/**
* finish login step
*/
function loginFinish()
{
// in case we get error_reason=user_denied&error=access_denied
if (isset($_REQUEST['error']) && $_REQUEST['error'] == "access_denied") {
throw new Exception("Authentification failed! The user denied your request.", 5);
}
if (!isset($_REQUEST['code']) || !isset($_REQUEST['state'])) {
throw new Exception("Authentification failed! The user denied your request.", 5);
}
$code = $_REQUEST['code'];
$state = $_REQUEST['state'];
$user_id = 0;
// try to get the UID of the connected user from fb, should be > 0
try {
$user_id = $this->api->getUser($code, $state, $this->endpoint);
} catch (Exception $e) {
Hybrid_Logger::error("Authentification failed! Renren returned an invalide user id.");
Hybrid_Logger::error("Exception:" . $e->getMessage(), $e);
}
if (!$user_id) {
throw new Exception("Authentification failed! {$this->providerId} returned an invalide user id.", 5);
}
// set user as logged in
$this->setUserConnected();
// store access token
//$this->token( "access_token", $this->api->getAccessToken() );
}
/**
* begin login step
*
* simply call Facebook::require_login().
*/
function loginBegin()
{
$parameters = array("scope" => $this->scope, "redirect_uri" => $this->endpoint, "display" => "page");
$optionals = array("scope", "redirect_uri", "display", "auth_type");
foreach ($optionals as $parameter) {
if (isset($this->config[$parameter]) && !empty($this->config[$parameter])) {
$parameters[$parameter] = $this->config[$parameter];
//If the auth_type parameter is used, we need to generate a nonce and include it as a parameter
if ($parameter == "auth_type") {
$nonce = md5(uniqid(mt_rand(), true));
$parameters['auth_nonce'] = $nonce;
Hybrid_Auth::storage()->set('fb_auth_nonce', $nonce);
}
}
}
if (isset($this->config['force']) && $this->config['force'] === true) {
$parameters['auth_type'] = 'reauthenticate';
$parameters['auth_nonce'] = md5(uniqid(mt_rand(), true));
Hybrid_Auth::storage()->set('fb_auth_nonce', $parameters['auth_nonce']);
}
// get the login url
$url = $this->api->getLoginUrl($parameters);
if (!$url) {
Hybrid_Logger::error("Hybrid_Providers_Facebook: url is empty!");
}
// redirect to facebook
Hybrid_Auth::redirect($url);
}
/**
* finish login step
*/
function loginFinish()
{
// in case we get error_reason=user_denied&error=access_denied
if (isset($_REQUEST['error']) && $_REQUEST['error'] == "access_denied") {
Hybrid_Logger::debug("QQ access_denied");
throw new Exception("Authentification failed! The user denied your request.", 5);
}
if (!isset($_REQUEST['code']) || !isset($_REQUEST['state'])) {
Hybrid_Logger::debug("QQ no code or state");
throw new Exception("Authentification failed! The user denied your request.", 5);
}
$code = $_REQUEST['code'];
$state = $_REQUEST['state'];
// try to get the UID of the connected user from fb, should be > 0
try {
$access_token = $this->api->qq_callback();
$openid = $this->api->get_openid();
Hybrid_Logger::debug("Get QQ openid: {$openid}");
} catch (Exception $e) {
Hybrid_Logger::error("Authentification failed for {$this->providerId} ");
Hybrid_Logger::error("Exception:" . $e->getMessage(), $e);
}
if (!$access_token || !$openid) {
throw new Exception("Authentification failed! {$this->providerId} returned invalide access token or openid", 5);
}
// set user as logged in
$this->setUserConnected();
// store access token
//$this->token( "access_token", $this->api->getAccessToken() );
}
function xuite_request($url, $params = false, $type = "GET", $include_header = 0)
{
Hybrid_Logger::info("Enter OAuth2Client::xuite_request( {$url} )");
Hybrid_Logger::debug("OAuth2Client::xuite_request(). dump request url ", $url);
Hybrid_Logger::debug("OAuth2Client::xuite_request(). dump request params: ", print_r($params, true));
if ($type == "GET") {
$url = $url . (strpos($url, '?') ? '&' : '?') . http_build_query($params, '', '&');
}
$this->http_info = array();
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
// happyman
if ($include_header == 1) {
curl_setopt($ch, CURLOPT_HEADER, 1);
}
curl_setopt($ch, CURLOPT_TIMEOUT, $this->curl_time_out);
curl_setopt($ch, CURLOPT_USERAGENT, $this->curl_useragent);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $this->curl_connect_time_out);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $this->curl_ssl_verifypeer);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, $this->curl_ssl_verifyhost);
