I am trying to create a 3rd party app for a game I like (EVE Online) which requires oauth. I have decided to do the oauth handling in it's own script and once resolved, put an associative array into the session based on the CharacterID retrieved from oauth.
I am able to successfully output the desired contents of the session array from the /callback/index.php' that handles the oauth requests at the end of the script. However, I want to keep this script "in the background" and somewhat secret, and redirect most of the activity to a '../main.php' in the directory just below.
However, when I finally get to main.php, printing the session returns an empty array. What am I doing wrong? I have searched all day for solutions and have implemented every one of them.
Below are the relevant files:
session.php
<?php
if (!empty($_GET['ID'])) {
session_id($_GET['ID']);
}
if (session_status() == PHP_SESSION_NONE) {
session_start();
} else {
$sLocation="http://eve.oriigen.com/eClt";
header("Location: ".$sLocation);
exit();
}
?>
/callback/index.php
<?php require_once '../src/session.php' ?>
<?php require_once 'secret.php' ?>
<?php
function auth_error($error_message)
{
print "There's been an error";
error_log($error_message);
exit();
}
$sUserAgent = "EVE Contact List Toolkit [eClt]";
$post_url = "https://login.eveonline.com/oauth/token";
$get_url = "https://login.eveonline.com/oauth/verify";
$client_id="Basic ".base64_encode($sClientId.":".$sSecretKey);
$content_type = "application/x-www-form-urlencoded";
$host_url = "login.eveonline.com";
$aHeaders = array("Authorization: ".$client_id,
"Content-type: ".$content_type,
"Host: ".$host_url);
$aPostFields = array("grant_type"=>"authorization_code",
"code"=>$_GET["code"]);
$oCurlRequest = curl_init();
curl_setopt($oCurlRequest, CURLOPT_URL, $post_url);
curl_setopt($oCurlRequest, CURLOPT_USERAGENT, $sUserAgent);
curl_setopt($oCurlRequest, CURLOPT_HTTPHEADER, $aHeaders);
curl_setopt($oCurlRequest, CURLOPT_POST, count($aPostFields));
curl_setopt($oCurlRequest, CURLOPT_POSTFIELDS, http_build_query($aPostFields));
curl_setopt($oCurlRequest, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($oCurlRequest, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($oCurlRequest, CURLOPT_SSL_VERIFYHOST, 2);
$oResult = curl_exec($oCurlRequest);
if ($oResult===false) {
auth_error(curl_error($oCurlRequest));
}
curl_close($oCurlRequest);
$aResponse=json_decode($oResult);
unset($oCurlRequest);
unset($oResult);
$sTokenType=$aResponse->token_type;
$sAuthToken=$aResponse->access_token;
$iAuthTokenExpire=$aResponse->expires_in;
$sRefreshToken=$aResponse->refresh_token;
$sGetHeader="Authorization: ".$sTokenType." ".$sAuthToken;
$oCurlRequest = curl_init();
curl_setopt($oCurlRequest, CURLOPT_URL, $get_url);
curl_setopt($oCurlRequest, CURLOPT_USERAGENT, $sUserAgent);
curl_setopt($oCurlRequest, CURLOPT_HTTPHEADER, array($sGetHeader));
curl_setopt($oCurlRequest, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($oCurlRequest, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($oCurlRequest, CURLOPT_SSL_VERIFYHOST, 2);
$oResult = curl_exec($oCurlRequest);
if ($oResult===false) {
auth_error(curl_error($oCurlRequest));
}
curl_close($oCurlRequest);
$aResponse=json_decode($oResult);
unset($oCurlRequest);
unset($oResult);
$sCharId=(string)$aResponse->CharacterID;
$sCharacterName=$aResponse->CharacterName;
$sExpiresOn=$aResponse->ExpiresOn;
$sTokenType=$aResponse->TokenType;
$sCharacterOwnerHash=$aResponse->CharacterOwnerHash;
$sIntellectualProperty=$aResponse->IntellectualProperty;
/* $aCharInfo=array("CharID"=>(int)$sCharId,
"CharName"=>$sCharacterName,
"CharOwnerHash"=>$sCharacterOwnerHash,
"ExpiresOn"=>$sExpiresOn,
"AuthToken"=>$sAuthToken,
"AuthTokenExpIn"=>$iAuthTokenExpire,
"RefreshToken"=>$sRefreshToken);*/
if (!isset($_SESSION[(string)$sCharId])) {
$_SESSION[(string)$sCharId]=array("CharID"=>(int)$sCharId,
"CharName"=>$sCharacterName,
"CharOwnerHash"=>$sCharacterOwnerHash,
"ExpiresOn"=>$sExpiresOn,
"AuthToken"=>$sAuthToken,
"AuthTokenExpIn"=>$iAuthTokenExpire,
"RefreshToken"=>$sRefreshToken);
} else {
$_SESSION["moo"]=0;
}
session_write_close();
$sRedirect="../main.php?ID=".session_id();
header("Location: ".$sRedirect);
exit();
/* echo "<pre>";
print_r($_SESSION);
echo "</pre>";
echo "<hr />";
echo gettype($iCharId);
echo "<hr />";
echo "<pre>";
print_r($aCharInfo);
echo "</pre>";*/
?>
../main.php
<?php require_once './src/session.php' ?>
<?php
//echo "SessionId: ".session_id()."<br />";
//echo "<hr/>";
//echo "<pre>";
print_r($_SESSION);
//echo "</pre>";
?>
[ <a href="logout.php">Logout</a> ]
As you can see from the commented sections, I have tried every diagnostic printout I can think of. So, where am I going wrong?
Solved it - per a related question I found only after posting this question:
from here:
The PHP session storage mechanism was originally built around "registering" variables, so the keys in $_SESSION must be names that could be treated as variables in their own right. This means that $_SESSION[10] is invalid, because $10 wouldn't be a valid variable name, and since $foo[10] and $foo['10'] refer to the same thing, $_SESSION['10'] is invalid as well.
CharacterID was either and int of a string version of an int, apparently PHP sessions don't like numbers in their array keys...