2 /***********************************************************************/
4 /***********************************************************************/
5 /* Copyright (c) 2002-2010 */
6 /* Inclusive Design Institute */
9 /* This program is free software. You can redistribute it and/or */
10 /* modify it under the terms of the GNU General Public License */
11 /* as published by the Free Software Foundation. */
12 /***********************************************************************/
16 * ATutor's implementation of the OAuthDataStore
18 class ATutorOAuthDataStore extends OAuthDataStore {
21 public function __construct() {
23 // this class is used in 2 different contexts, either through atutor where we have a Db class
24 // or through Shindig's social API, in which case we have to create our own db handle
25 if (isset($db) && $db instanceof DB) {
26 // running in atutor's context
27 $this->db = $db->get_handle();
29 // running in shindig's context
30 // one of the class paths should point to atutor's document root, abuse that fact to find our config
31 if (file_exists('../../../../../include/lib/mysql_connect.inc.php')){
32 define('AT_INCLUDE_PATH', '../../../../../include/');
34 define('AT_INCLUDE_PATH', '../../atutor155/ATutor_164/include/');
36 $configFile = AT_INCLUDE_PATH.'lib/mysql_connect.inc.php';
37 if (file_exists($configFile)) {
38 include(AT_INCLUDE_PATH.'config.inc.php');
39 include(AT_INCLUDE_PATH . 'lib/constants.inc.php');
40 include(AT_INCLUDE_PATH . 'lib/mysql_connect.inc.php');
44 if (! isset($configFile)) {
45 throw new Exception("Could not locate ATutor's configuration file while scanning extension_class_paths ({$extension_class_paths})");
47 // $this->db = mysqli_connect($config['db_host'], $config['db_user'], $config['db_passwd'], $config['db_database']);
48 // mysqli_select_db($this->db, $config['db_database']);
52 public function lookup_consumer($consumer_key) {
53 $consumer_key = mysql_real_escape_string(trim($consumer_key));
54 $sql = "SELECT user_id, app_id, consumer_key, consumer_secret FROM ".TABLE_PREFIX."oauth_consumer WHERE consumer_key = '$consumer_key'";
55 $res = mysql_query($sql, $this->db);
56 if (mysql_num_rows($res)) {
57 $ret = mysql_fetch_assoc($res);
58 return new OAuthConsumer($ret['consumer_key'], $ret['consumer_secret'], null);
63 public function lookup_consumer_name($consumer_key){
64 $consumer_key = mysql_real_escape_string(trim($consumer_key));
65 $sql = "SELECT user_id, app_id, FROM ".TABLE_PREFIX."oauth_consumer WHERE consumer_key = '$consumer_key'";
66 $res = mysql_query($sql, $this->db);
67 if (mysql_num_rows($res)) {
68 $ret = mysql_fetch_assoc($res);
73 public function lookup_token($consumer, $token_type, $token) {
74 $token_type = mysql_real_escape_string($token_type);
75 $consumer_key = mysql_real_escape_string($consumer->key);
76 $token = mysql_real_escape_string($token);
77 $sql = "SELECT * FROM ".TABLE_PREFIX."oauth_token WHERE type = '$token_type' AND consumer_key = '{$consumer_key}' AND token_key = '$token'";
78 $res = mysql_query($sql, $this->db);
79 if (mysql_num_rows($res)) {
80 $ret = mysql_fetch_assoc($res);
81 return new OAuthToken($ret['token_key'], $ret['token_secret']);
83 throw new OAuthException("Unexpected token type ($token_type) or unknown token");
86 public function lookup_nonce($consumer, $token, $nonce, $timestamp) {
87 $timestamp = mysql_real_escape_string($timestamp);
88 $nonce = mysql_real_escape_string($nonce);
89 $sql = "SELECT nonce FROM ".TABLE_PREFIX."oauth_nonce WHERE nonce_timestamp = $timestamp AND nonce = '$nonce'";
90 $res = mysql_query($sql, $this->db);
91 if (! mysql_num_rows($res)) {
