From 5c7f2f17f9c471d306955df457c7cab4e5c6ed3b Mon Sep 17 00:00:00 2001 From: Snap Date: Thu, 16 Apr 2015 14:51:26 -0700 Subject: Google's OpenID Connect method $google_client_id & $google_client_secret must be added to db.inc.php! --- pages/login.php | 107 +++++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 82 insertions(+), 25 deletions(-) (limited to 'pages/login.php') diff --git a/pages/login.php b/pages/login.php index d277cb7..d698527 100644 --- a/pages/login.php +++ b/pages/login.php @@ -20,8 +20,10 @@ include_once('./includes/HybridAuth/Auth.php'); $hybrid_config_file = 'includes/HybridAuth/HybridAuthConfig.php'; try { - //OpenID Method - if (!$_GET['op'] || $_GET['op'] == 'google' || $_GET['op'] == 'steam' || $_GET['op'] == 'yahoo') { + //OpenID 2.0 Method + + if (!$_GET['op'] || $_GET['op'] == 'steam' || $_GET['op'] == 'yahoo') { + $openid = new LightOpenID; //Require Email, and first name. @@ -29,25 +31,23 @@ try { //Are we not logged in? if (!$openid->mode) { - if (!$_GET['op'] || $_GET['op'] == 'google') - $openid->identity = 'https://www.google.com/accounts/o8/id'; - else if ($_GET['op'] == 'yahoo') + if ($_GET['op'] == 'yahoo') $openid->identity = 'https://me.yahoo.com'; else if ($_GET['op'] == 'steam') $openid->identity = 'http://steamcommunity.com/openid'; header('Location: ' . $openid->authUrl()); - } //Did we try to log in, but then the user canceled it? + } //Did we try to log in, but then the user cancelled it? else if ($openid->mode == 'cancel') { // header('Location: ' . $mydomain); - //echo 'User has canceled authentication!'; + //echo 'User has cancelled authentication!'; } //We logged in and it worked! else if ($openid->validate()) { - //What's in the goodie bag labeled "personal information"... hmmm + //What's in the goody bag labelled "personal information"... hmmm $openIdAttributes = $openid->getAttributes(); $display = $openIdAttributes['namePerson/first']; - //You don't have a name entered? whyfore!? + //You don't have a name entered? if (strlen($display) == 0) { $display = 'noname'; } @@ -67,16 +67,65 @@ try { } else { DoRedirect("Login failed. Back to the home page with you!"); } - } + + //Google's OpenID Connect method + } else if ($_GET['op'] == 'google') { + + + echo "ello..."; + + include_once('./includes/google-api-php-client-master/src/Google/autoload.php'); + + $redirect_uri = $mydomain . "login?op=google"; + + //echo "$redirect_uri $google_client_id $google_client_secret "; - //Use HybridAuth for everything else - else if ($_GET['op'] == 'twitter' || $_GET['op'] == 'facebook' || $_GET['op'] == 'live') { + $client = new Google_Client(); + $client->setClientId($google_client_id); + $client->setClientSecret($google_client_secret); + $client->setRedirectUri($redirect_uri); + $client->setScopes('email'); + + //echo 'Tests running'; + + if (isset($_GET['code'])) { + //echo 'code recpt'; + $client->authenticate($_GET['code']); + $_SESSION['access_token'] = $client->getAccessToken(); + $redirect = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']; + //header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL)); + //echo 'Location: ' . filter_var($redirect, FILTER_SANITIZE_URL); + } + + if ($client->getAccessToken()) { + //echo 'token success'; + $_SESSION['access_token'] = $client->getAccessToken(); + $token_data = $client->verifyIdToken()->getAttributes(); + + //var_dump($token_data); + + $email = $token_data['payload']['email']; + $emailIsVerified = $token_data['payload']['email_verified']; + $oldID = $token_data['payload']['openid_id']; + //Prefix our ID with "google" because we use multiple providers + $tokenID = "google|" . $token_data['payload']['sub']; + + if ($emailIsVerified !