/** * Validates PAM credentials * * @param array $credentials Credentials * @return boolean * @throws LoginException */ public static function handler(array $credentials = array()) { $calendar_guid = elgg_extract('calendar_guid', $credentials); $user_guid = elgg_extract('user_guid', $credentials); $token = elgg_extract('token', $credentials); $ia = elgg_set_ignore_access(true); $calendar = get_entity($calendar_guid); $user = get_entity($user_guid); elgg_set_ignore_access($ia); $pam = new PAM($calendar, $user); if (!has_access_to_entity($calendar, $user)) { throw new LoginException('User does not have access to this calendar'); } if (!$calendar->getToken()) { throw new LoginException('Calendar does not allow remote access'); } if (!$pam->validateToken($token)) { throw new LoginException('Invalid token'); } return true; }
<?php namespace Events\UI; use Events\API\Calendar; use Events\API\Util; use Events\API\PAM; $is_logged_in = elgg_is_logged_in(); $guid = get_input('guid'); $consumer = get_input('consumer'); if (!$is_logged_in) { $token = get_input('token'); $user_guid = get_input('uid'); try { PAM::authenticate(); } catch (Exception $ex) { register_error($ex->getMessage()); forward('', '403'); } } $entity = get_entity($guid); if (!$entity instanceof Calendar) { forward('', '404'); } $start = (int) get_input('start', time()); $end = (int) get_input('end', strtotime('+1 month', $start)); $start = (int) Util::getDayStart($start); $end = (int) Util::getDayEnd($end); $events = $entity->getAllEventInstances($start, $end, true, $consumer); echo json_encode($events); if (!$is_logged_in) {