function index()
{
$this->load->model('User_Model', '', TRUE);
$this->load->model('FreakAuth_light/usermodel');
$data = array();
$token = get_oauth_token();
//echo "<pre>token: " . $token->oauth_token . "\ntoken secret: " . $token->oauth_token_secret . "</pre>\n";
if ($token && $token->oauth_token && $token->oauth_token_secret) {
// stuff
set_oauth_usertoken($token->oauth_token, $token->oauth_token_secret);
$user_name = "@" . get_screen_name();
$password = $token->oauth_token . "," . $token->oauth_token_secret;
$user = $this->User_Model->get_user_by_name($user_name);
if (isset($user["user_name"])) {
// update tokens in db
$user = $this->User_Model->update_user_by_name($user_name, array("oauth" => $password, 'password' => $this->freakauth_light->_encode($password)));
$_POST["user_name"] = $user_name;
$_POST["password"] = $password;
$data['fal'] = $this->fal_front->login();
//echo "User exists<br />";
} else {
// create new user
//$user = $this->Usermodel->insertUser(array("user_name"=>$user_name, "oauth"=>$password, "role"=>"user"));
$_POST["user_name"] = $user_name;
$_POST["password"] = $password;
$data['fal'] = $this->fal_front->register();
//echo "User '$user_name' does not exist<br />\n";
//echo "<pre>" . print_r($user, true) . "</pre>\n";
}
}
//echo "<pre>" . print_r($data, true) . "</pre>";
//redirect('', 'location');
}
function TPSession()
{
// define the DB store.
if (!$this->store) {
$this->store = OAuthStore::instance('MySQL', get_db_options());
}
// determine who this user is (from this site's cookie alone)
$this->user_id = get_user_id(COOKIE_NAME);
debug("[TPSession::TPSesssion], user_id = " . $this->user_id);
// If there's no user_id in the cookie, then there's no session -- not logged in.
if (!$this->user_id) {
return 0;
}
// This method look up the OAuth token in one of two ways:
// 1. the _GET parameters -- if this is the last step of the OAuth dance.
// 2. the Database -- if the user already completed the OAuth dance.
$this->oauth_token = get_oauth_token(COOKIE_NAME, $_GET, $this->store);
// debug ("OAUTH TOKEN = " . $this->oauth_token);
// Somebody wanted to log out! You should let them.
if (array_key_exists('logout', $_GET)) {
$this->log_out();
} else {
if (array_key_exists('oauth_verifier', $_GET)) {
$this->verify_access_token();
}
}
// Also update the local author record if all goes well...
if (!$this->author and $this->is_logged_in()) {
$this->update_author_record();
}
}
if (!CLIENT_ENABLED) {
$this->wpoa_end_login("This third-party authentication provider has not been enabled. Please notify the admin or try again later.");
} elseif (!CLIENT_ID || !CLIENT_SECRET) {
// do not proceed if id or secret is null:
$this->wpoa_end_login("This third-party authentication provider has not been configured with an API key/secret. Please notify the admin or try again later.");
} elseif (isset($_GET['error_description'])) {
// do not proceed if an error was detected:
$this->wpoa_end_login($_GET['error_description']);
} elseif (isset($_GET['error_message'])) {
// do not proceed if an error was detected:
$this->wpoa_end_login($_GET['error_message']);
} elseif (isset($_GET['code'])) {
// post-auth phase, verify the state:
if ($_SESSION['WPOA']['STATE'] == $_GET['state']) {
// get an access token from the third party provider:
get_oauth_token($this);
// get the user's third-party identity and attempt to login/register a matching wordpress user account:
$oauth_identity = get_oauth_identity($this);
$this->wpoa_login_user($oauth_identity);
} else {
// possible CSRF attack, end the login with a generic message to the user and a detailed message to the admin/logs in case of abuse:
// TODO: report detailed message to admin/logs here...
$this->wpoa_end_login("Sorry, we couldn't log you in. Please notify the admin or try again later.");
}
} else {
// pre-auth, start the auth process:
if (empty($_SESSION['WPOA']['EXPIRES_AT']) || time() > $_SESSION['WPOA']['EXPIRES_AT']) {
// expired token; clear the state:
$this->wpoa_clear_login_state();
}
get_oauth_code($this);
if (!CLIENT_ENABLED) {
$this->wpoa_end_login("This third-party authentication provider has not been enabled. Please notify the admin or try again later.");
} elseif (!CLIENT_ID || !CLIENT_SECRET) {
// do not proceed if id or secret is null:
$this->wpoa_end_login("This third-party authentication provider has not been configured with an API key/secret. Please notify the admin or try again later.");
} elseif (isset($_GET['error_description'])) {
// do not proceed if an error was detected:
$this->wpoa_end_login($_GET['error_description']);
} elseif (isset($_GET['error_message'])) {
// do not proceed if an error was detected:
$this->wpoa_end_login($_GET['error_message']);
} elseif (isset($_GET['code'])) {
// post-auth phase, verify the state:
if ($_SESSION['WPOA']['STATE'] == $_GET['state']) {
// get an access token from the third party provider:
$oauth_identity = get_oauth_token($this);
// get the user's third-party identity and attempt to login/register a matching wordpress user account:
//$oauth_identity = get_oauth_identity($this);
$this->wpoa_login_user($oauth_identity);
} else {
// possible CSRF attack, end the login with a generic message to the user and a detailed message to the admin/logs in case of abuse:
// TODO: report detailed message to admin/logs here...
$this->wpoa_end_login("Sorry, we couldn't log you in. Please notify the admin or try again later.");
}
} else {
// pre-auth, start the auth process:
if (empty($_SESSION['WPOA']['EXPIRES_AT']) || time() > $_SESSION['WPOA']['EXPIRES_AT']) {
// expired token; clear the state:
$this->wpoa_clear_login_state();
}
get_oauth_code($this);
} elseif (substr($options[0], 9, 12) == 'importgoogle') {
$optfind = "config.env." . substr($options[0], 9);
$Setting =& $db->model('Setting');
$s1 = $Setting->find_by(array('name' => $optfind));
$scope = 'https://mail.google.com/mail/feed/atom/';
$base_url = $request->base;
$endpoint = $scope;
$parsed = parse_url($endpoint);
$params = array();
parse_str($parsed['query'], $params);
lib_include('twitteroauth');
$key = environment('googleKey');
$secret = environment('googleSecret');
$consumer = new OAuthConsumer($key, $secret, NULL);
$hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
$token = get_oauth_token(get_option('google_key', $s1->profile_id), get_option('google_secret', $s1->profile_id));
$oauth_req = OAuthRequest::from_consumer_and_token($consumer, $token, "GET", $endpoint, $params);
$oauth_req->sign_request($hmac_method, $consumer, $token);
$responseString = send_signed_request($oauth_req->get_normalized_http_method(), $endpoint, $oauth_req->to_header(), NULL, false);
$data = $responseString;
$xml = new SimpleXmlElement($data);
foreach ($xml as $k1 => $v1) {
$values = array();
foreach ($v1 as $k2 => $v2) {
if ($k2 == 'title') {
$values['title'] = (string) $v2;
} elseif ($k2 == 'link') {
$values['url'] = (string) $v2['href'];
$parsed = parse_url($values['url']);
$params = array();
parse_str($parsed['query'], $params);
