From f8c9eb5220afaf2f9a62f9a176a45913240f4081 Mon Sep 17 00:00:00 2001 From: raylu Date: Thu, 7 Apr 2011 00:27:27 -0400 Subject: Initial import from Dropbox --- pages/login.php | 117 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 117 insertions(+) create mode 100644 pages/login.php (limited to 'pages/login.php') diff --git a/pages/login.php b/pages/login.php new file mode 100644 index 0000000..c730846 --- /dev/null +++ b/pages/login.php @@ -0,0 +1,117 @@ +required = array('namePerson/first', 'contact/email'); + //$openid->optional = array('namePerson/friendly', 'pref/timezone'); + + //Are we not logged in? + if(!$openid->mode) { + $openid->identity = 'https://www.google.com/accounts/o8/id'; + header('Location: ' . $openid->authUrl()); + } //Did we try to log in, but then the user canceled it? + elseif($openid->mode == 'cancel') { + // header('Location: ' . $mydomain); + //echo 'User has canceled authentication!'; + } //We logged in and it worked! + elseif ($openid->validate()) { + //echo 'User has logged in.'; + + //What's in the goodie bag labeled "personal information"... hmmm + $tmp = $openid->getAttributes(); + $display = $tmp['namePerson/first']; + //You don't have a name entered? whyfore!? + if (strlen($display) == 0) { + $display = 'noname'; + } + $email = $tmp['contact/email']; + //print_r ($tmp); + //exit; + $claimedid = $openid->__get('identity'); + + //I know just where to put this stuff! + require './includes/db.inc.php'; + //Unless I already have this information... + $sql = "SELECT `ID`, `isAdmin` FROM `users` WHERE `openID` = '$claimedid'"; + $result = mysql_query($sql); + + $_SESSION['isAdmin'] = false; + //echo "\n$sql\n"; + //What a loser, he's already registered. + if (mysql_num_rows($result) > 0) { + $userID = mysql_result($result, 0, 'ID'); + //Is he a cool admin person? + if (mysql_result($result, 0, 'isAdmin') == 1) + $_SESSION['isAdmin'] = true; + + //I last-see you now! + $sql = "UPDATE `users` + SET `dateLogin` = NOW() + WHERE `ID` = '$userID'"; + mysql_query($sql); + } //Well hello there new dude! + else { + + //About that personal information - give me a second while save it. + // sql_clean is an addslashes equivilent + $sql = "INSERT INTO `users` (`openID`, `displayName`, `email`, `dateJoined`, `dateLogin`) + VALUES ( + '$claimedid', + '".sql_clean($display)."', + '".sql_clean($email)."', + NOW(), NOW())"; + $result = mysql_query($sql); + //Allright, all set. + //echo "$sql

"; + If ($result) { + $userID = mysql_insert_id(); + } //Oh crap? + else { + //echo "monkeys and etc"; + DoRedirect("
new-user db register failure of unknown cause.\n +
Also, there were no monkeys trained or otherwise sent to resolve this problem.\n +
Sorry. youtube offered them more.\n", NULL, 10); + exit; + } + } + //If 'remember me' use this for cookie password + //$_SESSION['Passcode'] = MD5($Password.$Pepper.$Username); + $_SESSION['accepted'] = 1; + $_SESSION['userID'] = $userID; + $_SESSION['displayName'] = $display; + + //The below is me hashing the claimedID. + $salt = "33qs5d4j6z98gt1a7n6b5d4x1c66f5nuh8a6d8g9j09aphgf56z5745"; + $pepper = "Dear sir, have you ever heard of a wild goose chase? + If you've gotten this far, please email me: snapwilliam@gmail.com with this message. + I'll give you some sort of prize."; + $one = MD5($claimedid); + $two = MD5($one.$salt); + $three = MD5($pepper.$two); + + $expire = time() + (7 * 24 * 60 * 60); + setcookie("userID", $userID, $expire); + setcookie("doLogin", "yes", $expire); + setcookie("auth", $three, $expire); + + + //DoRedirect("Thank you $display.", $_GET['ref']); + DoRedirect("", $_GET['ref'], 0); + exit; + } //Okay well, we considered logging in at least, right? + else { + DoRedirect("Login failed. Back to the home page with you!"); + } + //The defaults will do fine here. + DoRedirect(); +} catch(ErrorException $e) { + echo $e->getMessage(); +} +?> -- cgit v1.2.3