Projects/nettsiden
Projects
/
nettsiden
8
2
Fork 0
Code Issues 15 Pull Requests 2 Activity

Added some more checking for oauth2-client

This commit is contained in:
Kasper Rynning-Tønnesen 2016-07-01 15:13:45 +02:00
parent 1b85303566
commit c7ed6513f0
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
OAuth2Client.php
View File

@ -33,19 +33,20 @@ class OAuth2 {
$this->response_type = isset($params["response_type"]) ? $params["response_type"] : "code";
}
public function get_access_token($state = false) {
public function get_access_token(
$state = mysql_real_escape_string($_GET['state']),
$code = mysql_real_escape_string($_GET['code'])) {
if($this->session && $state) {
if($_SESSION['state'] != $state) {
die('States does not match');
}
}
$access_token = $this->get_oauth_token();
$access_token = $this->get_oauth_token($code);
return $access_token;
}
private function get_oauth_token() {
$code = htmlspecialchars($_GET['code']);
private function get_oauth_token($code) {
$params = array(
'grant_type' => $this->grant_type,
'client_id' => $this->client_id,
@ -67,6 +68,7 @@ class OAuth2 {
}
public function get_identity($access_token, $identity_url) {
if(!$access_token || !$identity_url) throw new Exception("Missing either \$access_token or \$identity_url in get_identity function.");
$params = array(
'access_token' => $access_token,
);