Initial import from Dropbox

1 files changed, 117 insertions, 0 deletions

diff --git a/pages/login.php b/pages/login.php
new file mode 100644
index 0000000..c730846
--- /dev/null
+++ b/pages/login.php
@@ -0,0 +1,117 @@
+<?php

+if ($_SESSION['accepted'] == 1) {

+   header("Location: $mydomain");

+   exit;

+}

+

+require 'includes/openid.php';

+try {

+   $openid = new LightOpenID;

+   

+   //Require Email, and first name.

+   $openid->required = array('namePerson/first', 'contact/email');

+   //$openid->optional = array('namePerson/friendly', 'pref/timezone');

+

+   //Are we not logged in?

+   if(!$openid->mode) {

+      $openid->identity = 'https://www.google.com/accounts/o8/id';

+      header('Location: ' . $openid->authUrl());

+   } //Did we try to log in, but then the user canceled it?

+   elseif($openid->mode == 'cancel') {

+      // header('Location: ' . $mydomain);

+      //echo 'User has canceled authentication!';

+   } //We logged in and it worked!

+   elseif ($openid->validate()) {

+      //echo 'User has logged in.';

+      

+      //What's in the goodie bag labeled "personal information"... hmmm

+      $tmp = $openid->getAttributes();

+      $display = $tmp['namePerson/first'];

+      //You don't have a name entered? whyfore!?

+      if (strlen($display) == 0) {

+         $display = 'noname';

+      }

+      $email = $tmp['contact/email'];

+		//print_r ($tmp);

+		//exit;

+      $claimedid = $openid->__get('identity');

+      

+      //I know just where to put this stuff!

+      require './includes/db.inc.php';

+      //Unless I already have this information...

+      $sql = "SELECT `ID`, `isAdmin` FROM `users` WHERE `openID` = '$claimedid'";

+      $result = mysql_query($sql);

+      

+      $_SESSION['isAdmin'] = false;

+      //echo "\n$sql\n";

+      //What a loser, he's already registered.

+      if (mysql_num_rows($result) > 0) {

+         $userID = mysql_result($result, 0, 'ID');

+			//Is he a cool admin person?

+         if (mysql_result($result, 0, 'isAdmin') == 1)

+				$_SESSION['isAdmin'] = true;

+			

+			//I last-see you now!

+         $sql = "UPDATE `users`

+         SET `dateLogin` = NOW()

+         WHERE `ID` = '$userID'";

+         mysql_query($sql); 

+      } //Well hello there new dude!

+      else {

+

+         //About that personal information - give me a second while save it.

+         // sql_clean is an addslashes equivilent

+         $sql = "INSERT INTO `users` (`openID`, `displayName`, `email`, `dateJoined`, `dateLogin`)

+            VALUES (

+                  '$claimedid', 

+                  '".sql_clean($display)."', 

+                  '".sql_clean($email)."', 

+                   NOW(), NOW())";

+         $result = mysql_query($sql);

+         //Allright, all set.

+			//echo "$sql <br /> <br />";

+         If ($result) {

+            $userID = mysql_insert_id();

+         } //Oh crap?

+         else {

+				//echo "monkeys and etc";

+            DoRedirect("<br />new-user db register failure of unknown cause.\n

+                <br />Also, there were no monkeys trained or otherwise sent to resolve this problem.\n

+                <br />Sorry. youtube offered them more.\n", NULL, 10);

+            exit;

+         }

+      }

+      //If 'remember me' use this for cookie password

+      //$_SESSION['Passcode'] = MD5($Password.$Pepper.$Username);

+      $_SESSION['accepted'] = 1;

+      $_SESSION['userID'] = $userID;

+      $_SESSION['displayName'] = $display;

+		

+		//The below is me hashing the claimedID.

+		$salt = "33qs5d4j6z98gt1a7n6b5d4x1c66f5nuh8a6d8g9j09aphgf56z5745";

+		$pepper = "Dear sir, have you ever heard of a wild goose chase? 

+		If you've gotten this far, please email me: snapwilliam@gmail.com with this message.

+		I'll give you some sort of prize.";

+		$one = MD5($claimedid);

+		$two = MD5($one.$salt);

+		$three = MD5($pepper.$two);

+		

+		$expire = time() + (7 * 24 * 60 * 60);

+		setcookie("userID", $userID, $expire);

+      setcookie("doLogin", "yes", $expire);

+      setcookie("auth", $three, $expire);

+		

+      

+      //DoRedirect("Thank you $display.", $_GET['ref']);

+      DoRedirect("", $_GET['ref'], 0);

+      exit;

+   } //Okay well, we considered logging in at least, right?

+   else {

+      DoRedirect("Login failed. Back to the home page with you!");

+   }

+   //The defaults will do fine here.

+   DoRedirect();

+} catch(ErrorException $e) {

+    echo $e->getMessage();

+}

+?>