curl_setopt($ch, CURLOPT_HTTPHEADER, $this->curl_header);
if ($this->curl_proxy) {
curl_setopt($ch, CURLOPT_PROXY, $this->curl_proxy);
}
if ($type == "POST") {
curl_setopt($ch, CURLOPT_POST, 1);
if ($params) {
curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
}
}
$response = curl_exec($ch);
if ($response === FALSE) {
Hybrid_Logger::error("OAuth2Client::request(). curl_exec error: ", curl_error($ch));
}
Hybrid_Logger::debug("OAuth2Client::request(). dump request info: ", serialize(curl_getinfo($ch)));
//happyman
Hybrid_Logger::debug("OAuth2Client::request(). dump request result: ", print_r($response, true));
$this->http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$this->http_info = array_merge($this->http_info, curl_getinfo($ch));
curl_close($ch);
return $response;
}
/**
* Make http request
*/
function request($url, $method, $postfields = NULL, $auth_header = NULL, $content_type = NULL)
{
Hybrid_Logger::info("Enter OAuth1Client::request( {$method}, {$url} )");
Hybrid_Logger::debug("OAuth1Client::request(). dump post fields: ", serialize($postfields));
$this->http_info = array();
$ci = curl_init();
/* Curl settings */
curl_setopt($ci, CURLOPT_USERAGENT, $this->curl_useragent);
curl_setopt($ci, CURLOPT_CONNECTTIMEOUT, $this->curl_connect_time_out);
curl_setopt($ci, CURLOPT_TIMEOUT, $this->curl_time_out);
curl_setopt($ci, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ci, CURLOPT_HTTPHEADER, array('Expect:'));
curl_setopt($ci, CURLOPT_SSL_VERIFYPEER, $this->curl_ssl_verifypeer);
curl_setopt($ci, CURLOPT_HEADERFUNCTION, array($this, 'getHeader'));
curl_setopt($ci, CURLOPT_HEADER, FALSE);
if ($content_type) {
curl_setopt($ci, CURLOPT_HTTPHEADER, array('Expect:', "Content-Type: {$content_type}"));
}
if ($this->curl_proxy) {
curl_setopt($ci, CURLOPT_PROXY, $this->curl_proxy);
}
switch ($method) {
case 'POST':
curl_setopt($ci, CURLOPT_POST, TRUE);
if (!empty($postfields)) {
curl_setopt($ci, CURLOPT_POSTFIELDS, $postfields);
}
if (!empty($auth_header) && $this->curl_auth_header) {
curl_setopt($ci, CURLOPT_HTTPHEADER, array('Content-Type: application/atom+xml', $auth_header));
}
break;
case 'DELETE':
curl_setopt($ci, CURLOPT_CUSTOMREQUEST, 'DELETE');
if (!empty($postfields)) {
$url = "{$url}?{$postfields}";
}
}
curl_setopt($ci, CURLOPT_URL, $url);
$response = curl_exec($ci);
if ($response === FALSE) {
Hybrid_Logger::error("OAuth1Client::request(). curl_exec error: ", curl_error($ci));
}
Hybrid_Logger::debug("OAuth1Client::request(). dump request info: ", serialize(curl_getinfo($ci)));
Hybrid_Logger::debug("OAuth1Client::request(). dump request result: ", serialize($response));
$this->http_code = curl_getinfo($ci, CURLINFO_HTTP_CODE);
$this->http_info = array_merge($this->http_info, curl_getinfo($ci));
curl_close($ci);
return $response;
}
/**
* Makes an HTTP request.
* This method can be overridden by subclasses if
* developers want to do fancier things or use something other than curl to
* make the request.
*
* @param string $url
* The URL to make the request to
* @param array $params
* The parameters to use for the POST body
* @param CurlHandler $ch
* Initialized curl handle
*
* @return string The response text
*/
protected function makeRequest($url, $params, $ch = null)
{
if (!$ch) {
$ch = curl_init();
}
$opts = self::$CURL_OPTS;
if ($this->getFileUploadSupport()) {
$opts[CURLOPT_POSTFIELDS] = $params;
} else {
$opts[CURLOPT_POSTFIELDS] = http_build_query($params, null, '&');
}
$opts[CURLOPT_URL] = $url;
// disable the 'Expect: 100-continue' behaviour. This causes CURL to wait
// for 2 seconds if the server does not support this header.
if (isset($opts[CURLOPT_HTTPHEADER])) {
$existing_headers = $opts[CURLOPT_HTTPHEADER];
$existing_headers[] = 'Expect:';
$opts[CURLOPT_HTTPHEADER] = $existing_headers;
} else {
$opts[CURLOPT_HTTPHEADER] = array('Expect:');
}
curl_setopt_array($ch, $opts);
$result = curl_exec($ch);
if (curl_errno($ch) == 60) {
// CURLE_SSL_CACERT
self::errorLog('Invalid or no certificate authority found, ' . 'using bundled information');
curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/fb_ca_chain_bundle.crt');
$result = curl_exec($ch);
}
// With dual stacked DNS responses, it's possible for a server to
// have IPv6 enabled but not have IPv6 connectivity. If this is
// the case, curl will try IPv4 first and if that fails, then it wills
// fall back to IPv6 and the error EHOSTUNREACH is returned by the
// operating system.
