Updated login form with a few new providers

author: BlueRaja <BlueRaja.admin@gmail.com> 2013-06-02 10:37:15 -0500
committer: BlueRaja <BlueRaja.admin@gmail.com> 2013-06-02 10:37:15 -0500
commit: 3345b13c73e76d2f03a85209d205adb9af49fc6b (patch)
tree: ce1848b29c9a98577ad2ec56024a569dd179456a /pages
parent: 951330c9f83c8c8ee98f65fdccb5797e2e59d1f3 (diff)
download: pathery-3345b13c73e76d2f03a85209d205adb9af49fc6b.tar.xz
1 files changed, 142 insertions, 145 deletions
diff --git a/pages/login.php b/pages/login.php
index d818f58..c400e52 100644
--- a/pages/login.php
+++ b/pages/login.php
@@ -8,24 +8,20 @@ if ($accepted) {
 	header("Location: $mydomain");
 	exit;
 }
-echo "testest";
 
 require 'includes/openid.php';
 include_once 'globe.php';
 include_once('./includes/sqlEmbedded.php');
 include_once('./includes/datas.php');
-include_once('includes/chats.php');
+include_once('./includes/chats.php');
 include_once('./includes/emails.php');
-include_once('./includes/OAuth/Oauth.php');
-include_once('./includes/OAuth/Facebook.php');
-include_once('./includes/OAuth/Twitter.php');
+include_once('./includes/HybridAuth/Auth.php');
 
-echo "test2";
+$hybrid_config_file = 'includes/HybridAuth/HybridAuthConfig.php';
 
 try {
 	//Use OpenID for Google/Yahoo
-	if(!$_GET['op'] || $_GET['op'] == 'google' || $_GET['op'] == 'yahoo')
-	{
+	if (!$_GET['op'] || $_GET['op'] == 'google' || $_GET['op'] == 'yahoo' || $_GET['op'] == 'steam') {
 		$openid = new LightOpenID;
 
 		//Require Email, and first name.
@@ -37,6 +33,8 @@ try {
 				$openid->identity = 'https://www.google.com/accounts/o8/id';
 			else if ($_GET['op'] == 'yahoo')
 				$openid->identity = 'https://me.yahoo.com';
+			else if ($_GET['op'] == 'steam')
+				$openid->identity = 'http://steamcommunity.com/openid';
 
 			header('Location: ' . $openid->authUrl());
 		} //Did we try to log in, but then the user canceled it?
@@ -46,174 +44,172 @@ try {
 		} //We logged in and it worked!
 		else if ($openid->validate()) {
 			//What's in the goodie bag labeled "personal information"... hmmm
-			$tmp = $openid->getAttributes();
-			$display = $tmp['namePerson/first'];
+			$openIdAttributes = $openid->getAttributes();
+			$display = $openIdAttributes['namePerson/first'];
 
 			//You don't have a name entered? whyfore!?
 			if (strlen($display) == 0) {
 				$display = 'noname';
 			}
-			$email = $tmp['contact/email'];
-
+			$email = $openIdAttributes['contact/email'];
+			$claimedid = $openid->__get('identity');
+			
 			if ($email == '') {
-				$tmp['op'] = $_GET['op'];
-				die(throwLoginError($tmp, "No email provided from OpenID Provider"));
+				$openIdAttributes['op'] = $_GET['op'];
+				die(throwLoginError($openIdAttributes, "No email provided by OpenID provider - please try a different provider"));
 			}
-			$claimedid = $openid->__get('identity');
-		}
-		else
-		{
+			
+			createNewUser($claimedid, $display, $email);
+		} else {
 			DoRedirect("Login failed. Back to the home page with you!");
 		}
 	}
-	
-	//Use OAuth for Twitter/Facebook
-	else if($_GET['op'] == 'twitter')
-	{
-		$twitter_consumer_key = "8Y7PY1dk7Mz8VpZWQSTzQ";
-		$twitter_consumer_secret = "MUv2qCQVysxqddue5TWhvJDLL0y0v1VMWXDhJtwEps";
-		$redirect_uri = $mydomain."login?op=twitter";
-		$twitter = new Twitter($twitter_consumer_key, $twitter_consumer_secret, $redirect_uri);
-		$response = $twitter->validateAccessToken();
-		echo "Response: ";
-		print_r($response);
+
+	//Use HybridAuth for everything else
+	else if ($_GET['op'] == 'twitter' || $_GET['op'] == 'facebook' || $_GET['op'] == 'live') {
+		$provider = $_GET['op'];
+		$hybridAuth = new Hybrid_Auth($hybrid_config_file);
+		$authenticator = $hybridAuth->authenticate($provider);
 		
