本文整理汇总了PHP中OAuthServer::verify_request方法的典型用法代码示例。如果您正苦于以下问题:PHP OAuthServer::verify_request方法的具体用法?PHP OAuthServer::verify_request怎么用?PHP OAuthServer::verify_request使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类OAuthServer的用法示例。
在下文中一共展示了OAuthServer::verify_request方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: handleOAuthBodyPOST
function handleOAuthBodyPOST($oauth_consumer_key, $oauth_consumer_secret)
{
$request_headers = OAuthUtil::get_headers();
// print_r($request_headers);
// Must reject application/x-www-form-urlencoded
if ($request_headers['Content-type'] == 'application/x-www-form-urlencoded' ) {
throw new Exception("OAuth request body signing must not use application/x-www-form-urlencoded");
}
if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
$header_parameters = OAuthUtil::split_header($request_headers['Authorization']);
// echo("HEADER PARMS=\n");
// print_r($header_parameters);
$oauth_body_hash = $header_parameters['oauth_body_hash'];
// echo("OBH=".$oauth_body_hash."\n");
}
if ( ! isset($oauth_body_hash) ) {
throw new Exception("OAuth request body signing requires oauth_body_hash body");
}
// Verify the message signature
$store = new TrivialOAuthDataStore();
$store->add_consumer($oauth_consumer_key, $oauth_consumer_secret);
$server = new OAuthServer($store);
$method = new OAuthSignatureMethod_HMAC_SHA1();
$server->add_signature_method($method);
$request = OAuthRequest::from_request();
global $LastOAuthBodyBaseString;
$LastOAuthBodyBaseString = $request->get_signature_base_string();
// echo($LastOAuthBodyBaseString."\n");
try {
$server->verify_request($request);
} catch (Exception $e) {
$message = $e->getMessage();
throw new Exception("OAuth signature failed: " . $message);
}
$postdata = file_get_contents('php://input');
// echo($postdata);
$hash = base64_encode(sha1($postdata, TRUE));
if ( $hash != $oauth_body_hash ) {
throw new Exception("OAuth oauth_body_hash mismatch");
}
return $postdata;
}示例2: __construct
/**
* Create new Basic LTI access object
*
* @param string $key
* @param string $secret
*
* @throws \Exception
*/
public function __construct($key, $secret)
{
$request = \OAuthRequest::from_request();
$oauth_consumer_key = $request->get_parameter("oauth_consumer_key");
// ensure the key in the request matches the locally supplied one
if ($oauth_consumer_key == null) {
throw new \Exception("Missing oauth_consumer_key in request");
}
if ($oauth_consumer_key != $key) {
throw new \Exception("oauth_consumer_key doesn't match supplied key");
}
// verify the message signature
$store = new TrivialOAuthDataStore($oauth_consumer_key, $secret);
$server = new \OAuthServer($store);
$method = new \OAuthSignatureMethod_HMAC_SHA1();
$server->add_signature_method($method);
$server->verify_request($request);
$this->request = $request;
}示例3: handle_oauth_body_post
function handle_oauth_body_post($oauthconsumerkey, $oauthconsumersecret, $body, $requestheaders = null)
{
if ($requestheaders == null) {
$requestheaders = OAuthUtil::get_headers();
}
// Must reject application/x-www-form-urlencoded.
if (isset($requestheaders['Content-type'])) {
if ($requestheaders['Content-type'] == 'application/x-www-form-urlencoded') {
throw new OAuthException("OAuth request body signing must not use application/x-www-form-urlencoded");
}
}
if (@substr($requestheaders['Authorization'], 0, 6) == "OAuth ") {
$headerparameters = OAuthUtil::split_header($requestheaders['Authorization']);
$oauthbodyhash = $headerparameters['oauth_body_hash'];
}
if (!isset($oauthbodyhash)) {
throw new OAuthException("OAuth request body signing requires oauth_body_hash body");
}
// Verify the message signature.
