58 lines
1.3 KiB
PHP
58 lines
1.3 KiB
PHP
<?php
|
|
|
|
// echo exec('whoami');
|
|
exit();
|
|
$z=1/0;
|
|
use Lrf141\OAuth2\Client\Provider\Mastodon;
|
|
$config = json_decode(file_get_contents("config.json", true));
|
|
|
|
session_start();
|
|
|
|
$provider = new Mastodon([
|
|
'clientId' => $config.oauth.key,
|
|
'clientSecret' => $config.oauth.secret,
|
|
'redirectUri' => 'https://tty.hackers.town/auth',
|
|
'instance' => 'https://hackers.town',
|
|
'scope' => 'read:accounts',
|
|
]);
|
|
|
|
|
|
if (!isset($_GET['code'])) {
|
|
|
|
$authUrl = $provider->getAuthorizationUrl();
|
|
|
|
$_SESSION['oauth2state'] = $provider->getState();
|
|
header('Location: '.$authUrl);
|
|
exit;
|
|
|
|
// Check given state against previously stored one to mitigate CSRF attack
|
|
} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {
|
|
|
|
unset($_SESSION['oauth2state']);
|
|
exit('Invalid state');
|
|
|
|
} else {
|
|
|
|
// Try to get an access token (using the authorization code grant)
|
|
$token = $provider->getAccessToken('authorization_code', [
|
|
'code' => $_GET['code']
|
|
]);
|
|
|
|
// Optional: Now you have a token you can look up a users profile data
|
|
try {
|
|
|
|
$user = $provider->getResourceOwner($token);
|
|
|
|
echo $user->getName();
|
|
|
|
} catch(Exception $e) {
|
|
|
|
|
|
exit('Oh dear...');
|
|
}
|
|
|
|
|
|
echo $token->getToken();
|
|
}
|
|
|
|
?>
|