require '../yosdk/yahoo-yos-social-php5-86eef28/lib/OAuth/OAuth.php'; require '../yosdk/yahoo-yos-social-php5-86eef28/lib/Yahoo/YahooOAuthApplication.class.php'; //http://gist.github.com/387056 require 'MysqlUtil.php'; require 'config.php'; // safely fetch input $notice = filter_var($_GET['notice'], FILTER_SANITIZE_STRING); $bbauth_token = filter_var($_COOKIE['bbauth_token'], FILTER_SANITIZE_STRING); $local_user_id = filter_var($_COOKIE['local_user_id'], FILTER_SANITIZE_STRING); // require bbauth session if (!$local_user_id) { header("Location: index.php?notice=session_required"); } // check for oauth token in storage $db = new MysqlUtil($db_host, $db_name, $db_user, $db_pass); try { $results = $db->query("SELECT * FROM `oauth_tokens` \n WHERE `local_user_id` = '%s' \n AND `service` = 'yahoo' \n LIMIT 0 , 1;", $local_user_id); } catch (Exception $e) { printf('<pre>%s</pre>', print_r($e, true)); die; } // there may be a record, but it may not have a valid token in it if (count($results) > 0) { $access_token = json_decode($results[0]['token_json']); } // if there's a stored token, check if it's expired, and refresh if it is if ($access_token && $access_token->expire_time < time()) { $oauth_app = new YahooOAuthApplication($oauth_consumer_key, $oauth_consumer_secret, $oauth_application_id); $access_token = $oauth_app->refreshAccessToken($access_token); $access_token->expire_time = time() + $access_token->expires_in;
$local_user_id = filter_var($_COOKIE['local_user_id'], FILTER_SANITIZE_STRING); $request_token = filter_var($_COOKIE[$local_user_id . '_yahoo_rt'], FILTER_SANITIZE_STRING); // if user's not logged in, redirect back to index if (!$local_user_id) { header("Location: index.php?notice=session_required"); } // if verifier & stored token, we're in the redirect back from a successful auth if ($oauth_verifier && $request_token) { // fetch request token (decode html entities from filter), & delete it $request_token = json_decode(stripslashes(html_entity_decode($request_token))); setcookie($local_user_id . '_yahoo_rt', '', time() - 3600); // exchange request token for access token $access_token = $oauth_app->getAccessToken($request_token, $oauth_verifier); // calc time token will expire & add it to token obj $access_token->expire_time = time() + $access_token->expires_in; // a convenience obj for mysql. any persistent storage could be used here $db = new MysqlUtil($db_host, $db_name, $db_user, $db_pass); try { $results = $db->query("INSERT INTO `%s`.`oauth_tokens` (`local_user_id`, `service`, `token_json`) \n VALUES ( '%s', 'yahoo', '%s' );", $db_name, $local_user_id, json_encode($access_token)); } catch (Exception $e) { printf('<pre>%s</pre>', print_r($e, true)); die; } // redirect back to index w/ success message header("Location: home.php?notice=upgrade_success"); } else { $request_token = $oauth_app->getRequestToken($oauth_callback_url); setcookie($local_user_id . '_yahoo_rt', json_encode($request_token), time() + 600); $redirect_url = $oauth_app->getAuthorizationUrl($request_token); header("Location: {$redirect_url}"); }