$store = new TrivialOAuthDataStore();
$store->add_consumer($oauthconsumerkey, $oauthconsumersecret);
$server = new OAuthServer($store);
$method = new OAuthSignatureMethod_HMAC_SHA1();
$server->add_signature_method($method);
$request = OAuthRequest::from_request();
try {
$server->verify_request($request);
} catch (\Exception $e) {
$message = $e->getMessage();
throw new OAuthException("OAuth signature failed: " . $message);
}
$postdata = $body;
$hash = base64_encode(sha1($postdata, true));
if ($hash != $oauthbodyhash) {
throw new OAuthException("OAuth oauth_body_hash mismatch");
}
return $postdata;
}示例4: while
function __construct($parm = false, $usesession = true, $doredirect = true)
{
global $link;
$this->message = "blti loaded";
// If this request is not an LTI Launch, either
// give up or try to retrieve the context from session
if (!is_basic_lti_request()) {
if ($usesession === false) {
return;
}
if (strlen(session_id()) > 0) {
$row = $_SESSION['_basiclti_lti_row'];
if (isset($row)) {
$this->row = $row;
}
$context_id = $_SESSION['_basiclti_lti_context_id'];
if (isset($context_id)) {
$this->context_id = $context_id;
}
$info = $_SESSION['_basic_lti_context'];
if (isset($info)) {
$this->info = $info;
$this->valid = true;
return;
}
$this->message = "Could not find context in session";
return;
}
$this->message = "Session not available";
return;
}
// Insure we have a valid launch
if (empty($_REQUEST["oauth_consumer_key"])) {
$this->message = "Missing oauth_consumer_key in request";
return;
}
$oauth_consumer_key = $_REQUEST["oauth_consumer_key"];
// Find the secret - either from the parameter as a string or
// look it up in a database from parameters we are given
$secret = false;
$row = false;
if (is_string($parm)) {
$secret = $parm;
} else {
if (!is_array($parm)) {
$this->message = "Constructor requires a secret or database information.";
return;
} else {
//changelog: parms -> parm (typo) throughout
$sql = 'SELECT * FROM ' . $parm['table'] . ' WHERE ' . ($parm['key_column'] ? $parm['key_column'] : 'oauth_consumer_key') . '=' . "'" . mysqli_real_escape_string($link, $oauth_consumer_key) . "'";
$result = mysqli_query($link, $sql);
//echo $sql;
$num_rows = mysqli_num_rows($result);
if ($num_rows != 1) {
$this->message = "Your consumer is not authorized oauth_consumer_key=" . $oauth_consumer_key . " " . $sql;
return;
} else {
while ($row = mysqli_fetch_assoc($result)) {
$secret = $row[$parm['secret_column'] ? $parm['secret_column'] : 'secret'];
$context_id = $row[$parm['context_column'] ? $parm['context_column'] : 'context_id'];
if ($context_id) {
$this->context_id = $context_id;
}
//changelog: look for token. probably get rid of this at some point, since I've separated the key/secret table from tokens
//if($row['token'] !="")$token = $_SESSION['token']=$row['token'];
//setcookie("ttable",$parm['table']);//use this to update bad tokens in get_token_domain
$this->row = $row;
break;
}
if (!is_string($secret)) {
$this->message = "Could not retrieve secret oauth_consumer_key=" . $oauth_consumer_key;
return;
}
}
}
}
// Verify the message signature
$store = new TrivialOAuthDataStore();
$store->add_consumer($oauth_consumer_key, $secret);
$server = new OAuthServer($store);
$method = new OAuthSignatureMethod_HMAC_SHA1();
$server->add_signature_method($method);
$request = OAuthRequest::from_request();
$this->basestring = $request->get_signature_base_string();
try {
$server->verify_request($request);
$this->valid = true;
} catch (Exception $e) {
$this->message = $e->getMessage();
return;
}
// Store the launch information in the session for later
$newinfo = array();
foreach ($_POST as $key => $value) {
if ($key == "basiclti_submit") {
continue;
}
if (strpos($key, "oauth_") === false) {
$newinfo[$key] = $value;
continue;
//.........这里部分代码省略.........
