function oauth_services_render()
{
global $userdata;
get_currentuserinfo();
$services = get_option('oauth_services');
if ($_POST['save']) {
$userdata->oauth_consumers = array();
if (!$_POST['services']) {
$_POST['services'] = array();
}
foreach ($_POST['services'] as $key => $value) {
$service = array('authorized' => true);
foreach ($services as $k => $v) {
if (in_array($k, array_keys($value))) {
$service[$k] = $v;
}
}
$userdata->oauth_consumers[$key] = $service;
}
//end foreach services
update_usermeta($userdata->ID, 'oauth_consumers', $userdata->oauth_consumers);
}
//end if save
require_once dirname(__FILE__) . '/OAuthWordpressStore.php';
$store = new OAuthWordpressStore();
echo '<div class="wrap">';
echo ' <h2>Change Service Permissions</h2>';
echo ' <form method="post" action="">';
foreach ($userdata->oauth_consumers as $key => $values) {
echo ' <h3>' . $store->lookup_consumer_description($key) . '</h3><ul>';
foreach ($services as $k => $v) {
echo ' <li><input type="checkbox" ' . ($values[$k] && count($values[$k]) ? 'checked="checked"' : '') . ' name="services[' . htmlentities($key) . '][' . htmlentities($k) . ']" /> ' . $k . '</li>';
}
echo ' </ul>';
}
//end foreach
echo ' <p><input type="submit" name="save" value="Save »" /></p>';
echo ' </form>';
echo '</div>';
}
header('Location: ' . $_REQUEST['oauth_callback'], true, 303);
} else {
get_header();
echo '<h2 style="text-align:center;">Authorized! You may now close this window.</h2>';
get_footer();
}
//end if-else callback
exit;
} else {
session_start();
//use a session to prevent the consumer from tricking the user into posting the Yes answer
$_SESSION['oauth_token'] = $token;
$_SESSION['oauth_callback'] = $_REQUEST['oauth_callback'];
$_SESSION['oauth_consumer_key'] = $consumer_key;
get_header();
$description = $store->lookup_consumer_description($consumer_key);
if ($description) {
$description = 'Allow ' . $description . ' to access your Wordpress account and...';
} else {
$description = 'Allow the service you came from to access your Wordpress account and...';
}
?>
<div style="text-align:center;">
<h2><?php
echo $description;
?>
</h2>
<form method="post" action=""><div>
<div style="text-align:left;width:15em;margin:0 auto;">
<ul style="padding:0px;">
<?php
function oauth_authorize(&$vars)
{
extract($vars);
if (!(environment('openid_version') > 1) || (!$db->has_table('oauth_consumers') || !$db->has_table('oauth_tokens'))) {
$db->create_openid_tables();
}
wp_plugin_include(array('wp-oauth'));
global $wpdb;
global $userdata;
if (!$_GET['oauth_token'] && !$_POST['authorize']) {
trigger_error('Sorry, the remote service did not send a subscription token. The error has been recorded, you may go back and try the subscription again.', E_USER_ERROR);
}
$NO_oauth = true;
//require_once dirname(__FILE__).'/common.inc.php';
$store = new OAuthWordpressStore();
if (!$_POST['authorize']) {
$token = $wpdb->escape($_GET['oauth_token']);
$consumer_key = $store->lookup_token('', 'request', $token);
//verify token
if (!$consumer_key) {
die('Invalid token passed');
}
}
//end if ! POST authorize
get_currentuserinfo();
if (!$userdata->ID) {
redirect_to($request->url_for('openid_login'));
}
//end if ! userdata->ID
$xrds = get_remote_xrds(trim(urldecode($_GET['omb_listenee_profile'])));
if (is_array($xrds)) {
$localid = $xrds[0];
$endpoints = $xrds[1];
} else {
trigger_error('unable to fetch remote XRDS document', E_USER_ERROR);
}
$postNotice = $endpoints[OMB_VERSION . '/postNotice'];
$updateProfile = $endpoints[OMB_VERSION . '/updateProfile'];
$listenee_params = array('omb_listenee_fullname' => 'fullname', 'omb_listenee_profile' => 'profile_url', 'omb_listenee_nickname' => 'nickname', 'omb_listenee_license' => 'license', 'omb_listenee' => 'url', 'omb_listenee_homepage' => 'homepage', 'omb_listenee_bio' => 'bio', 'omb_listenee_location' => 'locality', 'omb_listenee_avatar' => 'avatar');
$Identity =& $db->get_table('identities');
$Person =& $db->get_table('people');
$Subscription =& $db->model('Subscription');
$prof = urldecode($_GET['omb_listenee']);
$i = $Identity->find_by('profile', $prof);
if (!$i) {
// need to create the identity (and person?) because it was not found
$p = $Person->base();
$p->save();
// CREATE USER
$i = $Identity->base();
$i->set_value('profile', $prof);
$i->set_value('label', 'profile 1');
$i->set_value('person_id', $p->id);
