From ea3940c4b0b8232e2de0771811b9f90ade9ee45f Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Mon, 25 Feb 2013 17:09:40 -0800
Subject: start formatting for Doxygen

---
 include/oauth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'include/oauth.php')

diff --git a/include/oauth.php b/include/oauth.php
index 99fc16eef..2f70f21fb 100644
--- a/include/oauth.php
+++ b/include/oauth.php
@@ -1,4 +1,4 @@
-<?php
+<?php /** @file */
 /** 
  * OAuth server
  * Based on oauth2-php <http://code.google.com/p/oauth2-php/>
-- 
cgit v1.2.3


From a8dd7280b33008d5100b6d8020640673abf5a78a Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Thu, 15 Aug 2013 22:52:19 -0700
Subject: get rid of more variables with dashes in the names - use underscore
 *except* in CSS. These were probably already here, but if you see any -
 please keep them out of PHP and MySQL where they sometimes get interpreted as
 a subtraction operation and are a bugger to find.

---
 include/oauth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'include/oauth.php')

diff --git a/include/oauth.php b/include/oauth.php
index 2f70f21fb..6ec5285e4 100644
--- a/include/oauth.php
+++ b/include/oauth.php
@@ -145,7 +145,7 @@ class FKOAuth1 extends OAuthServer {
 		}
 		$_SESSION['uid'] = $record['uid'];
 		$_SESSION['theme'] = $record['theme'];
-		$_SESSION['mobile-theme'] = get_pconfig($record['uid'], 'system', 'mobile_theme');
+		$_SESSION['mobile_theme'] = get_pconfig($record['uid'], 'system', 'mobile_theme');
 		$_SESSION['authenticated'] = 1;
 		$_SESSION['page_flags'] = $record['page-flags'];
 		$_SESSION['my_url'] = $a->get_baseurl() . '/channel/' . $record['nickname'];
-- 
cgit v1.2.3


From 9bff739d9624d3a4ba1fb488673ec1a18bc6d395 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Mon, 16 Sep 2013 21:35:52 -0700
Subject: several oauth fixes - shred doesn't completely work yet, but it also
 doesn't completely NOT work, so at least there's some improvement

---
 include/oauth.php | 67 +++++++++++++++++++++++++++++++------------------------
 1 file changed, 38 insertions(+), 29 deletions(-)

(limited to 'include/oauth.php')

diff --git a/include/oauth.php b/include/oauth.php
index 6ec5285e4..b10802ecd 100644
--- a/include/oauth.php
+++ b/include/oauth.php
@@ -18,11 +18,12 @@ class FKOAuthDataStore extends OAuthDataStore {
 	
   function lookup_consumer($consumer_key) {
 		logger(__function__.":".$consumer_key);
-      //echo "<pre>"; var_dump($consumer_key); killme();
-	  
+//      echo "<pre>"; var_dump($consumer_key); killme();
+
 		$r = q("SELECT client_id, pw, redirect_uri FROM clients WHERE client_id='%s'",
 			dbesc($consumer_key)
 		);
+
 		if (count($r))
 			return new OAuthConsumer($r[0]['client_id'],$r[0]['pw'],$r[0]['redirect_uri']);
 		return null;
@@ -30,11 +31,13 @@ class FKOAuthDataStore extends OAuthDataStore {
 
   function lookup_token($consumer, $token_type, $token) {
 		logger(__function__.":".$consumer.", ". $token_type.", ".$token);
+
 		$r = q("SELECT id, secret,scope, expires, uid  FROM tokens WHERE client_id='%s' AND scope='%s' AND id='%s'",
 			dbesc($consumer->key),
 			dbesc($token_type),
 			dbesc($token)
 		);
+
 		if (count($r)){
 			$ot=new OAuthToken($r[0]['id'],$r[0]['secret']);
 			$ot->scope=$r[0]['scope'];
@@ -46,12 +49,14 @@ class FKOAuthDataStore extends OAuthDataStore {
   }
 
   function lookup_nonce($consumer, $token, $nonce, $timestamp) {
-		//echo __file__.":".__line__."<pre>"; var_dump($consumer,$key); killme();
+//		echo __file__.":".__line__."<pre>"; var_dump($consumer,$key); killme();
+
 		$r = q("SELECT id, secret  FROM tokens WHERE client_id='%s' AND id='%s' AND expires=%d",
 			dbesc($consumer->key),
 			dbesc($nonce),
 			intval($timestamp)
 		);
+
 		if (count($r))
 			return new OAuthToken($r[0]['id'],$r[0]['secret']);
 		return null;
@@ -67,13 +72,14 @@ class FKOAuthDataStore extends OAuthDataStore {
 		} else {
 			$k = $consumer;
 		}
-		
+
 		$r = q("INSERT INTO tokens (id, secret, client_id, scope, expires) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP()+%d)",
 				dbesc($key),
 				dbesc($sec),
 				dbesc($k),
 				'request',
 				intval(REQUEST_TOKEN_DURATION));
+
 		if (!$r) return null;
 		return new OAuthToken($key,$sec);
   }
@@ -95,6 +101,7 @@ class FKOAuthDataStore extends OAuthDataStore {
 		