示例5: init_lti
//.........这里部分代码省略.........
while ($row = mysql_fetch_assoc($result)) {
$secret = $row[$this->parms['secret_column'] ? $this->parms['secret_column'] : 'secret'];
$context_id = $row[$this->parms['context_column'] ? $this->parms['context_column'] : 'context_id'];
if ($context_id) {
$this->context_id = $context_id;
}
$this->row = $row;
break;
}
if (!is_string($secret)) {
$this->message = "Could not retrieve secret oauth_consumer_key=" . $oauth_consumer_key;
return;
}
}
} elseif ($this->parm['dbtype'] == 'mysqli') {
if ($this->db->error) {
try {
throw new Exception("0MySQL error {$mysqli->error} <br> Query:<br> {$query}", $msqli->errno);
} catch (Exception $e) {
echo "Error No: " . $e->getCode() . " - " . $e->getMessage() . "<br >";
echo nl2br($e->getTraceAsString());
}
}
$stmt = $this->db->prepare("SELECT secret,context_id,name FROM " . $this->parm['table_prefix'] . "lti_keys WHERE oauth_consumer_key=? AND `deleted` IS NULL");
$db = $this->db;
if ($db->error) {
try {
throw new Exception("0MySQL error {$db->error} <br> Query:<br> ", $db->errno);
} catch (Exception $e) {
echo "Error No: " . $e->getCode() . " - " . $e->getMessage() . "<br >";
echo nl2br($e->getTraceAsString());
exit;
}
}
$stmt->bind_param('s', $oauth_consumer_key);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($rsecret, $rcontext_id, $rname);
$stmt->fetch();
$secret = $rsecret;
$name = $rname;
if (isset($rcontext_id)) {
$this->context_id = $rcontext_id;
}
$stmt->close();
if (!is_string($secret)) {
$this->message = "Could not retrieve secret oauth_consumer_key=" . $oauth_consumer_key;
return;
}
}
}
}
// Verify the message signature
$store = new TrivialOAuthDataStore();
$store->add_consumer($oauth_consumer_key, $secret);
$server = new OAuthServer($store);
$method = new OAuthSignatureMethod_HMAC_SHA1();
$server->add_signature_method($method);
$request = OAuthRequest::from_request();
$this->basestring = $request->get_signature_base_string();
try {
$server->verify_request($request);
$this->valid = true;
} catch (Exception $e) {
$this->message = $e->getMessage();
return;
}
// Store the launch information in the session for later
$newinfo = array();
foreach ($_POST as $key => $value) {
if ($key == "basiclti_submit") {
continue;
}
if (strpos($key, "oauth_") === false) {
$newinfo[$key] = $value;
continue;
}
if ($key == "oauth_consumer_key") {
$newinfo[$key] = $value;
continue;
}
}
$newinfo['oauth_consumer_secret'] = $secret;
$this->info = $newinfo;
if ($usesession == true and strlen(session_id()) > 0) {
$_SESSION['_lti_context'] = $this->info;
unset($_SESSION['_lti_row']);
unset($_SESSION['_lti_context_id']);
if ($this->row) {
$_SESSION['_lti_row'] = $this->row;
}
if ($this->context_id) {
$_SESSION['_lti_context_id'] = $this->context_id;
}
}
if ($this->valid && $doredirect) {
$this->redirect();
$this->complete = true;
}
}示例6: _authenticate
/**
* Check the authenticity of the LTI launch request.
*
* The consumer, resource link and user objects will be initialised if the request is valid.
*
* @return boolean True if the request has been successfully validated.
*/
protected function _authenticate()
{
if (!$this->Provider->isOK) {
return false;
}
try {
$this->loadModel('Lti.OAuthStore');
$store = new OAuthStore($this->Provider, $this->Consumer);
$server = new OAuthServer($this->OAuthStore);
$method = new OAuthSignatureMethod_HMAC_SHA1();
$server->add_signature_method($method);
$request = OAuthRequest::from_request();
$res = $server->verify_request($request);
} catch (Exception $e) {
$this->Provider->isOK = FALSE;
if (empty($this->Provider->reason)) {
if ($this->Provider->debugMode) {
$oconsumer = new OAuthConsumer($this->Consumer->consumer_key, $this->Consumer->secret);
$signature = $request->build_signature($method, $oconsumer, FALSE);
$this->Provider->reason = $e->getMessage();
if (empty($this->Provider->reason)) {
$this->Provider->reason = 'OAuth exception';
}
$this->Provider->details[] = 'Timestamp: ' . time();
$this->Provider->details[] = "Signature: {$signature}";
$this->Provider->details[] = "Base string: {$request->base_string}]";
} else {
$this->Provider->reason = 'OAuth signature check failed - perhaps an incorrect secret or timestamp.';
}
}
return false;
}
return true;
}示例7: verify3LeggedOAuth
/**
* The 'clasic' 3 legged OAuth, where the user went through the OAuth dance and granted the remote app
* access to his/her data.
