue('user', $this->User);
if ($_SESSION['open']) {
$this->TemplateHandler->AssignValue('open_login', true);
$this->Open_login = true;
} else {
$this->TemplateHandler->AssignValue('open_login', false);
$this->Open_login = false;
}
$this->TemplateHandler->AssignValue('sessionuser', $this->SessionUser);
$this->Logger->Write('Finished CheckLogin');
return $login;
break;
}
}
<?php
require_once __DIR__ . '/oAuth2_server/src/OAuth2/Autoloader.php';
$dsn = 'mysql:dbname=points;host=localhost';
$username = '******';
$password = '******';
OAuth2\Autoloader::register();
$storage = new OAuth2\Storage\Pdo(array('dsn' => $dsn, 'username' => $username, 'password' => $password));
$server = new OAuth2\Server($storage);
$response = new OAuth2\Response();
$request = OAuth2\Request::createFromGlobals();
if (!$server->verifyResourceRequest($request, $response)) {
$response->send();
} else {
$return['status'] = 'ok';
$return['message'] = "";
}
