2 /****************************************************************/
\r
4 /****************************************************************/
\r
5 /* Copyright (c) 2002-2010 */
\r
6 /* Inclusive Design Institute */
\r
7 /* http://atutor.ca */
\r
9 /* This program is free software. You can redistribute it and/or*/
\r
10 /* modify it under the terms of the GNU General Public License */
\r
11 /* as published by the Free Software Foundation. */
\r
12 /****************************************************************/
\r
16 * This script is called by mods/_core/imscp/ims_export.php
\r
17 * to export course content out of ATutor and import into
\r
19 * This script also used as a callback endpoint for Tansformable
\r
20 * OAuth authentication.
\r
22 * @input 1. $client_callback_url is required
\r
23 * 2. when called back by Transformable OAuth authentication,
\r
24 * a request token var 'oauth_token' is required.
\r
25 * @output $access_token_key, to import into transformable
\r
28 if (!defined('AT_INCLUDE_PATH'))
\r
29 { // when the script is called back by oauth server,
\r
30 define('AT_INCLUDE_PATH', '../../../../include/');
\r
31 require_once(AT_INCLUDE_PATH.'vitals.inc.php');
\r
34 require_once('OAuthUtility.class.php');
\r
35 require_once("OAuth.php");
\r
36 global $msg, $_config;
\r
38 // check whether the transformable url is accessible
\r
39 if (!OAuthUtility::isAccessible(AT_TILE_OAUTH_REGISTER_CONSUMER_URL))
\r
41 $msg->addError(array('TILE_AUTHENTICATION_FAIL', _AT('tile_not_accessible')));
\r
42 header('Location: '.AT_BASE_HREF.'mods/_core/imscp/index.php');
\r
46 // check whether the last access token has expired. If not, return it, otherwise, get a new access token.
\r
47 // skip this step when this script is called by oauth server callback
\r
48 if (isset($_SESSION['member_id']))
\r
49 $access_token_key = OAuthUtility::getUnexpiredAccessToken();
\r
51 if ($access_token_key == '')
\r
53 // initialize basic variables
\r
54 $sig_method = new OAuthSignatureMethod_HMAC_SHA1(); // use HMAC signature method as default
\r
56 if (!isset($_GET['oauth_token'])) // before oauth server authentication, get request token from oauth server
\r
58 // 1. register consumer
\r
59 $sql = "SELECT * FROM ".TABLE_PREFIX."oauth_client_servers
\r
60 WHERE oauth_server='".mysql_real_escape_string($_config['transformable_uri'])."'";
\r
61 $result = mysql_query($sql, $db);
\r
63 if (mysql_num_rows($result) == 0)
\r
65 $register_consumer_url = AT_TILE_OAUTH_REGISTER_CONSUMER_URL.'?consumer='.urlencode(AT_BASE_HREF).'&expire='.$_config['transformable_oauth_expire'];
\r
66 $oauth_server_response = file_get_contents($register_consumer_url);
\r
68 // debug('register consumer - request: '.$register_consumer_url);
\r
69 // debug('register consumer - OAUTH response: '.$oauth_server_response);
\r
71 // handle OAUTH response on register consumer
\r
72 foreach (explode('&', $oauth_server_response) as $rtn)
\r
74 $rtn_pair = explode('=', $rtn);
\r
76 if ($rtn_pair[0] == 'consumer_key') $consumer_key = $rtn_pair[1];
\r
77 if ($rtn_pair[0] == 'consumer_secret') $consumer_secret = $rtn_pair[1];
\r
78 if ($rtn_pair[0] == 'expire') $expire_threshold = $rtn_pair[1];
\r
79 if ($rtn_pair[0] == 'error') $error = urldecode($rtn_pair[1]);
\r
84 $msg->addError(array('TILE_AUTHENTICATION_FAIL', $error));
\r
85 header('Location: '.AT_BASE_HREF.'mods/_core/imscp/index.php');
\r
90 $sql = "INSERT INTO ".TABLE_PREFIX."oauth_client_servers
\r
91 (oauth_server, consumer_key, consumer_secret, expire_threshold, create_date)
\r
92 VALUES ('".mysql_real_escape_string($_config['transformable_uri'])."', '".$consumer_key."',
\r
93 '".$consumer_secret."', ".$expire_threshold.", now())";
\r
94 $result = mysql_query($sql, $db);
\r
95 $oauth_server_id = mysql_insert_id();
\r
100 $row = mysql_fetch_assoc($result);
\r
101 $oauth_server_id = $row['oauth_server_id'];
\r
102 $consumer_key = $row['consumer_key'];
\r
103 $consumer_secret = $row['consumer_secret'];
\r
104 $expire_threshold = $row['expire_threshold'];
\r
106 $consumer = new OAuthConsumer($consumer_key, $consumer_secret, $client_callback_url);
\r
108 // debug('consumer: '.$consumer);
\r
109 // debug('--- END OF REGISTERING CONSUMER ---');
\r
111 // 2. get request token
\r
