function TPSession()
{
// define the DB store.
if (!$this->store) {
$this->store = OAuthStore::instance('MySQL', get_db_options());
}
// determine who this user is (from this site's cookie alone)
$this->user_id = get_user_id(COOKIE_NAME);
debug("[TPSession::TPSesssion], user_id = " . $this->user_id);
// If there's no user_id in the cookie, then there's no session -- not logged in.
if (!$this->user_id) {
return 0;
}
// This method look up the OAuth token in one of two ways:
// 1. the _GET parameters -- if this is the last step of the OAuth dance.
// 2. the Database -- if the user already completed the OAuth dance.
$this->oauth_token = get_oauth_token(COOKIE_NAME, $_GET, $this->store);
// debug ("OAUTH TOKEN = " . $this->oauth_token);
// Somebody wanted to log out! You should let them.
if (array_key_exists('logout', $_GET)) {
$this->log_out();
} else {
if (array_key_exists('oauth_verifier', $_GET)) {
$this->verify_access_token();
}
}
// Also update the local author record if all goes well...
if (!$this->author and $this->is_logged_in()) {
$this->update_author_record();
}
}
function get_session()
{
//
$session = array('user' => '', 'begin_time' => 0, 'permissions' => array('admin' => false, 'add' => false, 'update' => false, 'view' => false), 'identification' => array('provider' => ''));
$auth_conf_file = file_get_contents('./auth_conf.json');
if ($auth_conf_file) {
// auth_conf.json file is compulsory, so that a possibly sensitive
// data won't get open simply by accidentally removing the file.
$auth_conf = json_decode($auth_conf_file, true);
if (isset($_GET['auth_t'])) {
$key = pg_escape_string($_GET['auth_t']);
// Find the session from the database
$db_opts = get_db_options();
$mongodb = connectMongoDB($db_opts['mongo_db_name']);
$sessions = $mongodb->_sessions;
$session = $sessions->findOne(array("_id" => $key), array("_id" => false));
}
if ($auth_conf['open_data']) {
// everybody can view open data
$session['permissions']['view'] = true;
}
}
return $session;
}
<?php
/*
* Project: FI-WARE
* Copyright (c) 2014 Center for Internet Excellence, University of Oulu, All Rights Reserved
* For conditions of distribution and use, see copyright notice in LICENSE
*/
require_once 'db.php';
require_once 'data_manager.php';
require_once 'util.php';
if ($_SERVER['REQUEST_METHOD'] == 'DELETE') {
if (isset($_GET['poi_id'])) {
$uuid = pg_escape_string($_GET['poi_id']);
$db_opts = get_db_options();
$pgcon = connectPostgreSQL($db_opts["sql_db_name"]);
$fw_core_tbl = $db_opts['fw_core_table_name'];
$del_stmt = "DELETE FROM {$fw_core_tbl} WHERE uuid='{$uuid}'";
$del_result = pg_query($del_stmt);
if (!$del_result) {
header("HTTP/1.0 500 Internal Server Error");
$error = pg_last_error();
die($error);
}
$rows_deleted = pg_affected_rows($del_result);
if ($rows_deleted != 1) {
header("HTTP/1.0 400 Bad Request");
die("The specified UUID was not found from the database!");
}
$components = get_supported_components();
$m_db = connectMongoDB($db_opts['mongo_db_name']);
foreach ($components as $component) {