-		echo "Making next request...";
-		try
+		if(!$authenticator)
 		{
-			$response = $twitter->makeRequest("https://api.twitter.com/1/account/settings.json");
-			echo "<br>Response 2:<br>";
-			print_r($response);
+			//If user cancelled request, return to home page (?)
+			return;
 		}
-		catch(Exception $e)
+		
+		$userProfile = $authenticator->getUserProfile();
+
+		$claimedid = $authenticator->id . '|' . $userProfile->identifier;
+		$display = ($userProfile->firstName != '' ? $userProfile->firstName : $userProfile->displayName);
+		$email = $userProfile->email;
+
+		//TODO: This will always fail for Twitter - we need to reconsider our needs...
+		if($email == '')
 		{
-			echo "Exception was thrown: ";
-			echo $e->getMessage();
+			$userProfile['op'] = $_GET['op'];
+			die(throwLoginError($userProfile, "No email provided by {$authenticator->id} - please try a different provider"));
 		}
+		createNewUser($claimedid, $display, $email);
 		return;
 	}
-	
-	else if($_GET['op'] == 'facebook')
-	{
-		//TODO
-	}
-	
+
 	//Unknown provider
-	else
-	{
+	else {
 		DoRedirect("Unknown login provider. Back to the home page with you!");
 	}
-		//I know just where to put this stuff!
-		//Unless I already have this information...
-		$sql = "SELECT `ID`, `isAdmin`, `openID`, `displayName`, `dateJoined` FROM `users` WHERE `openID` = '$claimedid' OR `email` = '$email'";
-		$result = mysql_query($sql);
+} catch (ErrorException $e) {
+	echo $e->getMessage();
+}
 
-		$_SESSION['isAdmin'] = false;
-
-		//What a loser, he's already registered.
-		if (mysql_num_rows($result) > 0) {
-			$userID = mysql_result($result, 0, 'ID');
-			//Is he a cool admin person?
-			if (mysql_result($result, 0, 'isAdmin') == 1)
-				$_SESSION['isAdmin'] = true;
-
-			$display = mysql_result($result, 0, 'displayName');
-			$dateJoined = mysql_result($result, 0, 'dateJoined');
-
-			//Multiple accounts found?
-			if (mysql_num_rows($result) > 1) {
-				$d['page'] = "Login";
-				$d['error'] = "Multiple results on lookup";
-				$d['rows'] = mysql_num_rows($result);
-				$d['OpenIDProvider'] = $_GET['op'];
-				$d['userID'] = $userID;
-				$d['claimedid'] = $claimedid;
-				$d['email'] = $email;
-				$d['display'] = $display;
-				EmailError($d);
-			}
-			// Continue Loging in; should be fine.
-			//TEMPORARY CODE
-			//Check openID; and update it if necessary
-			if (mysql_result($result, 0, 'openID') == $claimedid) {
-				//Don't need to do anything
-			} else {
-				//Update the OpenID Code
-				$sql = "UPDATE `users`
+function createNewUser($claimedid, $display, $email)
+{
+	//I know just where to put this stuff!
+	//Unless I already have this information...
+	$sql = "SELECT `ID`, `isAdmin`, `openID`, `displayName`, `dateJoined` FROM `users` WHERE `openID` = '$claimedid' OR `email` = '$email'";
+	$result = mysql_query($sql);
+
+	$_SESSION['isAdmin'] = false;
+
+	//What a loser, he's already registered.
+	if (mysql_num_rows($result) > 0) {
+		$userID = mysql_result($result, 0, 'ID');
+		//Is he a cool admin person?
+		if (mysql_result($result, 0, 'isAdmin') == 1)
+			$_SESSION['isAdmin'] = true;
+
+		$display = mysql_result($result, 0, 'displayName');
+		$dateJoined = mysql_result($result, 0, 'dateJoined');
+
+		//Multiple accounts found?
+		if (mysql_num_rows($result) > 1) {
+			$d['page'] = "Login";
+			$d['error'] = "Multiple results on lookup";
+			$d['rows'] = mysql_num_rows($result);
+			$d['OpenIDProvider'] = $_GET['op'];
+			$d['userID'] = $userID;
+			$d['claimedid'] = $claimedid;
+			$d['email'] = $email;
+			$d['display'] = $display;
+			EmailError($d);
+		}
+		// Continue Loging in; should be fine.
+		//TEMPORARY CODE
+		//Check openID; and update it if necessary
+		if (mysql_result($result, 0, 'openID') == $claimedid) {
+			//Don't need to do anything
+		} else {
+			//Update the OpenID Code
+			$sql = "UPDATE `users`
 				SET `openID` = '$claimedid'
 				WHERE `ID` = '$userID'";
-				mysql_query($sql);
-			}
-			// </TEMPORARY CODE>
-			//I last-see you now!
-			$sql = "UPDATE `users`
+			mysql_query($sql);
+		}
+		// </TEMPORARY CODE>
+		//I last-see you now!
+		$sql = "UPDATE `users`
          SET `dateLogin` = NOW()
          WHERE `ID` = '$userID'";
-			mysql_query($sql);
-		} //Well hello there new dude!
-		else {
+		mysql_query($sql);
+	} //Well hello there new dude!
+	else {
 
