if (!isset($_GET['oauth_token'])) { echo "No token supplied."; exit; } require_once __DIR__ . '/../../lib/AutoLoader.php'; new AutoLoader(); try { $RequestToken = OAuthRequestTokenModel::loadFromToken($_GET['oauth_token'], Configuration::getDataStore()); } catch (DataStoreReadException $Exception) { echo $Exception->getMessage(); exit; } if ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST['allow'])) { // User has no model, it just here by example, hence the open MySQL query // This is not a good way to actually store user data (plaintext password wtf) $DB = Configuration::getDataStore(); $sql = "SELECT `user_id`, `user_name`, `user_password` FROM `user` WHERE `user_name` = '" . $DB->real_escape_string($_POST['user_name']) . "'"; $result = $DB->query($sql); $row = $result->fetch_assoc(); $result->close(); if ($row['user_password'] != $_POST['user_password']) { echo "You hacker, be gone!"; exit; } $verificationCode = OAuthProviderWrapper::generateToken(); $RequestToken->setTokenVerificationCode($verificationCode); $RequestToken->setTokenUserId($row['user_id']); try { $RequestToken->save(); } catch (DataStoreUpdateException $Exception) { echo $Exception->getMessage();
<?php /** * @author Freek Lijten <*****@*****.**> */ require_once __DIR__ . '/../../lib/AutoLoader.php'; new AutoLoader(); $Provider = new OAuthProviderWrapper(OAuthProviderWrapper::TOKEN_VERIFY); $response = $Provider->checkOAuthRequest(); if ($response !== true) { echo $response; exit; } try { $userId = $Provider->getUserId(); } catch (ProviderException $Exception) { $Exception->getMessage(); } $sql = "SELECT * FROM `user_messages` WHERE `user_id` = '" . $userId . "'"; $result = Configuration::getDataStore()->query($sql); $returnValue = "<messages>"; while ($row = $result->fetch_assoc()) { $returnValue .= "<message>" . $row['message_text'] . "</message>"; } $returnValue .= "</messages>"; //Token is valid, lets output something echo $returnValue;
<?php /** * @Author Freek Lijten */ require_once __DIR__ . '/../../lib/AutoLoader.php'; new AutoLoader(); //create consumer model $Consumer = new OAuthConsumerModel(Configuration::getDataStore()); $Consumer->setConsumerCreateDate(time()); $Consumer->setConsumerKey(OAuthProviderWrapper::generateToken()); $Consumer->setConsumerSecret(OAuthProviderWrapper::generateToken()); try { $Consumer->save(); } catch (DataStoreCreateException $Exception) { echo $Exception->getMessage(); exit; } echo "Consumer key: " . $Consumer->getConsumerKey() . "<br />Consumer secret: " . $Consumer->getConsumerSecret();
/** * Checks if there is token information for the provided access token and sets the secret if it can be found. * * @static * @param $Provider * @return int */ public static function checkAccessToken($Provider) { // Ideally this function should rethrow exceptions, but the internals of PECL's OAuth class // Expect one of the OAUTH constants to be returned. When left out an exception is thrown, negating // out exception thrown here. try { $DataStore = Configuration::getDataStore(); } catch (DataStoreConnectException $Exception) { return OAUTH_TOKEN_REJECTED; } //Try to load the access token try { $AccessToken = OAuthAccessTokenModel::loadFromToken($Provider->token, $DataStore); } catch (DataStoreReadException $Exception) { return OAUTH_TOKEN_REJECTED; } //The consumer must be the same as the one this request token was originally issued for if ($AccessToken->getAccessTokenConsumerKey() != $Provider->consumer_key) { return OAUTH_TOKEN_REJECTED; } $Provider->token_secret = $AccessToken->getAccessTokenSecret(); return OAUTH_OK; }