if ($gk != 'oauth_signature') {
if (empty($req_str) == false) {
$req_str .= '&';
}
$req_str .= $gk . '=' . urlencode($gets[$gk]);
}
}
$full_self = '';
if (empty($_SERVER['HTTPS'])) {
$full_self = 'http://';
} else {
$full_self = 'https://';
}
$full_self .= $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'];
$req_str = 'GET&' . urlencode($full_self) . '&' . urlencode($req_str);
$signature = sign_hmacsha1($consumer['secret'] . '&' . $access['secret'], $req_str);
if ($signature != $gets['oauth_signature']) {
header('HTTP/1.1 401 Unauthorized');
header('Content-type: text/html');
echo '401 - Unauthorized 3';
exit;
}
$query_str = "select * from " . TABLE_PREFIX . "user where ID = '" . $access['user_id'] . "' limit 1";
$query_result = mysql_query($query_str);
if ($query_result == false or mysql_num_rows($query_result) != 1) {
header('HTTP/1.1 403 Forbidden');
echo "File Upload: Application Error. Try back to the previous page.";
exit;
}
$user = mysql_fetch_assoc($query_result);
#TODO: Check the user
if ($gk != 'oauth_signature') {
if (empty($req_str) == false) {
$req_str .= '&';
}
$req_str .= $gk . '=' . urlencode($gets[$gk]);
}
}
$full_self = '';
if (empty($_SERVER['HTTPS'])) {
$full_self = 'http://';
} else {
$full_self = 'https://';
}
$full_self .= $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'];
$req_str = 'GET&' . urlencode($full_self) . '&' . urlencode($req_str);
$signature = sign_hmacsha1($consumer['secret'] . '&', $req_str);
if ($signature != $gets['oauth_signature']) {
header('HTTP/1.1 401 Unauthorized');
header('Content-type: text/html');
echo '401 - Unauthorized 2';
exit;
}
$request_validity_age = 5 * 60;
// 5 minutes
$now = time();
$request_expiration_time = $now - $request_validity_age;
$req_timestamp = intval($_GET['oauth_timestamp']);
if ($req_timestamp < $request_expiration_time or $req_timestamp > $now + $request_validity_age) {
header('HTTP/1.1 401 Unauthorized');
header('Content-type: text/html');
echo '401 - Unauthorized';
