*/
session_start();
require_once 'config.inc.php';
require_once 'libs/core.php';
require_once 'libs/vendors/OAuth2/Autoloader.php';
if (file_exists(APP_PATH . '/tmp/cache/site_url_for_shell.php')) {
include_once APP_PATH . '/tmp/cache/site_url_for_shell.php';
}
OAuth2\Autoloader::register();
$oauth_config = array('user_table' => 'users');
$val_array = array('dsn' => 'pgsql:host=' . R_DB_HOST . ';dbname=' . R_DB_NAME . ';port=' . R_DB_PORT, 'username' => R_DB_USER, 'password' => R_DB_PASSWORD);
$storage = new OAuth2\Storage\Pdo($val_array, $oauth_config);
$server = new OAuth2\Server($storage);
$request = OAuth2\Request::createFromGlobals();
$response = new OAuth2\Response();
if (!$server->validateAuthorizeRequest($request, $response)) {
$response->send();
die;
}
$val_arr = array($_GET['client_id']);
$oauth_client = executeQuery('SELECT client_name FROM oauth_clients WHERE client_id = $1', $val_arr);
$error_msg = 0;
if (!empty($_POST['email'])) {
$val_arr = array($_POST['email']);
$log_user = executeQuery('SELECT id, role_id, password, is_ldap::boolean::int FROM users WHERE email = $1 or username = $1', $val_arr);
$_POST['password'] = crypt($_POST['password'], $log_user['password']);
$val_arr = array($_POST['email'], $_POST['password'], 1);
$user = executeQuery('SELECT * FROM users_listing WHERE (email = $1 or username = $1) AND password = $2 AND is_active = $3', $val_arr);
if (!empty($user)) {
$_SESSION["username"] = $user['username'];
$error_msg = 0;
/**
* Execute the Api Authorize operation.
*
* @return mixed RApi object with information on success, boolean false on failure.
*
* @since 1.2
*/
public function apiAuthorize()
{
$user = $this->getLoggedUser();
$request = OAuth2\Request::createFromGlobals();
$response = new OAuth2\Response();
// Validate the authorize request
if (!$this->server->validateAuthorizeRequest($request, $response)) {
$this->response = $response;
return $this;
}
$clientId = $request->query('client_id');
$scopes = RApiOauth2Helper::getClientScopes($clientId);
if ($request->request('authorized', '') == '') {
$clientScopes = !empty($scopes) ? explode(' ', $scopes) : array();
if (!empty($clientScopes)) {
$clientScopes = RApiHalHelper::getWebserviceScopes($clientScopes);
}
$currentUri = JUri::getInstance();
$formAction = JUri::root() . 'index.php?' . $currentUri->getQuery();
// Display an authorization form
$this->response = RLayoutHelper::render('oauth2.authorize', array('view' => $this, 'options' => array('clientId' => $clientId, 'formAction' => $formAction, 'scopes' => $clientScopes)));
return $this;
}
// Print the authorization code if the user has authorized your client
$is_authorized = $request->request('authorized', '') === JText::_('LIB_REDCORE_API_OAUTH2_SERVER_AUTHORIZE_CLIENT_YES');
// We are setting client scope instead of requesting scope from user request
$request->request['scope'] = $scopes;
$this->server->handleAuthorizeRequest($request, $response, $is_authorized, $user->id);
$this->response = $response;
return $this;
}