if ($result === false && empty($opts[CURLOPT_IPRESOLVE])) {
$matches = array();
$regex = '/Failed to connect to ([^:].*): Network is unreachable/';
if (preg_match($regex, curl_error($ch), $matches)) {
if (strlen(@inet_pton($matches[1])) === 16) {
self::errorLog('Invalid IPv6 configuration on server, ' . 'Please disable or get native IPv6 on your server.');
self::$CURL_OPTS[CURLOPT_IPRESOLVE] = CURL_IPRESOLVE_V4;
curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
$result = curl_exec($ch);
}
}
}
if (class_exists('Hybrid_Logger')) {
Hybrid_Logger::info('FB:Request:Response' . print_r(array($url, $result), true));
}
if ($result[0] == '{') {
$resultOb = json_decode($result);
if (key_exists('error', $resultOb)) {
if (class_exists('Hybrid_Logger')) {
Hybrid_Logger::error('FB:Error' . print_r($resultOb, true));
}
}
}
if ($result === false) {
$e = new FacebookApiException(array('error_code' => curl_errno($ch), 'error' => array('message' => curl_error($ch), 'type' => 'CurlException')));
curl_close($ch);
throw $e;
}
curl_close($ch);
return $result;
}
/**
* General data send/request method.
*
* @param str $method
* The data communication method.
* @param str $url
* The Linkedin API endpoint to connect with.
* @param str $data
* [OPTIONAL] The data to send to LinkedIn.
* @param arr $parameters
* [OPTIONAL] Addition OAuth parameters to send to LinkedIn.
*
* @return arr
* Array containing:
*
* array(
* 'info' => Connection information,
* 'linkedin' => LinkedIn response,
* 'oauth' => The OAuth request string that was sent to LinkedIn
* )
*/
protected function fetch($method, $url, $data = NULL, $parameters = array())
{
// check for cURL
if (!extension_loaded('curl')) {
// cURL not present
throw new LinkedInException('LinkedIn->fetch(): PHP cURL extension does not appear to be loaded/present.');
}
try {
// generate OAuth values
$oauth_consumer = new OAuthConsumer($this->getApplicationKey(), $this->getApplicationSecret(), $this->getCallbackUrl());
$oauth_token = $this->getToken();
$oauth_token = !is_null($oauth_token) ? new OAuthToken($oauth_token['oauth_token'], $oauth_token['oauth_token_secret']) : NULL;
$defaults = array('oauth_version' => self::_API_OAUTH_VERSION);
$parameters = array_merge($defaults, $parameters);
// generate OAuth request
$oauth_req = OAuthRequest::from_consumer_and_token($oauth_consumer, $oauth_token, $method, $url, $parameters);
$oauth_req->sign_request(new OAuthSignatureMethod_HMAC_SHA1(), $oauth_consumer, $oauth_token);
// start cURL, checking for a successful initiation
if (!($handle = curl_init())) {
// cURL failed to start
throw new LinkedInException('LinkedIn->fetch(): cURL did not initialize properly.');
}
// set cURL options, based on parameters passed
curl_setopt($handle, CURLOPT_CUSTOMREQUEST, $method);
curl_setopt($handle, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($handle, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($handle, CURLOPT_URL, $url);
curl_setopt($handle, CURLOPT_VERBOSE, FALSE);
if (isset(Hybrid_Auth::$config["proxy"])) {
curl_setopt($handle, CURLOPT_PROXY, Hybrid_Auth::$config["proxy"]);
}
// configure the header we are sending to LinkedIn - http://developer.linkedin.com/docs/DOC-1203
$header = array($oauth_req->to_header(self::_API_OAUTH_REALM));
if (is_null($data)) {
// not sending data, identify the content type
$header[] = 'Content-Type: text/plain; charset=UTF-8';
switch ($this->getResponseFormat()) {
case self::_RESPONSE_JSON:
$header[] = 'x-li-format: json';
break;
case self::_RESPONSE_JSONP:
$header[] = 'x-li-format: jsonp';
break;
}
} else {
$header[] = 'Content-Type: text/xml; charset=UTF-8';
curl_setopt($handle, CURLOPT_POSTFIELDS, $data);
}
curl_setopt($handle, CURLOPT_HTTPHEADER, $header);
// set the last url, headers
