/app/omb/plugins/security.php

Large files files are truncated, but you can click here to view the full file

<?php

  /** 
   * dbscript -- restful openid framework
   * @version 0.6.0 -- 22-October-2008
   * @author Brian Hendrickson <brian@dbscript.net>
   * @link http://dbscript.net/
   * @copyright Copyright 2009 Brian Hendrickson
   * @license http://www.opensource.org/licenses/mit-license.php MIT License
   * @package dbscript
   */
   
  /**
   * Model Security
   * 
   * filter to check permissions in $model->access_list,
   * which can be set in the data model via:
   * $model->let_read/let_write/let_access( 'group:callback' )
   * 
   * @author Brian Hendrickson <brian@dbscript.net>
   * @access public
   * @param Mapper $req
   * @param Database $db
   * @return boolean
   * @todo modify to handle a partial set of fields
   */

function model_security( &$request, &$db ) {
  $action = $request->action;
  
  if ( isset( $request->resource ) )
    $model =& $db->get_table( $request->resource );
  else
    return true; // request is not for a resource

  if (public_resource())
    return true;

  if (virtual_resource())
    return true;
  
  if ( !( in_array( $action, $model->allowed_methods, true )))
    $action = 'get';
  
  $failed = false;
  
  authenticate_with_openid();
  
  // this switch is now repeated in $model->can($action)
  
  switch( $action ) {
    case 'get':
      if (!($model && $model->can_read_fields( $model->field_array )))
        $failed = true;
      break;
    case 'put':
      $submitted = $model->fields_from_request( $request );
      foreach ( $submitted as $table=>$fieldlist ) {
        $model =& $db->get_table($table);
        if (!($model && $model->can_write_fields( $fieldlist )))
          $failed = true;
      }
      break;
    case 'post':
      $submitted = $model->fields_from_request( $request );
      foreach ( $submitted as $table=>$fieldlist ) {
        $model =& $db->get_table($table);
        if (!($model && $model->can_create( $table )))
          $failed = true;
      }
      break;
    case 'delete':
      if (!($model && $model->can_delete( $request->resource )))
        $failed = true;
      break;
    default:
      $failed = true;
  }
  
  if (!$failed)
    return true;
  
  authenticate_with_openid();
  
  trigger_error( "Sorry, you do not have permission to $action ".$request->resource, E_USER_ERROR );
  
}

function authenticate_with_openid() {
  
  global $request;
  
  if ( !$request->openid_complete )
    begin_openid_authentication( $request );
  else
    complete_openid_authentication( $request );
  
}


function begin_openid_authentication( &$request ) {
  
  if ( !isset( $request->openid_url ) || empty( $request->openid_url )) {
    $_SESSION['requested_url'] = $request->uri;
    render( 'action', 'email' );
    return;
  }
  
  unset_cookie();
  
  $_SESSION['openid_url'] = $request->openid_url;
  
  if (class_exists('MySQL') && environment('openid_version') > 1 && !isset($_SESSION['openid_degrade']) )
    start_wp_openid();
  else
    start_simple_openid();
}


function start_wp_openid() {
  
  global $request;
  
  wp_plugin_include(array(
    'wp-openid'
  ));

  $logic = new WordPressOpenID_Logic(null);

  $logic->activate_plugin();
  
  if( !WordPressOpenID_Logic::late_bind() )
    return;

  $redirect_to = '';

  if( !empty( $_SESSION['requested_url'] ) )
    $redirect_to = $_SESSION['requested_url'];

  $claimed_url = $request->openid_url;

  $consumer = WordPressOpenID_Logic::getConsumer();

  $auth_request = $consumer->begin( $claimed_url );

  if ( null === $auth_request )
    trigger_error('OpenID server not found at '. htmlentities( $claimed_url ), E_USER_ERROR);

  $return_to = $request->url_for( 'openid_continue' ).'/';

  $store =& WordPressOpenID_Logic::getStore();

  $sreg_request = Auth_OpenID_SRegRequest::build(array(),array(
    'nickname',
    'email',
    'fullname'
  ));
  
  $auth_request->addExtension($sreg_request);
  
  $_SESSION['oid_return_to'] = $return_to;

  WordPressOpenID_Logic::doRedirect($auth_request, $request->protected_url, $return_to);
  exit(0);
  
}


function start_simple_openid() {
  
  global $request;
  
  include_once $GLOBALS['PATH']['library'] . 'openid.php';
  
  $openid = new SimpleOpenID;

  $openid->SetIdentity( $request->openid_url );

  $openid->SetApprovedURL( $request->url_for( 'openid_continue' ).'/'); // y'all come back now

  $openid->SetTrustRoot( $request->protected_url ); // protected site

  $openid->SetOptionalFields(array(
    'nickname',
    'email',
    'fullname'
  )); 
  
  $openid->SetRequiredFields(array());
  $server_url = $openid->GetOpenIDServer();

  $_SESSION['openid_server_url'] = $server_url;
  #echo $server_url; exit;
  $openid->SetOpenIDServer( $server_url );
  
  if ($openid->IsError())
    trigger_error( 'sorry there was an openid error: '.serialize($openid->GetError()), E_USER_ERROR);
  $url = trim($server_url);
  if (empty($url))
    trigger_error( 'sorry there was an openid error: the server url is not set '.serialize($_SESSION), E_USER_ERROR);
  
  redirect_to( $openid->GetRedirectURL() );
  
}


function complete_openid_authentication( &$request ) {
  
  if (!(check_cookie())) {
    
    // cookie not set, DO IT
    
    $openid_to_identity = array(
      'email'=>'email_value',
      'dob'=>'dob',
      'postcode'=>'postal_code',
      'country'=>'country_name',
      'gender'=>'gender',
      'language'=>'language',
      'timezone'=>'tz'
    );
    
    if ( isset( $_SESSION['openid_url'] )) {
      
      global $db;
      
      $Identity =& $db->get_table( 'identities' );
      $Person =& $db->get_table( 'people' );
      
      $openid = $_SESSION['openid_url'];
      
      if (!strstr($openid,'http'))
        $openid = 'http://' . $openid;

      $i = $Identity->find_by( 'url', $openid );
      
      // OpenID auth complete, URL not exists
      // e-mail could be set though
      if (!$i && isset($_SESSION['openid_email']))
        $i = $Identity->find_by( 'email_value', $_SESSION['openid_email'] );
      
      //if (isset($_GET['openid_sreg_email']))
      //  $i = $Identity->find_by( 'email_value', $_GET['openid_sreg_email'] );
      
      //if (!$i && isset($_GET['openid_sreg_nickname']))
      //  $i = $Identity->find_by( 'nickname', $_GET['openid_sreg_nickname'] );

      if ($i) {
        $p = $Person->find( $i->person_id );
      } else {
        $p = $Person->base();
        $p->save();
        $i = $Identity->base();
        $i->set_value( 'person_id', $p->id );
        $i->set_value( 'label', 'profile 1' );
        if (isset($_SESSION['openid_email']))
          $i->set_value( 'email_value', $_SESSION['openid_email'] );
          
