$_GET['service'] = $_GET['service'] == "" ? "open" : $_GET['service']; if ($_GET['service'] == "facebook" || $_GET['service'] == "google" || $_GET['service'] == "open") { /** * Check if server exists and whether redirect URL is correct */ $api_key = $_GET['api_key']; $redirect_url = urldecode($_GET['redirect']); $server = Opth::server($api_key, $redirect_url); $scope = explode(",", urldecode($_GET['scope'])); if (count($scope) != count(array_intersect($scope, array_keys(Opth::$scopes)))) { $error = array("Invalid Permissions", "The website you requested to log in to sent an invalid request : Invalid permissions."); } if ($server === false) { $OP->ser(); } else { if (Opth::authorized()) { $status = Opth::authorize($scope, $_GET['token']); if ($status == "true") { $OP->redirect($redirect_url . "?opth_redirect=1&token={$_GET['token']}"); } } $server_name = "<strong><a target='_blank' href='{$server['url']}'> {$server['title']}</a></strong>"; if (isset($_POST['deny'])) { $OP->redirect($redirect_url . "?status=error&error=denied"); } else { if (isset($_POST['authorize'])) { Opth::authorize($scope, $_GET['token'], true); $OP->redirect($redirect_url . "?opth_redirect=1&token={$_GET['token']}"); } } }
<?php require_once "{$docRoot}/inc/class.opth.php"; if (isset($_POST['api_key']) && isset($_POST['api_secret']) && isset($user_token) && isset($what)) { $sid = Opth::exists($_POST['api_key'], $_POST['api_secret']); if ($sid == false) { echo "false"; exit; } Opth::$sid = $sid; if (Opth::authorized($user_token) == false) { echo "false"; exit; } $sql = $OP->dbh->prepare("SELECT `uid`, `permissions` FROM `opth_session` WHERE `access_token` = ? AND `sid` = ?"); $sql->execute(array($user_token, $sid)); $data = $sql->fetch(PDO::FETCH_ASSOC); $uid = $data['uid']; $given_scopes = array_flip(unserialize($data['permissions'])); $scope_to_values = array("read-name" => "name"); $obtainable_values = array("info" => array("read-name"), "email" => array("email-send")); if (substr($what, 0, 7) == "action-") { $what = substr_replace($what, "", 0, 7); if (isset($obtainable_values[$what])) { if ($what == "email" && isset($given_scopes[$obtainable_values[$what][0]]) && isset($_POST['subject']) && isset($_POST['body']) && $_POST['subject'] != null && $_POST['body'] != null) { $sql = $OP->dbh->prepare("SELECT `username` FROM `users` WHERE `id` = ?"); $sql->execute(array($uid)); $email = $sql->fetchColumn(); $status = $OP->sendEMail($email, $_POST['subject'], $_POST['body'], true); echo $status == true ? "true" : "false"; } else {