required = array('namePerson/first', 'contact/email'); //Are we not logged in? if (!$openid->mode) { if (!$_GET['op'] || $_GET['op'] == 'google') $openid->identity = 'https://www.google.com/accounts/o8/id'; else if ($_GET['op'] == 'yahoo') $openid->identity = 'https://me.yahoo.com'; else if ($_GET['op'] == 'steam') $openid->identity = 'http://steamcommunity.com/openid'; header('Location: ' . $openid->authUrl()); } //Did we try to log in, but then the user canceled it? else if ($openid->mode == 'cancel') { // header('Location: ' . $mydomain); //echo 'User has canceled authentication!'; } //We logged in and it worked! else if ($openid->validate()) { //What's in the goodie bag labeled "personal information"... hmmm $openIdAttributes = $openid->getAttributes(); $display = $openIdAttributes['namePerson/first']; //You don't have a name entered? whyfore!? if (strlen($display) == 0) { $display = 'noname'; } $email = $openIdAttributes['contact/email']; $claimedid = $openid->__get('identity'); if ($claimedid == "https://open.login.yahooapis.com/openid20/user_profile/xrds") { die(throwLoginError($openIdAttributes, "Yahoo went full retard, and didn't send any way for me to identify you...")); } if ($email == '') { $openIdAttributes['op'] = $_GET['op']; die(throwLoginError($openIdAttributes, "No email provided by OpenID provider - please try a different provider")); } createNewUser($claimedid, $display, $email); } else { DoRedirect("Login failed. Back to the home page with you!"); } } //Use HybridAuth for everything else else if ($_GET['op'] == 'twitter' || $_GET['op'] == 'facebook' || $_GET['op'] == 'live') { $provider = $_GET['op']; $hybridAuth = new Hybrid_Auth($hybrid_config_file); $authenticator = $hybridAuth->authenticate($provider); if(!$authenticator) { //If user cancelled request, return to home page (?) return; } $userProfile = $authenticator->getUserProfile(); $claimedid = $authenticator->id . '|' . $userProfile->identifier; $display = ($userProfile->firstName != '' ? $userProfile->firstName : $userProfile->displayName); $email = $userProfile->email; //TODO: This will always fail for Twitter - we need to reconsider our needs... if($email == '') { //$userProfile['op'] = $_GET['op']; //TODO This isn't valid, whoops - but, plan on deleting anyways... die(throwLoginError($userProfile, "No email provided by {$authenticator->id} - please try a different provider")); } createNewUser($claimedid, $display, $email); return; //HybridAuth's OpenID Method // } else if ($_GET['op'] == 'yahoo') { // $config = array( // "base_url" => $mydomain . "HybridAuth/", // "providers" => array ( "OpenID" => array ( "enabled" => true ) ) // ); // $ha = new Hybrid_Auth( $config ); // // // Authenticate with Yahoo! then grab the user profile // $adapter = $ha->authenticate( "OpenID", array( "openid_identifier" => "https://me.yahoo.com/")); // $user_profile = $adapter->getUserProfile(); } //Unknown provider else { DoRedirect("Unknown login provider. Back to the home page with you!"); } } catch (ErrorException $e) { echo $e->getMessage(); } function createNewUser($claimedid, $display, $email) { //I know just where to put this stuff! //Unless I already have this information... $sql = "SELECT `ID`, `isAdmin`, `openID`, `displayName`, `dateJoined` FROM `users` WHERE `openID` = '$claimedid' OR `email` = '$email'"; $result = mysql_query($sql); $_SESSION['isAdmin'] = false; //What a loser, he's already registered. if (mysql_num_rows($result) > 0) { $userID = mysql_result($result, 0, 'ID'); //Is he a cool admin person? if (mysql_result($result, 0, 'isAdmin') == 1) $_SESSION['isAdmin'] = true; $display = mysql_result($result, 0, 'displayName'); $dateJoined = mysql_result($result, 0, 'dateJoined'); //Multiple accounts found? if (mysql_num_rows($result) > 1) { $d['page'] = "Login"; $d['error'] = "Multiple results on lookup"; $d['rows'] = mysql_num_rows($result); $d['OpenIDProvider'] = $_GET['op']; $d['userID'] = $userID; $d['claimedid'] = $claimedid; $d['email'] = $email; $d['display'] = $display; EmailError($d); } // Continue Loging in; should be fine. //TEMPORARY CODE //Check openID; and update it if necessary if (mysql_result($result, 0, 'openID') == $claimedid) { //Don't need to do anything } else { //Update the OpenID Code $sql = "UPDATE `users` SET `openID` = '$claimedid' WHERE `ID` = '$userID'"; mysql_query($sql); } // //I last-see you now! $sql = "UPDATE `users` SET `dateLogin` = NOW() WHERE `ID` = '$userID'"; mysql_query($sql); } //Well hello there new dude! else { //About that personal information - give me a second while save it. // sql_clean is an addslashes equivilent $sql = "INSERT INTO `users` (`openID`, `displayName`, `email`, `dateJoined`, `dateLogin`) VALUES ( '$claimedid', '" . sql_clean($display) . "', '" . sql_clean($email) . "', NOW(), NOW())"; $result = mysql_query($sql); //Allright, all set. if ($result) { $userID = mysql_insert_id(); $dateJoined = date(DateTime::ISO8601); //Tutorial done? if (isset($_SESSION['preCompletedTutorial'])) { if ($_SESSION['preCompletedTutorial'] == true) { onCompletedTutorial($userID); } } //Oh crap? } else { $d['sqlError'] = mysql_error(); $d['result'] = $result; throwLoginError($d, "Unknown DB Registration failure"); exit; } addchat(null, "New user registered: \"$display\""); sendNewUserEmail($userID, $email, $display, $dateJoined); } //If 'remember me' use this for cookie password //$_SESSION['Passcode'] = MD5($Password.$Pepper.$Username); $_SESSION['accepted'] = 1; $_SESSION['userID'] = $userID; $_SESSION['email'] = $email; $_SESSION['displayName'] = $display; $_SESSION['dateJoined'] = $dateJoined; //The below is me hashing the claimedID. //TODO: Store these values in a single location... $salt = "33qs5d4j6z98gt1a7n6b5d4x1c66f5nuh8a6d8g9j09aphgf56z5745"; $pepper = "chilis baby-back ribss! I want my baby back, baby back, baby back, baby back, baby back, I want my, baby backTREE3!"; $one = MD5($claimedid); $two = MD5($one . $salt); $three = MD5($pepper . $two); $expire = time() + (6 * 31 * 24 * 60 * 60); setcookie("userID", $userID, $expire); setcookie("doLogin", "yes", $expire); setcookie("auth", $three, $expire); $refTo = null; if (isset($_GET['ref'])) $refTo = $_GET['ref']; //DoRedirect("Thank you $display.", $_GET['ref']); DoRedirect("", $refTo, 0); exit; } function sendNewUserEmail($userID, $email, $display, $dateJoined) { global $mydomain; $emailBody = "Thank you for signing in to Pathery! Questions or feedback? Please reply to this email! Useful Links: Change your display name: $mydomain" . "cp View your achievements and stats: $mydomain" . "achievements?id=" . "$userID Happy Pathing, The Pathery Team "; $emailSubject = 'Welcome to Pathery.com!'; QueueEmail(null, $email, $emailSubject, $emailBody, 5); } function throwLoginError($data, $explanation) { $randCode = rand(10000, 99999); $errortext = "
Error; $explanation \n
The error details have been emailed to the administrator.
If this problem continues; please email me: snap@pathery.com
Your error code is: $randCode
"; $errortext .= mysql_error(); DoRedirect($errortext, NULL, 500); $data['explanation'] = $explanation; $data['randCode'] = $randCode; EmailError($data); } ?>