/** * Verify the request if it seemed to be signed. * * @param string token_type the kind of token needed, defaults to 'access' * @exception OAuthException thrown when the request did not verify * @return boolean true when signed, false when not signed */ public function verifyIfSigned($token_type = 'access') { if ($this->getParam('oauth_consumer_key')) { OAuthRequestLogger::start($this); $this->verify($token_type); $signed = true; OAuthRequestLogger::flush(); } else { $signed = false; } return $signed; }
public function xauthAccessToken($user_id) { OAuthRequestLogger::start($this); try { $options = array(); $ttl = $this->getParam('xoauth_token_ttl', false); if ($ttl) { $options['token_ttl'] = $ttl; } // Create a request token $store = OAuthStore::instance(); $token = $store->addConsumerRequestToken($this->getParam('oauth_consumer_key', true), $options); $verifier = $store->authorizeConsumerRequestToken($token['token'], $user_id, $referrer_host); if ($verifier) { $options['verifier'] = $verifier; } $token = $store->exchangeConsumerRequestForAccessToken($token['token'], $options); $result = 'oauth_token=' . $this->urlencode($token['token']) . '&oauth_token_secret=' . $this->urlencode($token['token_secret']); if (!empty($token['token_ttl'])) { $result .= '&xoauth_token_ttl=' . $this->urlencode($token['token_ttl']); } header('HTTP/1.1 200 OK'); header('Content-Length: ' . strlen($result)); header('Content-Type: application/x-www-form-urlencoded'); echo $result; } catch (OAuthException2 $e) { header('HTTP/1.1 401 Access Denied'); header('Content-Type: text/plain'); echo "OAuth Verification Failed: " . $e->getMessage(); } OAuthRequestLogger::flush(); exit; }
/** * Request an access token from the site belonging to consumer_key. * Before this we got an request token, now we want to exchange it for * an access token. * * @param string consumer_key * @param string token * @param int usr_id user requesting the access token * @param string method (optional) change the method of the request, defaults to POST (as it should be) * @param array options (optional) extra options for request, eg token_ttl * @param array curl_options optional extra options for curl request * * @exception OAuthException2 when no key could be fetched * @exception OAuthException2 when no server with consumer_key registered */ static function requestAccessToken($consumer_key, $token, $usr_id, $method = 'POST', $options = array(), $curl_options = array()) { OAuthRequestLogger::start(); $store = OAuthStore::instance(); $r = $store->getServerTokenSecrets($consumer_key, $token, 'request', $usr_id); $uri = $r['access_token_uri']; $token_name = $r['token_name']; // Delete the server request token, this one was for one use only $store->deleteServerToken($consumer_key, $r['token'], 0, true); // Try to exchange our request token for an access token $oauth = new OAuthRequester($uri, $method); if (isset($options['oauth_verifier'])) { $oauth->setParam('oauth_verifier', $options['oauth_verifier']); } if (isset($options['token_ttl']) && is_numeric($options['token_ttl'])) { $oauth->setParam('xoauth_token_ttl', intval($options['token_ttl'])); } OAuthRequestLogger::setRequestObject($oauth); $oauth->sign($usr_id, $r); $text = $oauth->curl_raw($curl_options); if (empty($text)) { throw new OAuthException2('No answer from the server "' . $uri . '" while requesting a request token'); } $data = $oauth->curl_parse($text); if ($data['code'] != 200) { throw new OAuthException2('Unexpected result from the server "' . $uri . '" (' . $data['code'] . ') while requesting a request token'); } $token = array(); $params = explode('&', $data['body']); foreach ($params as $p) { @(list($name, $value) = explode('=', $p, 2)); $token[$oauth->urldecode($name)] = $oauth->urldecode($value); } if (!empty($token['oauth_token']) && !empty($token['oauth_token_secret'])) { $opts = array(); $opts['name'] = $token_name; if (isset($token['xoauth_token_ttl'])) { $opts['token_ttl'] = $token['xoauth_token_ttl']; } $store->addServerToken($consumer_key, 'access', $token['oauth_token'], $token['oauth_token_secret'], $usr_id, $opts); } else { throw new OAuthException2('The server "' . $uri . '" did not return the oauth_token or the oauth_token_secret'); } OAuthRequestLogger::flush(); }
