Skip to content

Commit afc411d

Browse files
JakoothJakooth
committed
Merge oauth file changes
Also db backup and adding mthumb to source.
1 parent 04e482e commit afc411d

File tree

6 files changed

+12843
-84
lines changed

6 files changed

+12843
-84
lines changed

forcore/forplay_forcore_06042017.sql

+11,103
Large diffs are not rendered by default.

forsecret/db.php

+36-36
Original file line numberDiff line numberDiff line change
@@ -1,37 +1,37 @@
1-
<?php
2-
$host = '<--!localhost-->';
3-
$user = '<--!root-->';
4-
$password = '<--!password-->';
5-
$db = '<--!forplay-->';
6-
7-
$link = mysqli_connect($host, $user, $password, $db);
8-
9-
Global $events;
10-
Global $user;
11-
Global $root;
12-
13-
$events = array();
14-
$root = "C:\\Work\\apache-httpd-2.4.16\\htdocs\\forplay";
15-
16-
if (mysqli_connect_errno()) {
17-
$events['mysql'] = array(
18-
'connection' => false,
19-
'error' => mysqli_connect_error(),
20-
'code' => mysqli_connect_errno()
21-
);
22-
} else {
23-
$events['mysql'] = array(
24-
'connection' => true
25-
);
26-
}
27-
28-
$utf_sql = "SET character_set_results = 'utf8',
29-
character_set_client = 'utf8',
30-
character_set_connection = 'utf8',
31-
character_set_database = 'utf8',
32-
character_set_server = 'utf8';";
33-
34-
mysqli_query($link, $utf_sql);
35-
36-
include ('oauth.php');
1+
<?php
2+
$host = '<--!localhost-->';
3+
$id = '<--!root-->';
4+
$password = '<--!password-->';
5+
$db = '<--!forplay-->';
6+
7+
$link = mysqli_connect($host, $id, $password, $db);
8+
9+
Global $events;
10+
Global $user;
11+
Global $root;
12+
13+
$events = array();
14+
$root = "C:\\Work\\apache-httpd-2.4.16\\htdocs\\forplay";
15+
16+
if (mysqli_connect_errno()) {
17+
$events['mysql'] = array(
18+
'connection' => false,
19+
'error' => mysqli_connect_error(),
20+
'code' => mysqli_connect_errno()
21+
);
22+
} else {
23+
$events['mysql'] = array(
24+
'connection' => true
25+
);
26+
}
27+
28+
$utf_sql = "SET character_set_results = 'utf8',
29+
character_set_client = 'utf8',
30+
character_set_connection = 'utf8',
31+
character_set_database = 'utf8',
32+
character_set_server = 'utf8';";
33+
34+
mysqli_query($link, $utf_sql);
35+
36+
include ('oauth.php');
3737
?>

forsecret/oauth.php

+36-23
Original file line numberDiff line numberDiff line change
@@ -7,17 +7,20 @@
77
/**
88
* Include required sources from composer.
99
*/
10-
require __DIR__ . '/../vendor/autoload.php';
10+
11+
require __DIR__ . '/vendor/autoload.php';
1112

1213
/**
1314
* Create simple router to check the request url.
1415
*/
16+
1517
$router = new \Bramus\Router\Router();
1618

1719
/**
1820
* This to validate secure requests and set user permissions.
1921
*/
20-
$router->before('GET|POST',
22+
23+
$router->before('GET|POST|DELETE',
2124
'(log.*|save.*|imgs.*|google.*|profiles.*|comment.*)',
2225
function ()
2326
{
@@ -33,52 +36,57 @@ function ()
3336
$authorizationHeader = isset($requestHeaders['Authorization']) ? $requestHeaders['Authorization'] : null;
3437

3538
if ($authorizationHeader == null) {
36-
header('HTTP/1.0 401 Unauthorized');
37-
38-
/**
39-
* No authorization header sent.
40-
*/
41-
4239
$events['auth0']['method'] = 'secure';
4340
$events['auth0']['authorized'] = false;
4441
$events['auth0']['api'] = true;
4542
$events['auth0']['user'] = false;
4643
$events['auth0']['message'] = 'No authorization header sent.';
4744

48-
echo json_encode(
49-
array(
50-
'events' => $events
51-
));
45+
/**
46+
* No authorization header sent.
47+
* Allow to GET comments as a public service.
48+
* POST and DELETE are restricted only to authorized users.
49+
*/
5250

53-
exit();
51+
if ($_SERVER['REQUEST_METHOD'] != 'GET' &&
52+
! strpos($requestUri, 'comment.php')) {
53+
54+
header('HTTP/1.0 401 Unauthorized');
55+
56+
echo json_encode(
57+
array(
58+
'events' => $events
59+
));
60+
61+
exit();
62+
} else {
63+
return;
64+
}
5465
}
5566

5667
/**
5768
* Validate token.
5869
*/
5970

6071
$token = str_replace('Bearer ', '', $authorizationHeader);
61-
$secret = '<--!secret-->';
62-
$client = '<--!client-->';
63-
$domain = '<--!forplay.eu.auth0.com-->';
64-
$domainUrl = '<--!https://forplay.eu.auth0.com/-->';
72+
$client = 'P8wrSYlMVUu5rZDEFGSqFL18tVfgo9Gz';
73+
$domain = 'forplay.eu.auth0.com';
74+
$domainUrl = 'https://forplay.eu.auth0.com/';
6575

6676
$decodedToken = null;
6777
$auth0Api = new Management($token, $domain);
6878

6979
$verifier = new JWTVerifier(
7080
[
7181
'suported_algs' => [
72-
'RS256',
73-
'HS256'
82+
'RS256'
7483
],
7584
'valid_audiences' => [
7685
$client
7786
],
7887
'authorized_iss' => [
7988
$domainUrl
80-
],
81-
'client_secret' => $secret
89+
]
8290
]);
8391

8492
try {
@@ -160,7 +168,8 @@ function ()
160168
/**
161169
* These is the public API to get Forplay content.
162170
*/
163-
$router->match('POST|GET', '(tags.*|search.*|forplay.*|sitemap.*)',
171+
172+
$router->match('GET|POST|DELETE', '(tags.*|search.*|forplay.*|sitemap.*)',
164173
function ()
165174
{
166175
global $events;
@@ -174,7 +183,9 @@ function ()
174183
/**
175184
* These is the private API save Forplay content and see the log.
176185
*/
177-
$router->match('POST|GET', '(log.*|save.*|imgs.*|google.*|profile.*|comment.*)',
186+
187+
$router->match('GET|POST|DELETE',
188+
'(log.*|save.*|imgs.*|google.*|profile.*|comment.*)',
178189
function ()
179190
{
180191
global $events;
@@ -188,6 +199,7 @@ function ()
188199
/**
189200
* If someone tries to access unknown API.
190201
*/
202+
191203
$router->set404(
192204
function ()
193205
{
@@ -204,5 +216,6 @@ function ()
204216
/**
205217
* Run the router.
206218
*/
219+
207220
$router->run();
208221
?>

forsecure/comment.php

+2-4
Original file line numberDiff line numberDiff line change
@@ -111,12 +111,10 @@
111111
*/
112112

113113
$comment_sql = "UPDATE for_rel_comments
114-
SET read = now()
114+
SET `read` = now()
115115
WHERE profile_id = {$profile['profile_id']};";
116116

117-
/**
118-
* TODO: Commit this thing above to MySQL.
119-
*/
117+
$comment_result = mysqli_query($link, $comment_sql);
120118

121119
echo json_encode(
122120
array(

0 commit comments

Comments
 (0)