-			//About that personal information - give me a second while save it.
-			// sql_clean is an addslashes equivilent
-			$sql = "INSERT INTO `users` (`openID`, `displayName`, `email`, `dateJoined`, `dateLogin`)
+		//About that personal information - give me a second while save it.
+		// sql_clean is an addslashes equivilent
+		$sql = "INSERT INTO `users` (`openID`, `displayName`, `email`, `dateJoined`, `dateLogin`)
             VALUES (
                   '$claimedid', 
                   '" . sql_clean($display) . "', 
                   '" . sql_clean($email) . "', 
                    NOW(), NOW())";
-			$result = mysql_query($sql);
-			//Allright, all set.
-			if ($result) {
-				$userID = mysql_insert_id();
-				$dateJoined = date(DateTime::ISO8601);
-
-				//Tutorial done?
-				if (isset($_SESSION['preCompletedTutorial'])) {
-					if ($_SESSION['preCompletedTutorial'] == true) {
-						onCompletedTutorial($userID);
-					}
+		$result = mysql_query($sql);
+		//Allright, all set.
+		if ($result) {
+			$userID = mysql_insert_id();
+			$dateJoined = date(DateTime::ISO8601);
+
+			//Tutorial done?
+			if (isset($_SESSION['preCompletedTutorial'])) {
+				if ($_SESSION['preCompletedTutorial'] == true) {
+					onCompletedTutorial($userID);
 				}
-				//Oh crap?
-			} else {
-				$d['sqlError'] = mysql_error();
-				$d['result'] = $result;
-				throwLoginError($d, "Unknown DB Registration failure");
-				exit;
 			}
-			addchat(null, "New user registered: \"$display\"");
-			sendNewUserEmail($userID, $email, $display, $dateJoined);
+			//Oh crap?
+		} else {
+			$d['sqlError'] = mysql_error();
+			$d['result'] = $result;
+			throwLoginError($d, "Unknown DB Registration failure");
+			exit;
 		}
-		//If 'remember me' use this for cookie password
-		//$_SESSION['Passcode'] = MD5($Password.$Pepper.$Username);
-		$_SESSION['accepted'] = 1;
-		$_SESSION['userID'] = $userID;
-		$_SESSION['email'] = $email;
-		$_SESSION['displayName'] = $display;
-		$_SESSION['dateJoined'] = $dateJoined;
-
-		//The below is me hashing the claimedID.
-		//TODO: Store these values in a single location...
-		$salt = "33qs5d4j6z98gt1a7n6b5d4x1c66f5nuh8a6d8g9j09aphgf56z5745";
-		$pepper = "chilis baby-back ribss! I want my baby back, baby back, baby back, baby back, baby back, I want my, baby backTREE3!";
-		$one = MD5($claimedid);
-		$two = MD5($one . $salt);
-		$three = MD5($pepper . $two);
-
-		$expire = time() + (6 * 31 * 24 * 60 * 60);
-		setcookie("userID", $userID, $expire);
-		setcookie("doLogin", "yes", $expire);
-		setcookie("auth", $three, $expire);
-
-		$refTo = null;
-		if (isset($_GET['ref']))
-			$refTo = $_GET['ref'];
-		//DoRedirect("Thank you $display.", $_GET['ref']);
-		DoRedirect("", $refTo, 0);
-		exit;
-	//The defaults will do fine here.
-	DoRedirect();
-} catch (ErrorException $e) {
-	echo $e->getMessage();
+		addchat(null, "New user registered: \"$display\"");
+		sendNewUserEmail($userID, $email, $display, $dateJoined);
+	}
+	//If 'remember me' use this for cookie password
+	//$_SESSION['Passcode'] = MD5($Password.$Pepper.$Username);
+	$_SESSION['accepted'] = 1;
+	$_SESSION['userID'] = $userID;
+	$_SESSION['email'] = $email;
+	$_SESSION['displayName'] = $display;
+	$_SESSION['dateJoined'] = $dateJoined;
+
+	//The below is me hashing the claimedID.
+	//TODO: Store these values in a single location...
+	$salt = "33qs5d4j6z98gt1a7n6b5d4x1c66f5nuh8a6d8g9j09aphgf56z5745";
+	$pepper = "chilis baby-back ribss! I want my baby back, baby back, baby back, baby back, baby back, I want my, baby backTREE3!";
+	$one = MD5($claimedid);
+	$two = MD5($one . $salt);
+	$three = MD5($pepper . $two);
+
+	$expire = time() + (6 * 31 * 24 * 60 * 60);
+	setcookie("userID", $userID, $expire);
+	setcookie("doLogin", "yes", $expire);
+	setcookie("auth", $three, $expire);
+
+	$refTo = null;
+	if (isset($_GET['ref']))
+		$refTo = $_GET['ref'];
+	//DoRedirect("Thank you $display.", $_GET['ref']);
+	DoRedirect("", $refTo, 0);
+	exit;
 }
 
