A partial commit of the auth stuff, in case my upcoming changes break anything

1 files changed, 150 insertions, 111 deletions

diff --git a/pages/login.php b/pages/login.php
index 04b4083..d818f58 100644
--- a/pages/login.php
+++ b/pages/login.php
@@ -1,12 +1,14 @@
 <?php

+

 if ($accepted) {

 	if (isset($_GET['mobile']) AND $_GET['mobile'] == 'true') {

-		header("Location: $mydomain"."easytoken");

+		header("Location: $mydomain" . "easytoken");

 		exit;

 	}

-   header("Location: $mydomain");

-   exit;

+	header("Location: $mydomain");

+	exit;

 }

+echo "testest";

 

 require 'includes/openid.php';

 include_once 'globe.php';

@@ -14,68 +16,110 @@ include_once('./includes/sqlEmbedded.php');
 include_once('./includes/datas.php');

 include_once('includes/chats.php');

 include_once('./includes/emails.php');

+include_once('./includes/OAuth/Oauth.php');

+include_once('./includes/OAuth/Facebook.php');

+include_once('./includes/OAuth/Twitter.php');

+

+echo "test2";

 

 try {

-   $openid = new LightOpenID;

-   

-   //Require Email, and first name.

-   $openid->required = array('namePerson/first', 'contact/email');

-   //$openid->optional = array('namePerson/friendly', 'pref/timezone');

-

-   //Are we not logged in?

-   if(!$openid->mode) {

-		if (!$_GET['op'])

-			$openid->identity = 'https://www.google.com/accounts/o8/id';

-		if ($_GET['op'] == 'yahoo') 

-			$openid->identity = 'https://me.yahoo.com';

-		if ($_GET['op'] == 'google') 

-			$openid->identity = 'https://www.google.com/accounts/o8/id';

-		

-      //$openid->identity = 'https://www.google.com/accounts/o8/id';

-      header('Location: ' . $openid->authUrl());

-   } //Did we try to log in, but then the user canceled it?

-   elseif($openid->mode == 'cancel') {

-      // header('Location: ' . $mydomain);

-      //echo 'User has canceled authentication!';

-   } //We logged in and it worked!

-   elseif ($openid->validate()) {

-      //What's in the goodie bag labeled "personal information"... hmmm

-      $tmp = $openid->getAttributes();

-      $display = $tmp['namePerson/first'];

-      //You don't have a name entered? whyfore!?

-      if (strlen($display) == 0) {

-         $display = 'noname';

-      }

-      $email = $tmp['contact/email'];

+	//Use OpenID for Google/Yahoo

+	if(!$_GET['op'] || $_GET['op'] == 'google' || $_GET['op'] == 'yahoo')

+	{

+		$openid = new LightOpenID;

+

+		//Require Email, and first name.

+		$openid->required = array('namePerson/first', 'contact/email');

+

+		//Are we not logged in?

+		if (!$openid->mode) {

+			if (!$_GET['op'] || $_GET['op'] == 'google')

+				$openid->identity = 'https://www.google.com/accounts/o8/id';

+			else if ($_GET['op'] == 'yahoo')

+				$openid->identity = 'https://me.yahoo.com';

+

+			header('Location: ' . $openid->authUrl());

+		} //Did we try to log in, but then the user canceled it?

+		else if ($openid->mode == 'cancel') {

+			// header('Location: ' . $mydomain);

+			//echo 'User has canceled authentication!';

+		} //We logged in and it worked!

+		else if ($openid->validate()) {

+			//What's in the goodie bag labeled "personal information"... hmmm

+			$tmp = $openid->getAttributes();

+			$display = $tmp['namePerson/first'];

+

+			//You don't have a name entered? whyfore!?

+			if (strlen($display) == 0) {

+				$display = 'noname';

+			}

+			$email = $tmp['contact/email'];

+

+			if ($email == '') {

+				$tmp['op'] = $_GET['op'];

+				die(throwLoginError($tmp, "No email provided from OpenID Provider"));

+			}

+			$claimedid = $openid->__get('identity');

+		}

+		else

+		{

+			DoRedirect("Login failed. Back to the home page with you!");

+		}

+	}

+	

+	//Use OAuth for Twitter/Facebook

+	else if($_GET['op'] == 'twitter')

+	{

+		$twitter_consumer_key = "8Y7PY1dk7Mz8VpZWQSTzQ";

+		$twitter_consumer_secret = "MUv2qCQVysxqddue5TWhvJDLL0y0v1VMWXDhJtwEps";

+		$redirect_uri = $mydomain."login?op=twitter";

