aboutsummaryrefslogtreecommitdiff
path: root/mod/twitter_api/lib/twitter_api.php
diff options
context:
space:
mode:
Diffstat (limited to 'mod/twitter_api/lib/twitter_api.php')
-rw-r--r--mod/twitter_api/lib/twitter_api.php370
1 files changed, 370 insertions, 0 deletions
diff --git a/mod/twitter_api/lib/twitter_api.php b/mod/twitter_api/lib/twitter_api.php
new file mode 100644
index 000000000..e163d2b3e
--- /dev/null
+++ b/mod/twitter_api/lib/twitter_api.php
@@ -0,0 +1,370 @@
+<?php
+/**
+ * Common library of functions used by Twitter Services.
+ *
+ * @package twitter_api
+ */
+
+/**
+ * Tests if the system admin has enabled Sign-On-With-Twitter
+ *
+ * @param void
+ * @return bool
+ */
+function twitter_api_allow_sign_on_with_twitter() {
+ if (!$consumer_key = elgg_get_plugin_setting('consumer_key', 'twitter_api')) {
+ return FALSE;
+ }
+
+ if (!$consumer_secret = elgg_get_plugin_setting('consumer_secret', 'twitter_api')) {
+ return FALSE;
+ }
+
+ return elgg_get_plugin_setting('sign_on', 'twitter_api') == 'yes';
+}
+
+/**
+ * Forwards the user to twitter to authenticate
+ *
+ * This includes the login URL as the callback
+ */
+function twitter_api_forward() {
+ global $SESSION;
+
+ // sanity check
+ if (!twitter_api_allow_sign_on_with_twitter()) {
+ forward();
+ }
+
+ $callback = elgg_normalize_url("twitter_api/login");
+ $request_link = twitter_api_get_authorize_url($callback);
+
+ // capture metadata about login to persist through redirects
+ $login_metadata = array(
+ 'persistent' => (bool) get_input("persistent"),
+ );
+ // capture referrer if in site, but not the twitter_api
+ if (!empty($SESSION['last_forward_from'])) {
+ $login_metadata['forward'] = $SESSION['last_forward_from'];
+ } elseif (!empty($_SERVER['HTTP_REFERER'])
+ && 0 === strpos($_SERVER['HTTP_REFERER'], elgg_get_site_url())
+ && 0 !== strpos($_SERVER['HTTP_REFERER'], elgg_get_site_url() . 'twitter_api/')) {
+ $login_metadata['forward'] = $_SERVER['HTTP_REFERER'];
+ }
+ $SESSION['twitter_api_login_metadata'] = $login_metadata;
+
+ forward($request_link, 'twitter_api');
+}
+
+/**
+ * Log in a user referred from Twitter's OAuth API
+ *
+ * If the user has already linked their account with Twitter, it is a seamless
+ * login. If this is a first time login (or a user from deprecated twitter login
+ * plugin), we create a new account (update the account).
+ *
+ * If a plugin wants to be notified when someone logs in with twitter or a new
+ * twitter user signs up, register for the standard login or create user events
+ * and check for 'twitter_api' context.
+ *
+ * The user has to be redirected from Twitter for this to work. It depends on
+ * the Twitter OAuth data.
+ */
+function twitter_api_login() {
+ /* @var ElggSession $SESSION */
+ global $SESSION;
+
+ // sanity check
+ if (!twitter_api_allow_sign_on_with_twitter()) {
+ forward();
+ }
+
+ $token = twitter_api_get_access_token(get_input('oauth_verifier'));
+
+ $persistent = false;
+ $forward = '';
+
+ // fetch login metadata from session
+ $login_metadata = $SESSION['twitter_api_login_metadata'];
+ unset($SESSION['twitter_api_login_metadata']);
+ if (!empty($login_metadata['persistent'])) {
+ $persistent = true;
+ }
+ if (!empty($login_metadata['forward'])) {
+ $forward = $login_metadata['forward'];
+ }
+
+ if (!isset($token['oauth_token']) or !isset($token['oauth_token_secret'])) {
+ register_error(elgg_echo('twitter_api:login:error'));
+ forward();
+ }
+
+ // attempt to find user and log them in.
+ // else, create a new user.
