diff options
| author | Minteck <contact@minteck.org> | 2022-01-01 10:37:28 +0100 |
|---|---|---|
| committer | Minteck <contact@minteck.org> | 2022-01-01 10:37:28 +0100 |
| commit | ef055e79855cf3be1ad5e1aa5f9ebad480062384 (patch) | |
| tree | ff074b29a7a87c3ccfc3b10741bbe30cb28e103e /admin/callback | |
| parent | e3a79df6428799024eac64e9cffbb062317aeb95 (diff) | |
| download | main-ef055e79855cf3be1ad5e1aa5f9ebad480062384.tar.gz main-ef055e79855cf3be1ad5e1aa5f9ebad480062384.tar.bz2 main-ef055e79855cf3be1ad5e1aa5f9ebad480062384.zip | |
Diffstat (limited to 'admin/callback')
| -rw-r--r-- | admin/callback/index.php | 55 |
1 files changed, 0 insertions, 55 deletions
diff --git a/admin/callback/index.php b/admin/callback/index.php deleted file mode 100644 index f938621..0000000 --- a/admin/callback/index.php +++ /dev/null @@ -1,55 +0,0 @@ -<?php
-
-// TODO: handle errors
-
-if (!isset($_GET['code'])) {
- die();
-}
-
-$appdata = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/admin/private/app.json"), true);
-
-$crl = curl_init('https://account.minteck.org/hub/hub/api/rest/oauth2/token');
-curl_setopt($crl, CURLOPT_RETURNTRANSFER, true);
-curl_setopt($crl, CURLINFO_HEADER_OUT, true);
-curl_setopt($crl, CURLOPT_POST, true);
-curl_setopt($crl, CURLOPT_HTTPHEADER, [
- "Authorization: Basic " . base64_encode($appdata["id"] . ":" . $appdata["secret"]),
- "Content-Type: application/x-www-form-urlencoded",
- "Accept: application/json"
-]);
-curl_setopt($crl, CURLOPT_POSTFIELDS, "grant_type=authorization_code&redirect_uri=" . urlencode("https://minteck.org/admin/callback") . "&code=" . $_GET['code']);
-
-$result = curl_exec($crl);
-$result = json_decode($result, true);
-
-curl_close($crl);
-
-if (isset($result["access_token"])) {
- $crl = curl_init('https://account.minteck.org/hub/hub/api/rest/users/me');
- curl_setopt($crl, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($crl, CURLINFO_HEADER_OUT, true);
- curl_setopt($crl, CURLOPT_HTTPHEADER, [
- "Authorization: Bearer " . $result["access_token"],
- "Accept: application/json"
- ]);
-
- $result = curl_exec($crl);
- $result = json_decode($result, true);
-
- $login = false;
- foreach (json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/admin/private/permissions.json"), true) as $id => $user) {
- if ($result["id"] === $id && in_array("login", $user)) {
- $login = true;
- }
- }
-
- if ($login) {
- $token = bin2hex(random_bytes(32));
- file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/admin/private/tokens/" . $token, json_encode($result));
- setcookie("ADMIN_TOKEN", $token, 0, "/", ".minteck.org", true, true);
-
- header("Location: /admin");
- } else {
- header("Location: /?admin");
- }
-}
\ No newline at end of file |