public static function preserveReferer()
{
if (array_key_exists('HTTP_REFERER', $_SERVER)) {
$referer = $_SERVER['HTTP_REFERER'];
// only set if referrer is not on this site
if (strpos($referer, UserConfig::$SITEROOTFULLURL) === 0) {
return;
}
$storage = new MrClay_CookieStorage(array('secret' => UserConfig::$SESSION_SECRET, 'mode' => MrClay_CookieStorage::MODE_ENCRYPT, 'path' => UserConfig::$SITEROOTURL, 'expire' => 0, 'httponly' => true));
if (!$storage->store(UserConfig::$entry_referer_key, $referer)) {
throw new Exception(implode("\n", $storage->errors));
}
self::$referer = $referer;
}
}
protected function startOAuthFlow()
{
// generate new user id since we're logging in and have no idea who the user is
$oauth_user_id = $this->getNewOAuthUserID();
$storage = new MrClay_CookieStorage(array('secret' => UserConfig::$SESSION_SECRET, 'mode' => MrClay_CookieStorage::MODE_ENCRYPT, 'path' => UserConfig::$SITEROOTURL, 'httponly' => true));
if (!$storage->store(UserConfig::$oauth_user_id_key, $oauth_user_id)) {
throw new Exception(implode('; ', $storage->errors));
}
try {
$callback = UserConfig::$USERSROOTFULLURL . '/oauth_callback.php?module=' . $this->getID();
// TODO add a way to skip this step if server was initialized
$this->initOAuthServer();
$params = array('scope' => $this->oAuthScope, 'oauth_callback' => $callback);
if (!is_null(UserConfig::$OAuthAppName)) {
$params['xoauth_displayname'] = UserConfig::$OAuthAppName;
}
// STEP 1: get a request token
$tokenResultParams = OAuthRequester::requestRequestToken($this->oAuthConsumerKey, $oauth_user_id, $params);
// redirect to the authorization page, they will redirect back
header("Location: " . $this->oAuthAuthorizeURL . "?oauth_token=" . $tokenResultParams['token']);
exit;
} catch (OAuthException2 $e) {
error_log(var_export($e, true));
return null;
}
}
public function setSession($remember)
{
$storage = new MrClay_CookieStorage(array('secret' => UserConfig::$SESSION_SECRET, 'mode' => MrClay_CookieStorage::MODE_ENCRYPT, 'path' => UserConfig::$SITEROOTURL, 'expire' => UserConfig::$allowRememberMe && $remember ? time() + UserConfig::$rememberMeTime : 0, 'httponly' => true));
if (!$storage->store(UserConfig::$session_userid_key, $this->userid)) {
throw new Exception(implode('; ', $storage->errors));
}
}