+		$twitter = new Twitter($twitter_consumer_key, $twitter_consumer_secret, $redirect_uri);

+		$response = $twitter->validateAccessToken();

+		echo "Response: ";

+		print_r($response);

 		

-		if ($email == '') {

-			$tmp['op'] = $_GET['op'];

-			die(throwLoginError($tmp, "No email provided from OpenID Provider"));

+		echo "Making next request...";

+		try

+		{

+			$response = $twitter->makeRequest("https://api.twitter.com/1/account/settings.json");

+			echo "<br>Response 2:<br>";

+			print_r($response);

+		}

+		catch(Exception $e)

+		{

+			echo "Exception was thrown: ";

+			echo $e->getMessage();

 		}

-		//print_r ($tmp);

-		//exit;

-      $claimedid = $openid->__get('identity');

-      

-      //I know just where to put this stuff!

-      //Unless I already have this information...

-		//* Modify this to WHERE `email`

-      //$sql = "SELECT `ID`, `isAdmin`, `openID`, `displayName` FROM `users` WHERE `email` = '$email'";

-      //$sql = "SELECT `ID`, `isAdmin` FROM `users` WHERE `openID` = '$claimedid'";

-      $sql = "SELECT `ID`, `isAdmin`, `openID`, `displayName`, `dateJoined` FROM `users` WHERE `openID` = '$claimedid' OR `email` = '$email'";

-      $result = mysql_query($sql);

-      

-      $_SESSION['isAdmin'] = false;

-      //echo "\n$sql\n";

-      //What a loser, he's already registered.

-      if (mysql_num_rows($result) > 0) {

-         $userID = mysql_result($result, 0, 'ID');

+		return;

+	}

+	

+	else if($_GET['op'] == 'facebook')

+	{

+		//TODO

+	}

+	

+	//Unknown provider

+	else

+	{

+		DoRedirect("Unknown login provider. Back to the home page with you!");

+	}

+		//I know just where to put this stuff!

+		//Unless I already have this information...

+		$sql = "SELECT `ID`, `isAdmin`, `openID`, `displayName`, `dateJoined` FROM `users` WHERE `openID` = '$claimedid' OR `email` = '$email'";

+		$result = mysql_query($sql);

+

+		$_SESSION['isAdmin'] = false;

+

+		//What a loser, he's already registered.

+		if (mysql_num_rows($result) > 0) {

+			$userID = mysql_result($result, 0, 'ID');

 			//Is he a cool admin person?

-         if (mysql_result($result, 0, 'isAdmin') == 1)

+			if (mysql_result($result, 0, 'isAdmin') == 1)

 				$_SESSION['isAdmin'] = true;

-			

+

 			$display = mysql_result($result, 0, 'displayName');

 			$dateJoined = mysql_result($result, 0, 'dateJoined');

-			

+

 			//Multiple accounts found?

 			if (mysql_num_rows($result) > 1) {

 				$d['page'] = "Login";

@@ -89,7 +133,6 @@ try {
 				EmailError($d);

 			}

 			// Continue Loging in; should be fine.

-			

 			//TEMPORARY CODE

 			//Check openID; and update it if necessary

 			if (mysql_result($result, 0, 'openID') == $claimedid) {

@@ -99,83 +142,78 @@ try {
 				$sql = "UPDATE `users`

 				SET `openID` = '$claimedid'

 				WHERE `ID` = '$userID'";

-				mysql_query($sql); 

+				mysql_query($sql);

 			}

 			// </TEMPORARY CODE>

-

 			//I last-see you now!

-         $sql = "UPDATE `users`

+			$sql = "UPDATE `users`

          SET `dateLogin` = NOW()

          WHERE `ID` = '$userID'";

-         mysql_query($sql); 

-			

-      } //Well hello there new dude!

-      else {

-

-         //About that personal information - give me a second while save it.

-         // sql_clean is an addslashes equivilent

-         $sql = "INSERT INTO `users` (`openID`, `displayName`, `email`, `dateJoined`, `dateLogin`)

+			mysql_query($sql);

+		} //Well hello there new dude!

+		else {

+

+			//About that personal information - give me a second while save it.

+			// sql_clean is an addslashes equivilent

+			$sql = "INSERT INTO `users` (`openID`, `displayName`, `email`, `dateJoined`, `dateLogin`)

             VALUES (

                   '$claimedid', 

-                  '".sql_clean($display)."', 

-                  '".sql_clean($email)."', 

+                  '" . sql_clean($display) . "', 

+                  '" . sql_clean($email) . "', 

                    NOW(), NOW())";

-         $result = mysql_query($sql);

-         //Allright, all set.

