/
index.php
136 lines (112 loc) · 5 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
<?php
/* AUTH ME AMADEUS! */
/* This is a simple tool to take a user through the OAuth process on provision
of an Application Consumer Key *and* and Application Secret. They are taken
through the auth process, and come out with an authed user token. */
require('lib/fireeagle.php');
/* Submitted Application IDs */
if (isset($_GET['app-consumer']) && isset($_GET['app-secret'])) {
$fe = new FireEagle($_GET['app-consumer'], $_GET['app-secret']);
$tok = $fe->getRequestToken();
if (!isset($tok['oauth_token'])
|| !is_string($tok['oauth_token'])
|| !isset($tok['oauth_token_secret'])
|| !is_string($tok['oauth_token_secret'])) {
echo "ERROR! FireEagle::getRequestToken() returned an invalid response. Giving up.";
exit;
}
$sess['app_consumer'] = $_GET['app-consumer'];
$sess['app_secret'] = $_GET['app-secret'];
$sess['auth_state'] = "start";
$sess['request_token'] = $token = $tok['oauth_token'];
$sess['request_secret'] = $tok['oauth_token_secret'];
setcookie('amadeus_request', base64_encode(serialize($sess)));
header("Location: ".$fe->getAuthorizeURL($token).'&oauth_callback=http://amadeus.benapps.net');
exit;
}
else {
// We're Going to be rendering something:
?>
<!DOCTYPE html>
<title>Auth me, Amadeus!</title>
<style type="text/css">
body {
width: 30em;
margin: 10px auto;
}
fieldset {
border: 1px #5F7A99 solid;
-webkit-border-radius: 10px;
-moz-border-radius: 10px;
border-radius: 10px;
margin: 10px 0;
}
form label {
display: block;
font-size: 80%;
font-weight: bold;
}
</style>
<h1>Auth me, Amadeus!</h1>
<?php
if(isset($_GET['oauth_token'])) {
// We have a return! So, get the user key!
$sess = unserialize(base64_decode($_COOKIE['amadeus_request']));
if ($sess['auth_state'] != "start") {
echo "<p><strong class='error'>OAuth flow out of sequence.</strong> <a href='/'>Start Again</a>.</p>";
exit;
}
if ($_GET['oauth_token'] != $sess['request_token']) {
echo "<p><strong class='error'>OAuth token mismatch</strong>. <a href='/'>Start Again</a>.</p>";
exit;
}
$fe = new FireEagle($sess['app_consumer'], $sess['app_secret'], $sess['request_token'], $sess['request_secret']);
$tok = $fe->getAccessToken();
if (!isset($tok['oauth_token']) || !is_string($tok['oauth_token'])
|| !isset($tok['oauth_token_secret']) || !is_string($tok['oauth_token_secret'])) {
error_log("Bad token from FireEagle::getAccessToken(): ".var_export($tok, TRUE));
echo "ERROR! FireEagle::getAccessToken() returned an invalid response. Giving up.";
exit;
}
?>
<p><em>Awesome</em>, you've authed and now have some user credentials to use in your script.
<strong>Remember to keep these secret, they are for your personal use only!</strong>.</p>
<dl>
<dt>User Token:</dt>
<dd><?php echo $tok['oauth_token']; ?></dd>
<dt>User Secret:</dt>
<dd><?php echo $tok['oauth_token_secret']; ?></dd>
</dl>
<?php }
else { // We have no token, so ask for keys: ?>
<p>Hi there, developer. This is a tiny little utility to auth yourself against
a Fire Eagle application, given the API keys. This gives you an authed user
token for yourself, allowing you to make calls from a standalone, static
environment; such as a bookmarklet.</p>
<ol>
<li>Create a <a href="http://fireeagle.yahoo.net/developer/create">new application</a> on Fire Eagle.</li>
<li>Enter the keys below to auth with your app, and get your user key.</li>
</ol>
<form action="" method="GET">
<fieldset>
<label for="fe-consumer-key">Application Consumer Key</label>
<input id="fe-consumer-key" name="app-consumer" value="<?php echo $_GET['app-consumer'] ?>">
<label for="fe-secret-key">Application Secret</label>
<input id="fe-secret-key" name="app-secret" value="<?php echo $_GET['app-secret'] ?>">
</fieldset>
<fieldset>
<input type="submit" name="do-auth" value="Authorize with Fire Eagle">
</fieldset>
</form>
<p><strong>This is just an aid to build your own standalone scripts in
environments that you can't store credentials. you should not be
giving your application secret to any actual users!</strong>
Credentials are not stored.</p>
<?php }
?>
<footer>
<small>Created by Ben Ward. Code available on GitHub
<a href="http://github.com/BenWard/auth-me-amadeus/">http://github.com/BenWard/auth-me-amadeus/</a>.
</footer>
<?php
} ?>