$this->last_request_url = $url;
$this->last_request_headers = $header;
// gather the response
$return_data['linkedin'] = curl_exec($handle);
if ($return_data['linkedin'] === FALSE) {
Hybrid_Logger::error("LinkedIn::fetch(). curl_exec error: ", curl_error($ch));
}
$return_data['info'] = curl_getinfo($handle);
$return_data['oauth']['header'] = $oauth_req->to_header(self::_API_OAUTH_REALM);
$return_data['oauth']['string'] = $oauth_req->base_string;
// check for throttling
if (self::isThrottled($return_data['linkedin'])) {
throw new LinkedInException('LinkedIn->fetch(): throttling limit for this user/application has been reached for LinkedIn resource - ' . $url);
}
//TODO - add check for NO response (http_code = 0) from cURL
// close cURL connection
curl_close($handle);
// no exceptions thrown, return the data
return $return_data;
} catch (OAuthException $e) {
// oauth exception raised
throw new LinkedInException('OAuth exception caught: ' . $e->getMessage());
}
}
protected function request_curl($url, $method = 'GET', $params = array(), $update_claimed_id)
{
$params = http_build_query($params, '', '&');
$curl = curl_init($url . ($method == 'GET' && $params ? '?' . $params : ''));
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_HTTPHEADER, array('Accept: application/xrds+xml, */*'));
if (!empty($this->proxy)) {
curl_setopt($curl, CURLOPT_PROXY, $this->proxy['host']);
if (!empty($this->proxy['port'])) {
curl_setopt($curl, CURLOPT_PROXYPORT, $this->proxy['port']);
}
if (!empty($this->proxy['user'])) {
curl_setopt($curl, CURLOPT_PROXYUSERPWD, $this->proxy['user'] . ':' . $this->proxy['pass']);
}
}
if ($this->verify_peer !== null) {
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, $this->verify_peer);
if ($this->capath) {
curl_setopt($curl, CURLOPT_CAPATH, $this->capath);
}
if ($this->cainfo) {
curl_setopt($curl, CURLOPT_CAINFO, $this->cainfo);
}
}
if ($method == 'POST') {
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $params);
} elseif ($method == 'HEAD') {
curl_setopt($curl, CURLOPT_HEADER, true);
curl_setopt($curl, CURLOPT_NOBODY, true);
} else {
curl_setopt($curl, CURLOPT_HEADER, true);
curl_setopt($curl, CURLOPT_HTTPGET, true);
}
$response = curl_exec($curl);
if ($response === false) {
Hybrid_Logger::error("LightOpenID::request_curl(). curl_exec error: ", curl_error($curl));
}
if ($method == 'HEAD' && curl_getinfo($curl, CURLINFO_HTTP_CODE) == 405) {
curl_setopt($curl, CURLOPT_HTTPGET, true);
$response = curl_exec($curl);
$response = substr($response, 0, strpos($response, "\r\n\r\n"));
}
if ($method == 'HEAD' || $method == 'GET') {
$header_response = $response;
# If it's a GET request, we want to only parse the header part.
if ($method == 'GET') {
$header_response = substr($response, 0, strpos($response, "\r\n\r\n"));
}
$headers = array();
foreach (explode("\n", $header_response) as $header) {
$pos = strpos($header, ':');
if ($pos !== false) {
$name = strtolower(trim(substr($header, 0, $pos)));
$headers[$name] = trim(substr($header, $pos + 1));
}
}
if ($update_claimed_id) {
# Updating claimed_id in case of redirections.
$effective_url = curl_getinfo($curl, CURLINFO_EFFECTIVE_URL);
if ($effective_url != $url) {
$this->identity = $this->claimed_id = $effective_url;
}
}
if ($method == 'HEAD') {
return $headers;
} else {
$this->headers = $headers;
}
}
if (curl_errno($curl)) {
throw new ErrorException(curl_error($curl), curl_errno($curl));
}
return $response;
}
/**
* Naive getter of the current connected IDp API client
*/
function api()
{
if (!$this->adapter->isUserConnected()) {
Hybrid_Logger::error("User not connected to the provider.");
throw new Exception("User not connected to the provider.", 7);
}
return $this->adapter->api;
}
// with /index.php?hauth.done={provider}?{args}...
