2 /************************************************************************/
4 /************************************************************************/
5 /* Copyright (c) 2010 */
6 /* Inclusive Design Institute */
8 /* This program is free software. You can redistribute it and/or */
9 /* modify it under the terms of the GNU General Public License */
10 /* as published by the Free Software Foundation. */
11 /************************************************************************/
13 //// unset $_SESSION['user_id'] to avoid page redirecting in vitals.inc.php
14 //if (isset($_SESSION['user_id']))
16 // $_SESSION['current_user'] = $_SESSION['user_id'];
17 // unset($_SESSION['user_id']);
20 define('TR_INCLUDE_PATH', '../include/');
21 require (TR_INCLUDE_PATH.'vitals.inc.php');
23 require_once(TR_INCLUDE_PATH. 'classes/DAO/UsersDAO.class.php');
24 require_once(TR_INCLUDE_PATH. 'classes/DAO/OAuthServerTokensDAO.class.php');
26 $usersDAO = new UsersDAO();
27 $oAuthServerTokensDAO = new OAuthServerTokensDAO();
29 // Validation input parameters
30 if ($_REQUEST['oauth_token'] == '')
32 echo 'error='.urlencode('Empty oauth token');
36 $token_row = $oAuthServerTokensDAO->getByTokenAndType($_REQUEST['oauth_token'], 'request');
37 if (!is_array($token_row))
39 echo 'error='.urlencode('Invalid oauth token');
43 // $_SESSION['token'] is used to encrypt the password from web form
44 if (!isset($_SESSION['token']))
45 $_SESSION['token'] = sha1(mt_rand() . microtime(TRUE));
47 if (isset($_POST['submit']))
49 $user_id = $usersDAO->Validate($addslashes($_POST['form_login']), $addslashes($_POST['form_password_hidden']));
53 $msg->addError('INVALID_LOGIN');
57 if ($usersDAO->getStatus($user_id) == TR_STATUS_DISABLED)
59 $msg->addError('ACCOUNT_DISABLED');
63 $oAuthServerTokensDAO->updateUserIDByToken($_REQUEST['oauth_token'], $user_id);
65 if (isset($_REQUEST['oauth_callback']))
67 if (strpos($_REQUEST['oauth_callback'], '?') > 0)
68 header('Location: '.$_REQUEST['oauth_callback'].'&oauth_token='.$_REQUEST['oauth_token']);
70 header('Location: '.$_REQUEST['oauth_callback'].'?oauth_token='.$_REQUEST['oauth_token']);
73 echo 'User is authenticated successfully.';
81 //header('P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"');
82 $savant->display('login.tmpl.php');