Lines:
1 to 100 of 148
<?php // (C) Copyright Bobbing Wide 2014 /* function oik_clone_wp_api() – Display a box to connect to a remote server to list content Display a box to list the content Actions: Refresh from server */ /* function oik_clone_source_site() – Dialog to discover which site to clone and parameters to use */ /* function oik_clone_get_api_url() – Find the URL to access WP-API */ /* function oik_clone_selection_criteria() – Display the selected posts and find out what the user wants to do with them */ /* function oik_clone_source_site_check() – Perform checks on the source site */ /* function oik_clone_get_api_route() – */ /* function oik_clone_parse_links() – Parse the link from this ugly string */ /* function oik_clone_get_api_url() – Find the URL to access WP-API */ /** * * In order to store OAuth authentication details for a remote site we need to be able to keep * the same information as WP-CLI does when using OAuth2 * Where should this be stored? * Options are: * - Oauth post type using post meta data * - user post meta - keyed the same way as WP-CLI caches its data * * So how do we decide which "service" the user is using at the other site? * I suppose we let them select it from those they have authorized. * string(29) "http://qw/wp40/oauth1/request" [Authorization] => OAuth oauth_version="1.0",oauth_nonce="b488a5fbf6a607072e332719c3278d0d",oauth_timestamp="1413205251",oauth_co nsumer_key="qSWU6OQiP2aU",oauth_signature_method="HMAC-SHA1",oauth_signature="JPRP%2FFVf2lxxrsnmEp3Sw6byrYQ%3D" Authorized! Key: tWjAkyJzaSnMJ3gT4VOnzbf8 Secret: o5LhV1QveyCImx3TGb5Wvw7GjOOUoY7LugnjX1QwDEYV3oPD Consumer key: qSWU6OQiP2aU Consumer secret: ZxchyIePEPUkItiLZDcLCdu9tRRk42kMCq0sDySmeshn0Nle Token key: ezhyYEwnz36Iy7DniaZYxp5c Token secret: OwJu7pDqmIMz6eD4wmwQjs4PVOtlaQIHsUy92ocbmA1HDXSh The information is stored in the wp_options table: with an option_name of of oauth1_access_<i>Token key</i> e.g. Key: oauth1_access_ezhyYEwnz36Iy7DniaZYxp5c a:4:{s:3:"key";s:24:"ezhyYEwnz36Iy7DniaZYxp5c"; s:6:"secret";s:48:"OwJu7pDqmIMz6eD4wmwQjs4PVOtlaQIHsUy92ocbmA1HDXSh"; s:8:"consumer";i:524; s:4:"user";i:2;} WP-CLI stores the information in the cache api/oauth1-blah where blah is made from the URL you're using But how do we actually use this information? It must be the key that we pass to the server. No, it's more complicated than that. How does this make it any more secure? OK, so now we're failing with 23768456/23870904 F=160 check_oauth_signature(6) string_to_sign GET&http%3A%2F%2Fqw%2Fwp40%2Fwp-json%2Fusers&oauth_consumer_key%3DqSWU6OQiP2aU%26oauth_nonce%3D627d24e513113d719f3d6b668931637f%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1413222926%26oauth_token%3DezhyYEwnz36Iy7DniaZYxp5c%26oauth_version%3D1.0
Called by
Invoked by
Calls
Call hooks
API Letters: