tilde-oauth/send.php

64 lines
1.4 KiB
PHP
Executable File

<?php
// echo exec('whoami');
exit();
$z=1/0;
use Lrf141\OAuth2\Client\Provider\Mastodon;
$config = json_decode(file_get_contents("config.json", true));
session_start();
$origin = "https://tty.hackers.town";
if(file_exists("/var/www/usergen/DOMAIN_OVERRIDE")){
$origin = str_replace("\n", "", file_get_contents("/var/www/usergen/DOMAIN_OVERRIDE"));
}
$provider = new Mastodon([
'clientId' => $config.oauth.key,
'clientSecret' => $config.oauth.secret,
'redirectUri' => $origin.'/auth',
'instance' => 'https://hackers.town',
'scope' => 'read:accounts',
]);
if (!isset($_GET['code'])) {
$authUrl = $provider->getAuthorizationUrl();
$_SESSION['oauth2state'] = $provider->getState();
header('Location: '.$authUrl);
exit;
// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {
unset($_SESSION['oauth2state']);
exit('Invalid state');
} else {
// Try to get an access token (using the authorization code grant)
$token = $provider->getAccessToken('authorization_code', [
'code' => $_GET['code']
]);
// Optional: Now you have a token you can look up a users profile data
try {
$user = $provider->getResourceOwner($token);
echo $user->getName();
} catch(Exception $e) {
exit('Oh dear...');
}
echo $token->getToken();
}
?>