/** * Execute the Api Resource operation. * * @return mixed RApi object with information on success, boolean false on failure. * * @since 1.2 */ public function apiResource() { $scopeToCheck = $this->options->get('scope', ''); $scopes = array(); if (is_array($scopeToCheck) && count($scopeToCheck) > 0) { $scopes = $scopeToCheck; $scopeToCheck = null; } // Handle a request for an OAuth2.0 Access Token and send the response to the client if (!$this->server->verifyResourceRequest(OAuth2\Request::createFromGlobals(), null, $scopeToCheck)) { $this->response = $this->server->getResponse(); return $this; } $token = $this->server->getResourceController()->getToken(); if (!empty($scopes)) { $requestValid = false; // Check all scopes foreach ($scopes as $scope) { if (!empty($scope) && !empty($token["scope"]) && $this->server->getScopeUtil()->checkScope($scope, $token['scope'])) { $requestValid = true; break; } } if (!$requestValid) { $this->response = $this->server->getResponse(); $this->response->setError(403, 'insufficient_scope', JText::_('LIB_REDCORE_API_OAUTH2_SERVER_INSUFFICIENT_SCOPE')); $this->response->addHttpHeaders(array('WWW-Authenticate' => sprintf('%s realm="%s", scope="%s", error="%s", error_description="%s"', $this->server->getTokenType()->getTokenType(), $this->serverConfig['www_realm'], implode(', ', $scopes), $this->response->getParameter('error'), $this->response->getParameter('error_description')))); return $this; } } $this->response = json_encode(array('success' => true, 'user_id' => $token['user_id'], 'message' => JText::_('LIB_REDCORE_API_OAUTH2_SERVER_ACCESS_SUCCESS'))); return $this; }
/** * Awesomeness for 3rd party support * * Filter; determine_current_user * Other Filter: check_authentication * * This creates a hook in the determine_current_user filter that can check for a valid access_token * and user services like WP JSON API and WP REST API. * @param [type] $user_id User ID to * * @author Mauro Constantinescu Modified slightly but still a contribution to the project. */ public function _wo_authenicate_bypass($user_id) { if ($user_id && $user_id > 0) { return (int) $user_id; } /** Extra code but if the user is already logged in, there is no need to re query the DB */ $o = get_option('wo_options'); if ($o['enabled'] == 0) { return (int) $user_id; } require_once dirname(WPOAUTH_FILE) . '/library/OAuth2/Autoloader.php'; OAuth2\Autoloader::register(); $server = new OAuth2\Server(new OAuth2\Storage\Wordpressdb()); $request = OAuth2\Request::createFromGlobals(); if ($server->verifyResourceRequest($request)) { $token = $server->getAccessTokenData($request); if (isset($token['user_id']) && $token['user_id'] > 0) { return (int) $token['user_id']; // If the token key is there but the ID is either 0 or empty // we will assume it is a valid client access token and will need to investigate the // request further. } elseif (isset($token['user_id']) && $token['user_id'] === 0) { } } }
/** * Awesomeness for 3rd party support * * Filter; determine_current_user * Other Filter: check_authentication * * This creates a hook in the determine_current_user filter that can check for a valid access_token and * user services like WP JSON API and WP REST API. * @param [type] $o [description] * @return [type] [description] * * @author Mauro Constantinescu Modified slightly but still a contribution to the project. */ public function _wo_authenicate_bypass($user_id) { if ($user_id && $user_id > 0) { return (int) $user_id; } /** Extra code but if the user is already logged in, there is no need to re query the DB */ $o = get_option('wo_options'); if ($o['enabled'] == 0) { return (int) $user_id; } require_once dirname(WPOAUTH_FILE) . '/library/OAuth2/Autoloader.php'; OAuth2\Autoloader::register(); $server = new OAuth2\Server(new OAuth2\Storage\Wordpressdb()); $request = OAuth2\Request::createFromGlobals(); if ($server->verifyResourceRequest($request)) { $token = $server->getAccessTokenData($request); if (isset($token['user_id']) && $token['user_id'] > 0) { return (int) $token['user_id']; } } }
| | @todo Document and tighten up error messages. All error messages will soon be | controlled through apply_filters so start planning for a filter error list to | allow for developers to customize error messages. | */ $ext_methods = apply_filters("wo_endpoints", null); // Check to see if the method exists in the filter if (array_key_exists($method, $ext_methods)) { // If the method is is set to public, lets just run the method without if (isset($ext_methods[$method]['public']) && $ext_methods[$method]['public']) { call_user_func_array($ext_methods[$method]['func'], $_REQUEST); exit; } $response = new OAuth2\Response(); if (!$server->verifyResourceRequest(OAuth2\Request::createFromGlobals())) { $response->setError(400, 'invalid_request', 'Missing or invalid parameter(s)'); $response->send(); exit; } $token = $server->getAccessTokenData(OAuth2\Request::createFromGlobals()); if (is_null($token)) { $server->getResponse()->send(); exit; } do_action('wo_endpoint_user_authenticated', array($token)); call_user_func_array($ext_methods[$method]['func'], array($token)); exit; } /** * Server error response. End of line
