Last active
December 15, 2017 07:29
-
-
Save daohoangson/b37d069bc0902b29b8295e555dac9351 to your computer and use it in GitHub Desktop.
Simple script demo for [bd] API add-on for XenForo (https://github.com/xfrocks/bdApi). For complete demo, see http://j.mp/1BA1CzC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php declare(strict_types=1); | |
$inputPath = __DIR__ . '/script.php'; | |
$outputPath = __DIR__ . '/script.min.php'; | |
$markerStart = "/* API SCRIPT FUNCTIONS START */\n"; | |
$markerEnd = "/* API SCRIPT FUNCTIONS END */\n"; | |
$lines = file($inputPath); | |
$f = fopen($outputPath, 'w'); | |
$buffer = null; | |
foreach ($lines as $line) { | |
switch ($line) { | |
case $markerStart: | |
$buffer = []; | |
break; | |
case $markerEnd: | |
$source = base64_encode(gzdeflate(implode('', $buffer), 9)); | |
$evalBefore = 'eval(gzinflate(base64_decode('; | |
$evalAfter = ")));\n"; | |
fwrite($f, $evalBefore); | |
$bufferLineIndent = ' '; | |
for ($i = 0, $l = strlen($source); $i < $l;) { | |
$bufferLineLength = 100; | |
if ($i === 0) { | |
$bufferLineLength -= strlen($evalBefore) - strlen($bufferLineIndent); | |
} else { | |
fwrite($f, " .\n" . $bufferLineIndent); | |
} | |
$bufferLine = substr($source, $i, $bufferLineLength); | |
fwrite($f, var_export($bufferLine, true)); | |
$i += $bufferLineLength; | |
} | |
fwrite($f, $evalAfter); | |
$buffer = null; | |
break; | |
default: | |
if ($buffer === null) { | |
fwrite($f, $line); | |
} else { | |
$line = trim($line); | |
$buffer[] = $line; | |
} | |
} | |
} | |
fclose($f); | |
$inputSize = filesize($inputPath); | |
$outputSize = filesize($outputPath); | |
$deltaSize = $inputSize - $outputSize; | |
echo(sprintf("filesize reduction %d bytes (%.2f%%)\n", $deltaSize, $deltaSize / $inputSize * 100)); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
define('API_SCRIPT_ROOT', 'https://xfrocks.com/api'); | |
define('API_SCRIPT_CLIENT_ID', 'gljf4391k3'); | |
define('API_SCRIPT_CLIENT_SECRET', 'zw3lj0zox6be4z2'); | |
eval(gzinflate(base64_decode('rVVRb9pADP4rrsR6iZaN7nFCbKtYWqExQJA+TIidsuDArSEX5S4rFeW/z3chEFiG9rCnJLbP/vz' . | |
'58yUu0kgLmUKYiWmUi0zfo76NIlQqkI+YOq1CYZ6Ga/SglYVKPcl8Qa+RlI8Ch2SHLqRFkrjbWOYYRitwZux23OfT3qQ/DvhkNAq' . | |
'YV7f0Bn1/GPD+50bz1O9N/IDNIVTQOoDqyVTpMNUubEUMztUCY5HiwmmIoBC9yuUTpPgE/ibCzPTnqCwXqY4d9krBulAafiDss1w' . | |
'xr6mU29ntTLGTXrv7bmF7SkFTf/AWWI1K1rHphOJKE5ZlPbEL19cglELttHhvNPrS92c199x0laMu8hQa/Z1dS5sahOTQyFgqPQo' . | |
'Lvfr7IN3OZURkTszRuvkD3BAYQloa607KbFHMWGjb5vaLzT3QYo2OC68PAbjJRI6KC3IT0VVvjcc7u7hJpQ/Uz1eqHx4pdrctSlo' . | |
'kmnj4FIsE+RI1j2SqMdXKOZOlmU9bpAvcvM1W2UfDj2qv8Voa0sriXUZBJxUsY1c1ysqCtQEZfdA8fippxvHJPPkCI7nAKpj4yAs' . | |
'8pgrzPHx27AkXXl7gaq8EY5gxg4vN/yhQUVYPamLqX2SwbcUCk4UivDO2zEn9XD9nyKD7AVgVRetanbWOY6ZjiLUfrgkWJYKI56J' . | |
'0NO3IIUZhRB39Ja68FOadFl0vXYiKPCHhCO24HftOZMmM+IpWHvQeJoORGbAfPEyGweR2OL3zJx68uxBLDw8ui8Nqol0K8kKm8Wg' . | |
'aXK5lIu76/uDzlAZQsu52aqq1B3GDkTm2zxMlUmH5/f9kdbpjF+XVJKsAld3A+1wWmXJsrVIS1NfSGPsLNRBKu9vzjTnxHuvGYaK' . | |
'QFqdyU5dZjkuusoRGzdqz7zdv3s/b7Cy/B2/eeTCe+Pd8Oh70Az4ccf/rOPhGZNVSWYB8HWYOo//ArzCp5yk5i2SR6iM81972N0e' . | |
'Aht3yDq+YNO2Wu8ftKXVC5L6hw3+xKdz+5oqKx/3vTaTV7A6e+jGzT/Ma+v3cz4HuTmH8Bg=='))); | |
if (empty($_SERVER['PHP_AUTH_USER']) || | |
empty($_SERVER['PHP_AUTH_PW']) || | |
!($accessToken = apiScriptGetAccessToken($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) | |
) { | |
header('WWW-Authenticate: Basic realm="Area 51"'); | |
header('HTTP/1.1 401 Unauthorized'); | |
die('Please authenticate with a valid username and password.'); | |
} | |
if (!($user = apiScriptGetUserMe($accessToken)) || | |
!apiScriptTestUserGroups($user, '3,4') | |
