if ($gk != 'oauth_signature') { if (empty($req_str) == false) { $req_str .= '&'; } $req_str .= $gk . '=' . urlencode($gets[$gk]); } } $full_self = ''; if (empty($_SERVER['HTTPS'])) { $full_self = 'http://'; } else { $full_self = 'https://'; } $full_self .= $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF']; $req_str = 'GET&' . urlencode($full_self) . '&' . urlencode($req_str); $signature = sign_hmacsha1($consumer['secret'] . '&' . $access['secret'], $req_str); if ($signature != $gets['oauth_signature']) { header('HTTP/1.1 401 Unauthorized'); header('Content-type: text/html'); echo '401 - Unauthorized 3'; exit; } $query_str = "select * from " . TABLE_PREFIX . "user where ID = '" . $access['user_id'] . "' limit 1"; $query_result = mysql_query($query_str); if ($query_result == false or mysql_num_rows($query_result) != 1) { header('HTTP/1.1 403 Forbidden'); echo "File Upload: Application Error. Try back to the previous page."; exit; } $user = mysql_fetch_assoc($query_result); #TODO: Check the user
if ($gk != 'oauth_signature') { if (empty($req_str) == false) { $req_str .= '&'; } $req_str .= $gk . '=' . urlencode($gets[$gk]); } } $full_self = ''; if (empty($_SERVER['HTTPS'])) { $full_self = 'http://'; } else { $full_self = 'https://'; } $full_self .= $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF']; $req_str = 'GET&' . urlencode($full_self) . '&' . urlencode($req_str); $signature = sign_hmacsha1($consumer['secret'] . '&', $req_str); if ($signature != $gets['oauth_signature']) { header('HTTP/1.1 401 Unauthorized'); header('Content-type: text/html'); echo '401 - Unauthorized 2'; exit; } $request_validity_age = 5 * 60; // 5 minutes $now = time(); $request_expiration_time = $now - $request_validity_age; $req_timestamp = intval($_GET['oauth_timestamp']); if ($req_timestamp < $request_expiration_time or $req_timestamp > $now + $request_validity_age) { header('HTTP/1.1 401 Unauthorized'); header('Content-type: text/html'); echo '401 - Unauthorized';