function CheckLogin() { $this->Logger->Write('Starting CheckLogin'); switch ($this->CallType) { case "open": //user openregister no need authorization if ($this->Code == 'openregisteruser' && $this->Module == 'user') { return true; } $db_host = $this->Config['db_host']; $db_name = $this->Config['db_name']; $dsn = "mysql:dbname={$db_name};host={$db_host}"; $username = $this->Config['db_user']; $password = $this->Config['db_pass']; $storage = new OAuth2\Storage\Pdo(array('dsn' => $dsn, 'username' => $username, 'password' => $password)); $server = new OAuth2\Server($storage); $response = new OAuth2\Response(); $request = OAuth2\Request::createFromGlobals(); if (!$server->verifyResourceRequest($request, $response)) { $response->send(); exit; } else { //get current login id //$this->Logger->Write('Invoke Open API:'.$this->Module.",".$this->Code); $access_token = $request->request['access_token']; if ($access_token && $access_token != '') { $sql = "select token.user_id,u.uname from oauth_access_tokens token left join user u on u.uid=token.user_id where token.access_token='{$access_token}'"; $row = $this->DataBaseHandler->FetchFirst($sql); if ($row) { //$this->Logger->Write('Get user id:'.$row['user_id'].' for access token:'.$access_token); $access_uid = $row['user_id']; $this->User['uid'] = $access_uid; $this->User['uname'] = $row['uname']; $this->IsLogin = 1; } } else { $error = array(); $error["error"] = "error"; $error["error_description"] = "access token is incorrect."; echo json_encode($error); exit; } } return $this->IsLogin; break; case "localsite": session_start(); if ($_SESSION['ip_point']) { $this->IPLocation = $_SESSION['ip_point']; } else { $this->IPLocation = $this->BaiduMap->GetPointByIP(getIP()); $_SESSION['ip_point'] = $this->IPLocation; } //var_dump($this->IPLocation); $auth = $this->CookieHandler->GetVar('authstr'); $post_auth = $this->Post['cookie_auth'] ? $this->Post['cookie_auth'] : $this->Get['cookie_auth']; $login = 0; if ($post_auth != '' && (!$auth || $auth == '')) { $pid = 0; $pwd = ''; list($pid, $pwd) = explode('*', $post_auth); $user = $this->UserLogic->GetUser($pid); if ($pwd == $user['password']) { $login = 1; $this->User = $user; } return $login; } if ($auth && $auth != '') { $dauth = authcode($auth, 'DECODE', $this->Config['auth_key']); //$dauth=urldecode($auth); $uid = 0; $password = ''; list($uid, $password) = explode('\\~', $dauth); $this->TemplateHandler->AssignValue('auth', $uid . '*' . $password); //need to verify the user id and password are valid in cookie; $u = array(); if ($_SESSION['uid'] && $_SESSION['uid'] > 0) { $u['uid'] = $_SESSION['uid']; } if ($_SESSION['uemail'] && $_SESSION['uemail'] != "") { $u['uemail'] = $_SESSION['uemail']; } if ($_SESSION['uname']) { $u['uname'] = $_SESSION['uname']; } if ($_SESSION['face_url']) { $u['face_url'] = $_SESSION['face_url']; } if ($_SESSION['face_url_p']) { $u['face_url_p'] = $_SESSION['face_url_p']; } if (count($u) > 0 && $u['uid'] > 0) { $this->User = $u; $this->SessionUser = $u; $login = 1; } else { $user = $this->UserLogic->GetUser($uid); if ($password == $user['password']) { $this->User = $user; $this->SessionUser = $user; $_SESSION['uid'] = $uid; $_SESSION['uemail'] = $email; $_SESSION['uname'] = $user['uname']; $_SESSION['face_url'] = $user['face_url']; $_SESSION['face_url_p'] = $user['face_url_p']; $login = 1; $this->UserLogic->UpdateLoginInfo($user['uid'], time()); } } $name = $user['uname'] == '' ? $user['uemail'] : $user['uname']; } $this->IsLogin = $login; $this->TemplateHandler->AssignValue('login', $login); $this->TemplateHandler->AssignValue('user', $this->User); if ($_SESSION['open']) { $this->TemplateHandler->AssignValue('open_login', true); $this->Open_login = true; } else { $this->TemplateHandler->AssignValue('open_login', false); $this->Open_login = false; } $this->TemplateHandler->AssignValue('sessionuser', $this->SessionUser); $this->Logger->Write('Finished CheckLogin'); return $login; break; } }
<?php require_once __DIR__ . '/oAuth2_server/src/OAuth2/Autoloader.php'; $dsn = 'mysql:dbname=points;host=localhost'; $username = '******'; $password = '******'; OAuth2\Autoloader::register(); $storage = new OAuth2\Storage\Pdo(array('dsn' => $dsn, 'username' => $username, 'password' => $password)); $server = new OAuth2\Server($storage); $response = new OAuth2\Response(); $request = OAuth2\Request::createFromGlobals(); if (!$server->verifyResourceRequest($request, $response)) { $response->send(); } else { $return['status'] = 'ok'; $return['message'] = ""; }