if (strrpos($_SERVER["QUERY_STRING"], '?')) {
$_SERVER["QUERY_STRING"] = str_replace("?", "&", $_SERVER["QUERY_STRING"]);
parse_str($_SERVER["QUERY_STRING"], $_REQUEST);
}
$provider_id = trim(strip_tags($_REQUEST["hauth_done"]));
$hauth = Hybrid_Auth::setup($provider_id);
if (!$hauth) {
Hybrid_Logger::error("Endpoint: Invalide parameter on hauth_done!");
$hauth->adapter->setUserUnconnected();
header("HTTP/1.0 404 Not Found");
die("Invalide parameter! Please return to the login page and try again.");
}
try {
Hybrid_Logger::info("Endpoint: call adapter [{$provider_id}] loginFinish() ");
$hauth->adapter->loginFinish();
} catch (Exception $e) {
Hybrid_Logger::error("Exception:" . $e->getMessage(), $e);
Hybrid_Error::setError($e->getMessage(), $e->getCode(), $e->getTraceAsString(), $e);
$hauth->adapter->setUserUnconnected();
}
Hybrid_Logger::info("Endpoint: job done. retrun to callback url.");
$hauth->returnToCallbackUrl();
die;
}
} else {
# Else,
# We advertise our XRDS document, something supposed to be done from the Realm URL page
echo str_replace("{X_XRDS_LOCATION}", Hybrid_Auth::getCurrentUrl(false) . "?get=openid_xrds&v=" . Hybrid_Auth::$version, file_get_contents(dirname(__FILE__) . "/Hybrid/resources/openid_realm.html"));
die;
}
public static function authInit()
{
if (!Hybrid_Endpoint::$initDone) {
Hybrid_Endpoint::$initDone = TRUE;
# Init Hybrid_Auth
try {
if (!class_exists("Hybrid_Storage")) {
require_once realpath(dirname(__FILE__)) . "/Storage.php";
}
$storage = new Hybrid_Storage();
// Check if Hybrid_Auth session already exist
if (!$storage->config("CONFIG")) {
throw new Hybrid_Exception("You cannot access this page directly.");
}
Hybrid_Auth::initialize($storage->config("CONFIG"));
} catch (Exception $e) {
Hybrid_Logger::error("Endpoint: Error while trying to init Hybrid_Auth: " . $e->getMessage());
throw new Hybrid_Exception("Oophs. Error!");
}
}
}
/**
* Try to initialize Hybrid_Auth with given $config hash or file
*/
public static function initialize($config)
{
if (!session_id()) {
throw new Exception("Hybriauth require the use of 'session_start()' at the start of your script.", 1);
}
if (!is_array($config) && !file_exists($config)) {
throw new Exception("Hybriauth config does not exist on the given path.", 1);
}
if (!is_array($config)) {
$config = (include $config);
}
// build some need'd paths
$config["path_base"] = realpath(dirname(__FILE__)) . "/";
$config["path_libraries"] = $config["path_base"] . "thirdparty/";
$config["path_resources"] = $config["path_base"] . "resources/";
$config["path_providers"] = $config["path_base"] . "Providers/";
// reset debug mode
if (!isset($config["debug_mode"])) {
$config["debug_mode"] = false;
$config["debug_file"] = null;
}
# load hybridauth required files, a autoload is on the way...
require_once $config["path_base"] . "Error.php";
require_once $config["path_base"] . "Logger.php";
require_once $config["path_base"] . "Storage.php";
require_once $config["path_base"] . "Provider_Adapter.php";
require_once $config["path_base"] . "Provider_Model.php";
require_once $config["path_base"] . "Provider_Model_OpenID.php";
require_once $config["path_base"] . "Provider_Model_OAuth1.php";
require_once $config["path_base"] . "Provider_Model_OAuth2.php";
require_once $config["path_base"] . "User.php";
require_once $config["path_base"] . "User_Profile.php";
require_once $config["path_base"] . "User_Contact.php";
require_once $config["path_base"] . "User_Activity.php";
// hash given config
Hybrid_Auth::$config = $config;
// start session storage mng
Hybrid_Auth::$store = new Hybrid_Storage();
// instace of errors mng
Hybrid_Auth::$error = new Hybrid_Error();
// instace of log mng
Hybrid_Auth::$logger = new Hybrid_Logger();
// store php session and version..
$_SESSION["HA::PHP_SESSION_ID"] = session_id();
$_SESSION["HA::VERSION"] = Hybrid_Auth::$version;
// almost done, check for errors then move on
Hybrid_Logger::info("Enter Hybrid_Auth::initialize()");
Hybrid_Logger::info("Hybrid_Auth::initialize(). Hybrid_Auth used version: " . Hybrid_Auth::$version);
Hybrid_Logger::info("Hybrid_Auth::initialize(). Hybrid_Auth called from: " . Hybrid_Auth::getCurrentUrl());
Hybrid_Logger::debug("Hybrid_Auth initialize. dump used config: ", serialize($config));
Hybrid_Logger::debug("Hybrid_Auth initialize. dump current session: ", serialize($_SESSION));
Hybrid_Logger::info("Hybrid_Auth initialize: check if any error is stored on the endpoint...");
if (Hybrid_Error::hasError()) {
$m = Hybrid_Error::getErrorMessage();
$c = Hybrid_Error::getErrorCode();
$p = Hybrid_Error::getErrorPrevious();
Hybrid_Logger::error("Hybrid_Auth initialize: A stored Error found, Throw an new Exception and delete it from the store: Error#{$c}, '{$m}'");
Hybrid_Error::clearError();
if (!$p instanceof Exception) {
$p = null;
}
//TODO: Is this check realy needed?
