function request_and_verify_request_token()
{
// If there exists any active session, destroy it for simplicity's sake.
$this->log_out();
// create a temp user and make a cookie for his record
$this->user_id = create_temp_user();
setcookie(COOKIE_NAME, get_session_id_from_user_id($this->user_id));
// At this point, we shouldn't have anything in the DB with a record of this transaction.
// Set up the required parameters to recognize an OAuth provider -- known in this OAuthPHP lib as
// a record in the oauth_consumer_registry table.
$server = array('consumer_key' => CONSUMER_KEY, 'consumer_secret' => CONSUMER_SECRET, 'server_uri' => ROOT_TYPEPAD_API_URL, 'signature_methods' => array('PLAINTEXT'), 'request_token_uri' => $this->get_api_endpoint(TP_OAUTH_REQUEST_TOKEN_URL), 'authorize_uri' => $this->get_api_endpoint(TP_OAUTH_AUTH_URL), 'access_token_uri' => $this->get_api_endpoint(TP_OAUTH_ACCESS_TOKEN_URL));
// See which known services exist for this user
$servers = $this->store->listServers('', $this->user_id);
// Refresh the known OAuth providers for this user by deleting them if they already exist...
foreach ($servers as $server_item) {
if ($server_item['consumer_key'] == CONSUMER_KEY && $server_item['user_id'] == $this->user_id) {
// debug ("User_id = " . $this->user_id);
$this->store->deleteServer(CONSUMER_KEY, $this->user_id);
}
}
// otherwise, create a new record of this OAuth provider.
$consumer_key = $this->store->updateServer($server, $this->user_id);
/*
* These methods from this OAuth PHP lib don't create the right type of GET request...
$options = array();
$options[CURLOPT_HTTPHEADER] = $server;
$token = OAuthRequester::requestRequestToken(CONSUMER_KEY, $user_id); //, '', 'GET', $options);
$token = OAuthRequester::requestRequestToken(CONSUMER_KEY, $user_id, '', 'GET');
*/
$r = $this->store->getServer(CONSUMER_KEY, $this->user_id);
// This creates a generic Request object, so we'll have to fill in the rest...
$oauth = new OAuthRequester($this->get_api_endpoint(TP_OAUTH_REQUEST_TOKEN_URL), '', '');
$oauth->setParam('oauth_callback', CALLBACK_URL);
// ..and this adds more parameters, like the timestamp, nonce, version, signature method, etc
$oauth->sign($this->user_id, $r);
// Begin to build the URL string with the request token endpoint
$final_url = $this->get_api_endpoint(TP_OAUTH_REQUEST_TOKEN_URL) . "?";
$parameters = array('timestamp', 'callback', 'nonce', 'consumer_key', 'version', 'signature_method', 'signature');
foreach ($parameters as $parm) {
$final_url .= 'oauth_' . $parm . '=' . $oauth->getParam('oauth_' . $parm) . '&';
}
/* Now execute the long query that may look something like this:
https://www.typepad.com/secure/services/oauth/request_token ?
oauth_signature=n3lQROBcPnBZvEgplUzHcgkUCrA%3D &
oauth_timestamp=1269811986 &
oauth_callback=http%3A%2F%2F127.0.0.1%3A5000%2Flogin-callback &
oauth_nonce=853433351 &
oauth_consumer_key=c5139cef2985b86d &
oauth_version=1.0 &
oauth_signature_method=HMAC-SHA1
*/
// debug ("Final Url = $final_url");
// and go ahead and execute the request.
$handle = fopen($final_url, "rb");
$doc = stream_get_contents($handle);
$response_array = explode("&", $doc);
// debug ("Response from request = ^" . var_dump($response_array));
// TODO: Verbose error handling
// Store the results!
$response = array();
foreach ($response_array as $response_str) {
$pair = explode("=", $response_str);
$response[$pair[0]] = $pair[1];
}
// Instead of storing the Request token as a cookie, write it to the db.
$this->store->addServerToken(CONSUMER_KEY, 'request', $response['oauth_token'], $response['oauth_token_secret'], $this->user_id, '');
// var_dump($oauth);
// debug ("After creating a simple request token, store obj = ^ ");
$this->oauth_token = $response['oauth_token'];
}
/**
* Request an access token from the site belonging to consumer_key.
