X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fapi.php;h=e3b5ea3a929e76ff77a687adcad1fbb39a40b7b7;hb=3f2a55c267e0bdc4a4ad8b43f2d960aa0e31327c;hp=ad75e6620e2aff9bbbe8e0cfce82e770f9553349;hpb=355c42cb309eb1313097411067ca999b699aa620;p=friendica.git diff --git a/mod/api.php b/mod/api.php index ad75e6620e..e3b5ea3a92 100644 --- a/mod/api.php +++ b/mod/api.php @@ -4,19 +4,19 @@ require_once('include/api.php'); function oauth_get_client($request){ - + $params = $request->get_parameters(); $token = $params['oauth_token']; - - $r = q("SELECT `clients`.* - FROM `clients`, `tokens` - WHERE `clients`.`client_id`=`tokens`.`client_id` + + $r = q("SELECT `clients`.* + FROM `clients`, `tokens` + WHERE `clients`.`client_id`=`tokens`.`client_id` AND `tokens`.`id`='%s' AND `tokens`.`scope`='request'", dbesc($token)); if (!count($r)) return null; - + return $r[0]; } @@ -36,31 +36,31 @@ function api_post(&$a) { function api_content(&$a) { if ($a->cmd=='api/oauth/authorize'){ - /* + /* * api/oauth/authorize interact with the user. return a standard page */ - + $a->page['template'] = "minimal"; - - + + // get consumer/client from request token try { $request = OAuthRequest::from_request(); } catch(Exception $e) { echo "
"; var_dump($e); killme(); } - - + + if (x($_POST,'oauth_yes')){ - + $app = oauth_get_client($request); if (is_null($app)) return "Invalid request. Unknown token."; $consumer = new OAuthConsumer($app['client_id'], $app['pw'], $app['redirect_uri']); $verifier = md5($app['secret'].local_user()); set_config("oauth", $verifier, local_user()); - - + + if ($consumer->callback_url!=null) { $params = $request->get_parameters(); $glue="?"; @@ -68,35 +68,35 @@ function api_content(&$a) { goaway($consumer->callback_url.$glue."oauth_token=".OAuthUtil::urlencode_rfc3986($params['oauth_token'])."&oauth_verifier=".OAuthUtil::urlencode_rfc3986($verifier)); killme(); } - - - + + + $tpl = get_markup_template("oauth_authorize_done.tpl"); $o = replace_macros($tpl, array( '$title' => t('Authorize application connection'), '$info' => t('Return to your app and insert this Securty Code:'), '$code' => $verifier, )); - + return $o; - - + + } - - + + if(! local_user()) { //TODO: we need login form to redirect to this page notice( t('Please login to continue.') . EOL ); return login(false,$request->get_parameters()); } //FKOAuth1::loginUser(4); - + $app = oauth_get_client($request); if (is_null($app)) return "Invalid request. Unknown token."; - - - + + + $tpl = get_markup_template('oauth_authorize.tpl'); $o = replace_macros($tpl, array( '$title' => t('Authorize application connection'), @@ -105,15 +105,12 @@ function api_content(&$a) { '$yes' => t('Yes'), '$no' => t('No'), )); - + //echo ""; var_dump($app); killme(); - + return $o; } - + echo api_call($a); killme(); } - - -