*/
private function verify3LeggedOAuth($oauthRequest, $userId, $appUrl, $dataStore)
{
$server = new OAuthServer($dataStore);
$server->add_signature_method(new OAuthSignatureMethod_HMAC_SHA1());
$server->add_signature_method(new OAuthSignatureMethod_PLAINTEXT());
list($consumer, $token) = $server->verify_request($oauthRequest);
$oauthUserId = $dataStore->get_user_id($token);
if ($userId && $oauthUserId && $oauthUserId != $userId) {
return null;
// xoauth_requestor_id was provided, but does not match oauth token -> fail
} else {
$userId = $oauthUserId;
// use userId from oauth token
return new OAuthSecurityToken($userId, $appUrl, 0, "partuza");
}
}示例8: TrivialOAuthDataStore
if ( ! isset($oauth_consumer_key) ) doError("Not permitted");
// Verify the message signature
$store = new TrivialOAuthDataStore();
$store->add_consumer($oauth_consumer_key, $oauth_secret);
$server = new OAuthServer($store);
$method = new OAuthSignatureMethod_HMAC_SHA1();
$server->add_signature_method($method);
$request = OAuthRequest::from_request();
$basestring = $request->get_signature_base_string();
try {
$server->verify_request($request);
} catch (Exception $e) {
doError($e->getMessage());
}
// Beginning of actual grade processing
if ( $message_type == "basicoutcome" ) {
if ( ! isset( $basiclti_content_row['gradebook_test_id'] ) ) {
doError("Not permitted");
}
// TODO: Greg - Is this appropriate? It would be nice to allow this.
if ( $atutor_course_membership_row['role'] == 'Instructor' ) {
doError('Grades not supported for instructors');
}
示例9: checkOAuthRequest
/**
* Verifies the OAuth request signature, sets the auth user
* and access type (read-only or read-write)
*
* @param OAuthRequest $request the OAuth Request
*
* @return nothing
*/
function checkOAuthRequest($request)
{
$datastore = new ApiStatusNetOAuthDataStore();
$server = new OAuthServer($datastore);
$hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
$server->add_signature_method($hmac_method);
try {
$server->verify_request($request);
$consumer = $request->get_parameter('oauth_consumer_key');
$access_token = $request->get_parameter('oauth_token');
$app = Oauth_application::getByConsumerKey($consumer);
if (empty($app)) {
common_log(LOG_WARNING, 'Couldn\'t find the OAuth app for consumer key: ' . $consumer);
throw new OAuthException('No application for that consumer key.');
}
// set the source attr
$this->source = $app->name;
$appUser = Oauth_application_user::staticGet('token', $access_token);
if (!empty($appUser)) {
// If access_type == 0 we have either a request token
// or a bad / revoked access token
if ($appUser->access_type != 0) {
// Set the access level for the api call
$this->access = $appUser->access_type & Oauth_application::$writeAccess ? self::READ_WRITE : self::READ_ONLY;
// Set the auth user
if (Event::handle('StartSetApiUser', array(&$user))) {
$this->auth_user = User::staticGet('id', $appUser->profile_id);
Event::handle('EndSetApiUser', array($user));
}
$msg = "API OAuth authentication for user '%s' (id: %d) on behalf of " . "application '%s' (id: %d) with %s access.";
common_log(LOG_INFO, sprintf($msg, $this->auth_user->nickname, $this->auth_user->id, $app->name, $app->id, ($this->access = self::READ_WRITE) ? 'read-write' : 'read-only'));
} else {
throw new OAuthException('Bad access token.');
}
} else {
// Also should not happen
throw new OAuthException('No user for that token.');
}
} catch (OAuthException $e) {
common_log(LOG_WARNING, 'API OAuthException - ' . $e->getMessage());
$this->clientError($e->getMessage(), 401, $this->format);
exit;
}
}示例10: IMathASLTIOAuthDataStore
echo "BasicLTI not enabled";
exit;
}
//check OAuth Signature!