      }
      
      if (empty($i->url) || strstr( $i->url, "@" )) {
        
        $i->set_value( 'url', $openid );
        
        if (isset($_GET['openid_sreg_nickname']) && empty($i->nickname) ) {
          $nick = strtolower(urldecode($_GET['openid_sreg_nickname']));
          // set the nickname if it isn't alraedy taken and if it looks like a valid username
          if ($Identity->is_unique_value( $nick, 'nickname' ) && ereg("^([a-zA-Z0-9]+)$", $nick))
            $i->set_value( 'nickname', $nick );
        }
        
        // put SREG data in empty identity fields
        foreach($openid_to_identity as $k=>$v )
          if (!in_array($k,array('openid_sreg_nickname')) && isset($_GET['openid_sreg_'.$k]))
            if (empty($i->$v))
              $i->set_value( $v, urldecode($_GET['openid_sreg_'.$k]) );
        
        // split the SREG full name into first, last for VCARD, hCard, etc
        if (isset($_GET['openid_sreg_fullname']) && empty($i->given_name)) {
          $names = explode(' ',$_GET['openid_sreg_fullname']);
          if (strlen($names[0]) > 0 && empty($i->given_name))
            $i->set_value( 'given_name', $names[0] );
            
          if (isset($names[2]) && empty($i->family_name)) {
            $i->set_value( 'family_name', $names[2] );
          } elseif (isset($names[1]) && empty($i->family_name)) {
            $i->set_value( 'family_name', $names[1] );
          }
          
          $i->set_value( 'fullname', $_GET['openid_sreg_fullname']);
        
        }
        
        $i->set_value( 'avatar', base_path(true).'resource/favicon.png' );

        $i->save_changes();
        
        $i->set_etag( $p->id );
        
      }
      
    }
    if ( isset( $p->id ) && $p->id != 0) {
      // person id is valid
      // login complete
      set_cookie( $p->id );
      
      if (!(empty($_SESSION['requested_url'])))
        redirect_to( $_SESSION['requested_url'] );
      else
        redirect_to( $request->base );
        
    } else {
      
      // no person defined yet
      if ( isset($_SESSION['fb_person_id'])
      && $_SESSION['fb_person_id'] > 0 ) {
        
      } elseif ( isset($_SESSION['oauth_person_id'])
      && $_SESSION['oauth_person_id'] > 0 ) {
        // try to set the cookie
        // set_cookie( $_SESSION['oauth_person_id'] );
      } else {
        trigger_error( "unable to find the Person, sorry", E_USER_ERROR );
      }
      
    }
    
  } else {
    
    // cookie OK
    

  }
  
}



function ldap_login( &$vars ) {
  extract( $vars );
  $_SESSION['requested_url'] = $request->base;
  render( 'action', 'ldap' );
}

function _ldap( &$vars ) {
  extract( $vars );
}

function ldap_submit( &$vars ) {
  extract($vars);
  global $request;
}



function _email( &$vars ) {
  
  extract( $vars );
  
  $submit_url = $request->url_for( environment('authentication').'_submit' );
  
  $return_url = $request->url_for( 'openid_continue' ).'/';
  if (isset($_SESSION['requested_url']))
    $return_to = $_SESSION['requested_url'];
  else
    $return_to = $request->base;
  $protected_url = base_url(true);
  $Identity =& $db->model('Identity');
  if (isset($request->params['ident'])) {
    $ident = $Identity->find_by('token',$request->params['ident']);
    if ($ident) {
      $email = $ident->email_value;
      $_SESSION['openid_email'] = $email;
      $ident->set_value('token','');
      $ident->save_changes();
    } else {
      $email = false;
    }
  } else {
    $email = false;
  }
  return vars(
    array(
      
      &$email,
      &$protected_url,
      &$return_url,
      &$submit_url,
      &$return_to
      
    ),
    get_defined_vars()
  );
  
}


function _register( &$vars ) {

  extract( $vars );
  
  $submit_url = $request->url_for( environment('authentication').'_submit' );
  
  $return_url = $request->url_for( 'openid_continue' ).'/';
  if (isset($_SESSION['requested_url']))
    $return_to = $_SESSION['requested_url'];
  else
    $return_to = $request->base;
  $protected_url = base_url(true);
  if (isset($request->params['ident'])) {
    $ident = $Identity->find_by('token',$request->params['ident']);
    if ($ident) {
      $email = $ident->email_value;
      $_SESSION['openid_email'] = $email;
      $ident->set_value('token','');
      $ident->save_changes();
    } else {
      $email = false;
    }
  } else {
    $email = false;
  }
  return vars(
    array(
      
      &$email,
      &$protected_url,
      &$return_url,
      &$submit_url,
      &$return_to
      
    ),
    get_defined_vars()
  );
  
}

function _login( &$vars ) {
  extract( $vars );
  $submit_url = $request->url_for( 'openid_submit' );
  $return_url = $request->url_for( 'openid_continue' ).'/';
  if (isset($_SESSION['requested_url']))
    $return_to = $_SESSION['requested_url'];
  else
    $return_to = $request->base;
  $protected_url = base_url(true);
  if (isset($_SESSION['openid_url']))
    $openid_url = $_SESSION['openid_url'];
  else
    $openid_url = "";
  if (strstr($openid_url,'https://'))
    $openid_url = substr($openid_url,8);
  if (strstr($openid_url,'http://'))
    $openid_url = substr($openid_url,7);
  
  return vars(
    array(
      
      &$protected_url,
      &$return_url,
      &$submit_url,
      &$return_to,
      &$openid_url
      
    ),
    get_defined_vars()
  );
  
}

function normalize_url() {
  //
}

function password_register( &$vars ) {
  
  extract( $vars );

  $Identity =& $db->get_table( 'identities' );
  $Person =& $db->get_table( 'people' );
  
  if (!($request->password == $request->password2))
    trigger_error( "sorry the passwords do not match", E_USER_ERROR );
  
  //$i = $Identity->find_by(array(
  //  'nickname'=>$request->nickname
  //),1);
  
  //$p = $Person->find( $i->person_id );
  
  //if ( isset( $p->id ) && $p->id != 0) {
    
  $nick = $request->nickname;
  
  $sql = "SELECT id FROM ".$db->prefix."identities WHERE nickname LIKE '".$db->escape_string($nick)."' AND (post_notice = '' OR post_notice IS NULL)";
  
  $result = $db->get_result( $sql );
  
  if ( $db->num_rows($result) > 0) {
    
    trigger_error( "sorry that username is already taken", E_USER_ERROR );
    