throw new Exception($m, $c, $p);
}
Hybrid_Logger::info("Hybrid_Auth initialize: no error found. initialization succeed.");
// Endof initialize
}
private function request($url, $params = false, $type = "GET")
{
$params = http_build_query($params, '', '&');
Hybrid_Logger::info("Enter OAuth2Client::request( {$url} )");
Hybrid_Logger::debug("OAuth2Client::request(). dump request params: ", $params);
if ($type == "GET") {
$url = $url . (strpos($url, '?') ? '&' : '?') . $params;
}
$this->http_info = array();
$ch = curl_init();
$headers = $this->curl_header;
if ($type == "POST") {
//$headers[] = 'Content-Type: application/x-www-form-urlencoded';
}
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, $this->curl_time_out);
curl_setopt($ch, CURLOPT_USERAGENT, $this->curl_useragent);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $this->curl_connect_time_out);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $this->curl_ssl_verifypeer);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, $this->curl_ssl_verifyhost);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_USERPWD, $this->client_id . ':' . $this->client_secret);
// logging
if ($this->curl_log !== null) {
$fp = fopen($this->curl_log, 'a');
curl_setopt($ch, CURLOPT_STDERR, $fp);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
}
if ($this->curl_proxy) {
curl_setopt($ch, CURLOPT_PROXY, $this->curl_proxy);
}
if ($type == "POST") {
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
}
$response = curl_exec($ch);
if ($this->curl_log !== null) {
fclose($fp);
}
if ($response === FALSE) {
Hybrid_Logger::error("OAuth2Client::request(). curl_exec error: ", curl_error($ch));
}
Hybrid_Logger::debug("OAuth2Client::request(). dump request info: ", serialize(curl_getinfo($ch)));
Hybrid_Logger::debug("OAuth2Client::request(). dump request result: ", serialize($response));
$this->http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$this->http_info = array_merge($this->http_info, curl_getinfo($ch));
curl_close($ch);
return $response;
}
/**
* define:endpoint step 3.1 and 3.2
*/
protected function processAuthDone()
{
$provider_id = trim($this->getProperty('hauth_done'));
$hauth = Hybrid_Auth::setup($provider_id);
if (!$hauth) {
Hybrid_Logger::error("Endpoint: Invalid parameter on hauth_done!");
$hauth->adapter->setUserUnconnected();
header("HTTP/1.0 404 Not Found");
return "Invalid parameter! Please return to the login page and try again.";
}
try {
Hybrid_Logger::info("Endpoint: call adapter [{$provider_id}] loginFinish() ");
$hauth->adapter->loginFinish();
} catch (Exception $e) {
Hybrid_Logger::error("Exception:" . $e->getMessage(), $e);
Hybrid_Error::setError($e->getMessage(), $e->getCode(), $e->getTraceAsString(), $e);
$hauth->adapter->setUserUnconnected();
}
Hybrid_Logger::info("Endpoint: job done. retrun to callback url.");
// Save profile data in session
$profile = $hauth->adapter->getUserProfile();
// else
$_SESSION['social_profile'] = array('provider' => $provider_id, 'profile' => $this->modx->error->toArray($profile));
//$q->prepare();
//$this->modx->log(1, $q->toSQL());
// else
$hauth->returnToCallbackUrl();
return '';
}
private function request($url, $params = false, $type = "GET")
{
Hybrid_Logger::info("Enter OAuth2Client::request( {$url} )");
Hybrid_Logger::debug("OAuth2Client::request(). dump request params: ", serialize($params));
if ($type == "GET") {
$url = $url . (strpos($url, '?') ? '&' : '?') . http_build_query($params, '', '&');
}
$this->http_info = array();
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, $this->curl_time_out);
curl_setopt($ch, CURLOPT_USERAGENT, $this->curl_useragent);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $this->curl_connect_time_out);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $this->curl_ssl_verifypeer);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, $this->curl_ssl_verifyhost);
curl_setopt($ch, CURLOPT_HTTPHEADER, $this->curl_header);
if ($this->curl_compressed) {
curl_setopt($ch, CURLOPT_ENCODING, "gzip,deflate");
}
if ($this->curl_proxy) {
curl_setopt($ch, CURLOPT_PROXY, $this->curl_proxy);
}
if ($type == "POST") {
curl_setopt($ch, CURLOPT_POST, 1);
if ($params) {
curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
}
}
if ($type == "DELETE") {
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "DELETE");
}
if ($type == "PATCH") {
curl_setopt($ch, CURLOPT_POST, 1);
if ($params) {
curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
}
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PATCH");
}
$response = curl_exec($ch);
if ($response === false) {
Hybrid_Logger::error("OAuth2Client::request(). curl_exec error: ", curl_error($ch));
}
Hybrid_Logger::debug("OAuth2Client::request(). dump request info: ", serialize(curl_getinfo($ch)));
Hybrid_Logger::debug("OAuth2Client::request(). dump request result: ", serialize($response));
$this->http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$this->http_info = array_merge($this->http_info, curl_getinfo($ch));
