Exemple #1
0
<?php

/**
 * @Author	Freek Lijten
 */
//non
if (!isset($_GET['oauth_token'])) {
    echo "No token supplied.";
    exit;
}
require_once __DIR__ . '/../../lib/AutoLoader.php';
new AutoLoader();
try {
    $RequestToken = OAuthRequestTokenModel::loadFromToken($_GET['oauth_token'], Configuration::getDataStore());
} catch (DataStoreReadException $Exception) {
    echo $Exception->getMessage();
    exit;
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST['allow'])) {
    // User has no model, it just here by example, hence the open MySQL query
    // This is not a good way to actually store user data (plaintext password wtf)
    $DB = Configuration::getDataStore();
    $sql = "SELECT `user_id`, `user_name`, `user_password` FROM `user` WHERE `user_name` = '" . $DB->real_escape_string($_POST['user_name']) . "'";
    $result = $DB->query($sql);
    $row = $result->fetch_assoc();
    $result->close();
    if ($row['user_password'] != $_POST['user_password']) {
        echo "You hacker, be gone!";
        exit;
    }
    $verificationCode = OAuthProviderWrapper::generateToken();
 /**
  * Checks if there is token information for the provided token and sets the secret if it can be found.
  *
  * @static
  * @param 	$Provider
  * @return 	int
  */
 public static function checkRequestToken($Provider)
 {
     // Ideally this function should rethrow exceptions, but the internals of PECL's OAuth class
     // Expect one of the OAUTH constants to be returned. When left out an exception is thrown, negating
     // out exception thrown here.
     try {
         $DataStore = Configuration::getDataStore();
     } catch (DataStoreConnectException $Exception) {
         return OAUTH_TOKEN_REJECTED;
     }
     //Token can not be loaded, reject it.
     try {
         $RequestToken = OAuthRequestTokenModel::loadFromToken($Provider->token, $DataStore);
     } catch (DataStoreReadException $Exception) {
         return OAUTH_TOKEN_REJECTED;
     }
     //The consumer must be the same as the one this request token was originally issued for
     if ($RequestToken->getTokenConsumerKey() != $Provider->consumer_key) {
         return OAUTH_TOKEN_REJECTED;
     }
     if (!$RequestToken) {
         return OAUTH_TOKEN_REJECTED;
     }
     //Check if the verification code is correct.
     if ($_GET['oauth_verifier'] != $RequestToken->getTokenVerificationCode()) {
         return OAUTH_VERIFIER_INVALID;
     }
     $Provider->token_secret = $RequestToken->getTokenSecret();
     return OAUTH_OK;
 }