source: sandbox/2.4.1-3/prototype/rest/oauth/authorize.php @ 6351

Revision 6351, 1.8 KB checked in by gustavo, 12 years ago (diff)

Ticket #2768 - Melhorias na inserção de destinatários na criacao de mensagem

  • Property svn:executable set to *
Line 
1<?php
2/**
3 * @file
4 * Sample authorize endpoint.
5 *
6 * This sample provides two click-jacking prevention methods, neither which are perfect.
7 * The javascript solution is similar to what facebook used to have (but can be defeated with a
8 * specially crafted frame-wrapper).
9 */
10
11// Clickjacking prevention (supported by IE8+, FF3.6.9+, Opera10.5+, Safari4+, Chrome 4.1.249.1042+)
12header('X-Frame-Options: DENY');
13
14require "lib/OAuth2StoragePdo.php";
15
16/*
17 * You would need to authenticate the user before authorization.
18 *
19 * Below is some psudeo-code to show what you might do:
20 *
21session_start();
22if (!isLoggedIn()) {
23        redirectToLoginPage();
24        exit();
25}
26 */
27
28$oauth = new OAuth2(new OAuth2StoragePDO());
29
30if ($_POST) {
31        $userId = '12345'; // Use whatever method you have for identifying users.
32        $oauth->finishClientAuthorization($_POST["accept"] == "Yep", $userId, $_POST);
33}
34
35try {
36        $auth_params = $oauth->getAuthorizeParams();
37} catch (OAuth2ServerException $oauthError) {
38        $oauthError->sendHttpResponse();
39}
40
41?>
42<html>
43<head>
44<title>Authorize</title>
45<script>
46        if (top != self) {
47                window.document.write("<div style='background:black; opacity:0.5; filter: alpha (opacity = 50); position: absolute; top:0px; left: 0px;"
48                + "width: 9999px; height: 9999px; zindex: 1000001' onClick='top.location.href=window.location.href'></div>");
49        }
50  </script>
51</head>
52<body>
53<form method="post" action="authorize.php">
54 
55   
56      <?php
57      foreach ($auth_params as $key => $value) : ?>
58        <input type="hidden"
59        name="<?php echo htmlspecialchars($key, ENT_QUOTES); ?>"
60        value="<?php echo htmlspecialchars($value, ENT_QUOTES); ?>" />
61      <?php endforeach; ?>
62      Do you authorize the app to do its thing?
63      <p><input type="submit" name="accept" value="Yep" /> <input
64        type="submit" name="accept" value="Nope" /></p>
65</form>
66</body>
67</html>
Note: See TracBrowser for help on using the repository browser.