1 <?php |
1 <?php |
2 header('P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"'); |
2 header('P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"'); |
3 /** |
3 |
4 * include some common code (like we did in the 90s) |
|
5 * People still do this? ;) |
|
6 */ |
|
7 include_once 'common.php'; |
4 include_once 'common.php'; |
|
5 use Abraham\TwitterOAuth\TwitterOAuth; |
|
6 |
8 if(!isset($_REQUEST['rep'])) { |
7 if(!isset($_REQUEST['rep'])) { |
9 $rep = $C_default_rep; |
8 $rep = $C_default_rep; |
10 } |
9 } |
11 else { |
10 else { |
12 $rep = $_REQUEST['rep']; |
11 $rep = $_REQUEST['rep']; |
13 } |
12 } |
14 |
13 |
15 |
14 |
16 /** |
|
17 * Someone's knocking at the door using the Callback URL - if they have |
|
18 * some GET data, it might mean that someone's just approved OAuth access |
|
19 * to their account, so we better exchange our current Request Token |
|
20 * for a newly authorised Access Token. There is an outstanding Request Token |
|
21 * to exchange, right? |
|
22 */ |
|
23 if (!empty($_GET) && isset($_SESSION['TWITTER_REQUEST_TOKEN'])) { |
15 if (!empty($_GET) && isset($_SESSION['TWITTER_REQUEST_TOKEN'])) { |
24 $token = $consumer->getAccessToken($_GET, unserialize($_SESSION['TWITTER_REQUEST_TOKEN'])); |
16 |
25 $_SESSION['TWITTER_ACCESS_TOKEN'] = serialize($token); |
17 |
|
18 $token = unserialize($_SESSION['TWITTER_REQUEST_TOKEN']); |
|
19 |
|
20 if (isset($_REQUEST['oauth_token']) && $token['oauth_token'] !== $_REQUEST['oauth_token']) { |
|
21 exit('Invalid callback request. Oops. Sorry.'); |
|
22 } |
|
23 |
|
24 $connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $token['oauth_token'], $token['oauth_token_secret']); |
|
25 $access_token = $connection->oauth("oauth/access_token", ["oauth_verifier" => $_REQUEST['oauth_verifier']]); |
|
26 |
|
27 $_SESSION['TWITTER_ACCESS_TOKEN'] = serialize($access_token); |
26 |
28 |
27 /** |
29 /** |
28 * Now that we have an Access Token, we can discard the Request Token |
30 * Now that we have an Access Token, we can discard the Request Token |
29 */ |
31 */ |
30 $_SESSION['TWITTER_REQUEST_TOKEN'] = null; |
32 $_SESSION['TWITTER_REQUEST_TOKEN'] = null; |
31 |
33 |
32 /** |
34 /** |
33 * With Access Token in hand, let's try accessing the client again |
35 * With Access Token in hand, let's try accessing the client again |
34 */ |
36 */ |
35 header('Location: ' . ( isset($_SESSION['TWITTER_REDIRECT_URL']) ? $_SESSION['TWITTER_REDIRECT_URL'] : ( URL_ROOT . "$rep/client.php" ) ) ); |
37 header('Location: ' . ( isset($_SESSION['TWITTER_REDIRECT_URL']) ? $_SESSION['TWITTER_REDIRECT_URL'] : ( URL_ROOT . "$rep/client.php" ) ) ); |
|
38 |
36 } else { |
39 } else { |
37 /** |
40 /** |
38 * Mistaken request? Some malfeasant trying something? |
41 * Mistaken request? Some malfeasant trying something? |
39 */ |
42 */ |
40 exit('Invalid callback request. Oops. Sorry.'); |
43 exit('Invalid callback request. Oops. Sorry.'); |