function oauth_services_render() { global $userdata; get_currentuserinfo(); $services = get_option('oauth_services'); if ($_POST['save']) { $userdata->oauth_consumers = array(); if (!$_POST['services']) { $_POST['services'] = array(); } foreach ($_POST['services'] as $key => $value) { $service = array('authorized' => true); foreach ($services as $k => $v) { if (in_array($k, array_keys($value))) { $service[$k] = $v; } } $userdata->oauth_consumers[$key] = $service; } //end foreach services update_usermeta($userdata->ID, 'oauth_consumers', $userdata->oauth_consumers); } //end if save require_once dirname(__FILE__) . '/OAuthWordpressStore.php'; $store = new OAuthWordpressStore(); echo '<div class="wrap">'; echo ' <h2>Change Service Permissions</h2>'; echo ' <form method="post" action="">'; foreach ($userdata->oauth_consumers as $key => $values) { echo ' <h3>' . $store->lookup_consumer_description($key) . '</h3><ul>'; foreach ($services as $k => $v) { echo ' <li><input type="checkbox" ' . ($values[$k] && count($values[$k]) ? 'checked="checked"' : '') . ' name="services[' . htmlentities($key) . '][' . htmlentities($k) . ']" /> ' . $k . '</li>'; } echo ' </ul>'; } //end foreach echo ' <p><input type="submit" name="save" value="Save »" /></p>'; echo ' </form>'; echo '</div>'; }
header('Location: ' . $_REQUEST['oauth_callback'], true, 303); } else { get_header(); echo '<h2 style="text-align:center;">Authorized! You may now close this window.</h2>'; get_footer(); } //end if-else callback exit; } else { session_start(); //use a session to prevent the consumer from tricking the user into posting the Yes answer $_SESSION['oauth_token'] = $token; $_SESSION['oauth_callback'] = $_REQUEST['oauth_callback']; $_SESSION['oauth_consumer_key'] = $consumer_key; get_header(); $description = $store->lookup_consumer_description($consumer_key); if ($description) { $description = 'Allow ' . $description . ' to access your Wordpress account and...'; } else { $description = 'Allow the service you came from to access your Wordpress account and...'; } ?> <div style="text-align:center;"> <h2><?php echo $description; ?> </h2> <form method="post" action=""><div> <div style="text-align:left;width:15em;margin:0 auto;"> <ul style="padding:0px;"> <?php
function oauth_authorize(&$vars) { extract($vars); if (!(environment('openid_version') > 1) || (!$db->has_table('oauth_consumers') || !$db->has_table('oauth_tokens'))) { $db->create_openid_tables(); } wp_plugin_include(array('wp-oauth')); global $wpdb; global $userdata; if (!$_GET['oauth_token'] && !$_POST['authorize']) { trigger_error('Sorry, the remote service did not send a subscription token. The error has been recorded, you may go back and try the subscription again.', E_USER_ERROR); } $NO_oauth = true; //require_once dirname(__FILE__).'/common.inc.php'; $store = new OAuthWordpressStore(); if (!$_POST['authorize']) { $token = $wpdb->escape($_GET['oauth_token']); $consumer_key = $store->lookup_token('', 'request', $token); //verify token if (!$consumer_key) { die('Invalid token passed'); } } //end if ! POST authorize get_currentuserinfo(); if (!$userdata->ID) { redirect_to($request->url_for('openid_login')); } //end if ! userdata->ID $xrds = get_remote_xrds(trim(urldecode($_GET['omb_listenee_profile']))); if (is_array($xrds)) { $localid = $xrds[0]; $endpoints = $xrds[1]; } else { trigger_error('unable to fetch remote XRDS document', E_USER_ERROR); } $postNotice = $endpoints[OMB_VERSION . '/postNotice']; $updateProfile = $endpoints[OMB_VERSION . '/updateProfile']; $listenee_params = array('omb_listenee_fullname' => 'fullname', 'omb_listenee_profile' => 'profile_url', 'omb_listenee_nickname' => 'nickname', 'omb_listenee_license' => 'license', 'omb_listenee' => 'url', 'omb_listenee_homepage' => 'homepage', 'omb_listenee_bio' => 'bio', 'omb_listenee_location' => 'locality', 'omb_listenee_avatar' => 'avatar'); $Identity =& $db->get_table('identities'); $Person =& $db->get_table('people'); $Subscription =& $db->model('Subscription'); $prof = urldecode($_GET['omb_listenee']); $i = $Identity->find_by('profile', $prof); if (!