 		$key = $this->gen_token();
 		$sec = $this->gen_token();
+
 		$r = q("INSERT INTO tokens (id, secret, client_id, scope, expires, uid) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP()+%d, %d)",
 				dbesc($key),
 				dbesc($sec),
@@ -102,6 +109,7 @@ class FKOAuthDataStore extends OAuthDataStore {
 				'access',
 				intval(ACCESS_TOKEN_DURATION),
 				intval($uverifier));
+
 		if ($r)
 			$ret = new OAuthToken($key,$sec);		
 	}
@@ -131,9 +139,9 @@ class FKOAuth1 extends OAuthServer {
 	}
 	
 	function loginUser($uid){
-		logger("FKOAuth1::loginUser $uid");
+		logger("RedOAuth1::loginUser $uid");
 		$a = get_app();
-		$r = q("SELECT * FROM `user` WHERE uid=%d AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1",
+		$r = q("SELECT * FROM channel WHERE channel_id = %d LIMIT 1",
 			intval($uid)
 		);
 		if(count($r)){
@@ -143,35 +151,36 @@ class FKOAuth1 extends OAuthServer {
 		    header('HTTP/1.0 401 Unauthorized');
 		    die('This api requires login');
 		}
-		$_SESSION['uid'] = $record['uid'];
-		$_SESSION['theme'] = $record['theme'];
-		$_SESSION['mobile_theme'] = get_pconfig($record['uid'], 'system', 'mobile_theme');
+		$_SESSION['uid'] = $record['channel_id'];
+		$_SESSION['theme'] = $record['channel_theme'];
+		$_SESSION['account_id'] = $record['channel_account_id'];
+		$_SESSION['mobile_theme'] = get_pconfig($record['channel_id'], 'system', 'mobile_theme');
 		$_SESSION['authenticated'] = 1;
-		$_SESSION['page_flags'] = $record['page-flags'];
-		$_SESSION['my_url'] = $a->get_baseurl() . '/channel/' . $record['nickname'];
+//		$_SESSION['page_flags'] = $record['page-flags'];
+		$_SESSION['my_url'] = $a->get_baseurl() . '/channel/' . $record['channel_address'];
 		$_SESSION['addr'] = $_SERVER['REMOTE_ADDR'];
+		$_SESSION['allow_api'] = true;
 
-		//notice( t("Welcome back ") . $record['username'] . EOL);
-		$a->user = $record;
+		$a->channel = $record;
 
-		if(strlen($a->user['timezone'])) {
-			date_default_timezone_set($a->user['timezone']);
-			$a->timezone = $a->user['timezone'];
+		if(strlen($a->channel['channel_timezone'])) {
+			date_default_timezone_set($a->channel['channel_timezone']);
+//			$a->timezone = $a->user['timezone'];
 		}
 
-		$r = q("SELECT * FROM `contact` WHERE `uid` = %s AND `self` = 1 LIMIT 1",
-			intval($_SESSION['uid']));
-		if(count($r)) {
-			$a->contact = $r[0];
-			$a->cid = $r[0]['id'];
-			$_SESSION['cid'] = $a->cid;
-		}
-		q("UPDATE `user` SET `login_date` = '%s' WHERE `uid` = %d LIMIT 1",
-			dbesc(datetime_convert()),
-			intval($_SESSION['uid'])
-		);
-
-		call_hooks('logged_in', $a->user);		
+//		$r = q("SELECT * FROM `contact` WHERE `uid` = %s AND `self` = 1 LIMIT 1",
+//			intval($_SESSION['uid']));
+//		if(count($r)) {
+//			$a->contact = $r[0];
+//			$a->cid = $r[0]['id'];
+//			$_SESSION['cid'] = $a->cid;
+//		}
+//		q("UPDATE `user` SET `login_date` = '%s' WHERE `uid` = %d LIMIT 1",
+//			dbesc(datetime_convert()),
+//			intval($_SESSION['uid'])
+//		);
+//
+//		call_hooks('logged_in', $a->user);		
 	}
 	
 }
-- 
cgit v1.2.3


From 100043da38af9e1f01a3943e5bc996ab5311894a Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Tue, 15 Oct 2013 15:51:20 -0700
Subject: oauth wasn't logging in properly, also fixed api status_show to
 return last public post, not the last private post

---
 include/oauth.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'include/oauth.php')

diff --git a/include/oauth.php b/include/oauth.php
index b10802ecd..8eb8a83d8 100644
--- a/include/oauth.php
+++ b/include/oauth.php
@@ -151,15 +151,22 @@ class FKOAuth1 extends OAuthServer {
 		    header('HTTP/1.0 401 Unauthorized');
 		    die('This api requires login');
 		}
+
 		$_SESSION['uid'] = $record['channel_id'];
 		$_SESSION['theme'] = $record['channel_theme'];
 		$_SESSION['account_id'] = $record['channel_account_id'];
 		$_SESSION['mobile_theme'] = get_pconfig($record['channel_id'], 'system', 'mobile_theme');
 		$_SESSION['authenticated'] = 1;
-//		$_SESSION['page_flags'] = $record['page-flags'];
 		$_SESSION['my_url'] = $a->get_baseurl() . '/channel/' . $record['channel_address'];
 		$_SESSION['addr'] = $_SERVER['REMOTE_ADDR'];
 		$_SESSION['allow_api'] = true;
+		$x = q("select * from account where account_id = %d limit 1",
+			intval($record['channel_account_id'])
+		);
+		if($x)
+			$a->account = $x[0];
+
+		change_channel($record['channel_id']);
 
 		$a->channel = $record;
 
-- 
cgit v1.2.3