/** * Exchange a request token for an access token. * The exchange is only succesful iff the request token has been authorized. * * Never returns, calls exit() when token is exchanged or when error is returned. */ public function accessToken() { OAuthRequestLogger::start($this); try { $this->verify('request'); $options = array(); $ttl = $this->getParam('xoauth_token_ttl', false); if ($ttl) { $options['token_ttl'] = $ttl; } $store = OAuthStore::instance(); $token = $store->exchangeConsumerRequestForAccessToken($this->getParam('oauth_token', true), $options); $result = 'oauth_token=' . $this->urlencode($token['token']) . '&oauth_token_secret=' . $this->urlencode($token['token_secret']); if (!empty($token['token_ttl'])) { $result .= '&xoauth_token_ttl=' . $this->urlencode($token['token_ttl']); } header('HTTP/1.1 200 OK'); header('Content-Length: ' . strlen($result)); header('Content-Type: application/x-www-form-urlencoded'); echo $result; } catch (OAuthException $e) { header('HTTP/1.1 401 Access Denied'); header('Content-Type: text/plain'); echo "OAuth Verification Failed: " . $e->getMessage(); } OAuthRequestLogger::flush(); exit; }
public function access_protected_resource() { global $CONFIG, $THEME_DIR, $USER, $CAT_LIST; global $cpg_udb; // Needed for "lastcomby" meta album in picture list try { $result = $this->verify('access'); if ($result != null) { define('API_CALL', true); $superCage = Inspekt::makeSuperCage(); $matches = $superCage->post->getMatched('function', '/^[a-z]+$/'); switch ($matches[0]) { case 'upload': require 'db_input.php'; break; case 'alblist': define('IN_COPPERMINE', true); require 'include/init.inc.php'; pub_user_albums(); upload_form_alb_list('', ''); break; case 'piclist': define('IN_COPPERMINE', true); require 'include/init.inc.php'; if ($superCage->post->getInt('album')) { pub_user_albums(); upload_form_alb_list('', ''); } else { if ($album = $superCage->post->getAlpha('album')) { $allowed = array('lastcom', 'lastcomby', 'lastup', 'lastupby', 'topn', 'toprated', 'lasthits'); if (!in_array($album, $allowed)) { new OAuthException("Valid meta album names for this function are: 'lastcom', 'lastcomby', 'lastup', 'lastupby', 'topn', 'toprated', and 'lasthits'"); } $USER['uid'] = USER_ID; require 'thumbnails.php'; } else { // No album provided new OAuthException('No album provided via HTTP POST'); } } break; case 'search': define('IN_COPPERMINE', true); require 'include/init.inc.php'; require 'thumbnails.php'; break; case 'catlist': define('IN_COPPERMINE', true); require 'include/init.inc.php'; api_cat_list(); break; default: throw new OAuthException('No function specified via HTTP POST'); } } } catch (OAuthException $e) { header('HTTP/1.1 401 Access Denied'); header('Content-Type: text/xml'); throw new OAuthException($e->getMessage()); } OAuthRequestLogger::flush(); exit; }
/** * Exchange a request token for an access token. * The exchange is only succesful if the request token has been authorized. */ public function accessToken() { OAuthRequestLogger::start($this); try { $this->verify('request'); $store = OAuthStore::instance(); $token = $store->exchangeConsumerRequestForAccessToken($this->getParam('oauth_token', true)); $result = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n" . '<access_token>oauth_token=' . $this->urlencode($token['token']) . '&oauth_token_secret=' . $this->urlencode($token['token_secret']) . '</access_token>'; header('HTTP/1.1 200 OK'); header('Content-Length: ' . strlen($result)); //header('Content-Type: application/x-www-form-urlencoded'); echo $result; } catch (OAuthException $e) { header('HTTP/1.1 401 Access Denied'); header('Content-Type: text/xml'); throw new OAuthException($e->getMessage()); } OAuthRequestLogger::flush(); exit; }