require_once '../includes/OAuth.php';
require_once '../includes/ltioauthstore.php';
//set up OAuth
$LTImode = "consumer";
$store = new IMathASLTIOAuthDataStore();
$server = new OAuthServer($store);
$method = new OAuthSignatureMethod_HMAC_SHA1();
$server->add_signature_method($method);
$request = OAuthRequest::from_request();
$base = $request->get_signature_base_string();
try {
$requestinfo = $server->verify_request($request);
} catch (Exception $e) {
echo 'Invalid credentials';
//fwrite($fp, "Invalid credentials\n");
exit;
}
$store->mark_nonce_used($request);
//signature checks out. Proceed
$xml = file_get_contents('php://input');
//fwrite($fp, "sig OK. XML: ".$xml."\n");
preg_match('/<imsx_messageIdentifier>\\s*(.*?)\\s*<\\/imsx_messageIdentifier>/is', $xml, $matches);
$msgid = $matches[1];
if (strpos($xml, 'replaceResultRequest') !== false) {
preg_match('/<sourcedId>\\s*(.*?)\\s*<\\/sourcedId>.*?<textString>\\s*(.*?)<\\/textString>/is', $xml, $matches);
list($sig, $rlid, $userid) = explode('::', $matches[1]);
if (!is_numeric($matches[2])) {示例11: validate
/**
* Validates the signature of the current request
*
* @access protected
* @author Joel Bout, <joel@taotesting.com>
* @param common_http_Request request
* @throws common_Exception exception thrown if validation fails
*/
public function validate(common_http_Request $request, common_http_Credentials $credentials = null)
{
$server = new OAuthServer(new tao_models_classes_oauth_DataStore());
$method = new OAuthSignatureMethod_HMAC_SHA1();
$server->add_signature_method($method);
try {
$oauthRequest = $this->getOauthRequest($request);
$server->verify_request($oauthRequest);
} catch (OAuthException $e) {
throw new common_http_InvalidSignatureException('Validation failed: ' . $e->getMessage());
}
}示例12: authenticate
//.........这里部分代码省略.........
}
}
}
// Check consumer key
if ($this->isOK) {
$this->isOK = isset($_POST['oauth_consumer_key']);
if (!$this->isOK) {
$this->reason = 'Missing consumer key.';
}
}
if ($this->isOK) {
$this->consumer = new LTI_Tool_Consumer($_POST['oauth_consumer_key'], $this->data_connector);
$this->isOK = !is_null($this->consumer->created);
if (!$this->isOK) {
$this->reason = 'Invalid consumer key.';
}
}
$now = time();
if ($this->isOK) {
$today = date('Y-m-d', $now);
if (is_null($this->consumer->last_access)) {
$doSaveConsumer = TRUE;
} else {
$last = date('Y-m-d', $this->consumer->last_access);
$doSaveConsumer = $doSaveConsumer || $last != $today;
}
$this->consumer->last_access = $now;
try {
$store = new LTI_OAuthDataStore($this);
$server = new OAuthServer($store);
$method = new OAuthSignatureMethod_HMAC_SHA1();
$server->add_signature_method($method);
$request = OAuthRequest::from_request();
$res = $server->verify_request($request);
} catch (Exception $e) {
$this->isOK = FALSE;
if (empty($this->reason)) {
if ($this->debugMode) {
$consumer = new OAuthConsumer($this->consumer->getKey(), $this->consumer->secret);
$signature = $request->build_signature($method, $consumer, FALSE);
$this->reason = $e->getMessage();
if (empty($this->reason)) {
$this->reason = 'OAuth exception';
}
$this->details[] = 'Timestamp: ' . time();
$this->details[] = "Signature: {$signature}";
$this->details[] = "Base string: {$request->base_string}]";
} else {
$this->reason = 'OAuth signature check failed - perhaps an incorrect secret or timestamp.';
}
}
}
}
if ($this->isOK && $this->consumer->protected) {
if (!is_null($this->consumer->consumer_guid)) {
$this->isOK = isset($_POST['tool_consumer_instance_guid']) && !empty($_POST['tool_consumer_instance_guid']) && $this->consumer->consumer_guid == $_POST['tool_consumer_instance_guid'];
if (!$this->isOK) {
$this->reason = 'Request is from an invalid tool consumer.';
}
} else {
$this->isOK = isset($_POST['tool_consumer_instance_guid']);
if (!$this->isOK) {
$this->reason = 'A tool consumer GUID must be included in the launch request.';
}
}
}示例13: checkSignature
/**
* Check the reqest signature
* @return mixed Exception or true
*/
private function checkSignature($a_key, $a_secret)
