function loadDb()
{
- $db = new PDO('sqlite:' . __DIR__ . '/../data/tokens.sq3');
+ $pharFile = \Phar::running();
+ if ($pharFile == '') {
+ $dsn = 'sqlite:' . __DIR__ . '/../data/tokens.sq3';
+ $cfgFilePath = __DIR__ . '/config.php';
+ } else {
+ //remove phar:// from the path
+ $dir = dirname(substr($pharFile, 7)) . '/';
+ $dsn = 'sqlite:' . $dir . '/tokens.sq3';
+ $cfgFilePath = substr($pharFile, 7) . '.config.php';
+ }
+ //allow overriding DSN
+ if (file_exists($cfgFilePath)) {
+ include $cfgFilePath;
+ }
+
+ $db = new PDO($dsn);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->exec("CREATE TABLE IF NOT EXISTS authtokens(
code TEXT,
return $code;
}
-function validate_token($code, $redirect_uri, $client_id, $state)
+function validate_token($code, $redirect_uri, $client_id)
{
$db = loadDb();
$stmt = $db->prepare(
. ' code = :code'
. ' AND redirect_uri = :redirect_uri'
. ' AND client_id = :client_id'
- . ' AND state = :state'
. ' AND created >= :created'
);
$stmt->execute(
':code' => $code,
':redirect_uri' => $redirect_uri,
':client_id' => $client_id,
- ':state' => (string) $state,
':created' => date('c', time() - 60)
)
);
}
} catch (OpenID_Exception $e) {
error('Error verifying OpenID login: ' . $e->getMessage());
+ } catch (Exception $e) {
+ error(get_class($e) . ': ' . $e->getMessage());
}
}
exit(0);
} catch (OpenID_Exception $e) {
error('OpenID error: ' . $e->getMessage());
+ } catch (Exception $e) {
+ error(get_class($e) . ': ' . $e->getMessage());
}
} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$redirect_uri = verifyUrlParameter($_POST, 'redirect_uri');
$client_id = verifyUrlParameter($_POST, 'client_id');
- $state = null;
- if (isset($_POST['state'])) {
- $state = $_POST['state'];
- }
if (!isset($_POST['code'])) {
error('"code" parameter missing');
}
$token = $_POST['code'];
- $me = validate_token($token, $redirect_uri, $client_id, $state);
+ $me = validate_token($token, $redirect_uri, $client_id);
if ($me === false) {
- header('HTTP/1.0 400 Bad Request');
- echo "Validating token failed\n";
- exit(1);
+ error('Validating token failed');
}
header('Content-type: application/x-www-form-urlencoded');
echo 'me=' . urlencode($me);