92 $nonce = mysql_real_escape_string($nonce);
93 $sql = "INSERT INTO ".TABLE_PREFIX."oauth_nonce (nonce, nonce_timestamp) VALUES ('$nonce', $timestamp)";
94 mysql_query($sql, $this->db);
97 $ret = mysql_fetch_assoc($res);
101 public function new_request_token($consumer, $token_secret = null) {
102 $consumer_key = mysql_real_escape_string($consumer->key);
103 $consumer_secret = mysql_real_escape_string($consumer->secret);
104 $sql = "SELECT user_id FROM ".TABLE_PREFIX."oauth_consumer WHERE consumer_key = '$consumer_key' AND consumer_secret = '$consumer_secret'";
106 $res = mysql_query($sql, $this->db);
107 if (mysql_num_rows($res)) {
108 $ret = mysql_fetch_assoc($res);
109 $user_id = intval($ret['user_id']);
110 if ($token_secret === null) {
111 $token_secret = md5(uniqid(rand(), true));
113 $token = new OAuthToken($this->genGUID(), $token_secret);
114 $token_key = mysql_real_escape_string($token->key);
115 $token_secret = mysql_real_escape_string($token->secret);
116 $sql = "INSERT INTO ".TABLE_PREFIX."oauth_token (consumer_key, type, token_key, token_secret, user_id) VALUES ('$consumer_key', 'request', '$token_key', '$token_secret', $user_id)";
117 mysql_query($sql, $this->db);
120 throw new OAuthException("Invalid consumer key ($consumer_key)");
124 public function new_access_token($oauthToken, $consumer) {
125 $org_token_key = $token_key = mysql_real_escape_string($oauthToken->key);
126 $sql = "SELECT * FROM ".TABLE_PREFIX."oauth_token WHERE type = 'request' AND token_key = '$token_key'";
127 $res = mysql_query($sql, $this->db);
128 if (mysql_num_rows($res)) {
129 $ret = mysql_fetch_assoc($res);
130 if ($ret['authorized']) {
131 $token = new OAuthToken($this->genGUID(), md5(uniqid(rand(), true)));
132 $token_key = mysql_real_escape_string($token->key);
133 $token_secret = mysql_real_escape_string($token->secret);
134 $consumer_key = mysql_real_escape_string($ret['consumer_key']);
135 $user_id = intval($ret['user_id']);
136 $sql = "INSERT INTO ".TABLE_PREFIX."oauth_token (consumer_key, type, token_key, token_secret, user_id) VALUES ('$consumer_key', 'access', '$token_key', '$token_secret', $user_id)";
137 @mysql_query($sql, $this->db);
138 $sql = "DELETE FROM ".TABLE_PREFIX."oauth_token WHERE type = 'request' AND token_key = '$org_token_key'";
139 mysql_query($sql, $this->db);
146 public function authorize_request_token($token) {
147 $token = mysql_real_escape_string($token);
148 $user_id = intval($_SESSION['member_id']);
149 $sql = "UPDATE ".TABLE_PREFIX."oauth_token SET authorized = 1, user_id = $user_id WHERE token_key = '$token'";
150 mysql_query($sql, $this->db);
153 public function get_user_id($token) {
154 $token_key = mysql_real_escape_string($token->key);
155 $sql = "SELECT user_id FROM ".TABLE_PREFIX."oauth_token WHERE token_key = '$token_key'";
156 $res = mysql_query($sql, $this->db);
157 if (mysql_num_rows($res)) {
158 list($user_id) = mysql_fetch_row($res);
164 public function get_app_id($token) {
165 $token_key = mysql_real_escape_string($token->key);
166 $sql = "SELECT app_id FROM ".TABLE_PREFIX."oauth_consumer WHERE consumer_key = '$token_key'";
167 $res = mysql_query($sql, $this->db);
169 if (mysql_num_rows($res)) {
170 list($ret) = mysql_fetch_row($res);
176 * @see http://jasonfarrell.com/misc/guid.phps Taken from here
177 * e.g. output: 372472a2-d557-4630-bc7d-bae54c934da1
178 * word*2-, word-, (w)ord-, (w)ord-, word*3
180 private function genGUID() {
182 for ($i = 1; $i <= 16; $i ++) {
183 $b = (int)rand(0, 0xff);
184 // version 4 (random)
194 $guidstr .= sprintf("%02s", base_convert($b, 10, 16));
195 if ($i == 4 || $i == 6 || $i == 8 || $i == 10) {