public static function call()
{
$langpref = isset($_GET['langpref']) ? $_GET['langpref'] : Settings::get('SITELANG');
$langprefs = explode("|", $langpref);
# Determine which user is logged in to OC.
require_once $GLOBALS['rootpath'] . "okapi/lib/oc_session.php";
$OC_user_id = OCSession::get_user_id();
if ($OC_user_id == null) {
$after_login = "******" . ($langpref != Settings::get('SITELANG') ? "?langpref=" . $langpref : "");
$login_url = Settings::get('SITE_URL') . "login.php?target=" . urlencode($after_login);
return new OkapiRedirectResponse($login_url);
}
# Get the list of authorized apps.
$rs = Db::query("\n select c.`key`, c.name, c.url\n from\n okapi_consumers c,\n okapi_authorizations a\n where\n a.user_id = '" . mysql_real_escape_string($OC_user_id) . "'\n and c.`key` = a.consumer_key\n order by c.name\n ");
$vars = array();
$vars['okapi_base_url'] = Settings::get('SITE_URL') . "okapi/";
$vars['site_url'] = Settings::get('SITE_URL');
$vars['site_name'] = Okapi::get_normalized_site_name();
$vars['site_logo'] = Settings::get('SITE_LOGO');
$vars['apps'] = array();
while ($row = mysql_fetch_assoc($rs)) {
$vars['apps'][] = $row;
}
mysql_free_result($rs);
$response = new OkapiHttpResponse();
$response->content_type = "text/html; charset=utf-8";
ob_start();
Okapi::gettext_domain_init($langprefs);
include 'index.tpl.php';
$response->body = ob_get_clean();
Okapi::gettext_domain_restore();
return $response;
}
public static function call()
{
# Determine which user is logged in to OC.
require_once $GLOBALS['rootpath'] . "okapi/lib/oc_session.php";
$OC_user_id = OCSession::get_user_id();
# Ensure a user is logged in.
if ($OC_user_id == null) {
$after_login = "******";
# it is correct, if you're wondering
$login_url = Settings::get('SITE_URL') . "login.php?target=" . urlencode($after_login);
return new OkapiRedirectResponse($login_url);
}
$consumer_key = isset($_REQUEST['consumer_key']) ? $_REQUEST['consumer_key'] : '';
# Just remove app (if it doesn't exist - nothing wrong will happen anyway).
Db::execute("\n delete from okapi_tokens\n where\n user_id = '" . Db::escape_string($OC_user_id) . "'\n and consumer_key = '" . Db::escape_string($consumer_key) . "'\n ");
Db::execute("\n delete from okapi_authorizations\n where\n user_id = '" . Db::escape_string($OC_user_id) . "'\n and consumer_key = '" . Db::escape_string($consumer_key) . "'\n ");
# Redirect back to the apps page.
return new OkapiRedirectResponse(Settings::get('SITE_URL') . "okapi/apps/");
}
public static function call()
{
$token_key = isset($_GET['oauth_token']) ? $_GET['oauth_token'] : '';
$langpref = isset($_GET['langpref']) ? $_GET['langpref'] : Settings::get('SITELANG');
$langprefs = explode("|", $langpref);
$locales = array();
foreach (Locales::$languages as $lang => $attrs) {
$locales[$attrs['locale']] = $attrs;
}
# Current implementation of the "interactivity" parameter is: If developer
# wants to "confirm_user", then just log out the current user before we
# continue.
$force_relogin = isset($_GET['interactivity']) && $_GET['interactivity'] == 'confirm_user';
$token = Db::select_row("\n select\n t.`key` as `key`,\n c.`key` as consumer_key,\n c.name as consumer_name,\n c.url as consumer_url,\n t.callback,\n t.verifier\n from\n okapi_consumers c,\n okapi_tokens t\n where\n t.`key` = '" . Db::escape_string($token_key) . "'\n and t.consumer_key = c.`key`\n and t.user_id is null\n ");
$callback_concat_char = strpos($token['callback'], '?') === false ? "?" : "&";
if (!$token) {
# Probably Request Token has expired. This will be usually viewed
# by the user, who knows nothing on tokens and OAuth. Let's be nice then!
$vars = array('okapi_base_url' => Settings::get('SITE_URL') . "okapi/", 'token' => $token, 'token_expired' => true, 'site_name' => Okapi::get_normalized_site_name(), 'site_url' => Settings::get('SITE_URL'), 'site_logo' => Settings::get('SITE_LOGO'), 'locales' => $locales);
$response = new OkapiHttpResponse();
$response->content_type = "text/html; charset=utf-8";
ob_start();
$vars['locale_displayed'] = Okapi::gettext_domain_init($langprefs);
include 'authorize.tpl.php';
$response->body = ob_get_clean();
Okapi::gettext_domain_restore();
return $response;
}
# Determine which user is logged in to OC.
require_once $GLOBALS['rootpath'] . "okapi/lib/oc_session.php";
$OC_user_id = OCSession::get_user_id();