== true) { + die(throwLoginError($token_data, "Your provider (Google) has not yet verified the email you used. ($email).")); + } + + //createNewUser($claimedid, "noname", $email); + createNewUser($tokenID, "noname", $email, $claimedid); + } + + //Use HybridAuth for everything else + + } else if ($_GET['op'] == 'twitter' || $_GET['op'] == 'facebook' || $_GET['op'] == 'live') { $provider = $_GET['op']; $hybridAuth = new Hybrid_Auth($hybrid_config_file); $authenticator = $hybridAuth->authenticate($provider); - if(!$authenticator) - { + if(!$authenticator) { //If user cancelled request, return to home page (?) return; } @@ -88,8 +137,7 @@ try { $email = $userProfile->email; //TODO: This will always fail for Twitter - we need to reconsider our needs... - if($email == '') - { + if($email == '') { //$userProfile['op'] = $_GET['op']; //TODO This isn't valid, whoops - but, plan on deleting anyways... die(throwLoginError($userProfile, "No email provided by {$authenticator->id} - please try a different provider")); } @@ -107,21 +155,27 @@ try { // // Authenticate with Yahoo! then grab the user profile // $adapter = $ha->authenticate( "OpenID", array( "openid_identifier" => "https://me.yahoo.com/")); // $user_profile = $adapter->getUserProfile(); - } - - //Unknown provider - else { + + //Unknown provider + } else { DoRedirect("Unknown login provider. Back to the home page with you!"); } + } catch (ErrorException $e) { echo $e->getMessage(); } -function createNewUser($claimedid, $display, $email) + + +function createNewUser($claimedid, $display, $email, $oldID = NULL) { //I know just where to put this stuff! //Unless I already have this information... - $sql = "SELECT `ID`, `isAdmin`, `openID`, `displayName`, `dateJoined` FROM `users` WHERE `openID` = '$claimedid' OR `email` = '$email'"; + $sql = "SELECT `ID`, `isAdmin`, `openID`, `displayName`, `dateJoined` FROM `users` + WHERE `openID` = '$claimedid' OR `email` = '$email'"; + if (isset($oldID)) { + $sql = $sql." OR `openID` = '$oldID'"; + } $result = mysql_query($sql); $_SESSION['isAdmin'] = false; @@ -146,9 +200,10 @@ function createNewUser($claimedid, $display, $email) $d['claimedid'] = $claimedid; $d['email'] = $email; $d['display'] = $display; + $d['oldID'] = $oldID; EmailError($d); } - // Continue Loging in; should be fine. + // Continue Logging in; should be fine. //TEMPORARY CODE //Check openID; and update it if necessary if (mysql_result($result, 0, 'openID') == $claimedid) { @@ -251,10 +306,12 @@ function throwLoginError($data, $explanation) { $errortext = "
Error; $explanation \n
The error details have been emailed to the administrator.
If this problem continues; please email me: + snap@pathery.com -
Your error code is: $randCode + +
Please use this code for reference when emailing me: $randCode
"; $errortext .= mysql_error(); DoRedirect($errortext, NULL, 500); @@ -264,4 +321,4 @@ function throwLoginError($data, $explanation) { EmailError($data); } -?> +?> \ No newline at end of file -- cgit v1.2.3 From 35e1a863f6404d5630c3000b720f6ba99bf8548e Mon Sep 17 00:00:00 2001 From: Snap Date: Sun, 3 May 2015 23:00:34 -0700 Subject: Login fixes and matches progress --- ajax/match.ajax.php | 63 ++++++++++++++++++++++- pages/login.php | 20 +++----- pages/matches.php | 140 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 209 insertions(+), 14 deletions(-) create mode 100644 pages/matches.php (limited to 'pages/login.php') diff --git a/ajax/match.ajax.php b/ajax/match.ajax.php index 391c69e..3a4bfae 100644 --- a/ajax/match.ajax.php +++ b/ajax/match.ajax.php @@ -8,11 +8,19 @@ session_start(); //header_remove(); - require_once('../includes/sqlEmbedded.php'); +//Prep response $r = ''; +//Gamelist request? +if (isset($_REQUEST['getGameList'])) { + $r['matches'] = getMatchList(); + echo