112 $req_req = OAuthRequest::from_consumer_and_token($consumer, NULL, "GET", AT_TILE_OAUTH_REQUEST_TOKEN_URL);
\r
113 $req_req->sign_request($sig_method, $consumer, NULL);
\r
115 $oauth_server_response = file_get_contents($req_req);
\r
117 // debug('request token - request: '."\n".$req_req);
\r
118 // debug('request token - response: '."\n".$oauth_server_response);
\r
120 // handle OAUTH request token response
\r
121 foreach (explode('&', $oauth_server_response) as $rtn)
\r
123 $rtn_pair = explode('=', $rtn);
\r
125 if ($rtn_pair[0] == 'oauth_token') $request_token_key = $rtn_pair[1];
\r
126 if ($rtn_pair[0] == 'oauth_token_secret') $request_token_secret = $rtn_pair[1];
\r
127 if ($rtn_pair[0] == 'error') $error = urldecode($rtn_pair[1]);
\r
130 if ($error == '' && strlen($request_token_key) > 0 && strlen($request_token_secret) > 0)
\r
132 $sql = "INSERT INTO ".TABLE_PREFIX."oauth_client_tokens
\r
133 (oauth_server_id, token, token_type, token_secret, member_id, assign_date)
\r
134 VALUES (".$oauth_server_id.", '".$request_token_key."', 'request',
\r
135 '".$request_token_secret."', ".$_SESSION['member_id'].", now())";
\r
136 $result = mysql_query($sql, $db);
\r
140 $msg->addError(array('TILE_AUTHENTICATION_FAIL', $error));
\r
141 header('Location: '.AT_BASE_HREF.'mods/_core/imscp/index.php');
\r
145 $request_token = new OAuthToken($request_token_key, $request_token_secret);
\r
147 // debug('--- END OF REQESTING REQUEST TOKEN ---');
\r
149 // 3. authorization
\r
150 $auth_req = AT_TILE_OAUTH_AUTHORIZATION_URL.'?oauth_token='.$request_token_key.'&oauth_callback='.urlencode($client_callback_url);
\r
152 header('Location: '.$auth_req);
\r
155 else // authenticated
\r
157 // get consumer id by request token
\r
158 $sql = "SELECT ocs.oauth_server_id, ocs.consumer_key, ocs.consumer_secret,
\r
159 ocs.expire_threshold, oct.member_id, oct.token_secret
\r
160 FROM ".TABLE_PREFIX."oauth_client_servers ocs, ".TABLE_PREFIX."oauth_client_tokens oct
\r
161 WHERE ocs.oauth_server_id = oct.oauth_server_id
\r
162 AND oct.token = '".$_GET['oauth_token']."'
\r
163 AND token_type='request'";
\r
165 $result = mysql_query($sql, $db);
\r
166 if (mysql_num_rows($result)==0)
\r
168 $msg->addError(array('TILE_AUTHENTICATION_FAIL', _AT('wrong_request_token')));
\r
169 header('Location: '.AT_BASE_HREF.'mods/_core/imscp/index.php');
\r
173 $row = mysql_fetch_assoc($result);
\r
175 $consumer = new OAuthConsumer($row['consumer_key'], $row['consumer_secret'], $client_callback_url);
\r
176 $request_token = new OAuthToken($_GET['oauth_token'], $row['token_secret']);
\r
178 // 4. get access token
\r
179 $access_req = OAuthRequest::from_consumer_and_token($consumer, $request_token, "GET", AT_TILE_OAUTH_ACCESS_TOKEN_URL);
\r
180 $access_req->sign_request($sig_method, $consumer, NULL);
\r
182 $oauth_server_response = file_get_contents($access_req);
\r
184 // debug('access token - request: '."\n".$access_req);
\r
185 // debug('access token - response: '."\n".$oauth_server_response);
\r
187 // handle OAUTH response on access token
\r
188 foreach (explode('&', $oauth_server_response) as $rtn)
\r
190 $rtn_pair = explode('=', $rtn);
\r
192 if ($rtn_pair[0] == 'oauth_token') $access_token_key = $rtn_pair[1];
\r
193 if ($rtn_pair[0] == 'oauth_token_secret') $access_token_secret = $rtn_pair[1];
\r
194 if ($rtn_pair[0] == 'error') $error = urldecode($rtn_pair[1]);
\r
197 if ($error == '' && strlen($access_token_key) > 0 && strlen($access_token_secret) > 0)
\r
199 // insert access token
\r
200 $sql = "INSERT INTO ".TABLE_PREFIX."oauth_client_tokens
\r
201 (oauth_server_id, token, token_type, token_secret, member_id, assign_date)
\r
202 VALUES (".$row['oauth_server_id'].", '".$access_token_key."', 'access',
\r
203 '".$access_token_secret."', ".$row['member_id'].", now())";
\r
204 $result = mysql_query($sql, $db);
\r
206 // delete request_token
\r
207 $sql = "DELETE FROM ".TABLE_PREFIX."oauth_client_tokens
\r
208 WHERE token = '".$_GET['oauth_token']."'
\r
209 AND token_type='request'";
\r
210 $result = mysql_query($sql, $db);
\r
214 $msg->addError(array('TILE_AUTHENTICATION_FAIL', $error));
\r
215 header('Location: '.AT_BASE_HREF.'mods/_core/imscp/index.php');
\r
220 //debug('access token key: '.$access_token_key);
\r
221 // debug('--- END OF REQESTING ACCESS TOKEN ---');
\r