$i) { // need to create the identity (and person?) because it was not found $p = $Person->base(); $p->save(); // CREATE USER $i = $Identity->base(); $i->set_value('profile', $prof); $i->set_value('label', 'profile 1'); $i->set_value('person_id', $p->id); foreach ($listenee_params as $k => $v) { if (isset($_GET[$k])) { $i->set_value($v, urldecode($_GET[$k])); } } if ("/" == substr($i->attributes['url'], -1)) { $i->attributes['url'] = substr($i->attributes['url'], 0, -1); } if (empty($i->attributes['url']) || !$Identity->is_unique_value($i->attributes['url'], 'url')) { $i->set_value('url', $i->attributes['profile_url']); } $i->set_value('update_profile', $updateProfile); $i->set_value('post_notice', $postNotice); $i->save_changes(); $i->set_etag($p->id); } $_SESSION['listenee_id'] = $i->id; if ($_POST['authorize']) { session_start(); $_GET['oauth_callback'] = $_SESSION['oauth_callback']; unset($_SESSION['oauth_callback']); $token = $_SESSION['oauth_token']; unset($_SESSION['oauth_token']); $consumer_key = $_SESSION['oauth_consumer_key']; unset($_SESSION['oauth_consumer_key']); if ($_POST['authorize'] != 'Ok') { if ($_GET['oauth_callback']) { header('Location: ' . urldecode($_GET['oauth_callback']), true, 303); } else { //get_header(); echo '<h2 class="omb-center">You chose to cancel authorization. You may now close this window.</h2>'; //get_footer(); } //end if-else callback exit; } //cancel authorize $consumers = $userdata->oauth_consumers ? $userdata->oauth_consumers : array(); $services = get_option('oauth_services'); $yeservices = array(); foreach ($services as $k => $v) { if (in_array($k, array_keys($_GET['services']))) { $yeservices[$k] = $v; } } $consumers[$consumer_key] = array_merge(array('authorized' => true), $yeservices); //it's an array so that more granular data about permissions could go in here $userdata->oauth_consumers = $consumers; update_usermeta($userdata->ID, 'oauth_consumers', $consumers); } //end if authorize if ($userdata->oauth_consumers && in_array($consumer_key, array_keys($userdata->oauth_consumers))) { $store->authorize_request_token($consumer_key, $token, $userdata->ID); if ($_GET['oauth_callback']) { $Subscription =& $db->model('Subscription'); $sub = $Subscription->find_by(array('subscribed' => $_SESSION['listenee_id'], 'subscriber' => get_profile_id())); if (!$sub) { $s = $Subscription->base(); $s->set_value('subscriber', get_profile_id()); $s->set_value('subscribed', $_SESSION['listenee_id']); $s->save_changes(); $s->set_etag(get_person_id()); } // response to omb remote service $i = get_profile(); if (!empty($i->profile_url)) { $profile_url = $i->profile_url; } else { $profile_url = $i->profile; } $omb_subscriber = array('omb_version' => OMB_VERSION, 'omb_listener_profile' => $profile_url, 'omb_listener_nickname' => $i->nickname, 'omb_listener_license' => $i->license, 'omb_listener_fullname' => $i->fullname, 'omb_listener_homepage' => $i->homepage, 'omb_listener_bio' => $i->bio, 'omb_listener_location' => $i->locality, 'omb_listener_avatar' => $i->avatar); if (strpos($_GET['oauth_callback'], '?') === false) { $profileparams = "?"; } else { $profileparams = "&"; } foreach ($omb_subscriber as $key => $item) { $profileparams .= $key . "=" . urlencode($item) . '&'; } $profileparams .= "oauth_token=" . $token; header('Location: ' . urldecode($_GET['oauth_callback']) . $profileparams, true, 303); } else { //get_header(); echo '<h2 class="omb-center">Authorized! You may now close this window.</h2>'; //get_footer(); } //end if-else callback exit; } else { session_start(); //use a session to prevent the consumer from tricking the user into posting the Yes answer $_SESSION['oauth_token'] = $token; $_SESSION['oauth_callback'] = $_GET['oauth_callback']; $_SESSION['oauth_consumer_key'] = $consumer_key; //get_header(); $description = $store->lookup_consumer_description($consumer_key); if ($description) { $description = 'Allow ' . $description . ' to post notices to your account?'; } else { $description = 'Click "allow" to authorize messages from the remote site.'; } ?> <div class="omb-center"> <h2><?php echo $description; ?> </h2> <form method="post" action=""><div> <div id="omb-desc"> <ul class="omb-ul"> <?php $services = get_option('oauth_services'); //foreach($services as $k => $v) // echo '<li><input type="checkbox" checked="checked" name="services['.htmlentities($k).']" /> '.$k.'</li>'; ?> </ul> <br /> <input type="submit" name="authorize" value="Cancel" /> <input type="submit" name="authorize" value="Ok" /> </div> </div></form> </div> <?php //get_footer(); exit; } //end if user has authorized this consumer }