/** * Server means the SITE to which user is connecting to * Get the server's info as array. Also, intialize the user to the server */ public static function server($api_key, $redirect_url) { $sql = self::$OP->dbh->prepare("SELECT * FROM `opth_sites` WHERE `api_key` = ? AND `redirect_url` LIKE ?"); $sql->execute(array($api_key, "%{$redirect_url}%")); if ($sql->rowCount() == 0) { return false; } else { $data = $sql->fetch(PDO::FETCH_ASSOC); self::$sid = $data["id"]; return $data; } }
?> </head> <body> <?php include "{$docRoot}/inc/header.php"; ?> <div class="wrapper"> <div class="content"> <h1>Opth Sites</h1> <?php if (isset($_POST['registerSite'])) { $title = $_POST['title']; $url = $_POST['url']; $description = $_POST['description']; $redirect_url = $_POST['redirect_url']; $register = Opth::register($title, $url, $description, $redirect_url); if ($register === true) { $OP->sss("Registered", "The site is registered."); } else { if ($register == "exists") { $OP->ser("Registered Already", "The site is registered already.", "html", false); } else { $OP->ser("Problems", "Something occured, please try again or contact support team.", "html", false); } } } ?> <p>Sites you registered with Opth :</p> <?php $sql = $OP->dbh->prepare("SELECT * FROM `opth_sites` WHERE `uid` = ?"); $sql->execute(array($who));
include "{$docRoot}/inc/header.php"; ?> <div class="wrapper"> <div class="content"> <?php if (!isset($error)) { ?> <h1>Opth Login</h1> <p>Would you like to authorize <?php echo $server_name; ?> to do these processes :</p> <ul> <?php foreach ($scope as $item) { echo "<li>" . Opth::readable_scope($item) . "</li>"; } ?> </ul> <div class="auth_buttons"> <form method="POST" action="<?php echo \Fr\LS::curPageURL(); ?> "> <button class="button b-green" name="authorize">I Authorize</button> </form> <form method="POST" action="<?php echo \Fr\LS::curPageURL(); ?> "> <button class="button b-red" name="deny">No, I don't</button>
<?php require_once "{$docRoot}/inc/class.opth.php"; if (isset($_POST['api_key']) && isset($_POST['api_secret']) && isset($user_token) && isset($what)) { $sid = Opth::exists($_POST['api_key'], $_POST['api_secret']); if ($sid == false) { echo "false"; exit; } Opth::$sid = $sid; if (Opth::authorized($user_token) == false) { echo "false"; exit; } $sql = $OP->dbh->prepare("SELECT `uid`, `permissions` FROM `opth_session` WHERE `access_token` = ? AND `sid` = ?"); $sql->execute(array($user_token, $sid)); $data = $sql->fetch(PDO::FETCH_ASSOC); $uid = $data['uid']; $given_scopes = array_flip(unserialize($data['permissions'])); $scope_to_values = array("read-name" => "name"); $obtainable_values = array("info" => array("read-name"), "email" => array("email-send")); if (substr($what, 0, 7) == "action-") { $what = substr_replace($what, "", 0, 7); if (isset($obtainable_values[$what])) { if ($what == "email" && isset($given_scopes[$obtainable_values[$what][0]]) && isset($_POST['subject']) && isset($_POST['body']) && $_POST['subject'] != null && $_POST['body'] != null) { $sql = $OP->dbh->prepare("SELECT `username` FROM `users` WHERE `id` = ?"); $sql->execute(array($uid)); $email = $sql->fetchColumn(); $status = $OP->sendEMail($email, $_POST['subject'], $_POST['body'], true); echo $status == true ? "true" : "false"; } else {
$sql = $OP->dbh->prepare("SELECT * FROM `opth_session` WHERE `uid` = ?"); $sql->execute(array($who)); $sites = $sql->fetchAll(PDO::FETCH_ASSOC); if (count($sites) == 0) { $OP->sss("No Sites", "You haven't authorized any site through Opth."); } else { echo "<table>\n <thead>\n <tr>\n <td>Site</td>\n <td>Permissions</td>\n <td>Authorized</td>\n <td>Expires</td>\n <td></td>\n </tr>\n </thead>\n <tbody>"; foreach ($sites as $site) { $site_info = $OP->dbh->prepare("SELECT `title` FROM `opth_sites` WHERE `id` = ?"); $site_info->execute(array($site['sid'])); $site_info = $site_info->fetch(PDO::FETCH_ASSOC); echo "<tr>"; echo "<td>{$site_info['title']}</td>"; echo "<td>"; foreach (unserialize($site['permissions']) as $perm) { echo "<li>" . Opth::readable_scope($perm) . "</li>"; } echo "</td>"; echo "<td>" . date("F j, Y", $site['created']) . "</td>"; echo "<td>" . date("F j, Y", $site['expiry']) . "</td>"; echo "<td><form method='POST'><input type='hidden' name='action' value='revoke' /><input type='hidden' name='id' value='{$site['sid']}' /><button class='red'>Revoke Access</button></form></td>"; echo "</tr>"; } echo "</tbody></table>"; } ?> <p style="color: red;">Note that after you revoke access, all data on the site being revoked will be lost.</p> <h1>Opth Dev</h1> <p>Would you like to implement Opth into your site ?</p> <p>See <a href="<?php echo HOST . "/opth/sites";
<?php require_once "{$docRoot}/inc/class.opth.php"; if (isset($_POST['api_key']) && isset($_POST['api_secret']) && isset($_POST['token'])) { $api_key = $_POST['api_key']; $api_secret = $_POST['api_secret']; $token = $_POST['token']; $sid = Opth::exists($api_key, $api_secret); if ($sid !== false) { $sql = $OP->dbh->prepare("SELECT `access_token` FROM `opth_session` WHERE `server_token` = ? AND `sid` = ?"); $sql->execute(array($token, $sid)); if ($sql->rowCount() == 0) { echo "false"; } else { echo $sql->fetchColumn(); $sql = $OP->dbh->prepare("DELETE FROM `opth_tokens` WHERE `sid` = ? AND `token` = ?"); $sql->execute(array($sid, $token)); } } else { echo "false"; } }