From 3345b13c73e76d2f03a85209d205adb9af49fc6b Mon Sep 17 00:00:00 2001 From: BlueRaja Date: Sun, 2 Jun 2013 10:37:15 -0500 Subject: Updated login form with a few new providers --- pages/login.php | 287 ++++++++++++++++++++++++++++---------------------------- 1 file changed, 142 insertions(+), 145 deletions(-) (limited to 'pages') diff --git a/pages/login.php b/pages/login.php index d818f58..c400e52 100644 --- a/pages/login.php +++ b/pages/login.php @@ -8,24 +8,20 @@ if ($accepted) { header("Location: $mydomain"); exit; } -echo "testest"; require 'includes/openid.php'; include_once 'globe.php'; include_once('./includes/sqlEmbedded.php'); include_once('./includes/datas.php'); -include_once('includes/chats.php'); +include_once('./includes/chats.php'); include_once('./includes/emails.php'); -include_once('./includes/OAuth/Oauth.php'); -include_once('./includes/OAuth/Facebook.php'); -include_once('./includes/OAuth/Twitter.php'); +include_once('./includes/HybridAuth/Auth.php'); -echo "test2"; +$hybrid_config_file = 'includes/HybridAuth/HybridAuthConfig.php'; try { //Use OpenID for Google/Yahoo - if(!$_GET['op'] || $_GET['op'] == 'google' || $_GET['op'] == 'yahoo') - { + if (!$_GET['op'] || $_GET['op'] == 'google' || $_GET['op'] == 'yahoo' || $_GET['op'] == 'steam') { $openid = new LightOpenID; //Require Email, and first name. @@ -37,6 +33,8 @@ try { $openid->identity = 'https://www.google.com/accounts/o8/id'; else if ($_GET['op'] == 'yahoo') $openid->identity = 'https://me.yahoo.com'; + else if ($_GET['op'] == 'steam') + $openid->identity = 'http://steamcommunity.com/openid'; header('Location: ' . $openid->authUrl()); } //Did we try to log in, but then the user canceled it? @@ -46,174 +44,172 @@ try { } //We logged in and it worked! else if ($openid->validate()) { //What's in the goodie bag labeled "personal information"... hmmm - $tmp = $openid->getAttributes(); - $display = $tmp['namePerson/first']; + $openIdAttributes = $openid->getAttributes(); + $display = $openIdAttributes['namePerson/first']; //You don't have a name entered? whyfore!? if (strlen($display) == 0) { $display = 'noname'; } - $email = $tmp['contact/email']; - + $email = $openIdAttributes['contact/email']; + $claimedid = $openid->__get('identity'); + if ($email == '') { - $tmp['op'] = $_GET['op']; - die(throwLoginError($tmp, "No email provided from OpenID Provider")); + $openIdAttributes['op'] = $_GET['op']; + die(throwLoginError($openIdAttributes, "No email provided by OpenID provider - please try a different provider")); } - $claimedid = $openid->__get('identity'); - } - else - { + + createNewUser($claimedid, $display, $email); + } else { DoRedirect("Login failed. Back to the home page with you!"); } } - - //Use OAuth for Twitter/Facebook - else if($_GET['op'] == 'twitter') - { - $twitter_consumer_key = "8Y7PY1dk7Mz8VpZWQSTzQ"; - $twitter_consumer_secret = "MUv2qCQVysxqddue5TWhvJDLL0y0v1VMWXDhJtwEps"; - $redirect_uri = $mydomain."login?op=twitter"; - $twitter = new Twitter($twitter_consumer_key, $twitter_consumer_secret, $redirect_uri); - $response = $twitter->validateAccessToken(); - echo "Response: "; - print_r($response); + + //Use HybridAuth for everything else + else if ($_GET['op'] == 'twitter' || $_GET['op'] == 'facebook' || $_GET['op'] == 'live') { + $provider = $_GET['op']; + $hybridAuth = new Hybrid_Auth($hybrid_config_file); + $authenticator = $hybridAuth->authenticate($provider); - echo "Making next request..."; - try + if(!$authenticator) { - $response = $twitter->makeRequest("https://api.twitter.com/1/account/settings.json"); - echo "
Response 2:
"; - print_r($response); + //If user cancelled request, return to home page (?) + return; } - catch(Exception $e) + + $userProfile = $authenticator->getUserProfile(); + + $claimedid = $authenticator->id . '|' . $userProfile->identifier; + $display = ($userProfile->firstName != '' ? $userProfile->firstName : $userProfile->displayName); + $email = $userProfile->email; + + //TODO: This will always fail for Twitter - we need to reconsider our needs... + if($email == '') { - echo "Exception was thrown: "; - echo $e->getMessage(); + $userProfile['op'] = $_GET['op']; + die(throwLoginError($userProfile, "No email provided by {$authenticator->id} - please try a different provider")); } + createNewUser($claimedid, $display, $email); return; } - - else if($_GET['op'] == 'facebook') - { - //TODO - } - + //Unknown provider - else - { + else { DoRedirect("Unknown login provider. Back to the home page with you!"); } - //I know just where to put this stuff! - //Unless I already have this information... - $sql = "SELECT `ID`, `isAdmin`, `openID`, `displayName`, `dateJoined` FROM `users` WHERE `openID` = '$claimedid' OR `email` = '$email'"; - $result = mysql_query($sql); +} catch (ErrorException $e) { + echo $e->getMessage(); +} - $_SESSION['isAdmin'] = false; - - //What a loser, he's already registered. - if (mysql_num_rows($result) > 0) { - $userID = mysql_result($result, 0, 'ID'); - //Is he a cool admin person? - if (mysql_result($result, 0, 'isAdmin') == 1) - $_SESSION['isAdmin'] = true; - - $display = mysql_result($result, 0, 'displayName'); - $dateJoined = mysql_result($result, 0, 'dateJoined'); - - //Multiple accounts found? - if (mysql_num_rows($result) > 1) { - $d['page'] = "Login"; - $d['error'] = "Multiple results on lookup"; - $d['rows'] = mysql_num_rows($result); - $d['OpenIDProvider'] = $_GET['op']; - $d['userID'] = $userID; - $d['claimedid'] = $claimedid; - $d['email'] = $email; - $d['display'] = $display; - EmailError($d); - } - // Continue Loging in; should be fine. - //TEMPORARY CODE - //Check openID; and update it if necessary - if (mysql_result($result, 0, 'openID') == $claimedid) { - //Don't need to do anything - } else { - //Update the OpenID Code - $sql = "UPDATE `users` +function createNewUser($claimedid, $display, $email) +{ + //I know just where to put this stuff! + //Unless I already have this information... + $sql = "SELECT `ID`, `isAdmin`, `openID`, `displayName`, `dateJoined` FROM `users` WHERE `openID` = '$claimedid' OR `email` = '$email'"; + $result = mysql_query($sql); + + $_SESSION['isAdmin'] = false; + + //What a loser, he's already registered. + if (mysql_num_rows($result) > 0) { + $userID = mysql_result($result, 0, 'ID'); + //Is he a cool admin person? + if (mysql_result($result, 0, 'isAdmin') == 1) + $_SESSION['isAdmin'] = true; + + $display = mysql_result($result, 0, 'displayName'); + $dateJoined = mysql_result($result, 0, 'dateJoined'); + + //Multiple accounts found? + if (mysql_num_rows($result) > 1) { + $d['page'] = "Login"; + $d['error'] = "Multiple results on lookup"; + $d['rows'] = mysql_num_rows($result); + $d['OpenIDProvider'] = $_GET['op']; + $d['userID'] = $userID; + $d['claimedid'] = $claimedid; + $d['email'] = $email; + $d['display'] = $display; + EmailError($d); + } + // Continue Loging in; should be fine. + //TEMPORARY CODE + //Check openID; and update it if necessary + if (mysql_result($result, 0, 'openID') == $claimedid) { + //Don't need to do anything + } else { + //Update the OpenID Code + $sql = "UPDATE `users` SET `openID` = '$claimedid' WHERE `ID` = '$userID'"; - mysql_query($sql); - } - // - //I last-see you now! - $sql = "UPDATE `users` + mysql_query($sql); + } + // + //I last-see you now! + $sql = "UPDATE `users` SET `dateLogin` = NOW() WHERE `ID` = '$userID'"; - mysql_query($sql); - } //Well hello there new dude! - else { + mysql_query($sql); + } //Well hello there new dude! + else { - //About that personal information - give me a second while save it. - // sql_clean is an addslashes equivilent - $sql = "INSERT INTO `users` (`openID`, `displayName`, `email`, `dateJoined`, `dateLogin`) + //About that personal information - give me a second while save it. + // sql_clean is an addslashes equivilent + $sql = "INSERT INTO `users` (`openID`, `displayName`, `email`, `dateJoined`, `dateLogin`) VALUES ( '$claimedid', '" . sql_clean($display) . "', '" . sql_clean($email) . "', NOW(), NOW())"; - $result = mysql_query($sql); - //Allright, all set. - if ($result) { - $userID = mysql_insert_id(); - $dateJoined = date(DateTime::ISO8601); - - //Tutorial done? - if (isset($_SESSION['preCompletedTutorial'])) { - if ($_SESSION['preCompletedTutorial'] == true) { - onCompletedTutorial($userID); - } + $result = mysql_query($sql); + //Allright, all set. + if ($result) { + $userID = mysql_insert_id(); + $dateJoined = date(DateTime::ISO8601); + + //Tutorial done? + if (isset($_SESSION['preCompletedTutorial'])) { + if ($_SESSION['preCompletedTutorial'] == true) { + onCompletedTutorial($userID); } - //Oh crap? - } else { - $d['sqlError'] = mysql_error(); - $d['result'] = $result; - throwLoginError($d, "Unknown DB Registration failure"); - exit; } - addchat(null, "New user registered: \"$display\""); - sendNewUserEmail($userID, $email, $display, $dateJoined); + //Oh crap? + } else { + $d['sqlError'] = mysql_error(); + $d['result'] = $result; + throwLoginError($d, "Unknown DB Registration failure"); + exit; } - //If 'remember me' use this for cookie password - //$_SESSION['Passcode'] = MD5($Password.$Pepper.$Username); - $_SESSION['accepted'] = 1; - $_SESSION['userID'] = $userID; - $_SESSION['email'] = $email; - $_SESSION['displayName'] = $display; - $_SESSION['dateJoined'] = $dateJoined; - - //The below is me hashing the claimedID. - //TODO: Store these values in a single location... - $salt = "33qs5d4j6z98gt1a7n6b5d4x1c66f5nuh8a6d8g9j09aphgf56z5745"; - $pepper = "chilis baby-back ribss! I want my baby back, baby back, baby back, baby back, baby back, I want my, baby backTREE3!"; - $one = MD5($claimedid); - $two = MD5($one . $salt); - $three = MD5($pepper . $two); - - $expire = time() + (6 * 31 * 24 * 60 * 60); - setcookie("userID", $userID, $expire); - setcookie("doLogin", "yes", $expire); - setcookie("auth", $three, $expire); - - $refTo = null; - if (isset($_GET['ref'])) - $refTo = $_GET['ref']; - //DoRedirect("Thank you $display.", $_GET['ref']); - DoRedirect("", $refTo, 0); - exit; - //The defaults will do fine here. - DoRedirect(); -} catch (ErrorException $e) { - echo $e->getMessage(); + addchat(null, "New user registered: \"$display\""); + sendNewUserEmail($userID, $email, $display, $dateJoined); + } + //If 'remember me' use this for cookie password + //$_SESSION['Passcode'] = MD5($Password.$Pepper.$Username); + $_SESSION['accepted'] = 1; + $_SESSION['userID'] = $userID; + $_SESSION['email'] = $email; + $_SESSION['displayName'] = $display; + $_SESSION['dateJoined'] = $dateJoined; + + //The below is me hashing the claimedID. + //TODO: Store these values in a single location... + $salt = "33qs5d4j6z98gt1a7n6b5d4x1c66f5nuh8a6d8g9j09aphgf56z5745"; + $pepper = "chilis baby-back ribss! I want my baby back, baby back, baby back, baby back, baby back, I want my, baby backTREE3!"; + $one = MD5($claimedid); + $two = MD5($one . $salt); + $three = MD5($pepper . $two); + + $expire = time() + (6 * 31 * 24 * 60 * 60); + setcookie("userID", $userID, $expire); + setcookie("doLogin", "yes", $expire); + setcookie("auth", $three, $expire); + + $refTo = null; + if (isset($_GET['ref'])) + $refTo = $_GET['ref']; + //DoRedirect("Thank you $display.", $_GET['ref']); + DoRedirect("", $refTo, 0); + exit; } function sendNewUserEmail($userID, $email, $display, $dateJoined) { @@ -234,9 +230,9 @@ Happy Pathing, QueueEmail(null, $email, $emailSubject, $emailBody, 5); } -function throwLoginError($data, $explination) { +function throwLoginError($data, $explanation) { $randCode = rand(10000, 99999); - $errortext = "
Error; $explination \n + $errortext = "
Error; $explanation \n
The error details have been emailed to the administrator.
If this problem continues; please email me: @@ -246,7 +242,8 @@ function throwLoginError($data, $explination) {
"; $errortext .= mysql_error(); DoRedirect($errortext, NULL, 500); - $data['explination'] = $explination; + + $data['explanation'] = $explanation; $data['randCode'] = $randCode; EmailError($data); } -- cgit v1.2.3