oauth/authorization.php

   1 <?php
   2 /************************************************************************/
   3 /* AContent                                                             */
   4 /************************************************************************/
   5 /* Copyright (c) 2010                                                   */
   6 /* Inclusive Design Institute                                           */
   7 /*                                                                      */
   8 /* This program is free software. You can redistribute it and/or        */
   9 /* modify it under the terms of the GNU General Public License          */
  10 /* as published by the Free Software Foundation.                        */
  11 /************************************************************************/
  12
  13 //// unset $_SESSION['user_id'] to avoid page redirecting in vitals.inc.php
  14 //if (isset($_SESSION['user_id']))
  15 //{
  16 //      $_SESSION['current_user'] = $_SESSION['user_id'];
  17 //      unset($_SESSION['user_id']);
  18 //}
  19
  20 define('TR_INCLUDE_PATH', '../include/');
  21 require (TR_INCLUDE_PATH.'vitals.inc.php');
  22
  23 require_once(TR_INCLUDE_PATH. 'classes/DAO/UsersDAO.class.php');
  24 require_once(TR_INCLUDE_PATH. 'classes/DAO/OAuthServerTokensDAO.class.php');
  25
  26 $usersDAO = new UsersDAO();
  27 $oAuthServerTokensDAO = new OAuthServerTokensDAO();
  28
  29 // Validation input parameters
  30 if ($_REQUEST['oauth_token'] == '')
  31 {
  32         echo 'error='.urlencode('Empty oauth token');
  33         exit;
  34 }
  35
  36 $token_row = $oAuthServerTokensDAO->getByTokenAndType($_REQUEST['oauth_token'], 'request');
  37 if (!is_array($token_row))
  38 {
  39         echo 'error='.urlencode('Invalid oauth token');
  40         exit;
  41 }
  42
  43 // $_SESSION['token'] is used to encrypt the password from web form
  44 if (!isset($_SESSION['token']))
  45         $_SESSION['token'] = sha1(mt_rand() . microtime(TRUE));
  46
  47 if (isset($_POST['submit']))
  48 {
  49         $user_id = $usersDAO->Validate($addslashes($_POST['form_login']), $addslashes($_POST['form_password_hidden']));
  50
  51         if (!$user_id)
  52         {
  53                 $msg->addError('INVALID_LOGIN');
  54         }
  55         else
  56         {
  57                 if ($usersDAO->getStatus($user_id) == TR_STATUS_DISABLED)
  58                 {
  59                         $msg->addError('ACCOUNT_DISABLED');
  60                 }
  61                 else
  62                 {
  63                         $oAuthServerTokensDAO->updateUserIDByToken($_REQUEST['oauth_token'], $user_id);
  64
  65                         if (isset($_REQUEST['oauth_callback']))
  66                         {
  67                                 if (strpos($_REQUEST['oauth_callback'], '?') > 0)
  68                                         header('Location: '.$_REQUEST['oauth_callback'].'&oauth_token='.$_REQUEST['oauth_token']);
  69                                 else
  70                                         header('Location: '.$_REQUEST['oauth_callback'].'?oauth_token='.$_REQUEST['oauth_token']);
  71                         }
  72                         else
  73                                 echo 'User is authenticated successfully.';
  74
  75                         exit;
  76                 }
  77         }
  78
  79 }
  80
  81 //header('P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"');
  82 $savant->display('login.tmpl.php');
  83 ?>