Domovská stránka Prehľadávať Pomoc
Prihlásiť sa
mirrors
/
mailcow-dockerized
zrkadlo https://github.com/mailcow/mailcow-dockerized
2
0
Fork 0
Súbory Issues 0 Wiki
Strom: 1c35002505
Branche Tagy
mailcow-dockeri...
/
data
/
web
/
oauth
/
authorize.php

authorize.php 2.2 KB
História Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 
  1. <?php
    2. 

  2. require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
    3. 

  3. 

  4. if (!isset($_SESSION['mailcow_cc_role'])) {
    5. 

  5.   $_SESSION['oauth2_request'] = $_SERVER['REQUEST_URI'];
    6. 

  6.   header('Location: /?oauth');
    7. 

  7. }
    8. 

  8. 

  9. $request = OAuth2\Request::createFromGlobals();
    10. 

  10. $response = new OAuth2\Response();
    11. 

  11. 

  12. if (!$oauth2_server->validateAuthorizeRequest($request, $response)) {
    13. 

  13.   $response->send();
    14. 

  14.   exit();
    15. 

  15. }
    16. 

  16. 

  17. if (!isset($_POST['authorized'])):
    18. 

  18. require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/header.inc.php';
    19. 

  19. 

  20. ?>
    21. 

  21. <div class="container">
    22. 

  22.   <div class="panel panel-default">
    23. 

  23.     <div class="panel-heading"><?=$lang['oauth2']['authorize_app'];?></div>
    24. 

  24.     <div class="panel-body">
    25. 

  25.       <?php
    26. 

  26.       if ($_SESSION['mailcow_cc_role'] != 'user'):
    27. 

  27.       $request = '';
    28. 

  28.       ?>
    29. 

  29.       <p><?=$lang['oauth2']['access_denied'];?></p>
    30. 

  30.       <?php
    31. 

  31.       else:
    32. 

  32.       ?>
    33. 

  33.       <p><?=$lang['oauth2']['scope_ask_permission'];?>:</p>
    34. 

  34.       <dl class="dl-horizontal">
    35. 

  35.         <dt><?=$lang['oauth2']['profile'];?></dt>
    36. 

  36.         <dd><?=$lang['oauth2']['profile_desc'];?></dd>
    37. 

  37.       </dl>
    38. 

  38.       <form class="form-horizontal" autocapitalize="none" autocorrect="off" role="form" method="post">
    39. 

  39.         <div class="form-group">
    40. 

  40.           <div class="col-sm-10 text-center">
    41. 

  41.             <button class="btn btn-success" name="authorized" type="submit" value="1"><?=$lang['oauth2']['permit'];?></button>
    42. 

  42.             <a href="#" class="btn btn-default" onclick="window.history.back()" role="button"><?=$lang['oauth2']['deny'];?></a>
    43. 

  43.             <input type="hidden" name="csrf_token" value="<?=$_SESSION['CSRF']['TOKEN'];?>">
    44. 

  44.           </div>
    45. 

  45.         </div>
    46. 

  46.       </form>
    47. 

  47.       <?php
    48. 

  48.       endif;
    49. 

  49.       ?>
    50. 

  50.     </div>
    51. 

  51.   </div>
    52. 

  52. </div> <!-- /container -->
    53. 

  53. <script src="../js/authorize.js"></script>
    54. 

  54. <?php
    55. 

  55. require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/footer.inc.php';
    56. 

  56. exit();
    57. 

  57. endif;
    58. 

  58. 

  59. // print the authorization code if the user has authorized your client
    60. 

  60. $is_authorized = ($_POST['authorized'] == '1');
    61. 

  61. $oauth2_server->handleAuthorizeRequest($request, $response, $is_authorized, $_SESSION['mailcow_cc_username']);
    62. 

  62. if ($is_authorized) {
    63. 

  63.   unset($_SESSION['oauth2_request']);
    64. 

  64.   header('Location: ' . $response->getHttpHeader('Location'));
    65. 

  65.   exit;
    66. 

  66. }
    67.