array(), 'permanent_tokens' => array(), 'applications' => array( 'youpi_youpi_youp' => array( 'name' => 'Demo app', 'secret' => 'eeriZ8bu', 'allow_http_auth' => false, ), 'samsung_widget' => array( 'name' => 'Samsung widget', 'secret' => 'kahaip2U', 'allow_http_auth' => true, ), ), 'nonces' => array(), 'verifications' => array(), ); public function __construct() { if (file_exists(DATAS_FILE)) { $this->datas = unserialize(file_get_contents(DATAS_FILE)); } else { //touch('datas.txt'); } // Nettoyage $now = time(); if (!empty($this->datas['temporary_tokens'])) { foreach ($this->datas['temporary_tokens'] as $key => $datas) { if ($now - $datas['time'] > 3600) { unset($this->datas['temporary_tokens'][$key]); } } } if (!empty($this->datas['verifications'])) { foreach ($this->datas['verifications'] as $key => $datas) { if ($now - $datas['time'] > 3600) { unset($this->datas['verifications'][$key]); } } } if (!empty($this->datas['nonces'])) { foreach ($this->datas['nonces'] as $nonce => $time) { if ($now - $time > 300) { unset($this->datas['nonces'][$nonce]); } } } } public function __destruct() { file_put_contents(DATAS_FILE, serialize($this->datas)); } // Renvoie la clé secrète associée à la clé demandée // Renvoie false si la clé n'existe pas public function getAppSecret($key) { if (isset($this->datas['applications'][$key]['secret'])) return $this->datas['applications'][$key]['secret']; else return false; // On peut aussi renvoyer ici une exception avec un message particulier si on veux // l'exception renverra directement un message d'erreur OAuth // (sauf si le code d'erreur est OAuth_Provider_Exception::ERROR, à ce moment // l'exception sera jetée comme normalement) /* throw new OAuth_Provider_Exception( OAuth_Provider_Exception::INVALID_CONSUMER_KEY, "Fuck off you bastard"); */ } public function getApp($key) { if (isset($this->datas['applications'][$key])) return $this->datas['applications'][$key]; else return false; } // Check du nonce pour vérifier qu'il est bien unique ! // On peux ne le conserver que 5 minutes (durée de validité d'une requête OAuth) public function checkNonce($datas) { $nonce = $datas['nonce']; if (array_key_exists($nonce, $this->datas['nonces'])) { return false; } $this->datas['nonces'][$nonce] = time(); return true; } public function createTempToken($datas) { $token = sha1(uniqid() . time() . 'temp'); $secret = uniqid('tmp_', true); $this->datas['temporary_tokens'][$token] = array( 'callback' => $datas['callback'], 'secret' => $secret, 'time' => time(), 'app' => (!empty($datas['consumer_key']) && $this->getApp($datas['consumer_key'])) ? $datas['consumer_key'] : false, ); return array($token, $secret); } public function getTempToken($token) { if (isset($this->datas['temporary_tokens'][$token])) return $this->datas['temporary_tokens'][$token]; else return false; } // Renvoie le secret du token demandé // Renvoie false si le token n'est pas valide // Possibilité de renvoyer des exceptions aussi public function getTempTokenSecret($token) { if (isset($this->datas['temporary_tokens'][$token]['secret'])) return $this->datas['temporary_tokens'][$token]['secret']; else return false; } public function deleteTempToken($token) { unset($this->datas['temporary_tokens'][$token]); } public function createPermanentToken($datas) { $token = sha1(uniqid() . time() . 'permanent'); $secret = uniqid('p_', true); $this->datas['permanent_tokens'][$token] = array( 'secret' => $secret, 'time' => time(), 'app' => (!empty($datas['consumer_key']) && $this->getApp($datas['consumer_key'])) ? $datas['consumer_key'] : false, ); return array($token, $secret); } public function getPermanentTokenSecret($token) { if (isset($this->datas['permanent_tokens'][$token]['secret'])) return $this->datas['permanent_tokens'][$token]['secret']; else return false; } public function getTokenSecret($datas) { $token = $datas['token']; if ($secret = $this->getTempTokenSecret($token)) return $secret; elseif ($secret = $this->getPermanentTokenSecret($token)) return $secret; else return false; } public function createVerifier($token, $callback) { // SHOULD ensure that the verifier value is suitable for manual entry if ($callback == OAuth_Provider::OUT_OF_BAND) $verifier = mt_rand(10000, 99999); else $verifier = strrev(sha1(uniqid() . time() . 'verif')); $this->datas['verifications'][$verifier] = array( 'time' => time(), 'token' => $token, ); return $verifier; } public function checkVerifier($datas) { $code = $datas['verifier']; if (isset($this->datas['verifications'][$code])) return true; else return false; } public function getVerifier($code) { if (isset($this->datas['verifications'][$code])) return $this->datas['verifications'][$code]; else return false; } public function deleteVerifier($code) { if (isset($this->datas['verifications'][$code])) unset($this->datas['verifications'][$code]); return true; } } ?>