required = array('namePerson/first', 'contact/email'); //$openid->optional = array('namePerson/friendly', 'pref/timezone'); //Are we not logged in? if(!$openid->mode) { if (!$_GET['op']) $openid->identity = 'https://www.google.com/accounts/o8/id'; if ($_GET['op'] == 'yahoo') $openid->identity = 'https://me.yahoo.com'; if ($_GET['op'] == 'google') $openid->identity = 'https://www.google.com/accounts/o8/id'; //$openid->identity = 'https://www.google.com/accounts/o8/id'; header('Location: ' . $openid->authUrl()); } //Did we try to log in, but then the user canceled it? elseif($openid->mode == 'cancel') { // header('Location: ' . $mydomain); //echo 'User has canceled authentication!'; } //We logged in and it worked! elseif ($openid->validate()) { //What's in the goodie bag labeled "personal information"... hmmm $tmp = $openid->getAttributes(); $display = $tmp['namePerson/first']; //You don't have a name entered? whyfore!? if (strlen($display) == 0) { $display = 'noname'; } $email = $tmp['contact/email']; if ($email == '') { $tmp['op'] = $_GET['op']; die(throwLoginError($tmp, "No email provided from OpenID Provider")); } //print_r ($tmp); //exit; $claimedid = $openid->__get('identity'); //I know just where to put this stuff! include_once('./includes/sqlEmbedded.php'); //Unless I already have this information... //* Modify this to WHERE `email` //$sql = "SELECT `ID`, `isAdmin`, `openID`, `displayName` FROM `users` WHERE `email` = '$email'"; //$sql = "SELECT `ID`, `isAdmin` FROM `users` WHERE `openID` = '$claimedid'"; $sql = "SELECT `ID`, `isAdmin`, `openID`, `displayName`, `dateJoined` FROM `users` WHERE `openID` = '$claimedid' OR `email` = '$email'"; $result = mysql_query($sql); $_SESSION['isAdmin'] = false; //echo "\n$sql\n"; //What a loser, he's already registered. if (mysql_num_rows($result) > 0) { $userID = mysql_result($result, 0, 'ID'); //Is he a cool admin person? if (mysql_result($result, 0, 'isAdmin') == 1) $_SESSION['isAdmin'] = true; $display = mysql_result($result, 0, 'displayName'); $dateJoined = mysql_result($result, 0, 'dateJoined'); //Multiple accounts found? if (mysql_num_rows($result) > 1) { $d['page'] = "Login"; $d['error'] = "Multiple results on lookup"; $d['rows'] = mysql_num_rows($result); $d['OpenIDProvider'] = $_GET['op']; $d['userID'] = $userID; $d['claimedid'] = $claimedid; $d['email'] = $email; $d['display'] = $display; EmailError($d); } // Continue Loging in; should be fine. //TEMPORARY CODE //Check openID; and update it if necessary if (mysql_result($result, 0, 'openID') == $claimedid) { //Don't need to do anything } else { //Update the OpenID Code $sql = "UPDATE `users` SET `openID` = '$claimedid' WHERE `ID` = '$userID'"; mysql_query($sql); } // //I last-see you now! $sql = "UPDATE `users` SET `dateLogin` = NOW() WHERE `ID` = '$userID'"; mysql_query($sql); } //Well hello there new dude! else { //About that personal information - give me a second while save it. // sql_clean is an addslashes equivilent $sql = "INSERT INTO `users` (`openID`, `displayName`, `email`, `dateJoined`, `dateLogin`) VALUES ( '$claimedid', '".sql_clean($display)."', '".sql_clean($email)."', NOW(), NOW())"; $result = mysql_query($sql); //Allright, all set. if ($result) { $userID = mysql_insert_id(); $dateJoined = date(DateTime::ISO8601); //Tutorial done? if (isset($_SESSION['preCompletedTutorial'])) { if ($_SESSION['preCompletedTutorial'] == true) { include_once('./includes/datas.php'); onCompletedTutorial($userID); } } //Oh crap? } else { $d['sqlError'] = mysql_error(); $d['result'] = $result; throwLoginError($d, "Unknown DB Registration failure"); exit; } include_once('includes/chats.php'); addchat(-1, "New user registered: \"$display\""); sendNewUserEmail($userID, $email, $display, $dateJoined); } //If 'remember me' use this for cookie password //$_SESSION['Passcode'] = MD5($Password.$Pepper.$Username); $_SESSION['accepted'] = 1; $_SESSION['userID'] = $userID; $_SESSION['email'] = $email; $_SESSION['displayName'] = $display; $_SESSION['dateJoined'] = $dateJoined; //The below is me hashing the claimedID. $salt = "33qs5d4j6z98gt1a7n6b5d4x1c66f5nuh8a6d8g9j09aphgf56z5745"; $pepper = "Dear sir, have you ever heard of a wild goose chase? If you've gotten this far, please email me: snapwilliam@gmail.com with this message. I'll give you some sort of prize."; $one = MD5($claimedid); $two = MD5($one.$salt); $three = MD5($pepper.$two); $expire = time() + (6 * 31 * 24 * 60 * 60); setcookie("userID", $userID, $expire); setcookie("doLogin", "yes", $expire); setcookie("auth", $three, $expire); //DoRedirect("Thank you $display.", $_GET['ref']); DoRedirect("", $_GET['ref'], 0); exit; } //Okay well, we considered logging in at least, right? else { DoRedirect("Login failed. Back to the home page with you!"); } //The defaults will do fine here. DoRedirect(); } catch(ErrorException $e) { echo $e->getMessage(); } function sendNewUserEmail($userID, $email, $display, $dateJoined) { global $mydomain; include_once('./includes/emails.php'); $emailBody = "Thank you for signing in to Pathery! Questions or feedback? Please reply to this email! Useful Links: Change your display name: $mydomain"."cp View your achievements and stats: $mydomain"."achievements?id="."$userID Happy Pathing, The Pathery Team "; $emailSubject = 'Welcome to Pathery.com!'; QueueEmail(0, $email, $emailSubject, $emailBody, 5, true); } function throwLoginError($data, $explination) { $randCode = rand(10000, 99999); $errortext = "
Error; $explination \n
The error details have been emailed to the administrator.
If this problem continues; please email me: snap@pathery.com
Your error code is: $randCode
"; $errortext .= mysql_error(); DoRedirect($errortext, NULL, 500); $data['explination'] = $explination; $data['randCode'] = $randCode; EmailError($data); } ?>