-         if ($result) {

-            $userID = mysql_insert_id();

-            $dateJoined = date(DateTime::ISO8601);

-				

+			$result = mysql_query($sql);

+			//Allright, all set.

+			if ($result) {

+				$userID = mysql_insert_id();

+				$dateJoined = date(DateTime::ISO8601);

+

 				//Tutorial done?

 				if (isset($_SESSION['preCompletedTutorial'])) {

 					if ($_SESSION['preCompletedTutorial'] == true) {

 						onCompletedTutorial($userID);

 					}

 				}

-			//Oh crap?

-         } else {

+				//Oh crap?

+			} else {

 				$d['sqlError'] = mysql_error();

 				$d['result'] = $result;

 				throwLoginError($d, "Unknown DB Registration failure");

-            exit;

-         }

+				exit;

+			}

 			addchat(null, "New user registered: \"$display\"");

 			sendNewUserEmail($userID, $email, $display, $dateJoined);

-      }

-      //If 'remember me' use this for cookie password

-      //$_SESSION['Passcode'] = MD5($Password.$Pepper.$Username);

-      $_SESSION['accepted'] = 1;

-      $_SESSION['userID'] = $userID;

-      $_SESSION['email'] = $email;

-      $_SESSION['displayName'] = $display;

-      $_SESSION['dateJoined'] = $dateJoined;

-		

+		}

+		//If 'remember me' use this for cookie password

+		//$_SESSION['Passcode'] = MD5($Password.$Pepper.$Username);

+		$_SESSION['accepted'] = 1;

+		$_SESSION['userID'] = $userID;

+		$_SESSION['email'] = $email;

+		$_SESSION['displayName'] = $display;

+		$_SESSION['dateJoined'] = $dateJoined;

+

 		//The below is me hashing the claimedID.

 		//TODO: Store these values in a single location...

 		$salt = "33qs5d4j6z98gt1a7n6b5d4x1c66f5nuh8a6d8g9j09aphgf56z5745";

 		$pepper = "chilis baby-back ribss! I want my baby back, baby back, baby back, baby back, baby back, I want my, baby backTREE3!";

 		$one = MD5($claimedid);

-		$two = MD5($one.$salt);

-		$three = MD5($pepper.$two);

-		

+		$two = MD5($one . $salt);

+		$three = MD5($pepper . $two);

+

 		$expire = time() + (6 * 31 * 24 * 60 * 60);

 		setcookie("userID", $userID, $expire);

-      setcookie("doLogin", "yes", $expire);

-      setcookie("auth", $three, $expire);

-		

+		setcookie("doLogin", "yes", $expire);

+		setcookie("auth", $three, $expire);

+

 		$refTo = null;

-      if (isset($_GET['ref'])) $refTo = $_GET['ref'];

-      //DoRedirect("Thank you $display.", $_GET['ref']);

-      DoRedirect("", $refTo, 0);

-      exit;

-   } //Okay well, we considered logging in at least, right?

-   else {

-      DoRedirect("Login failed. Back to the home page with you!");

-   }

-   //The defaults will do fine here.

-   DoRedirect();

-} catch(ErrorException $e) {

-    echo $e->getMessage();

+		if (isset($_GET['ref']))

+			$refTo = $_GET['ref'];

+		//DoRedirect("Thank you $display.", $_GET['ref']);

+		DoRedirect("", $refTo, 0);

+		exit;

+	//The defaults will do fine here.

+	DoRedirect();

+} catch (ErrorException $e) {

+	echo $e->getMessage();

 }

 

 function sendNewUserEmail($userID, $email, $display, $dateJoined) {

@@ -185,8 +223,8 @@ function sendNewUserEmail($userID, $email, $display, $dateJoined) {
 Questions or feedback? Please reply to this email!

 

 Useful Links:

-Change your display name: $mydomain"."cp

-View your achievements and stats: $mydomain"."achievements?id="."$userID

+Change your display name: $mydomain" . "cp

+View your achievements and stats: $mydomain" . "achievements?id=" . "$userID

 

 Happy Pathing,

 

@@ -197,7 +235,7 @@ Happy Pathing,
 }

 

 function throwLoginError($data, $explination) {

-   $randCode = rand(10000, 99999);

+	$randCode = rand(10000, 99999);

 	$errortext = "<br />Error; $explination \n

 		<br />The error details have been emailed to the administrator.

 		<br />If this problem continues; please email me:

@@ -212,4 +250,5 @@ function throwLoginError($data, $explination) {
 	$data['randCode'] = $randCode;

 	EmailError($data);

 }

+

 ?>