Reply
Occasional Visitor
ElizabethG766
Posts: 2
Registered: ‎12-08-2011

Trying to use addContact.php but I keep having to authorize app

With the PHP sample library code, it seems to only store the tokens in session variables.

 

I need it to store my autohrization permanently so that users don't have to see anything to do with Constant Contact's Grant Permission screen.

 

How can I modify the PHP library to save the tokens I need permanently?


Thanks,

Andy

DaveBerard
Posts: 1,635
Topics: 7
Kudos: 61
Solutions: 58
Registered: ‎06-19-2008

Re: Trying to use addContact.php but I keep having to authorize app

If you are using the PHP wrapper library and OAuth, you'll notice that there is a datastore stub added to the library.  To store and retrieve the data permanently so that your users do not see that flow, you'll need to go into those stub methods and add code to store the values locally on your server in either a database or datafile of some kind.  For security purposes, we recommend storing that data in a secure database or an encrypted file.

Dave Berard
Senior Product Manager, Constant Contact
Occasional Visitor
ElizabethG766
Posts: 2
Registered: ‎12-08-2011

Re: Trying to use addContact.php but I keep having to authorize app

Hi Dave,

 

Thanks for the suggestions!

 

A couple follow-up questions:

- Where in the PHP library are these Datastore stubs?

- This seems like it would be very common functionality.  Is there additional library code or user-contributed code showing how to modify the Datastore stubs to store the values?  

 

Thanks,

Andy

DaveBerard
Posts: 1,635
Topics: 7
Kudos: 61
Solutions: 58
Registered: ‎06-19-2008

Re: Trying to use addContact.php but I keep having to authorize app

The code is found starting at line 935 in the Authentication.php file.  Here is the code set that needs to be modified. The addUser and lookupUser methods must be changed to store/pull into a database or datafile instead of into the $_SESSION variable. We do not have any sample code for an implementation as usually the implementation is specific to how your database is configured, your server software you're running and many other security and data concerns that are specific to each customer.

 

 

class CTCTDataStore {
    function __construct(){
    }
    function addUser($user){
        $_SESSION['users'][$user['username']] = $user;
    }

    function lookupUser($username){
        try{
            if(isset($_SESSION['users'])){
                foreach ($_SESSION['users'] as $user){
                    if($user['username'] == $username){$returnUser = $user;}
                }
            }
            if(empty($returnUser)) {
                $returnUser = false;
                throw new Exception('Username '.$username.' not found in datastore');
            }
        }catch(Exception $e){
            echo 'OAuth Exception: '.$e->getMessage();
        }
        return $returnUser;
    }

    function lookup_consumer($consumer_key) {
     // optional: implement me
    }

    function lookup_token($consumer, $token_type, $token) {
    // optional: implement me
    }

    function lookup_nonce($consumer, $token, $nonce, $timestamp) {
    // optional: implement me
    }

    function new_request_token($consumer, $callback = null) {
    // optional: return a new token attached to this consumer
    }

    function new_access_token($token, $consumer, $verifier = null) {
    // return a new access token attached to this consumer
    // for the user associated with this token if the request token
    // is authorized
    // should also invalidate the request token
    }

}
Dave Berard
Senior Product Manager, Constant Contact