curl_close($ch);
return $response;
}
public static function authInit()
{
if (!Hybrid_Endpoint::$initDone) {
Hybrid_Endpoint::$initDone = TRUE;
# Init Hybrid_Auth
try {
require_once realpath(dirname(__FILE__)) . "/Storage.php";
$storage = new Hybrid_Storage();
// Check if Hybrid_Auth session already exist
if (!$storage->config("CONFIG")) {
header("HTTP/1.0 404 Not Found");
die("You cannot access this page directly.");
}
Hybrid_Auth::initialize($storage->config("CONFIG"));
} catch (Exception $e) {
Hybrid_Logger::error("Endpoint: Error while trying to init Hybrid_Auth");
header("HTTP/1.0 404 Not Found");
die("Oophs. Error!");
}
}
}
/**
* return the user activity stream
*/
function setUserStatus($status)
{
Hybrid_Logger::error("HybridAuth do not provide user's activity stream for {$this->providerId} yet.");
throw new Exception("Provider does not support this feature.", 8);
}
/**
* define:endpoint step 3.1 and 3.2
*/
protected function processAuthDone()
{
$provider_id = trim($this->getProperty('hauth_done'));
$hauth = Hybrid_Auth::setup($provider_id);
if (!$hauth) {
Hybrid_Logger::error("Endpoint: Invalid parameter on hauth_done!");
$hauth->adapter->setUserUnconnected();
header("HTTP/1.0 404 Not Found");
return "Invalid parameter! Please return to the login page and try again.";
}
try {
Hybrid_Logger::info("Endpoint: call adapter [{$provider_id}] loginFinish() ");
$hauth->adapter->loginFinish();
} catch (Exception $e) {
Hybrid_Logger::error("Exception:" . $e->getMessage(), $e);
Hybrid_Error::setError($e->getMessage(), $e->getCode(), $e->getTraceAsString(), $e);
$hauth->adapter->setUserUnconnected();
}
Hybrid_Logger::info("Endpoint: job done. retrun to callback url.");
// Save profile data in session
$profile = $hauth->adapter->getUserProfile();
// Try to get user by social profile
/*$q = $this->modx->newQuery('modUser');
$q->innerJoin('modUserProfile', 'Profile');
$q->innerJoin('modHybridAuthUserProfile', 'SocialProfile');
$q->innerJoin('modHybridAuthProvider', 'Provider', "Provider.id=SocialProfile.provider");
$q->where(array(
"SocialProfile.identifier" => $profile->identifier,
"Provider.name" => $provider,
"modUser.active" => 1,
"Profile.blocked" => 0,
));
$q->limit(1);
if($user = $this->modx->getObject('modUser', $q)){
$user->addSessionContext($this->modx->context->key);
$redirectTo = $this->modx->getOption('site_url');
$this->modx->sendRedirect($redirectTo);
return;
}*/
// else
$_SESSION['social_profile'] = array('provider' => $provider_id, 'profile' => $this->modx->error->toArray($profile));
//$q->prepare();
//$this->modx->log(1, $q->toSQL());
// else
$hauth->returnToCallbackUrl();
return '';
}
public static function authInit()
{
if (!Hybrid_Endpoint::$initDone) {
Hybrid_Endpoint::$initDone = TRUE;
// Start a new session
if (!session_id()) {
session_start();
}
# Init Hybrid_Auth
try {
// Check if Hybrid_Auth session already exist
if (!isset($_SESSION["HA::CONFIG"])) {
header("HTTP/1.0 404 Not Found");
die("You cannot access this page directly.");
}
Hybrid_Auth::initialize(unserialize($_SESSION["HA::CONFIG"]));
} catch (Exception $e) {
Hybrid_Logger::error("Endpoint: Error while trying to init Hybrid_Auth");
header("HTTP/1.0 404 Not Found");
die("Oophs. Error!");
}
}
}
/**
* Initializes authentication
* @throws Hybrid_Exception
*/
protected function authInit()
{
if (!$this->initDone) {
$this->initDone = true;
// Init Hybrid_Auth
try {
if (!class_exists("Hybrid_Storage", false)) {
require_once realpath(dirname(__FILE__)) . "/Storage.php";
}
if (!class_exists("Hybrid_Exception", false)) {
require_once realpath(dirname(__FILE__)) . "/Exception.php";
}
if (!class_exists("Hybrid_Logger", false)) {
require_once realpath(dirname(__FILE__)) . "/Logger.php";
}
$storage = new Hybrid_Storage();
// Check if Hybrid_Auth session already exist
if (!$storage->config("CONFIG")) {
throw new Hybrid_Exception("You cannot access this page directly.");
}
Hybrid_Auth::initialize($storage->config("CONFIG"));
} catch (Exception $e) {
Hybrid_Logger::error("Endpoint: Error while trying to init Hybrid_Auth: " . $e->getMessage());
throw new Hybrid_Exception("Endpoint: Error while trying to init Hybrid_Auth: " . $e->getMessage(), $e->getCode(), $e);
}
}
}
/**
* Try to initialize Hybrid_Auth with given $config hash or file
*/
public static function initialize($config)
{
if (!is_array($config) && !file_exists($config)) {
throw new Exception("Hybriauth config does not exist on the given path.", 1);
}
if (!is_array($config)) {
$config = (include $config);
}
// build some need'd paths
$config["path_base"] = realpath(dirname(__FILE__)) . "/";
$config["path_libraries"] = $config["path_base"] . "thirdparty/";
$config["path_resources"] = $config["path_base"] . "resources/";
$config["path_providers"] = $config["path_base"] . "Providers/";
// reset debug mode
if (!isset($config["debug_mode"])) {
$config["debug_mode"] = false;
$config["debug_file"] = null;