  } else {
    
    // create new user and log them in
    $p = $Person->base();
    $p->save();
    $i = $Identity->base();
    
    $i->set_value( 'person_id', $p->id );
    $i->set_value( 'label', 'profile 1' );
    $i->set_value( 'nickname', $request->nickname );
    $i->set_value( 'url', $request->base."".$request->nickname );
    $i->set_value( 'password', md5($request->password) );
    $i->set_value( 'avatar', base_path(true).'resource/favicon.png' );

    $i->save_changes();
    $i->set_etag( $p->id );
    
    $_SESSION['openid_complete'] = true;
    set_cookie( $p->id );
    
    if (!(empty($_SESSION['requested_url'])))
      redirect_to( $_SESSION['requested_url'] );
    else
      redirect_to( $request->base );
    
  }
}

function password_submit( &$vars ) {
  extract($vars);
  global $request;
  $Identity =& $db->get_table( 'identities' );
  $Person =& $db->get_table( 'people' );
  $i = $Identity->find_by(array(
    'nickname'=>$request->nickname,
    'password'=>md5($request->password)
  ),1);
  if (!$i)
    trigger_error( "username or password incorrect, sorry", E_USER_ERROR );
  $p = $Person->find( $i->person_id );
  if ( isset( $p->id ) && $p->id != 0) {
    $_SESSION['openid_complete'] = true;
    set_cookie( $p->id );
    if (!(empty($_SESSION['requested_url'])))
      redirect_to( $_SESSION['requested_url'] );
    else
      redirect_to( $request->base );
  } else {
    trigger_error( "unable to find the Person, sorry", E_USER_ERROR );
  }
}

function openid_submit( &$vars ) {
  
  unset_cookie();
  unset($_SESSION['openid_complete']);
  unset($_SESSION['openid_url']);
  unset($_SESSION['openid_email']);
  authenticate_with_openid();

}

function email_submit( &$vars ) {
  extract($vars);
  global $request;
  
  unset_cookie();
  unset($_SESSION['openid_complete']);
  unset($_SESSION['openid_url']);
  unset($_SESSION['openid_email']);
  
  $Identity =& $db->get_table( 'identities' );
  
  $i = $Identity->find_by( 'email_value', $request->email );
  
  $_SESSION['openid_email'] = $request->email;
  if ( $i && !(strstr( $i->url, "@" )) && !empty($i->url)) {
    $request->openid_url = $i->url;
    authenticate_with_openid();
  } else {
    $url = environment('openid_server')."/?action=seek&email=".$request->email;
    $curl = curl_init($url);
    $method = "GET";
    $params = array();
    curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
    curl_setopt($curl, CURLOPT_HEADER, false);
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_HTTPGET, ($method == "GET"));
    curl_setopt($curl, CURLOPT_POST, ($method == "POST"));
    if ($method == "POST") curl_setopt($curl, CURLOPT_POSTFIELDS, $params);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    $response = curl_exec($curl);
    
    if ( curl_errno($curl) == 0 ) {
      
      if (strstr( $response, "http" )) {
        
        // found a url, need to put it in the openid form
        
        $request->set_param('openid_url',trim($response));
        
        authenticate_with_openid();
        
      } else {
        
        // meh
        
      }
    }
    
    $_SESSION['requested_url'] = $request->base;
    redirect_to(environment('openid_server')."/?action=register&return=".urlencode($request->base)."&email=".urlencode($request->email));
  }
  
  if (!(empty($_SESSION['requested_url'])))
    redirect_to( $_SESSION['requested_url'] );
  else
    redirect_to( $request->base );
  
}

function openid_logout( &$vars ) {

  if (isset($_GET['forward']) && !empty($_SERVER['HTTP_REFERER']))
    $_SESSION['logout_forward'] = $_SERVER['HTTP_REFERER'];

  unset_cookie();
  extract( $vars );
  $_SESSION['openid_complete'] = false;
  //unset($_SESSION['openid_email']);
  //unset($_SESSION['openid_url']);
  $_SESSION['oauth_person_id']=0;
  $_SESSION['fb_person_id']=0;
	unset($_SESSION['fb_session']);
  unset($_SESSION['oauth_access_token']);
  unset($_SESSION['oauth_access_token_secret']);
  unset($_SESSION['oauth_request_token']);
  unset($_SESSION['oauth_request_token_secret']);  
  unset($_SESSION['oauth_state']);
  unset($_SESSION['oauth_twitter']);
  unset($_SESSION['fb_userid']);
  unset($_SESSION['fb_person_id']);
  unset($_SESSION['oauth_person_id']);
  unset($_SESSION['requested_url']);
  unset($_SESSION['openid_complete']);
  unset($_SESSION['oid_return_to']);
  if (isset($_SESSION['logout_forward']))
    redirect_to($_SESSION['logout_forward']);
  if (environment('authentication') == 'password') 
    redirect_to( $request->base );
  else
    redirect_to( environment('openid_server')."/?action=logout&return=".urlencode($request->base) );
}

function email_login( &$vars ) {
  extract( $vars );
  $_SESSION['requested_url'] = $request->base;
  render( 'action', 'email' );
}

function email_register( &$vars ) {
  extract( $vars );
  $_SESSION['requested_url'] = $request->base;
  render( 'action', 'register' );
}

function oauth_login( &$vars ) {
  render( 'action', 'oauth' );
}

function _oauth( &$vars ) {
  
  // top stream, re-connect to subtwitter-db
  
  extract( $vars );
  global $prefix;
  $Blog =& $db->model('Blog');

  if (isset($_GET['forward'])){
	  if (!empty($_SERVER['HTTP_REFERER']))
		  $_SESSION['tw_forward'] = $_SERVER['HTTP_REFERER'];
		if (isset($_GET['callbackurl']))
			$_SESSION['tw_forward'] = $_GET['callbackurl'];
	} 

  
  if (empty($db->prefix)) {
    if (isset($_REQUEST['oauth_token'])) {
      $tabresult = $db->get_result("SHOW tables");
      $tables = array();
      $tablist = array();
      for($i=0;$tables[$i]=mysql_fetch_assoc($tabresult);$i++)
        foreach($tables[$i] as $k=>$v) $tablist[] = $v;
      $Blog->find();
      while ($b = $Blog->MoveNext()) {
        if (!empty($b->prefix) && in_array($b->prefix."_db_sessions",$tablist)) {
          $sql = "SELECT data FROM ".$b->prefix."_db_sessions WHERE data LIKE '%".$db->escape_string($_REQUEST['oauth_token'])."%'";
          $result = $db->get_result( $sql );
          if ($db->num_rows($result) == 1) {
            // XXX subdomain upgrade
            $redir = blog_url($b->nickname,true);

