home2/isose750/public_html/ajuda/admin/oauth_providers.php 0000644 00000054257 14673125437 0017571 0 ustar 00
$error\n";
}
$hesk_error_buffer = $tmp;
$hesk_error_buffer = $hesklang['rfm'].'
';
hesk_process_messages($hesk_error_buffer,'oauth_providers.php');
}
// Save the provider
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."oauth_providers` SET
`name` = '".hesk_dbEscape($provider['name'])."',
`authorization_url` = '".hesk_dbEscape($provider['authorization_url'])."',
`token_url` = '".hesk_dbEscape($provider['token_url'])."',
`client_id` = '".hesk_dbEscape($provider['client_id'])."',
`client_secret` = '".hesk_dbEscape($provider['client_secret'])."',
`scope` = '".hesk_dbEscape($provider['scope'])."',
`no_val_ssl` = ".intval($provider['no_val_ssl']).",
`verified` = 0
WHERE `id`={$id}");
// Redirect to OAuth provider for verification
redirect_to_provider($provider, $id);
/* TODO: only verify if needed?
// If something changed in the DB, redirect to OAuth provider for verification
if (hesk_dbAffectedRows() > 0) {
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."oauth_providers` SET `verified` = 0 WHERE `id`={$id}");
redirect_to_provider($provider, $id);
}
// No changes to the DB
hesk_process_messages($hesklang['oauth_provider_saved'], 'NOREDIRECT', 'SUCCESS');
*/
} // End save_provider()
function edit_provider()
{
global $hesk_settings, $hesklang;
// Get custom status ID
$id = intval( hesk_GET('id') ) or hesk_error($hesklang['status_e_id']);
// Get details from the database
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."oauth_providers` WHERE `id`={$id} LIMIT 1");
if ( hesk_dbNumRows($res) != 1 )
{
hesk_error($hesklang['status_not_found']);
}
$provider = hesk_dbFetchAssoc($res);
if (defined('HESK_DEMO')) {
$provider['authorization_url'] = 'https://api.example.com/oauth2/authorization';
$provider['token_url'] = 'https://api.example.com/oauth2/token';
$provider['client_id'] = $hesklang['hdemo'];
$provider['client_secret'] = $hesklang['hdemo'];
}
$_SESSION['new_provider'] = $provider;
$_SESSION['edit_provider'] = true;
} // End edit_provider()
function remove_provider()
{
global $hesk_settings, $hesklang;
// A security check
hesk_token_check();
// Get ID
$id = intval( hesk_GET('id') ) or hesk_error($hesklang['status_e_id']);
// Provider being used?
if (count(getProviderInUseArray($id))) {
hesk_process_messages($hesklang['email_oauth_provider_cannot_be_deleted'], './oauth_providers.php');
return;
}
// Delete the provider
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."oauth_tokens` WHERE `provider_id`={$id}");
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."oauth_providers` WHERE `id`={$id}");
// Were we successful?
if ( hesk_dbAffectedRows() == 1 )
{
// Show success message
hesk_process_messages($hesklang['oauth_provider_deleted'],'./oauth_providers.php','SUCCESS');
}
else
{
hesk_process_messages($hesklang['status_not_found'],'./oauth_providers.php');
}
} // End remove_provider()
function provider_validate()
{
global $hesk_settings, $hesklang;
global $hesk_error_buffer;
$hesk_error_buffer = array();
$provider = array();
$errors = array();
// Get name
$provider['name'] = hesk_input(hesk_POST('name'));
if (strlen($provider['name']) < 1) {
$errors[] = 'name';
$hesk_error_buffer[] = $hesklang['oauth_provider_err_name'];
}
// Auth URL
$provider['authorization_url'] = hesk_validateURL(hesk_POST('authorization_url'));
if (strlen($provider['authorization_url']) < 1) {
$errors[] = 'authorization_url';
$hesk_error_buffer[] = $hesklang['oauth_provider_err_auth_url'];
}
// Token URL
$provider['token_url'] = hesk_validateURL(hesk_POST('token_url'));
if (strlen($provider['token_url']) < 1) {
$errors[] = 'token_url';
$hesk_error_buffer[] = $hesklang['oauth_provider_err_token_url'];
}
// Client ID
$provider['client_id'] = hesk_input(hesk_POST('client_id'), 0, 0, HESK_SLASH);
if (strlen($provider['client_id']) < 1) {
$errors[] = 'client_id';
$hesk_error_buffer[] = $hesklang['oauth_provider_err_client_id'];
}
// Client Secret
$provider['client_secret'] = hesk_input(hesk_POST('client_secret'), 0, 0, HESK_SLASH);
if (strlen($provider['client_secret']) < 1) {
$errors[] = 'client_secret';
$hesk_error_buffer[] = $hesklang['oauth_provider_err_client_secret'];
}
// Scope
$provider['scope'] = hesk_input(hesk_POST('scope'), 0, 0, HESK_SLASH);
if (strlen($provider['scope']) < 1) {
$errors[] = 'scope';
$hesk_error_buffer[] = $hesklang['oauth_provider_err_scope'];
}
// Skip SSL certificate verification?
