forked from AstroProfundis/embrr
/
oauth.php
110 lines (98 loc) · 4.12 KB
/
oauth.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
<?php
/* Start session and load lib */
if(!isset($_SESSION)){
session_start();
}
include_once('lib/twitese.php');
foreach ($AUTH_ID as &$id) {
$id = strtoupper($id);
}
if (isset($_REQUEST['oauth_token'])) {
if($_SESSION['oauth_token'] !== $_REQUEST['oauth_token']) {
$_SESSION['oauth_status'] = 'oldtoken';
session_destroy();
header('Location: login.php?oauth=old');exit();
}else{
/* Create TwitteroAuth object with app key/secret and token key/secret from default phase */
$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $_SESSION['oauth_token'], $_SESSION['oauth_token_secret']);
/* Request access tokens from twitter */
$access_token = $connection->getAccessToken($_REQUEST['oauth_verifier']);
/* Save the access tokens. Normally these would be saved in a database for future use. */
$_SESSION['access_token'] = $access_token;
/* Remove no longer needed request tokens */
unset($_SESSION['oauth_token']);
unset($_SESSION['oauth_token_secret']);
/* If HTTP response is 200 continue otherwise send to connect page to retry */
if (200 == $connection->http_code) {
/* The user has been verified and the access tokens can be saved for future use */
$_SESSION['login_status'] = 'verified';
$t = getTwitter();
$user = $t->veverify();
if ( ID_AUTH && (!in_array(strtoupper($t->screen_name),$AUTH_ID)) ){
session_destroy();
header("Location: login.php?oauth=denied");exit;
}
/* And set new cookies */
$time = $_SERVER['REQUEST_TIME']+3600*24*365;
setEncryptCookie('oauth_token', $access_token['oauth_token'], $time, '/');
setEncryptCookie('oauth_token_secret', $access_token['oauth_token_secret'], $time, '/');
setcookie('user_id', $access_token['user_id'], $time, '/');
setcookie('name', $t->screen_name, $time, '/');
refreshProfile();
if(!isset($_COOKIE['showpic'])){
setcookie('showpic', 'true', $time, '/');
}
if(!isset($_COOKIE['shownick'])){
setcookie('shownick', 'false', $time, '/');
}
if(!isset($_COOKIE['mediaPre'])){
setcookie('mediaPre', 'true', $time, '/');
}
if(!isset($_COOKIE['loginPage'])) {
header('Location: index.php');exit();
} else {
$scheme = (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on") ? 'http' : 'https';
$port = $_SERVER['SERVER_PORT'] != 80 ? ':'.$_SERVER['SERVER_PORT'] : '';
$login_page = $scheme . '://' . $_SERVER['HTTP_HOST'] . $port . $_COOKIE['loginPage'];
header('Location: '. $login_page);exit();
}
} else {
session_destroy();
header('Location: login.php?oauth=error');exit();
}
}
}else{
/* Create TwitterOAuth object and get request token */
$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET);
/* Get callback URL */
$scheme = (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on") ? 'http' : 'https';
$port = $_SERVER['SERVER_PORT'] != 80 ? ':'.$_SERVER['SERVER_PORT'] : '';
$oauth_callback = $scheme . '://' . $_SERVER['HTTP_HOST'] . $port . $_SERVER['REQUEST_URI'];
/* Get request token */
$request_token = $connection->getRequestToken($oauth_callback);
/* Save request token to session */
$_SESSION['oauth_token'] = $token = $request_token['oauth_token'];
$_SESSION['oauth_token_secret'] = $request_token['oauth_token_secret'];
/* If last connection fails don't display authorization link */
switch ($connection->http_code) {
case 200:
$time = $_SERVER['REQUEST_TIME']+3600*24*365;
$url = $connection->getAuthorizeURL($token);
if ( isset($_POST['proxify']) ) {
$raw= processCurl($url);
$formpreg = '/(<form( \w+=\"[^"]*\")* action=\")[^"]*(\"( \w+=\"[^"]*\")*>)/';
$new = preg_replace($formpreg, '\1authorize.php\3',$raw);
$new = str_replace('html { display:none; }','.error,a.sign-up,input[name="deny"]{display:none !important;}',$new);
$new = preg_replace('/https?:\/\/\w+([0-9])\.twimg\.com/i','https://s3.amazonaws.com/twitter_production',$new);
echo $new;
} //OAuth Proxy End
else {
header('Location: ' . $url);
}
break;
default:
header('Location: error.php?t=1');exit();
break;
}
}
?>