# Ensure a user is logged in (or force re-login).
if ($force_relogin || $OC_user_id == null) {
# TODO: confirm_user should first ask the user if he's "the proper one",
# and then offer to sign in as a different user.
$login_page = 'login.php?';
if ($OC_user_id !== null) {
if (Settings::get('OC_BRANCH') == 'oc.de') {
# OCDE login.php?action=logout&target=... will NOT logout and
# then redirect to the target, but it will log out, prompt for
# login and then redirect to the target after logging in -
# that's exactly the relogin that we want.
$login_page .= 'action=logout&';
} else {
# OCPL uses REAL MAGIC for session handling. I don't get ANY of it.
# The logout.php DOES NOT support the "target" parameter, so we
# can't just call it. The only thing that comes to mind is...
# Try to destroy EVERYTHING. (This still won't necessarilly work,
# because OC may store cookies in separate paths, but hopefully
# they won't).
if (isset($_SERVER['HTTP_COOKIE'])) {
$cookies = explode(';', $_SERVER['HTTP_COOKIE']);
foreach ($cookies as $cookie) {
$parts = explode('=', $cookie);
$name = trim($parts[0]);
setcookie($name, '', time() - 1000);
setcookie($name, '', time() - 1000, '/');
foreach (self::getPossibleCookieDomains() as $domain) {
setcookie($name, '', time() - 1000, '/', $domain);
}
}
}
# We should be logged out now. Let's login again.
}
}
$after_login = "******" . ($langpref != Settings::get('SITELANG') ? "&langpref=" . $langpref : "");
$login_url = Settings::get('SITE_URL') . $login_page . "target=" . urlencode($after_login) . "&langpref=" . $langpref;
return new OkapiRedirectResponse($login_url);
}
# Check if this user has already authorized this Consumer. If he did,
# then we will automatically authorize all subsequent Request Tokens
# from this Consumer.
$authorized = Db::select_value("\n select 1\n from okapi_authorizations\n where\n user_id = '" . Db::escape_string($OC_user_id) . "'\n and consumer_key = '" . Db::escape_string($token['consumer_key']) . "'\n ", 0);
if (!$authorized) {
if (isset($_POST['authorization_result'])) {
# Not yet authorized, but user have just submitted the authorization form.
# WRTODO: CSRF protection
if ($_POST['authorization_result'] == 'granted') {
Db::execute("\n insert ignore into okapi_authorizations (consumer_key, user_id)\n values (\n '" . Db::escape_string($token['consumer_key']) . "',\n '" . Db::escape_string($OC_user_id) . "'\n );\n ");
$authorized = true;
} else {
# User denied access. Nothing sensible to do now. Will try to report
# back to the Consumer application with an error.
if ($token['callback']) {
return new OkapiRedirectResponse($token['callback'] . $callback_concat_char . "error=access_denied" . "&oauth_token=" . $token['key']);
} else {
# Consumer did not provide a callback URL (oauth_callback=oob).
# We'll have to redirect to the Opencaching main page then...
return new OkapiRedirectResponse(Settings::get('SITE_URL') . "index.php");
}
}
} else {
# Not yet authorized. Display an authorization request.
$vars = array('okapi_base_url' => Settings::get('SITE_URL') . "okapi/", 'token' => $token, 'site_name' => Okapi::get_normalized_site_name(), 'site_url' => Settings::get('SITE_URL'), 'site_logo' => Settings::get('SITE_LOGO'), 'locales' => $locales);
$response = new OkapiHttpResponse();
$response->content_type = "text/html; charset=utf-8";
ob_start();
$vars['locale_displayed'] = Okapi::gettext_domain_init($langprefs);
include 'authorize.tpl.php';
$response->body = ob_get_clean();
Okapi::gettext_domain_restore();
return $response;
}
}
# User granted access. Now we can authorize the Request Token.
Db::execute("\n update okapi_tokens\n set user_id = '" . Db::escape_string($OC_user_id) . "'\n where `key` = '" . Db::escape_string($token_key) . "';\n ");
# Redirect to the callback_url.
if ($token['callback']) {
return new OkapiRedirectResponse($token['callback'] . $callback_concat_char . "oauth_token=" . $token_key . "&oauth_verifier=" . $token['verifier']);
} else {
# Consumer did not provide a callback URL (probably the user is using a desktop
# or mobile application). We'll just have to display the verifier to the user.
return new OkapiRedirectResponse(Settings::get('SITE_URL') . "okapi/apps/authorized?oauth_token=" . $token_key . "&oauth_verifier=" . $token['verifier'] . "&langpref=" . $langpref);
}
}
