oauth.php

   1 <?php\r
   2         /* Start session and load lib */\r
   3         if(!isset($_SESSION)){\r
   4                 session_start();\r
   5         }\r
   6         include_once('lib/twitese.php');\r
   7         foreach ($AUTH_ID as &$id) {\r
   8                 $id = strtoupper($id);\r
   9         }\r
  10         if (isset($_REQUEST['oauth_token'])) {\r
  11                 if($_SESSION['oauth_token'] !== $_REQUEST['oauth_token']) {\r
  12                         $_SESSION['oauth_status'] = 'oldtoken';\r
  13                         session_destroy();\r
  14                         header('Location: login.php?oauth=old');exit();\r
  15                 }else{\r
  16                         /* Create TwitteroAuth object with app key/secret and token key/secret from default phase */\r
  17                         $connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $_SESSION['oauth_token'], $_SESSION['oauth_token_secret']);\r
  18 \r
  19                         /* Request access tokens from twitter */\r
  20                         $access_token = $connection->getAccessToken($_REQUEST['oauth_verifier']);\r
  21 \r
  22                         /* Save the access tokens. Normally these would be saved in a database for future use. */\r
  23                         $_SESSION['access_token'] = $access_token;\r
  24 \r
  25                         /* Remove no longer needed request tokens */\r
  26                         unset($_SESSION['oauth_token']);\r
  27                         unset($_SESSION['oauth_token_secret']);\r
  28 \r
  29                         /* If HTTP response is 200 continue otherwise send to connect page to retry */\r
  30                         if (200 == $connection->http_code) {\r
  31                                 /* The user has been verified and the access tokens can be saved for future use */\r
  32                                 $_SESSION['login_status'] = 'verified';\r
  33                                 $t = getTwitter();\r
  34                                 $user = $t->veverify();\r
  35                                 \r
  36                                 if ( ID_AUTH && (!in_array(strtoupper($t->screen_name),$AUTH_ID)) ){\r
  37                                         session_destroy();\r
  38                                         header("Location: login.php?oauth=denied");exit;\r
  39                                 }\r
  40                                 /* And set new cookies */\r
  41                                 $time = $_SERVER['REQUEST_TIME']+3600*24*365;\r
  42                                 setEncryptCookie('oauth_token', $access_token['oauth_token'], $time, '/');\r
  43                                 setEncryptCookie('oauth_token_secret', $access_token['oauth_token_secret'], $time, '/');\r
  44                                 setEncryptCookie('user_id', $access_token['user_id'], $time, '/');\r
  45                                 setEncryptCookie('twitese_name', $t->screen_name, $time, '/');\r
  46                                 refreshProfile();\r
  47                                 \r
  48                                 if(!isset($_COOKIE['showpic'])){\r
  49                                         setcookie('showpic', 'true', $time, '/');\r
  50                                 }\r
  51                                 if(!isset($_COOKIE['mediaPre'])){\r
  52                                         setcookie('mediaPre', 'true', $time, '/');\r
  53                                 }\r
  54                                 if(!isset($_COOKIE['loginPage'])) {\r
  55                                         header('Location: index.php');exit();\r
  56                                 } else {\r
  57                                         $scheme = (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on") ? 'http' : 'https';\r
  58                                         $port = $_SERVER['SERVER_PORT'] != 80 ? ':'.$_SERVER['SERVER_PORT'] : '';\r
  59                                         $login_page = $scheme . '://' . $_SERVER['HTTP_HOST'] . $port . $_COOKIE['loginPage'];\r
  60                                         header('Location: '. $login_page);exit();\r
  61                                 }\r
  62                                 \r
  63                         } else {\r
  64                                 session_destroy();\r
  65                                 header('Location: login.php?oauth=error');exit();\r
  66                         }\r
  67                 }\r
  68         }else{\r
  69                 /* Create TwitterOAuth object and get request token */\r
  70                 $connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET);\r
  71                 \r
  72                 /* Get callback URL */\r
  73                 $scheme = (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on") ? 'http' : 'https';\r
  74                 $port = $_SERVER['SERVER_PORT'] != 80 ? ':'.$_SERVER['SERVER_PORT'] : '';\r
  75                 $oauth_callback = $scheme . '://' . $_SERVER['HTTP_HOST'] . $port . $_SERVER['REQUEST_URI'];\r
  76         \r
  77                 /* Get request token */\r
  78                 $request_token = $connection->getRequestToken($oauth_callback);\r
  79 \r
  80                 /* Save request token to session */\r
  81                 $_SESSION['oauth_token'] = $token = $request_token['oauth_token'];\r
  82                 $_SESSION['oauth_token_secret'] = $request_token['oauth_token_secret'];\r
  83 \r
  84                 /* If last connection fails don't display authorization link */\r
  85                 switch ($connection->http_code) {\r
  86                         case 200:\r
  87                                 \r
  88                                 $time = $_SERVER['REQUEST_TIME']+3600*24*365;\r
  89                                 $url = $connection->getAuthorizeURL($token);\r
  90                                 if ( isset($_POST['proxify']) ) { \r
  91                                         $raw= processCurl($url);\r
  92                                         $new = str_replace('https://api.twitter.com/oauth/authorize', 'authorize.php',$raw); \r
  93                                         $new = str_replace('html { display:none; }','.error,a.sign-up,input[name="deny"]{display:none !important;}',$new);\r
  94                                         $new = preg_replace('/https?:\/\/\w+([0-9])\.twimg\.com/i','https://s3.amazonaws.com/twitter_production',$new);\r
  95                                 echo $new;\r
  96                                 } //OAuth Proxy End\r
  97                                 else {\r
  98                                         header('Location: ' . $url); \r
  99                                 }\r
 100                                 break;\r
 101                         default:\r
 102                                 header('Location: error.php?t=1');exit();\r
 103                                 break;\r
 104                 }\r
 105         }\r
 106 ?>