function new_access_token($token, $consumer, $verifier = null) { // return a new access token attached to this consumer // for the user associated with this token if the request token // is authorized // should also invalidate the request token $reqToken = oauth_lookup_token_entity($token->key, 'request', $consumer); if ($reqToken) { if ($reqToken->getOwner() && $verifier == $reqToken->verifier) { // it's been signed by a user // if there's a verifier on the token, it matches the one we were handed (or both are null) $key = md5(time()); $secret = time() + time(); $acc = new OAuthToken($key, md5(md5($secret))); $tokEnt = oauth_save_access_token($reqToken, $acc); return $acc; } else { // otherwise, delete the request token entity $tokEnt->delete(); throw new OAuthException('Invalid request token (not signed by a user): ' . $token); } } else { throw new OAuthException('Invalid request token (not found): ' . $token); } }
// get our saved request token $saved_token_guid = $SESSION['oauth_token']; $return_to = $SESSION['oauth_return_to']; $access_url = $SESSION['oauth_access_url']; $tokEnt = get_entity($saved_token_guid); if ($tokEnt && $tokEnt->getOwner() == get_loggedin_user()->getGUID() && (!$return_token_key || $tokEnt->requestToken == $return_token_key)) { $request_token = oauth_token_from_entity($tokEnt); $consumEnt = oauth_lookup_consumer_entity($tokEnt->consumerKey); $consumer = oauth_consumer_from_entity($consumEnt); if ($consumEnt->revA) { $access_token = oauth_get_new_access_token($consumer, $tokEnt, $access_url, $verifier); } else { $access_token = oauth_get_new_access_token($consumer, $tokEnt, $access_url); } if ($access_token) { // save the access token over our existing request token oauth_save_access_token($tokEnt, $access_token); system_message(sprintf(elgg_echo('oauth:success', $consumEnt->name))); } else { // get rid of our bad token and try again $tokEnt->delete(); register_error(sprintf(elgg_echo('oauth:failure', $consumEnt->name))); } } else { register_error(elgg_echo('oauth:tokenfail')); } // clean up the SESSION unset($SESSION['oauth_token']); unset($SESSION['oauth_return_to']); unset($SESSION['oauth_access_url']); forward($return_to);