            $redir .= 'oauth_login';
            $redir .= "&oauth_token=".$_REQUEST['oauth_token'];
            $content = '<script type="text/javascript">'."\n";
            $content .= '  // <![CDATA['."\n";
            $content .= "  location.replace('".$redir."');"."\n";
            $content .= '  // ]]>'."\n";
            $content .= '</script>'."\n";
            return vars(
              array(&$content),
              get_defined_vars()
            );
          }
        }
      }
    }
  }
  
  // http://abrah.am
  lib_include('twitteroauth');
  
  /* Sessions are used to keep track of tokens while user authenticates with twitter */
  /* Consumer key from twitter */
  $consumer_key = environment( 'twitterKey' );
  /* Consumer Secret from twitter */
  $consumer_secret = environment( 'twitterSecret' );
  /* Set up placeholder */
  $content = NULL;
  /* Set state if previous session */
  $state = $_SESSION['oauth_state'];
  /* Checks if oauth_token is set from returning from twitter */
  $session_token = $_SESSION['oauth_request_token'];
  /* Checks if oauth_token is set from returning from twitter */
  $oauth_token = $_REQUEST['oauth_token'];
  /* Set section var */
  $section = $_REQUEST['section'];

  /* If oauth_token is missing get it */
  if ($_REQUEST['oauth_token'] != NULL && $_SESSION['oauth_state'] === 'start') {/*{{{*/
    $_SESSION['oauth_state'] = $state = 'returned';
  }/*}}}*/

  /*
   * 'default': Get a request token from twitter for new user
   * 'returned': The user has authorize the app on twitter
   */
  switch ($state) {/*{{{*/
    default:
      /* Create TwitterOAuth object with app key/secret */
      $to = new TwitterOAuth($consumer_key, $consumer_secret);
      /* Request tokens from twitter */
      $tok = $to->getRequestToken();
      /* Save tokens for later */
      
      $Blog =& $db->model('Blog');
			$Blog->find();
 
     if (!empty($db->prefix) && isset($_REQUEST['oauth_token'])) {
        $tabresult = $db->get_result("SHOW tables");
        $tables = array();
        $tablist = array();
        for($i=0;$tables[$i]=mysql_fetch_assoc($tabresult);$i++)
          foreach($tables[$i] as $k=>$v) $tablist[] = $v;
        while ($b = $Blog->MoveNext()) {
          if (!empty($b->prefix) && in_array($b->prefix."_db_sessions",$tablist)) {
            $sql = "SELECT id FROM ".$b->prefix."_db_sessions WHERE data LIKE '%".$db->escape_string($_REQUEST['oauth_token'])."%'";
            $result = $db->get_result( $sql );
            if ($db->num_rows($result) == 1) {
              $sess = $db->result_value( $result, 0, "id" );
              $del = $db->get_result( "DELETE FROM ".$b->prefix."_db_sessions WHERE id = '$sess'" );
            }
          }
        }
      }
      
      $_SESSION['oauth_request_token'] = $token = $tok['oauth_token'];
      $_SESSION['oauth_request_token_secret'] = $tok['oauth_token_secret'];
      $_SESSION['oauth_state'] = "start";
      
      if (isset($_GET['forward']) && !empty($_SERVER['HTTP_REFERER']))
        $_SESSION['oauth_twitter'] = $_SERVER['HTTP_REFERER'];
      else
        $_SESSION['oauth_twitter'] = $request->base;
      
      /* Build the authorization URL */
      $auth_url = $to->getAuthorizeURL($token);
      if (empty($auth_url)) {
        $content = 'Request token not found, <a href="'.$request->url_for('oauth_login').'">click here to try again...</a>';
      } else {
	
	      $content = '<script type="text/javascript">'."\n";
        $content .= '  // <![CDATA['."\n";
        $content .= "  location.replace('".$auth_url."');"."\n";
        $content .= '  // ]]>'."\n";
        $content .= '</script>'."\n";
      }
      break;
      
    case 'returned':
      if (isset($_SESSION['oauth_twitter']))
        $redirect_to = $_SESSION['oauth_twitter'];
      else
        $redirect_to = $request->base;
      /* If the access tokens are already set skip to the API call */

      if ($_SESSION['oauth_access_token'] === NULL && $_SESSION['oauth_access_token_secret'] === NULL) {
        /* Create TwitterOAuth object with app key/secret and token key/secret from default phase */
        $to = new TwitterOAuth($consumer_key, $consumer_secret, $_SESSION['oauth_request_token'], $_SESSION['oauth_request_token_secret']);
        /* Request access tokens from twitter */
        $tok = $to->getAccessToken();
        /* Save the access tokens. Normally these would be saved in a database for future use. */
        
        $_SESSION['oauth_access_token'] = $tok['oauth_token'];
        $_SESSION['oauth_access_token_secret'] = $tok['oauth_token_secret'];
        
        if (!($_SESSION['oauth_access_token'] === NULL && $_SESSION['oauth_access_token_secret'] === NULL)) {
          unset( $_SESSION['oauth_request_token'] );
          unset( $_SESSION['oauth_request_token_secret'] );
        }
        
      }
      
      $to = new TwitterOAuth(
        $consumer_key, 
        $consumer_secret, 
        $_SESSION['oauth_access_token'], 
        $_SESSION['oauth_access_token_secret']
      );
      
      $session_oauth_token = $_SESSION['oauth_access_token'];
      $session_oauth_secret = $_SESSION['oauth_access_token_secret'];
      

      $content = $to->OAuthRequest('https://twitter.com/account/verify_credentials.json', array(), 'GET');

      
      if (!(class_exists('Services_JSON')))
        lib_include( 'json' );
      $json = new Services_JSON();
      $user = $json->decode($content);

      if (empty($user)) 
        trigger_error('The server said: '.$content, E_USER_ERROR );
      
      if (empty($prefix) && in_array('invites',$db->tables)) {
        $Invite =& $db->model( 'Invite' );
        $result = $Invite->find_by( 'nickname',$user->screen_name );
        if (!$result)
          trigger_error('Sorry, you have not been invited yet '.environment('email_from'), E_USER_ERROR);
      }
      
      $Identity =& $db->model('Identity');
      $Person =& $db->model('Person');
      $TwitterUser =& $db->model('TwitterUser');
      
      $twuser = $TwitterUser->find_by( 'twitter_id',$user->id );
      
