From 951330c9f83c8c8ee98f65fdccb5797e2e59d1f3 Mon Sep 17 00:00:00 2001 From: BlueRaja Date: Sat, 1 Jun 2013 20:10:36 -0500 Subject: A partial commit of the auth stuff, in case my upcoming changes break anything --- pages/login.php | 261 ++++++++++++++++++++++++++++++++------------------------ 1 file changed, 150 insertions(+), 111 deletions(-) (limited to 'pages') diff --git a/pages/login.php b/pages/login.php index 04b4083..d818f58 100644 --- a/pages/login.php +++ b/pages/login.php @@ -1,12 +1,14 @@ required = array('namePerson/first', 'contact/email'); - //$openid->optional = array('namePerson/friendly', 'pref/timezone'); - - //Are we not logged in? - if(!$openid->mode) { - if (!$_GET['op']) - $openid->identity = 'https://www.google.com/accounts/o8/id'; - if ($_GET['op'] == 'yahoo') - $openid->identity = 'https://me.yahoo.com'; - if ($_GET['op'] == 'google') - $openid->identity = 'https://www.google.com/accounts/o8/id'; - - //$openid->identity = 'https://www.google.com/accounts/o8/id'; - header('Location: ' . $openid->authUrl()); - } //Did we try to log in, but then the user canceled it? - elseif($openid->mode == 'cancel') { - // header('Location: ' . $mydomain); - //echo 'User has canceled authentication!'; - } //We logged in and it worked! - elseif ($openid->validate()) { - //What's in the goodie bag labeled "personal information"... hmmm - $tmp = $openid->getAttributes(); - $display = $tmp['namePerson/first']; - //You don't have a name entered? whyfore!? - if (strlen($display) == 0) { - $display = 'noname'; - } - $email = $tmp['contact/email']; + //Use OpenID for Google/Yahoo + if(!$_GET['op'] || $_GET['op'] == 'google' || $_GET['op'] == 'yahoo') + { + $openid = new LightOpenID; + + //Require Email, and first name. + $openid->required = array('namePerson/first', 'contact/email'); + + //Are we not logged in? + if (!$openid->mode) { + if (!$_GET['op'] || $_GET['op'] == 'google') + $openid->identity = 'https://www.google.com/accounts/o8/id'; + else if ($_GET['op'] == 'yahoo') + $openid->identity = 'https://me.yahoo.com'; + + header('Location: ' . $openid->authUrl()); + } //Did we try to log in, but then the user canceled it? + else if ($openid->mode == 'cancel') { + // header('Location: ' . $mydomain); + //echo 'User has canceled authentication!'; + } //We logged in and it worked! + else if ($openid->validate()) { + //What's in the goodie bag labeled "personal information"... hmmm + $tmp = $openid->getAttributes(); + $display = $tmp['namePerson/first']; + + //You don't have a name entered? whyfore!? + if (strlen($display) == 0) { + $display = 'noname'; + } + $email = $tmp['contact/email']; + + if ($email == '') { + $tmp['op'] = $_GET['op']; + die(throwLoginError($tmp, "No email provided from OpenID Provider")); + } + $claimedid = $openid->__get('identity'); + } + else + { + DoRedirect("Login failed. Back to the home page with you!"); + } + } + + //Use OAuth for Twitter/Facebook + else if($_GET['op'] == 'twitter') + { + $twitter_consumer_key = "8Y7PY1dk7Mz8VpZWQSTzQ"; + $twitter_consumer_secret = "MUv2qCQVysxqddue5TWhvJDLL0y0v1VMWXDhJtwEps"; + $redirect_uri = $mydomain."login?op=twitter"; + $twitter = new Twitter($twitter_consumer_key, $twitter_consumer_secret, $redirect_uri); + $response = $twitter->validateAccessToken(); + echo "Response: "; + print_r($response); - if ($email == '') { - $tmp['op'] = $_GET['op']; - die(throwLoginError($tmp, "No email provided from OpenID Provider")); + echo "Making next request..."; + try + { + $response = $twitter->makeRequest("https://api.twitter.com/1/account/settings.json"); + echo "
Response 2:
"; + print_r($response); + } + catch(Exception $e) + { + echo "Exception was thrown: "; + echo $e->getMessage(); } - //print_r ($tmp); - //exit; - $claimedid = $openid->__get('identity'); - - //I know just where to put this stuff! - //Unless I already have this information... - //* Modify this to WHERE `email` - //$sql = "SELECT `ID`, `isAdmin`, `openID`, `displayName` FROM `users` WHERE `email` = '$email'"; - //$sql = "SELECT `ID`, `isAdmin` FROM `users` WHERE `openID` = '$claimedid'"; - $sql = "SELECT `ID`, `isAdmin`, `openID`, `displayName`, `dateJoined` FROM `users` WHERE `openID` = '$claimedid' OR `email` = '$email'"; - $result = mysql_query($sql); - - $_SESSION['isAdmin'] = false; - //echo "\n$sql\n"; - //What a loser, he's already registered. - if (mysql_num_rows($result) > 0) { - $userID = mysql_result($result, 0, 'ID'); + return; + } + + else if($_GET['op'] == 'facebook') + { + //TODO + } + + //Unknown provider + else + { + DoRedirect("Unknown login provider. Back to the home page with you!"); + } + //I know just where to put this stuff! + //Unless I already have this information... + $sql = "SELECT `ID`, `isAdmin`, `openID`, `displayName`, `dateJoined` FROM `users` WHERE `openID` = '$claimedid' OR `email` = '$email'"; + $result = mysql_query($sql); + + $_SESSION['isAdmin'] = false; + + //What a loser, he's already registered. + if (mysql_num_rows($result) > 0) { + $userID = mysql_result($result, 0, 'ID'); //Is he a cool admin person? - if (mysql_result($result, 0, 'isAdmin') == 1) + if (mysql_result($result, 0, 'isAdmin') == 1) $_SESSION['isAdmin'] = true; - + $display = mysql_result($result, 0, 'displayName'); $dateJoined = mysql_result($result, 0, 'dateJoined'); - + //Multiple accounts found? if (mysql_num_rows($result) > 1) { $d['page'] = "Login"; @@ -89,7 +133,6 @@ try { EmailError($d); } // Continue Loging in; should be fine. - //TEMPORARY CODE //Check openID; and update it if necessary if (mysql_result($result, 0, 'openID') == $claimedid) { @@ -99,83 +142,78 @@ try { $sql = "UPDATE `users` SET `openID` = '$claimedid' WHERE `ID` = '$userID'"; - mysql_query($sql); + mysql_query($sql); } // - //I last-see you now! - $sql = "UPDATE `users` + $sql = "UPDATE `users` SET `dateLogin` = NOW() WHERE `ID` = '$userID'"; - mysql_query($sql); - - } //Well hello there new dude! - else { - - //About that personal information - give me a second while save it. - // sql_clean is an addslashes equivilent - $sql = "INSERT INTO `users` (`openID`, `displayName`, `email`, `dateJoined`, `dateLogin`) + mysql_query($sql); + } //Well hello there new dude! + else { + + //About that personal information - give me a second while save it. + // sql_clean is an addslashes equivilent + $sql = "INSERT INTO `users` (`openID`, `displayName`, `email`, `dateJoined`, `dateLogin`) VALUES ( '$claimedid', - '".sql_clean($display)."', - '".sql_clean($email)."', + '" . sql_clean($display) . "', + '" . sql_clean($email) . "', NOW(), NOW())"; - $result = mysql_query($sql); - //Allright, all set. - if ($result) { - $userID = mysql_insert_id(); - $dateJoined = date(DateTime::ISO8601); - + $result = mysql_query($sql); + //Allright, all set. + if ($result) { + $userID = mysql_insert_id(); + $dateJoined = date(DateTime::ISO8601); + //Tutorial done? if (isset($_SESSION['preCompletedTutorial'])) { if ($_SESSION['preCompletedTutorial'] == true) { onCompletedTutorial($userID); } } - //Oh crap? - } else { + //Oh crap? + } else { $d['sqlError'] = mysql_error(); $d['result'] = $result; throwLoginError($d, "Unknown DB Registration failure"); - exit; - } + exit; + } addchat(null, "New user registered: \"$display\""); sendNewUserEmail($userID, $email, $display, $dateJoined); - } - //If 'remember me' use this for cookie password - //$_SESSION['Passcode'] = MD5($Password.$Pepper.$Username); - $_SESSION['accepted'] = 1; - $_SESSION['userID'] = $userID; - $_SESSION['email'] = $email; - $_SESSION['displayName'] = $display; - $_SESSION['dateJoined'] = $dateJoined; - + } + //If 'remember me' use this for cookie password + //$_SESSION['Passcode'] = MD5($Password.$Pepper.$Username); + $_SESSION['accepted'] = 1; + $_SESSION['userID'] = $userID; + $_SESSION['email'] = $email; + $_SESSION['displayName'] = $display; + $_SESSION['dateJoined'] = $dateJoined; + //The below is me hashing the claimedID. //TODO: Store these values in a single location... $salt = "33qs5d4j6z98gt1a7n6b5d4x1c66f5nuh8a6d8g9j09aphgf56z5745"; $pepper = "chilis baby-back ribss! I want my baby back, baby back, baby back, baby back, baby back, I want my, baby backTREE3!"; $one = MD5($claimedid); - $two = MD5($one.$salt); - $three = MD5($pepper.$two); - + $two = MD5($one . $salt); + $three = MD5($pepper . $two); + $expire = time() + (6 * 31 * 24 * 60 * 60); setcookie("userID", $userID, $expire); - setcookie("doLogin", "yes", $expire); - setcookie("auth", $three, $expire); - + setcookie("doLogin", "yes", $expire); + setcookie("auth", $three, $expire); + $refTo = null; - if (isset($_GET['ref'])) $refTo = $_GET['ref']; - //DoRedirect("Thank you $display.", $_GET['ref']); - DoRedirect("", $refTo, 0); - exit; - } //Okay well, we considered logging in at least, right? - else { - DoRedirect("Login failed. Back to the home page with you!"); - } - //The defaults will do fine here. - DoRedirect(); -} catch(ErrorException $e) { - echo $e->getMessage(); + if (isset($_GET['ref'])) + $refTo = $_GET['ref']; + //DoRedirect("Thank you $display.", $_GET['ref']); + DoRedirect("", $refTo, 0); + exit; + //The defaults will do fine here. + DoRedirect(); +} catch (ErrorException $e) { + echo $e->getMessage(); } function sendNewUserEmail($userID, $email, $display, $dateJoined) { @@ -185,8 +223,8 @@ function sendNewUserEmail($userID, $email, $display, $dateJoined) { Questions or feedback? Please reply to this email! Useful Links: -Change your display name: $mydomain"."cp -View your achievements and stats: $mydomain"."achievements?id="."$userID +Change your display name: $mydomain" . "cp +View your achievements and stats: $mydomain" . "achievements?id=" . "$userID Happy Pathing, @@ -197,7 +235,7 @@ Happy Pathing, } function throwLoginError($data, $explination) { - $randCode = rand(10000, 99999); + $randCode = rand(10000, 99999); $errortext = "
Error; $explination \n
The error details have been emailed to the administrator.
If this problem continues; please email me: @@ -212,4 +250,5 @@ function throwLoginError($data, $explination) { $data['randCode'] = $randCode; EmailError($data); } + ?> -- cgit v1.2.3