public function new_access_token($token, $consumer, $verifier = null) { if ($token->consumer_key != $consumer->key) { throw new BadRequest("Request Token given is not associated with the Consumer who signed the request."); } if (!$token->authorized_by_user_id) { throw new BadRequest("Request Token given has not been authorized."); } if ($token->verifier != $verifier) { throw new BadRequest("Invalid verifier."); } # Invalidate the Request Token. Db::execute("\n delete from okapi_tokens\n where `key` = '" . Db::escape_string($token->key) . "'\n "); # In OKAPI, all Access Tokens are long lived. Therefore, we don't want # to generate a new one every time a Consumer wants it. We will check # if there is already an Access Token generated for this (Consumer, User) # pair and return it if there is. $row = Db::select_row("\n select `key`, secret\n from okapi_tokens\n where\n token_type = 'access'\n and user_id = '" . Db::escape_string($token->authorized_by_user_id) . "'\n and consumer_key = '" . Db::escape_string($consumer->key) . "'\n "); if ($row) { # Use existing Access Token $access_token = new OkapiAccessToken($row['key'], $row['secret'], $consumer->key, $token->authorized_by_user_id); } else { # Generate a new Access Token. $access_token = new OkapiAccessToken(Okapi::generate_key(20), Okapi::generate_key(40), $consumer->key, $token->authorized_by_user_id); Db::execute("\n insert into okapi_tokens\n (`key`, secret, token_type, timestamp, user_id, consumer_key)\n values (\n '" . Db::escape_string($access_token->key) . "',\n '" . Db::escape_string($access_token->secret) . "',\n 'access',\n unix_timestamp(),\n '" . Db::escape_string($access_token->user_id) . "',\n '" . Db::escape_string($consumer->key) . "'\n );\n "); } return $access_token; }
/** * Register new OKAPI Consumer, send him an email with his key-pair, etc. * This method does not verify parameter values, check if they are in * a correct format prior the execution. */ public static function register_new_consumer($appname, $appurl, $email) { require_once $GLOBALS['rootpath'] . "okapi/service_runner.php"; $consumer = new OkapiConsumer(Okapi::generate_key(20), Okapi::generate_key(40), $appname, $appurl, $email); $sample_cache = OkapiServiceRunner::call("services/caches/search/all", new OkapiInternalRequest($consumer, null, array('limit', 1))); if (count($sample_cache['results']) > 0) { $sample_cache_code = $sample_cache['results'][0]; } else { $sample_cache_code = "CACHECODE"; } # Message for the Consumer. ob_start(); print "This is the key-pair we have created for your application:\n\n"; print "Consumer Key: {$consumer->key}\n"; print "Consumer Secret: {$consumer->secret}\n\n"; print "Note: Consumer Secret is needed only when you intend to use OAuth.\n"; print "You don't need Consumer Secret for Level 1 Authentication.\n\n"; print "Now you can easily access Level 1 OKAPI methods. E.g.:\n"; print Settings::get('SITE_URL') . "okapi/services/caches/geocache?cache_code={$sample_cache_code}&consumer_key={$consumer->key}\n\n"; print "If you plan on using OKAPI for a longer time, then you may want to\n"; print "subscribe to the OKAPI News blog to stay up-to-date:\n"; print "http://opencaching-api.blogspot.com/\n\n"; print "Have fun!\n\n"; print "-- \n"; print "OKAPI Team\n"; Okapi::mail_from_okapi($email, "Your OKAPI Consumer Key", ob_get_clean()); # Message for the Admins. ob_start(); print "Name: {$consumer->name}\n"; print "Developer: {$consumer->email}\n"; print $consumer->url ? "URL: {$consumer->url}\n" : ""; print "Consumer Key: {$consumer->key}\n"; Okapi::mail_admins("New OKAPI app registered!", ob_get_clean()); Db::execute("\n insert into okapi_consumers (`key`, name, secret, url, email, date_created)\n values (\n '" . mysql_real_escape_string($consumer->key) . "',\n '" . mysql_real_escape_string($consumer->name) . "',\n '" . mysql_real_escape_string($consumer->secret) . "',\n '" . mysql_real_escape_string($consumer->url) . "',\n '" . mysql_real_escape_string($consumer->email) . "',\n now()\n );\n "); }