+ $options = array(
+ 'type' => 'user',
+ 'plugin_user_setting_name_value_pairs' => array(
+ 'access_key' => $token['oauth_token'],
+ 'access_secret' => $token['oauth_token_secret'],
+ ),
+ 'limit' => 0,
+ );
+
+ $users = elgg_get_entities_from_plugin_user_settings($options);
+
+ if ($users) {
+ if (count($users) == 1 && login($users[0], $persistent)) {
+ system_message(elgg_echo('twitter_api:login:success'));
+ forward($forward);
+ } else {
+ register_error(elgg_echo('twitter_api:login:error'));
+ forward();
+ }
+ } else {
+ $consumer_key = elgg_get_plugin_setting('consumer_key', 'twitter_api');
+ $consumer_secret = elgg_get_plugin_setting('consumer_secret', 'twitter_api');
+ $api = new TwitterOAuth($consumer_key, $consumer_secret, $token['oauth_token'], $token['oauth_token_secret']);
+ $twitter = $api->get('account/verify_credentials');
+
+ // backward compatibility for deprecated Twitter Login plugin
+ $user = FALSE;
+ if ($twitter_user = get_user_by_username($token['screen_name'])) {
+ if (($screen_name = $twitter_user->twitter_screen_name) && ($screen_name == $token['screen_name'])) {
+ // convert existing account
+ $user = $twitter_user;
+ $forward = '';
+ }
+ }
+
+ // create new user
+ if (!$user) {
+ $user = twitter_api_create_user($twitter);
+ $site_name = elgg_get_site_entity()->name;
+ system_message(elgg_echo('twitter_api:login:email', array($site_name)));
+ $forward = "twitter_api/interstitial";
+ }
+
+ // set twitter services tokens
+ elgg_set_plugin_user_setting('twitter_name', $token['screen_name'], $user->guid);
+ elgg_set_plugin_user_setting('access_key', $token['oauth_token'], $user->guid);
+ elgg_set_plugin_user_setting('access_secret', $token['oauth_token_secret'], $user->guid);
+
+ // pull in Twitter icon
+ twitter_api_update_user_avatar($user, $twitter->profile_image_url);
+
+ // login new user
+ if (login($user)) {
+ system_message(elgg_echo('twitter_api:login:success'));
+ } else {
+ system_message(elgg_echo('twitter_api:login:error'));
+ }
+
+ forward($forward, 'twitter_api');
+ }
+
+ // register login error
+ register_error(elgg_echo('twitter_api:login:error'));
+ forward();
+}
+
+/**
+ * Create a new user from Twitter information
+ *
+ * @param object $twitter Twitter OAuth response
+ * @return ElggUser
+ */
+function twitter_api_create_user($twitter) {
+ // check new registration allowed
+ if (!twitter_api_allow_new_users_with_twitter()) {
+ register_error(elgg_echo('registerdisabled'));
+ forward();
+ }
+
+ // Elgg-ify Twitter credentials
+ $username = $twitter->screen_name;
+ while (get_user_by_username($username)) {
+ // @todo I guess we just hope this is good enough
+ $username = $twitter->screen_name . '_' . rand(1000, 9999);
+ }
+
+ $password = generate_random_cleartext_password();
+ $name = $twitter->name;
+
+ $user = new ElggUser();
+ $user->username = $username;
+ $user->name = $name;
+ $user->access_id = ACCESS_PUBLIC;
+ $user->salt = generate_random_cleartext_password();
+ $user->password = generate_user_password($user, $password);
+ $user->owner_guid = 0;
+ $user->container_guid = 0;
+
+ if (!$user->save()) {
+ register_error(elgg_echo('registerbad'));
+ forward();
+ }
+
+ return $user;
+}
+
+/**
+ * Pull in the latest avatar from twitter.
+ *
+ * @param ElggUser $user
+ * @param string $file_location
+ */
+function twitter_api_update_user_avatar($user, $file_location) {
+ // twitter's images have a few suffixes:
+ // _normal
+ // _reasonably_small
+ // _mini
+ // the twitter app here returns _normal. We want standard, so remove the suffix.
+ // @todo Should probably check that it's an image file.
+ $file_location = str_replace('_normal.jpg', '.jpg', $file_location);
+
+ $icon_sizes = elgg_get_config('icon_sizes');
+
+ $filehandler = new ElggFile();
+ $filehandler->owner_guid = $user->getGUID();
+ foreach ($icon_sizes as $size => $dimensions) {
+ $image = get_resized_image_from_existing_file(
+ $file_location,
+ $dimensions['w'],
+ $dimensions['h'],
+ $dimensions['square']
+ );
+
+ $filehandler->setFilename("profile/$user->guid$size.jpg");
+ $filehandler->open('write');
+ $filehandler->write($image);
+ $filehandler->close();
+ }
+
+ // update user's icontime
+ $user->icontime = time();
+}
+
+/**
+ * User-initiated Twitter authorization
+ *
+ * Callback action from Twitter registration. Registers a single Elgg user with
+ * the authorization tokens. Will revoke access from previous users when a
+ * conflict exists.
