-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathplus.php
executable file
·101 lines (90 loc) · 2.81 KB
/
plus.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
<?php
session_start();
ini_set('display_errors', 1);
header('Access-Control-Allow-Origin: *');
// Settings
include_once ('config.default.php');
@include_once ('config.php'); // first install
$admins = explode(',', $config['admins']);
// Includes
include_once ('utils.php');
set_include_path("lib/google-api/src/" . PATH_SEPARATOR . get_include_path());
require_once 'Google/Client.php';
require_once 'Google/Service.php';
require_once 'Google/Service/Plus.php';
/************************************************
Check CSRF attack
*************************************************/
/* TODO
if (isset($_POST['state']) && isset($_SESSION['state'])) {
if (!($_POST['state'] == $_SESSION['state'])) {
header($_SERVER['SERVER_PROTOCOL'] . ' Unauthorized' , true, 401);
exit;
}
} else {
header($_SERVER['SERVER_PROTOCOL'] . ' Unauthorized' , true, 401);
exit;
}
*/
$client = new Google_Client();
$client->setClientId($config['client_id']);
$client->setClientSecret($config['client_secret']);
$client->setRedirectUri('postmessage');
$client->setAccessType('offline'); // for refresh token, but never received it...
$client->addScope("https://www.googleapis.com/auth/plus.me");
$client->addScope("https://www.googleapis.com/auth/userinfo.email");
if (!isset($_REQUEST['action']))
respond ('missing action parameter', true);
switch($_REQUEST['action']) {
case 'init':
if (isset ($_SESSION['me']))
respond ($_SESSION['me']);
elseif ($config['admin_mode'])
respond (array (
'displayName' => 'Admin Mode',
'email' => '',
'picture' => '',
'isadmin' => true
));
else
respond ();
break;
case 'logout':
session_unset ();
respond ('Logged out');
break;
case 'revoke':
$token = json_decode($_SESSION['access_token'])->access_token;
$discon = $client->revokeToken($token);
session_unset();
respond ('Revoked');
break;
case 'login':
if (isset($_REQUEST['code'])) {
$client->authenticate($_REQUEST['code']);
unset($_SESSION['logout']);
$_SESSION['access_token'] = $client->getAccessToken();
$_SESSION['me'] = getInfo ($_SESSION['access_token']);
respond ($_SESSION['me']);
} else
respond ('missing code', true);
break;
default: respond ("unknown action", true);
}
function getInfo ($access_token) {
global $client, $admins;
$client->setAccessToken($_SESSION['access_token']);
$plus = new Google_Service_Plus($client);
try {
$me = $plus->people->get('me');
} catch (Exception $e) {
respond ($e->getMessage(), true);
}
$email = $me->getEmails()[0]['value'];
return array (
'displayName' => $me->displayName,
'email' => $email,
'picture' => $me->getImage()->getUrl(),
'isadmin' => in_array($email, $admins)
);
}