* Before this we got an request token, now we want to exchange it for
* an access token.
*
* @param string consumer_key
* @param string token
* @param int usr_id user requesting the access token
* @param string method (optional) change the method of the request, defaults to POST (as it should be)
* @param array options (optional) extra options for request, eg token_ttl
* @param array curl_options optional extra options for curl request
*
* @exception OAuthException2 when no key could be fetched
* @exception OAuthException2 when no server with consumer_key registered
*/
static function requestAccessToken($consumer_key, $token, $usr_id, $method = 'POST', $options = array(), $curl_options = array())
{
OAuthRequestLogger::start();
$store = OAuthStore::instance();
$r = $store->getServerTokenSecrets($consumer_key, $token, 'request', $usr_id);
$uri = $r['access_token_uri'];
$token_name = $r['token_name'];
// Delete the server request token, this one was for one use only
$store->deleteServerToken($consumer_key, $r['token'], 0, true);
// Try to exchange our request token for an access token
$oauth = new OAuthRequester($uri, $method);
if (isset($options['oauth_verifier'])) {
$oauth->setParam('oauth_verifier', $options['oauth_verifier']);
}
if (isset($options['token_ttl']) && is_numeric($options['token_ttl'])) {
$oauth->setParam('xoauth_token_ttl', intval($options['token_ttl']));
}
OAuthRequestLogger::setRequestObject($oauth);
$oauth->sign($usr_id, $r);
$text = $oauth->curl_raw($curl_options);
if (empty($text)) {
throw new OAuthException2('No answer from the server "' . $uri . '" while requesting a request token');
}
$data = $oauth->curl_parse($text);
if ($data['code'] != 200) {
throw new OAuthException2('Unexpected result from the server "' . $uri . '" (' . $data['code'] . ') while requesting a request token');
}
$token = array();
$params = explode('&', $data['body']);
foreach ($params as $p) {
@(list($name, $value) = explode('=', $p, 2));
$token[$oauth->urldecode($name)] = $oauth->urldecode($value);
}
if (!empty($token['oauth_token']) && !empty($token['oauth_token_secret'])) {
$opts = array();
$opts['name'] = $token_name;
if (isset($token['xoauth_token_ttl'])) {
$opts['token_ttl'] = $token['xoauth_token_ttl'];
}
$store->addServerToken($consumer_key, 'access', $token['oauth_token'], $token['oauth_token_secret'], $usr_id, $opts);
} else {
throw new OAuthException2('The server "' . $uri . '" did not return the oauth_token or the oauth_token_secret');
}
OAuthRequestLogger::flush();
}
}
}
$consumer_key = $store->updateServer($server, $user_id);
/*
* These don't create the right type of GET request.
$options = array();
$options[CURLOPT_HTTPHEADER] = $server;
$token = OAuthRequester::requestRequestToken(CONSUMER_KEY, $user_id); //, '', 'GET', $options);
$token = OAuthRequester::requestRequestToken(CONSUMER_KEY, $user_id, '', 'GET');
*/
$r = $store->getServer(CONSUMER_KEY, $user_id);
// This creates a generic Request object.
$oauth = new OAuthRequester($endpoint_strs['oauth-request-token-endpoint'], '', '');
// $oauth->setParam('oauth_callback', 'http://127.0.0.1/claire/oauth/beta.php');
$oauth->setParam('oauth_callback', CALLBACK_URL);
// ..and this adds more parameters, like the timestamp, nonce, version, signature method, etc
$oauth->sign($user_id, $r);
// $final_url = "https://www.typepad.com/secure/services/oauth/request_token?";
$final_url = $endpoint_strs['oauth-request-token-endpoint'] . "?";
$parameters = array('timestamp', 'callback', 'nonce', 'consumer_key', 'version', 'signature_method', 'signature');
foreach ($parameters as $parm) {
$final_url .= 'oauth_' . $parm . '=' . $oauth->getParam('oauth_' . $parm) . '&';
}
/* Now execute the long query that may look something like this:
https://www.typepad.com/secure/services/oauth/request_token ?
oauth_signature=n3lQROBcPnBZvEgplUzHcgkUCrA%3D &
oauth_timestamp=1269811986 &
oauth_callback=http%3A%2F%2F127.0.0.1%3A5000%2Flogin-callback &
oauth_nonce=853433351 &