json_encode($r); + exit; +} + + if (is_int($_GET['matchID'])) { $matchID = $_GET['matchID']; } @@ -129,6 +137,59 @@ function getPlayersForMatch($matchID) { return $array; } +function getMatchList() { + global $mysqli; + + if (!is_object($mysqli)) die("mysqli is not an object"); + + if ($res = $mysqli->query(" + SELECT + matches.ID, + matches.creatorUserID, + matches.mapID, + matches.isComplete, + matches.isStarted, + + TIME_TO_SEC(TIMEDIFF(NOW(), matches.dateCreated)) as secondsSinceCreated, + + matches.dateExpires, + matches.dateStarted, + matches.requiredPlayers, + + COUNT(matchUsers.matchID) as currentPlayers, + + matches.secondsGiven, + matches.useSmartTime, + + users.displayName, + users.displayColor, + users.wallColor, + users.wallEmblem, + users.wallOrientation + FROM `matches` + JOIN `matchUsers` + ON matchUsers.matchID = matches.ID + JOIN `users` + ON matches.creatorUserID = users.ID + GROUP BY matches.ID + ")) { + $array = array(); + if ($res->num_rows == 0) { + $res->close(); + return false; + } + while ($response = $res->fetch_assoc()) { + $array[] = $response; + } + $res->close(); + if (count($array) < 1) return false; + return $array; + } else { + printf("DB Error: %s\n", $mysqli->error); + return false; + } +} + function getMatchStatus($matchID) { global $mysqli; diff --git a/pages/login.php b/pages/login.php index d698527..b0caf07 100644 --- a/pages/login.php +++ b/pages/login.php @@ -19,13 +19,14 @@ include_once('./includes/HybridAuth/Auth.php'); $hybrid_config_file = 'includes/HybridAuth/HybridAuthConfig.php'; +//TODO: SQL needs to be updated to sqli instead. + try { + //OpenID 2.0 Method - if (!$_GET['op'] || $_GET['op'] == 'steam' || $_GET['op'] == 'yahoo') { $openid = new LightOpenID; - //Require Email, and first name. $openid->required = array('namePerson/first', 'contact/email'); @@ -68,26 +69,19 @@ try { DoRedirect("Login failed. Back to the home page with you!"); } - //Google's OpenID Connect method + //Google's OpenID Connect method } else if ($_GET['op'] == 'google') { - - echo "ello..."; - include_once('./includes/google-api-php-client-master/src/Google/autoload.php'); $redirect_uri = $mydomain . "login?op=google"; - //echo "$redirect_uri $google_client_id $google_client_secret "; - $client = new Google_Client(); $client->setClientId($google_client_id); $client->setClientSecret($google_client_secret); $client->setRedirectUri($redirect_uri); $client->setScopes('email'); - //echo 'Tests running'; - if (isset($_GET['code'])) { //echo 'code recpt'; $client->authenticate($_GET['code']); @@ -174,7 +168,7 @@ function createNewUser($claimedid, $display, $email, $oldID = NULL) $sql = "SELECT `ID`, `isAdmin`, `openID`, `displayName`, `dateJoined` FROM `users` WHERE `openID` = '$claimedid' OR `email` = '$email'"; if (isset($oldID)) { - $sql = $sql." OR `openID` = '$oldID'"; + $sql = $sql." OR `openID` = '" . $oldID . "'"; } $result = mysql_query($sql); @@ -237,7 +231,7 @@ function createNewUser($claimedid, $display, $email, $oldID = NULL) if ($result) { $userID = mysql_insert_id(); $dateJoined = date(DateTime::ISO8601); - + //Tutorial done? if (isset($_SESSION['preCompletedTutorial'])) { if ($_SESSION['preCompletedTutorial'] == true) { @@ -280,7 +274,7 @@ function createNewUser($claimedid, $display, $email, $oldID = NULL) $refTo = $_GET['ref']; //DoRedirect("Thank you $display.", $_GET['ref']); DoRedirect("", $refTo, 0); - exit; + return true; } function sendNewUserEmail($userID, $email, $display, $dateJoined) { diff --git a/pages/matches.php b/pages/matches.php new file mode 100644 index 0000000..7fd8559 --- /dev/null +++ b/pages/matches.php @@ -0,0 +1,140 @@ + + + + + + +
+

Available Matches

+ +
+ +
+
+
+
+ -- cgit v1.2.3