required = array('namePerson/first', 'contact/email'); //$openid->optional = array('namePerson/friendly', 'pref/timezone'); //Are we not logged in? if(!$openid->mode) { $openid->identity = 'https://www.google.com/accounts/o8/id'; header('Location: ' . $openid->authUrl()); } //Did we try to log in, but then the user canceled it? elseif($openid->mode == 'cancel') { // header('Location: ' . $mydomain); //echo 'User has canceled authentication!'; } //We logged in and it worked! elseif ($openid->validate()) { //echo 'User has logged in.'; //What's in the goodie bag labeled "personal information"... hmmm $tmp = $openid->getAttributes(); $display = $tmp['namePerson/first']; //You don't have a name entered? whyfore!? if (strlen($display) == 0) { $display = 'noname'; } $email = $tmp['contact/email']; //print_r ($tmp); //exit; $claimedid = $openid->__get('identity'); //I know just where to put this stuff! require './includes/db.inc.php'; //Unless I already have this information... //* Modify this to WHERE `email` $sql = "SELECT `ID`, `isAdmin`, `openID`, `displayName` FROM `users` WHERE `email` = '$email'"; //$sql = "SELECT `ID`, `isAdmin` FROM `users` WHERE `openID` = '$claimedid'"; $result = mysql_query($sql); $_SESSION['isAdmin'] = false; //echo "\n$sql\n"; //What a loser, he's already registered. if (mysql_num_rows($result) > 0) { $userID = mysql_result($result, 0, 'ID'); //Is he a cool admin person? if (mysql_result($result, 0, 'isAdmin') == 1) $_SESSION['isAdmin'] = true; //Use the displayname we have on record. $display = mysql_result($result, 0, 'displayName'); //TEMPORARY CODE //Check openID; and update it if necessary if (mysql_result($result, 0, 'openID') == $claimedid) { //Don't need to do anything } else { //Update the OpenID Code $sql = "UPDATE `users` SET `openID` = '$claimedid' WHERE `ID` = '$userID'"; mysql_query($sql); } // //I last-see you now! $sql = "UPDATE `users` SET `dateLogin` = NOW() WHERE `ID` = '$userID'"; mysql_query($sql); } //Well hello there new dude! else { //About that personal information - give me a second while save it. // sql_clean is an addslashes equivilent $sql = "INSERT INTO `users` (`openID`, `displayName`, `email`, `dateJoined`, `dateLogin`) VALUES ( '$claimedid', '".sql_clean($display)."', '".sql_clean($email)."', NOW(), NOW())"; $result = mysql_query($sql); //Allright, all set. //echo "$sql

"; If ($result) { $userID = mysql_insert_id(); } //Oh crap? else { //echo "monkeys and etc"; DoRedirect("
new-user db register failure of unknown cause.\n
Also, there were no monkeys trained or otherwise sent to resolve this problem.\n
Sorry. youtube offered them more.\n", NULL, 10); exit; } } //If 'remember me' use this for cookie password //$_SESSION['Passcode'] = MD5($Password.$Pepper.$Username); $_SESSION['accepted'] = 1; $_SESSION['userID'] = $userID; $_SESSION['displayName'] = $display; //The below is me hashing the claimedID. $salt = "33qs5d4j6z98gt1a7n6b5d4x1c66f5nuh8a6d8g9j09aphgf56z5745"; $pepper = "Dear sir, have you ever heard of a wild goose chase? If you've gotten this far, please email me: snapwilliam@gmail.com with this message. I'll give you some sort of prize."; $one = MD5($claimedid); $two = MD5($one.$salt); $three = MD5($pepper.$two); $expire = time() + (31 * 24 * 60 * 60); setcookie("userID", $userID, $expire); setcookie("doLogin", "yes", $expire); setcookie("auth", $three, $expire); //DoRedirect("Thank you $display.", $_GET['ref']); DoRedirect("", $_GET['ref'], 0); exit; } //Okay well, we considered logging in at least, right? else { DoRedirect("Login failed. Back to the home page with you!"); } //The defaults will do fine here. DoRedirect(); } catch(ErrorException $e) { echo $e->getMessage(); } ?>