*/ session_start(); require_once 'config.inc.php'; require_once 'libs/core.php'; require_once 'libs/vendors/OAuth2/Autoloader.php'; if (file_exists(APP_PATH . '/tmp/cache/site_url_for_shell.php')) { include_once APP_PATH . '/tmp/cache/site_url_for_shell.php'; } OAuth2\Autoloader::register(); $oauth_config = array('user_table' => 'users'); $val_array = array('dsn' => 'pgsql:host=' . R_DB_HOST . ';dbname=' . R_DB_NAME . ';port=' . R_DB_PORT, 'username' => R_DB_USER, 'password' => R_DB_PASSWORD); $storage = new OAuth2\Storage\Pdo($val_array, $oauth_config); $server = new OAuth2\Server($storage); $request = OAuth2\Request::createFromGlobals(); $response = new OAuth2\Response(); if (!$server->validateAuthorizeRequest($request, $response)) { $response->send(); die; } $val_arr = array($_GET['client_id']); $oauth_client = executeQuery('SELECT client_name FROM oauth_clients WHERE client_id = $1', $val_arr); $error_msg = 0; if (!empty($_POST['email'])) { $val_arr = array($_POST['email']); $log_user = executeQuery('SELECT id, role_id, password, is_ldap::boolean::int FROM users WHERE email = $1 or username = $1', $val_arr); $_POST['password'] = crypt($_POST['password'], $log_user['password']); $val_arr = array($_POST['email'], $_POST['password'], 1); $user = executeQuery('SELECT * FROM users_listing WHERE (email = $1 or username = $1) AND password = $2 AND is_active = $3', $val_arr); if (!empty($user)) { $_SESSION["username"] = $user['username']; $error_msg = 0;
/** * Execute the Api Authorize operation. * * @return mixed RApi object with information on success, boolean false on failure. * * @since 1.2 */ public function apiAuthorize() { $user = $this->getLoggedUser(); $request = OAuth2\Request::createFromGlobals(); $response = new OAuth2\Response(); // Validate the authorize request if (!$this->server->validateAuthorizeRequest($request, $response)) { $this->response = $response; return $this; } $clientId = $request->query('client_id'); $scopes = RApiOauth2Helper::getClientScopes($clientId); if ($request->request('authorized', '') == '') { $clientScopes = !empty($scopes) ? explode(' ', $scopes) : array(); if (!empty($clientScopes)) { $clientScopes = RApiHalHelper::getWebserviceScopes($clientScopes); } $currentUri = JUri::getInstance(); $formAction = JUri::root() . 'index.php?' . $currentUri->getQuery(); // Display an authorization form $this->response = RLayoutHelper::render('oauth2.authorize', array('view' => $this, 'options' => array('clientId' => $clientId, 'formAction' => $formAction, 'scopes' => $clientScopes))); return $this; } // Print the authorization code if the user has authorized your client $is_authorized = $request->request('authorized', '') === JText::_('LIB_REDCORE_API_OAUTH2_SERVER_AUTHORIZE_CLIENT_YES'); // We are setting client scope instead of requesting scope from user request $request->request['scope'] = $scopes; $this->server->handleAuthorizeRequest($request, $response, $is_authorized, $user->id); $this->response = $response; return $this; }