      // a) twitter user exists, does not have a profile_id
      // b) twitter user exists, HAS a profile_id
      // c) twitter user does not exist
      
      if ($twuser) {
        
        if (!$twuser->profile_id) {
          // a
          $i = make_identity(array(
            $user->screen_name,
            $user->profile_image_url,
            $user->name,
            $user->description,
            $user->url,
            $user->location
          ));
          if (!$i)
            trigger_error('sorry I was unable to create an identity', E_USER_ERROR);
          $twuser->set_value('profile_id',$i->id);
          $twuser->set_value('oauth_key',$session_oauth_token);
          $twuser->set_value('oauth_secret',$session_oauth_secret);
          $twuser->save_changes();
          if (!$twuser)
            trigger_error('sorry I was unable to create a twitter user', E_USER_ERROR);
        } else {
          // b
          $i = $Identity->find($twuser->profile_id);
          if (!$i)
            trigger_error('sorry I was unable to find the identity', E_USER_ERROR);
          if ($session_oauth_token != $twuser->oauth_key) {
            $twuser->set_value('oauth_key',$session_oauth_token);
            $twuser->set_value('oauth_secret',$session_oauth_secret);
            $twuser->save_changes();
          }
        }
      } else {
        // c
        $i = make_identity(array(
          $user->screen_name,
          $user->profile_image_url,
          $user->name,
          $user->description,
          $user->url,
          $user->location
        ));
        if (!$i)
          trigger_error('sorry I was unable to create an identity', E_USER_ERROR);
        $twuser = make_twuser($user,$i->id,$session_oauth_token,$session_oauth_secret);
        if (!$twuser)
          trigger_error('sorry I was unable to create a twitter user', E_USER_ERROR);
				$Setting =& $db->model('Setting');
				$cfg = $Setting->base();
				$cfg->set_value('profile_id',$i->id);
				$cfg->set_value('person_id',$i->person_id);
				$cfg->set_value('name','config.env.importtwitter_'.$user->id);
				$cfg->set_value('value',1);
				$cfg->save_changes();
				$cfg->set_etag();
      }
          
      $_SESSION['oauth_person_id'] = $i->person_id;

		  if (isset($_SESSION['tw_forward'])){
			  $redirect_to = $_SESSION['tw_forward'];
			  redirect_to($redirect_to);
		  }

      if (empty($redirect_to)) {
        $content = "<p>there was an error in the oauth routine, sorry</p>";
      } else {
        $content = '<script type="text/javascript">'."\n";
        $content .= '  // <![CDATA['."\n";
        $content .= "  location.replace('".$redirect_to."');"."\n";
        $content .= '  // ]]>'."\n";
        $content .= '</script>'."\n";
      }
      break;
  }/*}}}*/
  return vars(
  array(
    
    &$content,
    
  ),
  get_defined_vars()
);
}

function make_identity( $user, $newperson=false ) {
  global $db,$prefix,$request;
  $Person =& $db->model('Person');
  if ($newperson) {
	  $p = $Person->base();
	  $p->save();
  } elseif (get_person_id()) {
	  // make a new identity for the Person
	  $p = $Person->find(get_person_id());
  } else {
	  $p = $Person->base();
	  $p->save();
  }
	if (!(get_class($p) == 'Record')){
		$p = $Person->base();
	  $p->save();
	}


  $Identity =& $db->model('Identity');
  $i = $Identity->base();

  $nicker = $db->escape_string($user[0]);
  
  for ( $j=1; $j<50; $j++ ) {
    $sql = "SELECT nickname FROM ".$prefix."identities WHERE nickname LIKE '".$nicker."' AND (post_notice = '' OR post_notice IS NULL)";
    $result = $db->get_result( $sql );
    if ($db->num_rows($result) > 0) {
      $nicker = $db->escape_string($user[0]).$j;
    } else {
      break;
    }
  }

  $i->set_value( 'avatar', base_path(true).'resource/favicon.png' );
  $i->set_value( 'nickname', $nicker );
  if (!empty($user[1]))
    $i->set_value( 'avatar', $user[1] ); 
  $i->set_value( 'fullname', $user[2] );
  $i->set_value( 'bio', $user[3] );
  $i->set_value( 'homepage', $user[4] );
  $i->set_value( 'locality', $user[5] );
  $i->set_value( 'label', 'profile 1' );
  $i->set_value( 'person_id', $p->id );
  $i->save_changes();
  $i->set_etag($p->id);
  
  if (empty($prefix) && in_array('invites',$db->tables)) {
    $Membership =& $db->model( 'Membership' );
    $m = $Membership->base();
    $m->set_value( 'group_id', 4 ); // XXX
    $m->set_value( 'person_id', $p->id );
    $m->save_changes();
  }
  
  $i->set_value( 'profile', $request->url_for(array('resource'=>"_".$i->id)) );
  $i->set_value( 'profile_url', $request->url_for(array('resource'=>$nicker)) );

  $i->save_changes();
  //$i->set_value( 'update_profile', $updateProfile );
  //$i->set_value( 'post_notice', $postNotice );
  return $i;
}

function facebook_dologin(&$vars){

extract($vars);

foreach( array('helper','twitter','facebook') as $module )

  require_once $GLOBALS['PATH']['dbscript'] . $module . '.php';






$xd = '/resource/xd_receiver.htm';



$fbkey = environment('facebookKey');
$fbsec = environment('facebookSecret');
$appid = environment('facebookAppId');
$agent = environment('facebookAppName');

$fblogin = $request->url_for('facebook_login');


$fbuid = 0;

if (signed_in() && has_facebook_account()){
  $fbuid = $_SESSION['fb_userid'];
}
add_include_path(library_path().'facebook_stream');
require_once "Services/Facebook.php";

if (isset($_SESSION['fb_userid']) && !empty($_SESSION['fb_userid'])) {
	global $prefix,$db;
	$db->prefix = $prefix;
	$uid = $_SESSION['fb_userid'];
	$sql = "SELECT DISTINCT oauth_key FROM facebook_users WHERE facebook_id = ".$uid;
	$result = $db->get_result( $sql );
	if (!(mysql_num_rows($result) == 1))
	  trigger_error('unable to find facebook user',E_USER_ERROR);
	$sess = $db->result_value($result,0,'oauth_key');
} else {
  $sess = false;
}

  $next = $fblogin;

$f = new Facebook(
  $fbkey,
  $fbsec,
  $appid,
  $agent,
  $sess,
  $next
);

$f->permission_to('publish_stream',false,true);

redirect_to($request->base);
  
}




function facebook_getloggedin(){

	extract($vars);

	foreach( array('helper','twitter','facebook') as $module )

	  require_once $GLOBALS['PATH']['dbscript'] . $module . '.php';






	$xd = '/resource/xd_receiver.htm';



	$fbkey = environment('facebookKey');
	$fbsec = environment('facebookSecret');
	$appid = environment('facebookAppId');
	$agent = environment('facebookAppName');

  global $request;

	$fblogin = $request->url_for('facebook_login');