) { | |
header('HTTP/1.1 403 Forbidden'); | |
die('Your account does not have enough permission.'); | |
} | |
echo 'Welcome ', $user['username'], '. You have been granted access!'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
define('API_SCRIPT_ROOT', 'https://xfrocks.com/api'); | |
define('API_SCRIPT_CLIENT_ID', 'gljf4391k3'); | |
define('API_SCRIPT_CLIENT_SECRET', 'zw3lj0zox6be4z2'); | |
/* API SCRIPT FUNCTIONS START */ | |
function apiScriptGetAccessToken($username, $password, $cookieName = null) | |
{ | |
foreach ([ | |
'API_SCRIPT_ROOT', | |
'API_SCRIPT_CLIENT_ID', | |
'API_SCRIPT_CLIENT_SECRET' | |
] as $apiScriptConstant) { | |
if (!defined($apiScriptConstant)) { | |
throw new Exception(sprintf('%s must be defined!', $apiScriptConstant)); | |
} | |
} | |
if ($cookieName === null) { | |
$cookieName = API_SCRIPT_CLIENT_ID . 'AccessToken'; | |
} | |
if (is_string($cookieName) && isset($_COOKIE[$cookieName])) { | |
return $_COOKIE[$cookieName]; | |
} | |
$token = apiScriptPostOauthToken($username, $password); | |
if (is_string($cookieName) && strlen($cookieName) > 0) { | |
setcookie($cookieName, $token['access_token'], time() + $token['expires_in']); | |
} | |
return $token['access_token']; | |
} | |
function apiScriptGetUserMe($accessToken) | |
{ | |
$result = @file_get_contents(API_SCRIPT_ROOT . '/index.php?users/me&oauth_token=' . $accessToken); | |
if (!is_string($result)) { | |
return null; | |
} | |
$json = @json_decode($result, true); | |
if (!is_array($json) || !isset($json['user'])) { | |
return null; | |
} | |
return $json['user']; | |
} | |
function apiScriptPostOauthToken($username, $password) | |
{ | |
$fields = [ | |
'grant_type' => 'password', | |
'username' => $username, | |
'password' => $password, | |
'client_id' => API_SCRIPT_CLIENT_ID, | |
'client_secret' => API_SCRIPT_CLIENT_SECRET | |
]; | |
$ch = curl_init(); | |
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); | |
curl_setopt($ch, CURLOPT_URL, API_SCRIPT_ROOT . '/index.php?oauth/token'); | |
curl_setopt($ch, CURLOPT_POST, 1); | |
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields); | |
$result = @curl_exec($ch); | |
curl_close($ch); | |
$json = @json_decode($result, true); | |
if (!is_array($json) || !isset($json['access_token'])) { | |
return null; | |
} | |
return $json; | |
} | |
function apiScriptTestUserGroups(array $user, $groupIdsList) | |
{ | |
if (!is_string($groupIdsList)) { | |
return false; | |
} | |
$groupIds = preg_split('/[^0-9]/', $groupIdsList, -1, PREG_SPLIT_NO_EMPTY); | |
$groupIds = array_map('intval', $groupIds); | |
if (count($groupIds) === 0) { | |
return true; | |
} | |
if (!isset($user['user_groups'])) { | |
return false; | |
} | |
foreach ($user['user_groups'] as $userGroup) { | |
if (in_array($userGroup['user_group_id'], $groupIds, true)) { | |
return true; | |
} | |
} | |
return false; | |
} | |
/* API SCRIPT FUNCTIONS END */ | |
if (empty($_SERVER['PHP_AUTH_USER']) || | |
empty($_SERVER['PHP_AUTH_PW']) || | |
!($accessToken = apiScriptGetAccessToken($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) | |
) { | |
header('WWW-Authenticate: Basic realm="Area 51"'); | |
header('HTTP/1.1 401 Unauthorized'); | |
die('Please authenticate with a valid username and password.'); | |
} | |
if (!($user = apiScriptGetUserMe($accessToken)) || | |
!apiScriptTestUserGroups($user, '3,4') | |
) { | |
header('HTTP/1.1 403 Forbidden'); | |
die('Your account does not have enough permission.'); | |
} | |
echo 'Welcome ', $user['username'], '. You have been granted access!'; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment