0

I already found few posts regarding this, but no answer helped me yet.

Here is my "request" file:

<?php

require_once "Dropbox/Dropbox/autoload.php";
use \Dropbox as dbx;

function getWebAuth(){
    session_start();
    $appInfo = dbx\AppInfo::loadFromJsonFile("configdbx.json");
    $clientIdentifier = "Fototeca/1.0";
    $redirectUri = "https://myurl.com/info.php";
    $csrfTokenStore = new dbx\ArrayEntryStore($_SESSION, 'dropbox-auth-csrf-token');
    return new dbx\WebAuth($appInfo, $clientIdentifier, $redirectUri, $csrfTokenStore);
}

echo "teste";

error_reporting(E_ALL);
ini_set('display_errors', 1);

$authorizeUrl = getWebAuth()->start();
header("Location: $authorizeUrl");
?>

This guy works fine.

When it's redirected to the "info.php" file, where it should start the requests, it shows me the CSRF missing error:

The info.php file:

<?
require_once "Dropbox/Dropbox/autoload.php";
use \Dropbox as dbx;

function getWebAuth(){
    session_start();
    $appInfo = dbx\AppInfo::loadFromJsonFile("configdbx.json");
    $clientIdentifier = "Fototeca/1.0";
    $redirectUri = "https://myurl.com/info.php";
    $csrfTokenStore = new dbx\ArrayEntryStore($_SESSION, 'dropbox-auth-csrf-token');
    return new dbx\WebAuth($appInfo, $clientIdentifier, $redirectUri, $csrfTokenStore);
  }

try {
   list($accessToken, $userId, $state) = getWebAuth()->finish($_GET);
}
catch (dbx\WebAuthException_BadRequest $ex) {
   echo("/dropbox-auth-finish: bad request: " . $ex->getMessage());
   // Respond with an HTTP 400 and display error page...
}
catch (dbx\WebAuthException_BadState $ex) {
   // Auth session expired.  Restart the auth process.
   //header('Location: /request.php');
   echo('Location: /request.php');
   var_dump($ex);
}
catch (dbx\WebAuthException_Csrf $ex) {
   echo("/dropbox-auth-finish: CSRF mismatch: " . $ex->getMessage());
   var_dump($ex);
   // Respond with HTTP 403 and display error page...
}
catch (dbx\WebAuthException_NotApproved $ex) {
   echo("/dropbox-auth-finish: not approved: " . $ex->getMessage());
}
catch (dbx\WebAuthException_Provider $ex) {
   echo("/dropbox-auth-finish: error redirect from Dropbox: " . $ex->getMessage());
}
catch (dbx\Exception $ex) {
   echo("/dropbox-auth-finish: error communicating with Dropbox API: " . $ex->getMessage());
}

// We can now use $accessToken to make API requests.
$dbxClient = new dbx\Client($accessToken, "PHP-Example/1.0");
?>

The session_start is there.

The error occurs on "list($accesstoken... = getWebAuth()->finish($_GET);", and sends me to the second catch and the $ex var_dump is:

object(Dropbox\WebAuthException_BadState)#5 (7) { ["message":protected]=> string(30) "Missing CSRF token in session." ["string":"Exception":private]=> string(0) "" ["code":protected]=> int(0) ["file":protected]=> string(77) "/home/storage/7/48/18/myurl/public_html/Dropbox/Dropbox/WebAuth.php" ["line":protected]=> int(230) ["trace":"Exception":private]=> array(1) { [0]=> array(6) { ["file"]=> string(58) "/home/storage/7/48/18/myurl/public_html/info.php" ["line"]=> int(16) ["function"]=> string(6) "finish" ["class"]=> string(15) "Dropbox\WebAuth" ["type"]=> string(2) "->" ["args"]=> array(1) { [0]=> array(2) { ["state"]=> string(24) "RfkdmUNynjaof7rylfXsQw==" ["code"]=> string(43) "x7QaUiXWwCEAAAAAAAAMxJ3ptKdTsMdJhkDmrUZ2ZcM" } } } } ["previous":"Exception":private]=> NULL }
Guilherme
  • 31
  • 1
  • 1
    My guess would be that `$_SESSION` isn't actually working? Try setting something in there yourself in the first page and then checking that it's still there in `info.php`. – user94559 Jun 01 '15 at 20:19

1 Answers1

0

Thanks smarx!

I found this Session variables not working php

And realized that my destiny URL was different from the first one

Community
  • 1
  • 1
Guilherme
  • 31
  • 1