}
# load hybridauth required files, a autoload is on the way...
require_once $config["path_base"] . "Error.php";
require_once $config["path_base"] . "Logger.php";
require_once $config["path_base"] . "Storage.php";
require_once $config["path_base"] . "Provider_Adapter.php";
require_once $config["path_base"] . "Provider_Model.php";
require_once $config["path_base"] . "Provider_Model_OpenID.php";
require_once $config["path_base"] . "Provider_Model_OAuth1.php";
require_once $config["path_base"] . "Provider_Model_OAuth2.php";
require_once $config["path_base"] . "User.php";
require_once $config["path_base"] . "User_Profile.php";
require_once $config["path_base"] . "User_Contact.php";
require_once $config["path_base"] . "User_Activity.php";
// hash given config
Hybrid_Auth::$config = $config;
// instace of log mng
Hybrid_Auth::$logger = new Hybrid_Logger();
// instace of errors mng
Hybrid_Auth::$error = new Hybrid_Error();
// start session storage mng
Hybrid_Auth::$store = new Hybrid_Storage();
Hybrid_Logger::info("Enter Hybrid_Auth::initialize()");
Hybrid_Logger::info("Hybrid_Auth::initialize(). PHP version: " . PHP_VERSION);
Hybrid_Logger::info("Hybrid_Auth::initialize(). Hybrid_Auth version: " . Hybrid_Auth::$version);
Hybrid_Logger::info("Hybrid_Auth::initialize(). Hybrid_Auth called from: " . Hybrid_Auth::getCurrentUrl());
// PHP Curl extension [http://www.php.net/manual/en/intro.curl.php]
if (!function_exists('curl_init')) {
Hybrid_Logger::error('Hybridauth Library needs the CURL PHP extension.');
throw new Exception('Hybridauth Library needs the CURL PHP extension.');
}
// PHP JSON extension [http://php.net/manual/en/book.json.php]
if (!function_exists('json_decode')) {
Hybrid_Logger::error('Hybridauth Library needs the JSON PHP extension.');
throw new Exception('Hybridauth Library needs the JSON PHP extension.');
}
// session.name
if (session_name() != "PHPSESSID") {
Hybrid_Logger::info('PHP session.name diff from default PHPSESSID. http://php.net/manual/en/session.configuration.php#ini.session.name.');
}
// safe_mode is on
if (ini_get('safe_mode')) {
Hybrid_Logger::info('PHP safe_mode is on. http://php.net/safe-mode.');
}
// open basedir is on
if (ini_get('open_basedir')) {
Hybrid_Logger::info('PHP open_basedir is on. http://php.net/open-basedir.');
}
Hybrid_Logger::debug("Hybrid_Auth initialize. dump used config: ", serialize($config));
Hybrid_Logger::debug("Hybrid_Auth initialize. dump current session: ", Hybrid_Auth::storage()->getSessionData());
Hybrid_Logger::info("Hybrid_Auth initialize: check if any error is stored on the endpoint...");
if (Hybrid_Error::hasError()) {
$m = Hybrid_Error::getErrorMessage();
$c = Hybrid_Error::getErrorCode();
$p = Hybrid_Error::getErrorPrevious();
Hybrid_Logger::error("Hybrid_Auth initialize: A stored Error found, Throw an new Exception and delete it from the store: Error#{$c}, '{$m}'");
Hybrid_Error::clearError();
// try to provide the previous if any
// Exception::getPrevious (PHP 5 >= 5.3.0) http://php.net/manual/en/exception.getprevious.php
if (version_compare(PHP_VERSION, '5.3.0', '>=') && $p instanceof Exception) {
throw new Exception($m, $c, $p);
} else {
throw new Exception($m, $c);
}
}
Hybrid_Logger::info("Hybrid_Auth initialize: no error found. initialization succeed.");
// Endof initialize
}
/**
* Return the user status
* @return mixed Provider response
* @throws Exception
*/
public function getUserStatus($statusid)
{
Hybrid_Logger::error("HybridAuth do not provide user's status for {$this->providerId} yet.");
throw new Exception("Provider does not support this feature.", 8);
}