	$fbuid = 0;

	if (signed_in() && has_facebook_account()){
	  $fbuid = $_SESSION['fb_userid'];
	  if (isset($_SESSION['fb_forward']))
	    redirect_to($_SESSION['fb_forward']);
	}
	add_include_path(library_path().'facebook_stream');
	require_once "Services/Facebook.php";

	if (isset($_SESSION['fb_userid']) && !empty($_SESSION['fb_userid'])) {
		global $prefix,$db;
		$db->prefix = $prefix;
		$uid = $_SESSION['fb_userid'];
		$sql = "SELECT DISTINCT oauth_key FROM facebook_users WHERE facebook_id = ".$uid;
		$result = $db->get_result( $sql );
		if (!(mysql_num_rows($result) == 1))
		  trigger_error('unable to find facebook user',E_USER_ERROR);
		$sess = $db->result_value($result,0,'oauth_key');
	} else {
	  $sess = false;
	}

	$next = $fblogin;

if (isset($_GET['callbackurl']))
	$next = $_GET['callbackurl'];

	$f = new Facebook(
	  $fbkey,
	  $fbsec,
	  $appid,
	  $agent,
	  $sess,
	  $next
	);

	$tok = $f->request_token();

	redirect_to( $tok->authorize_url().'&fbconnect=true&return_session=true&req_perms=offline_access,publish_stream' );
}

function facebook_login( &$vars ) {
  extract($vars);
  
  $app_id = environment('facebookAppId');
  $consumer_key = environment('facebookKey');
  $consumer_secret = environment('facebookSecret');
  $agent = environment('facebookAppName')." (curl)";
  
  add_include_path(library_path());
  add_include_path(library_path().'facebook-platform/php');
  add_include_path(library_path().'facebook_stream');
  
  require_once "facebook.php";
  require_once "FacebookStream.php";
  require_once "Services/Facebook.php";
  
  if (isset($_GET['forward'])){
	  if (!empty($_SERVER['HTTP_REFERER']))
		  $_SESSION['fb_forward'] = $_SERVER['HTTP_REFERER'];
		if (isset($_GET['callbackurl']))
			$_SESSION['fb_forward'] = $_GET['callbackurl'];
	} 

//	$sesskey = environment('facebookSession');

  $fb = new Facebook($consumer_key, $consumer_secret, true);

//	$facebook->api_client->session_key = $sesskey;

  $_SESSION['fb_session'] = (string)$fb->api_client->session_key;
  $_SESSION['fb_userid'] = (string)$fb->user;



if (isset($_GET['session'])){

  if (!(class_exists('Services_JSON')))
    lib_include( 'json' );

  $data = $_GET['session'];
//  print_r(unserialize($data));
$arr = (array)json_decode($data);
if ($arr['uid'])
  $_SESSION['fb_userid'] = $arr['uid'];
if ($arr['session_key'])
  $_SESSION['fb_session'] = $arr['session_key'];

}



  if (!$_SESSION['fb_userid'])
	  redirect_to($request->url_for('facebook_getloggedin'));


  $fs = new FacebookStream($consumer_key,$consumer_secret,$agent,$app_id);

  $token = $fs->getAccessToken();

	$_SESSION['fb_request_token'] = $token;

  $fieldlist = array(
    'last_name',
    'first_name',
    'pic_small',
    'profile_blurb',
    'profile_url',
    'locale',
    'name',
    'proxied_email'
  );

  $fields = implode(',',$fieldlist);

  $user = $fs->getInfo( $_SESSION['fb_userid'], $fields );
  
  $values = array();
  
  $values[] = str_replace(' ','',strtolower((string)$user->user->name));
  $values[] = (string)$user->user->pic_small;
  $values[] = (string)$user->user->name;
  $values[] = (string)$user->user->profile_blurb;
  $values[] = (string)$user->user->profile_url;
  $values[] = (string)$user->user->locale;
  
  $Identity =& $db->model('Identity');
  $Person =& $db->model('Person');
  $FacebookUser =& $db->model('FacebookUser');
  
  if (empty($prefix) && in_array('invites',$db->tables)) {
    $Invite =& $db->model( 'Invite' );
    $result = $Invite->find_by( 'nickname', (string)$user->user->name );
    if (!$result)
      trigger_error('Sorry, you have not been invited yet '.environment('email_from'), E_USER_ERROR);
  }
  
  $faceuser = $FacebookUser->find_by( 'facebook_id',$_SESSION['fb_userid'] );
  
  // a) facebook user exists, does not have a profile_id
  // b) facebook user exists, HAS a profile_id
  // c) facebook user does not exist
  if ($faceuser) {
    
    if (!$faceuser->profile_id) {
      $i = make_identity($values);
      if (!$i)
        trigger_error('sorry I was unable to create an identity', E_USER_ERROR);
      $faceuser->set_value('profile_id',$i->id);
      $faceuser->save_changes();
      if (!$faceuser)
        trigger_error('sorry I was unable to create a facebook user', E_USER_ERROR);
    } else {
      // b
      $i = $Identity->find($faceuser->profile_id);
      if (!$i)
        trigger_error('sorry I was unable to find the identity', E_USER_ERROR);
    }
  } else {
    // c
    $i = make_identity($values);
    if (!$i)
      trigger_error('sorry I was unable to create an identity', E_USER_ERROR);
    $faceuser = make_fb_user($user,$i->id);
    if (!$faceuser)
      trigger_error('sorry I was unable to create a facebook user', E_USER_ERROR);
    $Setting =& $db->model('Setting');
		$cfg = $Setting->base();
		$cfg->set_value('profile_id',$i->id);
		$cfg->set_value('person_id',$i->person_id);
		$cfg->set_value('name','config.env.importfacebook_'.(string)$user->user->uid);
		$cfg->set_value('value',1);
		$cfg->save_changes();
		$cfg->set_etag();
  }

  $_SESSION['fb_person_id'] = $i->person_id;
  
  if (isset($_SESSION['fb_forward']))
	  redirect_to($_SESSION['fb_forward']);

  redirect_to($request->base);
  
}

function make_fb_user( $user, $profile_id ) {
  
  global $db;
  
  $Identity =& $db->model('Identity');
  $Person =& $db->model('Person');
  $nickname = str_replace(' ','',strtolower((string)$user->user->name));
  $FacebookUser =& $db->model('FacebookUser');
  $faceuser = $FacebookUser->find_by( 'facebook_id',(string)$user->user->uid );
  
  if ($faceuser)
    return $faceuser;
  
  $faceuser = $FacebookUser->base();
  
  $faceuser->set_value('description',       (string)$user->user->profile_blurb);
  $faceuser->set_value('screen_name',       $nickname);
  $faceuser->set_value('url',               (string)$user->user->profile_url);
  $faceuser->set_value('name',              (string)$user->user->name);
  $faceuser->set_value('protected',         0);
  $faceuser->set_value('followers_count',   0);
  $faceuser->set_value('profile_image_url', (string)$user->user->pic_small);
  $faceuser->set_value('location',          (string)$user->user->locale);
  $faceuser->set_value('facebook_id',       (string)$user->user->uid);
  $faceuser->set_value('profile_id',        $profile_id);
  $faceuser->set_value('oauth_key',        $_SESSION['fb_session']);
  $faceuser->save_changes();
  
  return $faceuser;

