OAuth

Brief introduction to oauth-php

The library OAuth-php selected has to be adjusted with different scripts to suit our requirements when using the HP WallArt Framework API.

  1. init.php in oauth/example/server/core/

    2. In this script we need to add at the beginning the beginning of the session call:

            session_name('PHPSESSID');
        session_start();

    Then we meet the global variables to the data we have from the current user session or logged:

            define ('USERNAME', $_SESSION['user']['user']);
        define ('PASSWORD', $_SESSION['user']['pass']);

    We also need to introduce the connecting data from our database in MySql: database, user and password:

            $info = parse_url(getenv('DB_DSN'));
        ($GLOBALS['db_conn'] = mysql_connect('localhost', 'bbdd_username', 'bbdd_password')) || die(mysql_error());
        mysql_select_db(basename('bbdd_name'), $GLOBALS['db_conn']) || die(mysql_error());
        unset($info);

    The function call assert_logged_in must contain the full URL with http:// or https:// and code the URL for the GOTO variable:

            function assert_logged_in()
        {
            if (empty($_SESSION['authorized']))
            {
                $uri = $_SERVER['REQUEST_URI'];
                header('Location: https://www.mydomain.com/logon?goto=' . urlencode($uri)); //always URLENCODE
                exit();
            }
        }

    We also add two new functions to recover the authorized user id from the session and the id for the project that is being edited:

            //New function to get the logged in user id from the session.
        function get_logged_in()
        {
            return $_SESSION['authorized_user_id'];
        }
        
        //New function to get the actual project id from the session.
        function get_project_id()
        {
            return $_SESSION['authorized_project_id'];
        }
  2. logon.php in oauth/example/server/www/

    3. In this script you must compare the session data for the global initial data that are defined in init.php. You must also save the data of user_id and project_id in the varioables of the new session. You must also decode the GOTO variable with a call to urldecode:

            if (isset($_SESSION['user']['user']) && isset($_SESSION['user']['pass']))
        {
            if ($_SESSION['user']['user'] == USERNAME && $_SESSION['user']['pass'] == PASSWORD)
            {
                $_SESSION['authorized'] = true;
                //Store the ID of the loggein in user in the session.
                $_SESSION['authorized_user_id'] = $_SESSION['user']['id'];
                $_SESSION['authorized_project_id'] = $_SESSION['project_id'];
                
                if (!empty($_REQUEST['goto']))
                {
                    //header('Location: /' . urldecode($_REQUEST['goto']) );
                    header('Location: https://www.mydomain.com' . urldecode($_REQUEST['goto']) );
                    die;
                }
        
                echo "Logon succesfull.";
                die;
            }
        }