} // Step 4: Now the user has authenticated, do something with the permanent token and secret we received function verify_credentials($tmhOAuth) { $tmhOAuth->config['user_token'] = $_SESSION['access_token']['oauth_token']; $tmhOAuth->config['user_secret'] = $_SESSION['access_token']['oauth_token_secret']; $code = $tmhOAuth->request('GET', $tmhOAuth->url('1/account/verify_credentials')); if ($code == 200) { echo $tmhOAuth->response['response']; } else { outputError($tmhOAuth); } } /* Auth Flow */ if (isset($_REQUEST['wipe'])) { // Logging out wipe(); return; } if (isset($_REQUEST['start'])) { // Let's start the OAuth dance request_token($tmhOAuth); } elseif (isset($_REQUEST['oauth_verifier'])) { access_token($tmhOAuth); } elseif (isset($_SESSION['access_token'])) { // Some credentials already stored in this browser session. verify_credentials($tmhOAuth); } else { // User's not logged in. echo json_encode(array('loggedin' => false)); }
* See the License for the specific language governing permissions and * limitations under the License. */ // Author: Jenny Murphy - http://google.com/+JennyMurphy require_once 'config.php'; require_once 'mirror-client.php'; require_once 'google-api-php-client/src/Google_Client.php'; require_once 'google-api-php-client/src/contrib/Google_MirrorService.php'; require_once 'util.php'; $client = get_google_api_client(); // Authenticate if we're not already if (!isset($_SESSION['userid']) || get_credentials($_SESSION['userid']) == null) { header('Location: ' . $base_url . '/oauth2callback.php'); exit; } else { verify_credentials(get_credentials($_SESSION['userid'])); $client->setAccessToken(get_credentials($_SESSION['userid'])); } // A glass service for interacting with the Mirror API $mirror_service = new Google_MirrorService($client); // But first, handle POST data from the form (if there is any) switch ($_POST['operation']) { case 'insertItem': $new_timeline_item = new Google_TimelineItem(); $new_timeline_item->setText($_POST['message']); $notification = new Google_NotificationConfig(); $notification->setLevel("DEFAULT"); $new_timeline_item->setNotification($notification); if (isset($_POST['imageUrl']) && isset($_POST['contentType'])) { insert_timeline_item($mirror_service, $new_timeline_item, $_POST['contentType'], file_get_contents($_POST['imageUrl'])); } else {
$code = $tmhOAuth->request('GET', $tmhOAuth->url('1/account/verify_credentials')); if ($code == 200) { $response = json_decode($tmhOAuth->response['response']); $_SESSION['account']['users'][$id] = array('user_id' => $response->id, 'user_screen_name' => $response->screen_name, 'profile_image_url' => $response->profile_image_url, 'name' => $response->name, 'id' => $id); } else { outputError($tmhOAuth); } } /* Auth Flow */ if (isset($_REQUEST['wipe'])) { // Logging out wipe(); return; } if (isset($_REQUEST['start'])) { // Let's start the OAuth dance request_token($tmhOAuth); } elseif (isset($_REQUEST['oauth_verifier'])) { access_token($tmhOAuth); } elseif (isset($_SESSION['account'])) { // Some credentials already stored in this browser session. foreach ($_SESSION['account']['users'] as $id => $user) { if (!isset($user['profile_image_url'])) { verify_credentials($tmhOAuth, $id); } } echo json_encode($_SESSION['account']); } else { // User's not logged in. echo json_encode(array('loggedin' => false)); }
$jsonLogger->setIpAddress($_SERVER['REMOTE_ADDR']); $jsonLogger->insert(); $jsonParser = new JSONParser(); try { $jsonParser->parse($jsonString); } catch (Exception $e) { die("Exception: " . $e->getMessage()); } } else { function send401() { $realm = "Frogmod Database"; header('WWW-Authenticate: Basic realm="' . $realm . '"'); header('HTTP/1.1 401 Unauthorized'); die; } function verify_credentials($user, $password) { //check user and password here. Return true or false return $user == Config::$auth['user'] && $password == Config::$auth['pass']; } if (!empty(Config::$auth['user'])) { if (!array_key_exists('PHP_AUTH_USER', $_SERVER) || !array_key_exists('PHP_AUTH_PW', $_SERVER)) { send401(); } elseif (!verify_credentials($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) { send401(); } } include 'main.php'; exit; }
function access_token($tmhOAuth) { $params = uri_params(); if ($params['oauth_token'] !== $_SESSION['oauth']['oauth_token']) { error('The oauth token you started with doesn\'t match the one you\'ve been redirected with. do you have multiple tabs open?'); return; } if (!isset($params['oauth_verifier'])) { error('The oauth verifier is missing so we cannot continue. did you deny the appliction access?'); return; } // update with the temporary token and secret $tmhOAuth->reconfigure(array_merge($tmhOAuth->config, array('token' => $_SESSION['oauth']['oauth_token'], 'secret' => $_SESSION['oauth']['oauth_token_secret']))); $code = $tmhOAuth->user_request(array('method' => 'POST', 'url' => $tmhOAuth->url('oauth/access_token', ''), 'params' => array('oauth_verifier' => trim($params['oauth_verifier'])))); if ($code == 200) { $oauth_creds = $tmhOAuth->extract_params($tmhOAuth->response['response']); verify_credentials($tmhOAuth, htmlspecialchars($oauth_creds['oauth_token']), htmlspecialchars($oauth_creds['oauth_token_secret'])); } else { error("There was an error communicating with Twitter. {$tmhOAuth->response['response']}"); return; } }