{
require_once $this->plugin_path . '/lib/OAuth.php';
require_once $this->plugin_path . '/lib/TrivialOAuthDataStore.php';
$store = new TrivialOAuthDataStore();
$store->add_consumer($this->fields['KEY'], $this->fields['SECRET']);
$server = new OAuthServer($store);
$method = new OAuthSignatureMethod_HMAC_SHA1();
$server->add_signature_method($method);
$request = OAuthRequest::from_request();
try {
$server->verify_request($request);
} catch (Exception $e) {
return $e;
}
return true;
}示例14: TrivialOAuthDataStore
function __construct($consumer = false, $shared_secret = false, $usesession = true, $doredirect = true)
{
// If this request is not an LTI Launch, either
// give up or try to retrieve the context from session
$myKeys[$consumer] = $shared_secret;
if (!is_basic_lti_request()) {
if ($usesession === false) {
return;
}
if (strlen(session_id()) > 0) {
$row = $_SESSION['_basiclti_lti_row'];
if (isset($row)) {
$this->row = $row;
}
$context_id = $_SESSION['_basiclti_lti_context_id'];
if (isset($context_id)) {
$this->context_id = $context_id;
}
$info = $_SESSION['_basic_lti_context'];
if (isset($info)) {
$this->info = $info;
$this->valid = true;
return;
}
$this->message = "Could not find context in session";
return;
}
$this->message = "Session not available";
return;
}
// Insure we have a valid launch
if (empty($_REQUEST["oauth_consumer_key"])) {
$this->message = "Missing oauth_consumer_key in request";
return;
}
$oauth_consumer_key = $_REQUEST["oauth_consumer_key"];
// Find the secret - either form the parameter as a string or
// look it up in a database from parameters we are given
$secret = false;
$row = false;
if (is_string($consumer)) {
$secret = $consumer;
} else {
$secret = $keys['secret'];
// echo "SECRET: " . $secret;
}
$secret = $myKeys[$oauth_consumer_key];
// echo "SECRET: " . $secret;
// Verify the message signature
$store = new TrivialOAuthDataStore();
$store->add_consumer($oauth_consumer_key, $secret);
$server = new OAuthServer($store);
$method = new OAuthSignatureMethod_HMAC_SHA1();
$server->add_signature_method($method);
$request = OAuthRequest::from_request();
$this->basestring = $request->get_signature_base_string();
//echo $this->basestring;
try {
$server->verify_request($request);
$this->valid = true;
} catch (Exception $e) {
$this->message = $e->getMessage();
return;
}
// Store the launch information in the session for later
$newinfo = array();
foreach ($_POST as $key => $value) {
if ($key == "basiclti_submit") {
continue;
}
if (strpos($key, "oauth_") === false) {
$newinfo[$key] = $value;
continue;
}
if ($key == "oauth_consumer_key") {
$newinfo[$key] = $value;
continue;
}
}
$this->info = $newinfo;
if ($usesession == true and strlen(session_id()) > 0) {
$_SESSION['_basic_lti_context'] = $this->info;
unset($_SESSION['_basiclti_lti_row']);
unset($_SESSION['_basiclti_lti_context_id']);
if ($this->row) {
$_SESSION['_basiclti_lti_row'] = $this->row;
}
if ($this->context_id) {
$_SESSION['_basiclti_lti_context_id'] = $this->context_id;
}
}
if ($this->valid && $doredirect) {
$this->redirect();
$this->complete = true;
}
}示例15: isAuthenticated
/**
* Tries to authenticate the LTI launch request based on the provided launch parameters.
*
* @return bool True if authenticated, otherwise false.
*/
public function isAuthenticated()
{
// Check if a consumer key was provided. If not, we have nothing to authenticate and therefore return false.
if (!empty($this->launchParams["oauth_consumer_key"])) {
// Check if a data store of consumer secrets has been set. If not, authentication has been disabled.
if (!isset($this->consumerSecrets)) {
return true;
}
// Perform OAuth verification on the launch parameters.
$server = new OAuthServer($this->consumerSecrets);
$server->add_signature_method(new OAuthSignatureMethod_HMAC_SHA1());
$request = OAuthRequest::from_request(null, null, $_REQUEST);
try {
$server->verify_request($request);
return true;
} catch (Exception $ex) {
if (Config::get("debug")) {
exit($ex);
}
return false;
}
}
return false;
}