 function sendNewUserEmail($userID, $email, $display, $dateJoined) {
@@ -234,9 +230,9 @@ Happy Pathing,
 	QueueEmail(null, $email, $emailSubject, $emailBody, 5);
 }
 
-function throwLoginError($data, $explination) {
+function throwLoginError($data, $explanation) {
 	$randCode = rand(10000, 99999);
-	$errortext = "<br />Error; $explination \n
+	$errortext = "<br />Error; $explanation \n
 		<br />The error details have been emailed to the administrator.
 		<br />If this problem continues; please email me:
 		<a target='top' href='mailto:snap@pathery.com?Subject=Pathery%20Login%20Error%20$randCode'>
@@ -246,7 +242,8 @@ function throwLoginError($data, $explination) {
 		<br />";
 	$errortext .= mysql_error();
 	DoRedirect($errortext, NULL, 500);
-	$data['explination'] = $explination;
+	
+	$data['explanation'] = $explanation;
 	$data['randCode'] = $randCode;
 	EmailError($data);
 }
author	BlueRaja <BlueRaja.admin@gmail.com>	2013-06-02 10:37:15 -0500
committer	BlueRaja <BlueRaja.admin@gmail.com>	2013-06-02 10:37:15 -0500
commit	3345b13c73e76d2f03a85209d205adb9af49fc6b (patch)
tree	ce1848b29c9a98577ad2ec56024a569dd179456a /pages
parent	951330c9f83c8c8ee98f65fdccb5797e2e59d1f3 (diff)
download	pathery-3345b13c73e76d2f03a85209d205adb9af49fc6b.tar.xz