1<?php
2
3/**
4 * Take the user when they return from Twitter. Get access tokens.
5 * Verify credentials and redirect to based on response from Twitter.
6 *
7 * This Source Code Form is subject to the terms of the Mozilla Public License,
8 * v. 2.0. If a copy of the MPL was not distributed with this file, You can
9 * obtain one at http://mozilla.org/MPL/2.0/.
10 *
11 * @package phpMyFAQ
12 * @author Thorsten Rinne <thorsten@phpmyfaq.de>
13 * @copyright 2010-2020 phpMyFAQ Team
14 * @license http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
15 * @link https://www.phpmyfaq.de
16 * @since 2010-09-18
17 */
18
19use Abraham\TwitterOAuth\TwitterOAuth;
20use phpMyFAQ\Filter;
21
22//
23// Prepend and start the PHP session
24//
25define('PMF_ROOT_DIR', dirname(dirname(__DIR__)));
26define('IS_VALID_PHPMYFAQ', null);
27
28//
29// Bootstrapping
30//
31require PMF_ROOT_DIR.'/src/Bootstrap.php';
32
33$requestToken = [];
34$requestToken['oauth_token'] = $_SESSION['oauth_token'];
35$requestToken['oauth_token_secret'] = $_SESSION['oauth_token_secret'];
36
37$oAuthToken = Filter::filterInput(INPUT_GET, 'oauth_token', FILTER_SANITIZE_STRING);
38$oAuthVerifier = Filter::filterInput(INPUT_GET, 'oauth_verifier', FILTER_SANITIZE_STRING);
39
40if (isset($_REQUEST['denied'])) {
41    exit('Permission was denied. Please start over.');
42}
43
44if (isset($oAuthToken) && $requestToken['oauth_token'] !== $oAuthToken) {
45    $_SESSION['oauth_status'] = 'oldtoken';
46    header('Location: ./clearsessions.php');
47    exit;
48}
49
50$connection = new TwitterOAuth(
51    $faqConfig->get('socialnetworks.twitterConsumerKey'),
52    $faqConfig->get('socialnetworks.twitterConsumerSecret'),
53    $requestToken['oauth_token'],
54    $requestToken['oauth_token_secret']
55);
56
57$accessToken = $connection->oauth('oauth/access_token', ['oauth_verifier' => $oAuthVerifier]);
58
59if (200 === $connection->getLastHttpCode()) {
60    unset($_SESSION['oauth_token']);
61    unset($_SESSION['oauth_token_secret']);
62    $_SESSION['access_token'] = $accessToken;
63    $_SESSION['status'] = 'verified';
64
65    header('Location: ./index.php');
66} else {
67
68    header('Location: ./clearsessions.php');
69}
70