Google's OpenID Connect method

$google_client_id & $google_client_secret must be added to db.inc.php!
author: Snap <snapwilliam@gmail.com> 2015-04-16 14:51:26 -0700
committer: Snap <snapwilliam@gmail.com> 2015-04-16 14:51:26 -0700
commit: 5c7f2f17f9c471d306955df457c7cab4e5c6ed3b (patch)
tree: 0fe6d049f1af552af6a74d264a3f571cfdb1ee7c /pages/login.php
parent: d0b9b771a876922afdf00b2c55d5e1388a4ea2a3 (diff)
download: pathery-5c7f2f17f9c471d306955df457c7cab4e5c6ed3b.tar.xz
1 files changed, 82 insertions, 25 deletions
diff --git a/pages/login.php b/pages/login.php
index d277cb7..d698527 100644
--- a/pages/login.php
+++ b/pages/login.php
@@ -20,8 +20,10 @@ include_once('./includes/HybridAuth/Auth.php');
 $hybrid_config_file = 'includes/HybridAuth/HybridAuthConfig.php';
 
 try {
-	//OpenID Method
-	if (!$_GET['op'] || $_GET['op'] == 'google' || $_GET['op'] == 'steam' || $_GET['op'] == 'yahoo') {
+	//OpenID 2.0 Method
+
+	if  (!$_GET['op'] || $_GET['op'] == 'steam' || $_GET['op'] == 'yahoo') {
+
 		$openid = new LightOpenID;
 
 		//Require Email, and first name.
@@ -29,25 +31,23 @@ try {
 
 		//Are we not logged in?
 		if (!$openid->mode) {
-			if (!$_GET['op'] || $_GET['op'] == 'google')
-				$openid->identity = 'https://www.google.com/accounts/o8/id';
-			else if ($_GET['op'] == 'yahoo')
+			if ($_GET['op'] == 'yahoo')
 				$openid->identity = 'https://me.yahoo.com';
 			else if ($_GET['op'] == 'steam')
 				$openid->identity = 'http://steamcommunity.com/openid';
 
 			header('Location: ' . $openid->authUrl());
-		} //Did we try to log in, but then the user canceled it?
+		} //Did we try to log in, but then the user cancelled it?
 		else if ($openid->mode == 'cancel') {
 			// header('Location: ' . $mydomain);
-			//echo 'User has canceled authentication!';
+			//echo 'User has cancelled authentication!';
 		} //We logged in and it worked!
 		else if ($openid->validate()) {
-			//What's in the goodie bag labeled "personal information"... hmmm
+			//What's in the goody bag labelled "personal information"... hmmm
 			$openIdAttributes = $openid->getAttributes();
 			$display = $openIdAttributes['namePerson/first'];
 
-			//You don't have a name entered? whyfore!?
+			//You don't have a name entered?
 			if (strlen($display) == 0) {
 				$display = 'noname';
 			}
@@ -67,16 +67,65 @@ try {
 		} else {
 			DoRedirect("Login failed. Back to the home page with you!");
 		}
-	}
+		
+		//Google's OpenID Connect method 
+	} else if ($_GET['op'] == 'google') {
+		
+		
+		echo "ello...";
+		
+		include_once('./includes/google-api-php-client-master/src/Google/autoload.php');
+		
+		$redirect_uri = $mydomain . "login?op=google";
+		
+		//echo "$redirect_uri $google_client_id $google_client_secret ";
 
-	//Use HybridAuth for everything else
-	else if ($_GET['op'] == 'twitter' || $_GET['op'] == 'facebook' || $_GET['op'] == 'live') {
+		$client = new Google_Client();
+		$client->setClientId($google_client_id);
+		$client->setClientSecret($google_client_secret);
+		$client->setRedirectUri($redirect_uri);
+		$client->setScopes('email');
+		
+		//echo 'Tests running';
+		
+		if (isset($_GET['code'])) {
+			//echo 'code recpt';
+			$client->authenticate($_GET['code']);
+			$_SESSION['access_token'] = $client->getAccessToken();
+			$redirect = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
+			//header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
+			//echo 'Location: ' . filter_var($redirect, FILTER_SANITIZE_URL);
+		}
+		
+		if ($client->getAccessToken()) {
+			//echo 'token success';
+			$_SESSION['access_token'] = $client->getAccessToken();
+			$token_data = $client->verifyIdToken()->getAttributes();
+			
+			//var_dump($token_data);
+			
+			$email = $token_data['payload']['email'];
+			$emailIsVerified = $token_data['payload']['email_verified'];
+			$oldID = $token_data['payload']['openid_id'];
+			//Prefix our ID with "google" because we use multiple providers
+			$tokenID = "google|" . $token_data['payload']['sub'];
+			
+			if ($emailIsVerified !== true) {
+				die(throwLoginError($token_data, "Your provider (Google) has not yet verified the email you used. ($email)."));
+			}
+
+			//createNewUser($claimedid, "noname", $email);
+			createNewUser($tokenID, "noname", $email, $claimedid);
+		}
+		
+		//Use HybridAuth for everything else
+
+	} else if ($_GET['op'] == 'twitter' || $_GET['op'] == 'facebook' || $_GET['op'] == 'live') {
 		$provider = $_GET['op'];
 		$hybridAuth = new Hybrid_Auth($hybrid_config_file);
 		$authenticator = $hybridAuth->authenticate($provider);
 		