+ *
+ * Depends upon {@link twitter_api_get_authorize_url} being called previously
+ * to establish session request tokens.
+ */
+function twitter_api_authorize() {
+ $token = twitter_api_get_access_token();
+ if (!isset($token['oauth_token']) || !isset($token['oauth_token_secret'])) {
+ register_error(elgg_echo('twitter_api:authorize:error'));
+ forward('settings/plugins', 'twitter_api');
+ }
+
+ // make sure no other users are registered to this twitter account.
+ $options = array(
+ 'type' => 'user',
+ 'plugin_user_setting_name_value_pairs' => array(
+ 'access_key' => $token['oauth_token'],
+ 'access_secret' => $token['oauth_token_secret'],
+ ),
+ 'limit' => 0
+ );
+ $users = elgg_get_entities_from_plugin_user_settings($options);
+
+ if ($users) {
+ foreach ($users as $user) {
+ // revoke access
+ elgg_unset_plugin_user_setting('twitter_name', $user->getGUID());
+ elgg_unset_plugin_user_setting('access_key', $user->getGUID());
+ elgg_unset_plugin_user_setting('access_secret', $user->getGUID());
+ }
+ }
+
+ // register user's access tokens
+ elgg_set_plugin_user_setting('twitter_name', $token['screen_name']);
+ elgg_set_plugin_user_setting('access_key', $token['oauth_token']);
+ elgg_set_plugin_user_setting('access_secret', $token['oauth_token_secret']);
+
+ // trigger authorization hook
+ elgg_trigger_plugin_hook('authorize', 'twitter_api', array('token' => $token));
+
+ system_message(elgg_echo('twitter_api:authorize:success'));
+ forward('settings/plugins', 'twitter_api');
+}
+
+/**
+ * Remove twitter access for the currently logged in user.
+ */
+function twitter_api_revoke() {
+ // unregister user's access tokens
+ elgg_unset_plugin_user_setting('twitter_name');
+ elgg_unset_plugin_user_setting('access_key');
+ elgg_unset_plugin_user_setting('access_secret');
+
+ system_message(elgg_echo('twitter_api:revoke:success'));
+ forward('settings/plugins', 'twitter_api');
+}
+
+/**
+ * Gets the url to authorize a user.
+ *
+ * @param string $callback The callback URL
+ */
+function twitter_api_get_authorize_url($callback = NULL, $login = true) {
+ global $SESSION;
+
+ $consumer_key = elgg_get_plugin_setting('consumer_key', 'twitter_api');
+ $consumer_secret = elgg_get_plugin_setting('consumer_secret', 'twitter_api');
+
+ // request tokens from Twitter
+ $twitter = new TwitterOAuth($consumer_key, $consumer_secret);
+ $token = $twitter->getRequestToken($callback);
+
+ // save token in session for use after authorization
+ $SESSION['twitter_api'] = array(
+ 'oauth_token' => $token['oauth_token'],
+ 'oauth_token_secret' => $token['oauth_token_secret'],
+ );
+
+ return $twitter->getAuthorizeURL($token['oauth_token'], $login);
+}
+
+/**
+ * Returns the access token to use in twitter calls.
+ *
+ * @param bool $oauth_verifier
+ * @return array
+ */
+function twitter_api_get_access_token($oauth_verifier = FALSE) {
+ /* @var ElggSession $SESSION */
+ global $SESSION;
+
+ $consumer_key = elgg_get_plugin_setting('consumer_key', 'twitter_api');
+ $consumer_secret = elgg_get_plugin_setting('consumer_secret', 'twitter_api');
+
+ // retrieve stored tokens
+ $oauth_token = $SESSION['twitter_api']['oauth_token'];
+ $oauth_token_secret = $SESSION['twitter_api']['oauth_token_secret'];
+ unset($SESSION['twitter_api']);
+
+ // fetch an access token
+ $api = new TwitterOAuth($consumer_key, $consumer_secret, $oauth_token, $oauth_token_secret);
+ return $api->getAccessToken($oauth_verifier);
+}
+
+/**
+ * Checks if this site is accepting new users.
+ * Admins can disable manual registration, but some might want to allow
+ * twitter-only logins.
+ */
+function twitter_api_allow_new_users_with_twitter() {
+ $site_reg = elgg_get_config('allow_registration');
+ $twitter_reg = elgg_get_plugin_setting('new_users');
+
+ if ($site_reg || (!$site_reg && $twitter_reg == 'yes')) {
+ return true;
+ }
+
+ return false;
+} \ No newline at end of file