}

function make_twuser( $user, $profile_id, $oauthkey, $oauthsecret ) {
  global $db;
  $Identity =& $db->model('Identity');
  $Person =& $db->model('Person');
  $nickname = $user->screen_name;
  $TwitterUser =& $db->model('TwitterUser');
  $twuser = $TwitterUser->find_by( 'twitter_id',$user->id );
  if ($twuser)
    return $twuser;
  $twuser = $TwitterUser->base();
  $twuser->set_value('description',$user->description);
  $twuser->set_value('screen_name',$nickname);
  $twuser->set_value('url',$user->url);
  $twuser->set_value('name',$user->name);
  $twuser->set_value('protected',$user->protected);
  $twuser->set_value('followers_count',$user->followers_count);
  $twuser->set_value('profile_image_url',$user->profile_image_url);
  $twuser->set_value('location',$user->location);
  $twuser->set_value('twitter_id',$user->id);
  $twuser->set_value('profile_id',$profile_id);
  $twuser->set_value('oauth_key',$oauthkey);
  $twuser->set_value('oauth_secret',$oauthsecret);
  $twuser->save_changes();
  return $twuser;
}


function openid_login( &$vars ) {
  extract( $vars );
  
  global $request;

  if (isset($request->params['openid'])) {

    $openid = urldecode($request->params['openid']);
    
    if (!strstr($openid,'http'))
      $openid = 'http://' . $openid;
    
    if ("/" == substr($openid,-1))
      $openid = substr( $openid, 0, -1 );
    
    $request->set_param('return_url',$request->url_for( 'openid_continue' ).'/');
    
    $request->set_param('protected_url',$request->base);
    
    $request->set_param('openid_url',trim($openid));

    authenticate_with_openid();
    
    if (!(empty($_SESSION['requested_url'])))
      redirect_to( $_SESSION['requested_url'] );
    else
      redirect_to( $request->base );
  }
  
  render( 'action', 'login' );
  
}

function openid_continue( &$vars ) {
  
  extract( $vars );
  
  $valid = false;
  
  if ( class_exists('MySQL') && environment('openid_version') > 1 && !isset($_SESSION['openid_degrade']) ) {
    
    global $openid;
    
    wp_plugin_include(array(
      'wp-openid'
    ));
    
    $logic = new WordPressOpenID_Logic(null);
    
    $logic->activate_plugin();
    
    $consumer = WordPressOpenID_Logic::getConsumer();
    
    $openid->response = $consumer->complete($_SESSION['oid_return_to']);
    
    switch( $openid->response->status ) {
      case Auth_OpenID_CANCEL:
        trigger_error('The OpenID assertion was cancelled.', E_USER_ERROR );
        break;
      
      case Auth_OpenID_FAILURE:
        // if we fail OpenID v2 here, we retry once with OpenID v1
        $_SESSION['openid_degrade'] = true;
        $request->set_param('return_url',$request->url_for( 'openid_continue' ).'/');
        $request->set_param('protected_url',$request->base);
        $request->set_param('openid_url',$_SESSION['openid_url']);
        authenticate_with_openid();
        break;
      
      case Auth_OpenID_SUCCESS:
        $_SESSION['openid_complete'] = true;
        $valid = true;
        break;
      
    }
  
  }
  
  if (!($valid)) {
  
    include $GLOBALS['PATH']['library'] . 'openid.php';
  
    $openid = new SimpleOpenID;
  
    $openid->SetIdentity( $_SESSION['openid_url'] );
  
    $openid->SetApprovedURL( $request->url_for( 'openid_continue' ).'/');
  
    $openid->SetTrustRoot( $request->base );
  
    $server_url = $_SESSION['openid_server_url'];
  
    $openid->SetOpenIDServer( $server_url );
  
    $valid = $openid->ValidateWithServer();
    
  }
  
  if ($valid)
    $_SESSION['openid_complete'] = true;
  else
    trigger_error( "Sorry, the openid server $server_url did not validate your identity.", E_USER_ERROR );


  complete_openid_authentication( $request );
  
  if (!(empty($_SESSION['requested_url'])))
    redirect_to( $_SESSION['requested_url'] );
  else
    redirect_to( $request->base );
  
}

function security_init() {
  
  global $request;
  
  // add Routes -- route name, pattern to match, and default request parameters
  
  $request->connect( 'openid_continue/:fromserver', array('action'=>'openid_continue') );
  
  $request->connect( 'openid_continue' );
  
  $request->connect( 'openid_login_return' );
  
  $request->connect( 'openid_submit' );
  
  $request->connect( 'password_submit' );
  $request->connect( 'facebook_dologin' );
  $request->connect( 'facebook_getloggedin' );
  $request->connect( 'rsslike/:forurl', array('action'=>'like','resource'=>'posts'));

  $request->connect( 'password_register' );
  
  $request->connect( 'openid_logout' );
  
  $request->connect( 'openid_login' );
  
  $request->connect( 'openid_login/:openid', array('action'=>'openid_login') );
  
  $request->connect( 'email_login' );
  
  $request->connect( 'register' );
  
  $request->connect( 'email_submit' );
  
  $request->connect( 'ldap_login' );
  
  $request->connect( 'ldap_submit' );
  
  $request->connect( 'oauth_login' );

  $request->connect( 'facebook_login' );

  $request->connect( 'authsub' );

	foreach (array(



    'api/direct_messages/sent'=>'api_direct_messages_sent',
		'api/direct_messages'=>'api_direct_messages',
	  'api/statuses/mentions'=>'api_statuses_mentions',
	  'api/users/show'=>'api_users_show',
	  'api/rss/textInput'=>'api_rss_textInput'

	) as $f1=>$f2) {
	
	  $patterns = explode( '/', $f1 );
	  $requirements = array();
	  foreach ( $patterns as $pos => $str ) {
	    if ( substr( $str, 0, 1 ) == ':' ) {
			  $requirements[] = '[A-Za-z0-9_.]+';
	    }
	  }
		$routesetup = array(
		  'action'=>$f2,
		  'resource'=>'posts'
		);
		if (count($requirements) > 0)
			$routesetup['requirements'] = $requirements;
		$request->connect(
		  $f1,
		  $routesetup
		);
		global $prefix;
		if (!$prefix) {
			global $db;
			$Blog =& $db->model('Blog');
			$Blog->set_limit(200);
		  $coll = new Collection('blogs');
		  while ($b = $coll->MoveNext()) {
			  $sub = $b->nickname;
			  $routesetup['stream'] = $sub;
			  $routesetup['prefix'] = $b->prefix;
			  if (is_array($patterns))
					$request->connect(
					  $sub.'/'.implode('/',$patterns),
					  $routesetup
					);
			}
		}

	}

  $request->connect( 'permanent_facebook_key/:key', array('action'=>'permanent_facebook_key') );