foreach ($listenee_params as $k => $v) {
if (isset($_GET[$k])) {
$i->set_value($v, urldecode($_GET[$k]));
}
}
if ("/" == substr($i->attributes['url'], -1)) {
$i->attributes['url'] = substr($i->attributes['url'], 0, -1);
}
if (empty($i->attributes['url']) || !$Identity->is_unique_value($i->attributes['url'], 'url')) {
$i->set_value('url', $i->attributes['profile_url']);
}
$i->set_value('update_profile', $updateProfile);
$i->set_value('post_notice', $postNotice);
$i->save_changes();
$i->set_etag($p->id);
}
$_SESSION['listenee_id'] = $i->id;
if ($_POST['authorize']) {
session_start();
$_GET['oauth_callback'] = $_SESSION['oauth_callback'];
unset($_SESSION['oauth_callback']);
$token = $_SESSION['oauth_token'];
unset($_SESSION['oauth_token']);
$consumer_key = $_SESSION['oauth_consumer_key'];
unset($_SESSION['oauth_consumer_key']);
if ($_POST['authorize'] != 'Ok') {
if ($_GET['oauth_callback']) {
header('Location: ' . urldecode($_GET['oauth_callback']), true, 303);
} else {
//get_header();
echo '<h2 class="omb-center">You chose to cancel authorization. You may now close this window.</h2>';
//get_footer();
}
//end if-else callback
exit;
}
//cancel authorize
$consumers = $userdata->oauth_consumers ? $userdata->oauth_consumers : array();
$services = get_option('oauth_services');
$yeservices = array();
foreach ($services as $k => $v) {
if (in_array($k, array_keys($_GET['services']))) {
$yeservices[$k] = $v;
}
}
$consumers[$consumer_key] = array_merge(array('authorized' => true), $yeservices);
//it's an array so that more granular data about permissions could go in here
$userdata->oauth_consumers = $consumers;
update_usermeta($userdata->ID, 'oauth_consumers', $consumers);
}
//end if authorize
if ($userdata->oauth_consumers && in_array($consumer_key, array_keys($userdata->oauth_consumers))) {
$store->authorize_request_token($consumer_key, $token, $userdata->ID);
if ($_GET['oauth_callback']) {
$Subscription =& $db->model('Subscription');
$sub = $Subscription->find_by(array('subscribed' => $_SESSION['listenee_id'], 'subscriber' => get_profile_id()));
if (!$sub) {
$s = $Subscription->base();
$s->set_value('subscriber', get_profile_id());
$s->set_value('subscribed', $_SESSION['listenee_id']);
$s->save_changes();
$s->set_etag(get_person_id());
}
// response to omb remote service
$i = get_profile();
if (!empty($i->profile_url)) {
$profile_url = $i->profile_url;
} else {
$profile_url = $i->profile;
}
$omb_subscriber = array('omb_version' => OMB_VERSION, 'omb_listener_profile' => $profile_url, 'omb_listener_nickname' => $i->nickname, 'omb_listener_license' => $i->license, 'omb_listener_fullname' => $i->fullname, 'omb_listener_homepage' => $i->homepage, 'omb_listener_bio' => $i->bio, 'omb_listener_location' => $i->locality, 'omb_listener_avatar' => $i->avatar);
if (strpos($_GET['oauth_callback'], '?') === false) {
$profileparams = "?";
} else {
$profileparams = "&";
}
foreach ($omb_subscriber as $key => $item) {
$profileparams .= $key . "=" . urlencode($item) . '&';
}
$profileparams .= "oauth_token=" . $token;
header('Location: ' . urldecode($_GET['oauth_callback']) . $profileparams, true, 303);
} else {
//get_header();
echo '<h2 class="omb-center">Authorized! You may now close this window.</h2>';
//get_footer();
}
//end if-else callback
exit;
} else {
session_start();
//use a session to prevent the consumer from tricking the user into posting the Yes answer
$_SESSION['oauth_token'] = $token;
$_SESSION['oauth_callback'] = $_GET['oauth_callback'];
$_SESSION['oauth_consumer_key'] = $consumer_key;
//get_header();
$description = $store->lookup_consumer_description($consumer_key);
if ($description) {
$description = 'Allow ' . $description . ' to post notices to your account?';
} else {
$description = 'Click "allow" to authorize messages from the remote site.';
}
?>
<div class="omb-center">
<h2><?php
echo $description;
?>
</h2>
<form method="post" action=""><div>
<div id="omb-desc">
<ul class="omb-ul">
<?php
$services = get_option('oauth_services');
//foreach($services as $k => $v)
// echo '<li><input type="checkbox" checked="checked" name="services['.htmlentities($k).']" /> '.$k.'</li>';
?>
</ul>
<br />
<input type="submit" name="authorize" value="Cancel" />
<input type="submit" name="authorize" value="Ok" />
</div>
</div></form>
</div>
<?php
//get_footer();
exit;
}
//end if user has authorized this consumer
}