-		if(!$authenticator)
-		{
+		if(!$authenticator) {
 			//If user cancelled request, return to home page (?)
 			return;
 		}
@@ -88,8 +137,7 @@ try {
 		$email = $userProfile->email;
 
 		//TODO: This will always fail for Twitter - we need to reconsider our needs...
-		if($email == '')
-		{
+		if($email == '') {
 			//$userProfile['op'] = $_GET['op']; //TODO This isn't valid, whoops - but, plan on deleting anyways...
 			die(throwLoginError($userProfile, "No email provided by {$authenticator->id} - please try a different provider"));
 		}
@@ -107,21 +155,27 @@ try {
 //		// Authenticate with Yahoo! then grab the user profile
 //		$adapter = $ha->authenticate( "OpenID", array( "openid_identifier" => "https://me.yahoo.com/"));
 //		$user_profile = $adapter->getUserProfile(); 
-	}
-
-	//Unknown provider
-	else {
+	
+		//Unknown provider
+	} else {
 		DoRedirect("Unknown login provider. Back to the home page with you!");
 	}
+	
 } catch (ErrorException $e) {
 	echo $e->getMessage();
 }
 
-function createNewUser($claimedid, $display, $email)
+
+
+function createNewUser($claimedid, $display, $email, $oldID = NULL)
 {
 	//I know just where to put this stuff!
 	//Unless I already have this information...
-	$sql = "SELECT `ID`, `isAdmin`, `openID`, `displayName`, `dateJoined` FROM `users` WHERE `openID` = '$claimedid' OR `email` = '$email'";
+	$sql = "SELECT `ID`, `isAdmin`, `openID`, `displayName`, `dateJoined` FROM `users` 
+	WHERE `openID` = '$claimedid' OR `email` = '$email'";
+	if (isset($oldID)) {
+		$sql = $sql." OR `openID` = '$oldID'";
+	}
 	$result = mysql_query($sql);
 
 	$_SESSION['isAdmin'] = false;
@@ -146,9 +200,10 @@ function createNewUser($claimedid, $display, $email)
 			$d['claimedid'] = $claimedid;
 			$d['email'] = $email;
 			$d['display'] = $display;
+			$d['oldID'] = $oldID;
 			EmailError($d);
 		}
-		// Continue Loging in; should be fine.
+		// Continue Logging in; should be fine.
 		//TEMPORARY CODE
 		//Check openID; and update it if necessary
 		if (mysql_result($result, 0, 'openID') == $claimedid) {
@@ -251,10 +306,12 @@ function throwLoginError($data, $explanation) {
 	$errortext = "<br />Error; $explanation \n
 		<br />The error details have been emailed to the administrator.
 		<br />If this problem continues; please email me:
+		<!--email_off--> 
 		<a target='top' href='mailto:snap@pathery.com?Subject=Pathery%20Login%20Error%20$randCode'>
 			snap@pathery.com
 		</a>
-		<br />Your error code is: $randCode
+		<!--/email_off-->
+		<br />Please use this code for reference when emailing me: $randCode
 		<br />";
 	$errortext .= mysql_error();
 	DoRedirect($errortext, NULL, 500);
@@ -264,4 +321,4 @@ function throwLoginError($data, $explanation) {
 	EmailError($data);
 }
 
-?>
+?>
+\ No newline at end of file
author	Snap <snapwilliam@gmail.com>	2015-04-16 14:51:26 -0700
committer	Snap <snapwilliam@gmail.com>	2015-04-16 14:51:26 -0700
commit	5c7f2f17f9c471d306955df457c7cab4e5c6ed3b (patch)
tree	0fe6d049f1af552af6a74d264a3f571cfdb1ee7c /pages/login.php
parent	d0b9b771a876922afdf00b2c55d5e1388a4ea2a3 (diff)
download	pathery-5c7f2f17f9c471d306955df457c7cab4e5c6ed3b.tar.xz