  $request->routematch();
  
    if (isset($_SESSION['fb_person_id'])
  && $_SESSION['fb_person_id'] >0) {
      $request->openid_complete = true;
    return $_SESSION['fb_person_id'];
  } elseif (isset($_SESSION['oauth_person_id'])
  && $_SESSION['oauth_person_id'] >0) {
      $request->openid_complete = true;
    return $_SESSION['oauth_person_id'];
  } elseif ( isset( $_SESSION['openid_complete'] ) && check_cookie() ) {
    if ( !isset($request->openid_url) && $_SESSION['openid_complete'] == true)
      $request->openid_complete = true;
  } elseif (check_cookie()) {
	  $_SESSION['openid_complete'] = true;
  	$request->openid_complete = true;
  }
  
}

function security_install() {
  //
}

function security_uninstall() {
  //
}


function get_twitter_oauth(){
	global $db,$prefix,$request;
  $sql = "SELECT oauth_key,oauth_secret FROM ".$prefix."twitter_users WHERE profile_id = ".get_profile_id();
  $result = $db->get_result( $sql );
  if ($db->num_rows($result) == 1) {
    // http://abrah.am
    lib_include('twitteroauth');
    $key = $db->result_value($result,0,'oauth_key');
    $secret = $db->result_value($result,0,'oauth_secret');
    $consumer_key = environment( 'twitterKey' );
    $consumer_secret = environment( 'twitterSecret' );    
    $to = new TwitterOAuth(
      $consumer_key, 
      $consumer_secret, 
      $key, 
      $secret
    );
    return $to;
  }
  return false;
}

function get_twitter_screen_name($person_id=false){
	global $db;
	if (!$person_id)
	  $person_id = get_person_id();

  $TwitterUser =& $db->model('TwitterUser');
  $TwitterUser->has_one('profile_id:identities');
  $stat = $TwitterUser->find_by(array(
		'identities.person_id'=>$person_id
	));
  if ($stat){
	  $tu = $TwitterUser->MoveFirst();
    return $tu->screen_name;
  }
	return false;
}

function explode_returned($responseString){
	$r = array();
  foreach (explode('&', $responseString) as $param) {
    $pair = explode('=', $param, 2);
    if (count($pair) != 2) continue;
    $r[urldecode($pair[0])] = urldecode($pair[1]);
  }
  return $r;
}
function setup_google_account(){
	if (!isset($_SESSION['googleAccessKey']) && !isset($_SESSION['googleAccessSecret']))
	  trigger_error('sorry the oauth credentials were not found', E_USER_ERROR);
	global $request,$db;
	$Setting =& $db->model('Setting');
	
	$stat = $Setting->find_by(array('name'=>'google_key','profile_id'=>get_profile_id()));
	
  if (!$stat && !empty($_SESSION['googleAccessKey']) && get_profile_id()) {
    $stat = $Setting->base();
    $stat->set_value('profile_id',get_profile_id());
    $stat->set_value('person_id',get_person_id());
    $stat->set_value('name','google_key');
    $stat->set_value('value',$_SESSION['googleAccessKey']);
    $stat->save_changes();
    $stat->set_etag();
    $stat = $Setting->base();
    $stat->set_value('profile_id',get_profile_id());
    $stat->set_value('person_id',get_person_id());
    $stat->set_value('name','google_secret');
    $stat->set_value('value',$_SESSION['googleAccessSecret']);
    $stat->save_changes();
    $stat->set_etag();
		$cfg = $Setting->base();
		$cfg->set_value('profile_id',get_profile_id());
		$cfg->set_value('person_id',get_person_id());
		$cfg->set_value('name','config.env.importgoogle_'.$_SESSION['googleAccessKey']);
		$cfg->set_value('value',1);
		$cfg->save_changes();
		$cfg->set_etag();

  }	

  if (isset($_SESSION['bz_forward']))
	  redirect_to($_SESSION['bz_forward']);

  redirect_to($request->base);


	exit;
	
	// this is how you make a gdata api request
  $endpoint = $scope;
	$parsed = parse_url($endpoint);
	$params = array();
	parse_str($parsed['query'], $params);
  lib_include('twitteroauth');
	$base_url = $request->base;
  $key = environment( 'googleKey' );
  $secret = environment( 'googleSecret' );
	$consumer = new OAuthConsumer($key, $secret, NULL);
  $hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
  $token = get_oauth_token($_SESSION['googleAccessKey'], $_SESSION['googleAccessSecret']);
	$oauth_req = OAuthRequest::from_consumer_and_token($consumer, $token, "GET", $endpoint, $params);
	$oauth_req->sign_request($hmac_method, $consumer, $token);
	$responseString = send_signed_request($oauth_req->get_normalized_http_method(),
	                                      $endpoint, $oauth_req->to_header(), NULL, false);
	echo $responseString;
	exit;

  $key = environment( 'googleKey' );
  $secret = environment( 'googleSecret' );
  $hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
	$consumer = new OAuthConsumer($key, $secret, NULL);
	$token = $arr['oauth_token'];
	$tokensecret = $arr['oauth_token_secret'];
  $token = new OAuthToken($token, $tokensecret);
  $endpoint = 'https://mail.google.com/mail/feed/atom/';
	$oauth_req = OAuthRequest::from_consumer_and_token($consumer, $token, "GET", $endpoint, NULL);
	$oauth_req->sign_request($hmac_method, $consumer, $token);
	$responseString = readUrl($oauth_req->to_url());
	print_r($responseString);
}

function authsub( &$vars ) {
//	unset($_SESSION['googleAccessSecret']);
//	unset($_SESSION['googleAccessKey']);
//	exit;
	
	if (isset($_SESSION['googleAccessKey']) && isset($_SESSION['googleAccessSecret']))
	  setup_google_account();
  extract($vars);
//  $scope = 'https://mail.google.com/mail/feed/atom/';

if (isset($_GET['forward'])){
  if (!empty($_SERVER['HTTP_REFERER']))
	  $_SESSION['bz_forward'] = $_SERVER['HTTP_REFERER'];
	if (isset($_GET['callbackurl']))
		$_SESSION['bz_forward'] = $_GET['callbackurl'];
} 


  $scope = 'https://www.googleapis.com/auth/buzz';
  $base_url = $request->base;
  $endpoints = array(
//		'https://www.google.com/accounts/OAuthGetRequestToken?scope='.$scope,
	'https://www.google.com/accounts/OAuthGetRequestToken?scope='.$scope,
//		'https://www.google.com/accounts/OAuthAuthorizeToken',
		'https://www.google.com/buzz/api/auth/OAuthAuthorizeToken',
		'https://www.google.com/accounts/OAuthGetAccessToken'
	);
	  if (!isset($_SESSION['googleAccessKey']) && !isset($_SESSION['googleAccessSecret']))…