$provider['no_val_ssl'] = (hesk_POST('no_val_ssl', 0) == 1) ? 1 : 0;
// Any errors?
if (count($hesk_error_buffer))
{
foreach ($provider as $k => $v) {
$provider[$k] = stripslashes($v);
}
$_SESSION['new_provider'] = $provider;
$_SESSION['new_provider']['errors'] = $errors;
return false;
}
return $provider;
} // END provider_validate()
function new_provider()
{
global $hesk_settings, $hesklang;
global $hesk_error_buffer;
// A security check
# hesk_token_check('POST');
// Validate inputs
if (($provider = provider_validate()) == false)
{
$tmp = '';
foreach ($hesk_error_buffer as $error)
{
$tmp .= "$error\n";
}
$hesk_error_buffer = $tmp;
$hesk_error_buffer = $hesklang['rfm'].'
';
hesk_process_messages($hesk_error_buffer,'oauth_providers.php');
}
// Insert provider into database
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."oauth_providers` (`name`, `authorization_url`, `token_url`, `client_id`, `client_secret`, `scope`, `no_val_ssl`, `verified`)
VALUES ('".hesk_dbEscape($provider['name'])."',
'".hesk_dbEscape($provider['authorization_url'])."',
'".hesk_dbEscape($provider['token_url'])."',
'".hesk_dbEscape($provider['client_id'])."',
'".hesk_dbEscape($provider['client_secret'])."',
'".hesk_dbEscape($provider['scope'])."',
".intval($provider['no_val_ssl']).",
0)");
$inserted_id = hesk_dbInsertID();
$_SESSION['providerord'] = $inserted_id;
//-- Send user to OAuth provider
redirect_to_provider($provider, $inserted_id);
} // End new_provider()
function redirect_to_provider($provider, $id) {
$redirect_url = hesk_get_oauth_redirect_url();
$return_location = $provider['authorization_url'] .
"?client_id={$provider['client_id']}" .
"&response_type=code" .
"&redirect_uri={$redirect_url}" .
"&response_mode=query" .
"&access_type=offline" .
"&scope={$provider['scope']}" .
"&state=provider{$id}";
header('Location: '.$return_location);
exit();
}
function verify_provider() {
global $hesk_settings, $hesklang;
// Get ID
$id = intval( hesk_GET('id') ) or hesk_error($hesklang['status_e_id']);
$rs = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."oauth_providers` WHERE `id`=".$id);
if (hesk_dbNumRows($rs) === 0) {
hesk_process_messages($hesklang['oauth_provider_not_found'], './oauth_providers.php');
}
$row = hesk_dbFetchAssoc($rs);
redirect_to_provider($row, $row['id']);
}
function getProviderInUseArray($id) {
global $hesk_settings, $hesklang;
$in_use = array();
if ($hesk_settings['smtp'] && $hesk_settings['smtp_conn_type'] == 'oauth' && $hesk_settings['smtp_oauth_provider'] == $id) {
$in_use[] = $hesklang['email_sending'];
}
if ($hesk_settings['imap'] && $hesk_settings['imap_conn_type'] == 'oauth' && $hesk_settings['imap_oauth_provider'] == $id) {
$in_use[] = $hesklang['imap'];
}
if ($hesk_settings['pop3'] && $hesk_settings['pop3_conn_type'] == 'oauth' && $hesk_settings['pop3_oauth_provider'] == $id) {
$in_use[] = $hesklang['pop3'];
}
return $in_use;
}