<?php

if ($accepted) {
	if (isset($_GET['mobile']) AND $_GET['mobile'] == 'true') {
		header("Location: $mydomain" . "easytoken");
		exit;
	}
	header("Location: $mydomain");
	exit;
}

require 'includes/openid.php';
include_once 'globe.php';
include_once('./includes/sqlEmbedded.php');
include_once('./includes/datas.php');
include_once('./includes/chats.php');
include_once('./includes/emails.php');
include_once('./includes/HybridAuth/Auth.php');

$hybrid_config_file = 'includes/HybridAuth/HybridAuthConfig.php';

try {
	//OpenID 2.0 Method

	if  (!$_GET['op'] || $_GET['op'] == 'steam' || $_GET['op'] == 'yahoo') {

		$openid = new LightOpenID;

		//Require Email, and first name.
		$openid->required = array('namePerson/first', 'contact/email');

		//Are we not logged in?
		if (!$openid->mode) {
			if ($_GET['op'] == 'yahoo')
				$openid->identity = 'https://me.yahoo.com';
			else if ($_GET['op'] == 'steam')
				$openid->identity = 'http://steamcommunity.com/openid';

			header('Location: ' . $openid->authUrl());
		} //Did we try to log in, but then the user cancelled it?
		else if ($openid->mode == 'cancel') {
			// header('Location: ' . $mydomain);
			//echo 'User has cancelled authentication!';
		} //We logged in and it worked!
		else if ($openid->validate()) {
			//What's in the goody bag labelled "personal information"... hmmm
			$openIdAttributes = $openid->getAttributes();
			$display = $openIdAttributes['namePerson/first'];

			//You don't have a name entered?
			if (strlen($display) == 0) {
				$display = 'noname';
			}
			$email = $openIdAttributes['contact/email'];
			$claimedid = $openid->__get('identity');
			
			if ($claimedid == "https://open.login.yahooapis.com/openid20/user_profile/xrds") {
				die(throwLoginError($openIdAttributes, "Yahoo went full retard, and didn't send any way for me to identify you..."));
			}
			
			if ($email == '') {
				$openIdAttributes['op'] = $_GET['op'];
				die(throwLoginError($openIdAttributes, "No email provided by OpenID provider - please try a different provider"));
			}
			
			createNewUser($claimedid, $display, $email);
		} else {
			DoRedirect("Login failed. Back to the home page with you!");
		}
		
		//Google's OpenID Connect method 
	} else if ($_GET['op'] == 'google') {
		
		
		echo "ello...";
		
		include_once('./includes/google-api-php-client-master/src/Google/autoload.php');
		
		$redirect_uri = $mydomain . "login?op=google";
		
		//echo "$redirect_uri $google_client_id $google_client_secret ";

		$client = new Google_Client();
		$client->setClientId($google_client_id);
		$client->setClientSecret($google_client_secret);
		$client->setRedirectUri($redirect_uri);
		$client->setScopes('email');
		
		//echo 'Tests running';
		
		if (isset($_GET['code'])) {
			//echo 'code recpt';
			$client->authenticate($_GET['code']);
			$_SESSION['access_token'] = $client->getAccessToken();
			$redirect = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
			//header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
			//echo 'Location: ' . filter_var($redirect, FILTER_SANITIZE_URL);
		}
		
		if ($client->getAccessToken()) {
			//echo 'token success';
			$_SESSION['access_token'] = $client->getAccessToken();
			$token_data = $client->verifyIdToken()->getAttributes();
			
			//var_dump($token_data);
			
			$email = $token_data['payload']['email'];
			$emailIsVerified = $token_data['payload']['email_verified'];
			$oldID = $token_data['payload']['openid_id'];
			//Prefix our ID with "google" because we use multiple providers
			$tokenID = "google|" . $token_data['payload']['sub'];
			
			if ($emailIsVerified !== true) {
				die(throwLoginError($token_data, "Your provider (Google) has not yet verified the email you used. ($email)."));
			}

			//createNewUser($claimedid, "noname", $email);
			createNewUser($tokenID, "noname", $email, $claimedid);
		}
		
		//Use HybridAuth for everything else

	} else if ($_GET['op'] == 'twitter' || $_GET['op'] == 'facebook' || $_GET['op'] == 'live') {
		$provider = $_GET['op'];
		$hybridAuth = new Hybrid_Auth($hybrid_config_file);
		$authenticator = $hybridAuth->authenticate($provider);
		
		if(!$authenticator) {
			//If user cancelled request, return to home page (?)
			return;
		}
		
		$userProfile = $authenticator->getUserProfile();

		$claimedid = $authenticator->id . '|' . $userProfile->identifier;
		$display = ($userProfile->firstName != '' ? $userProfile->firstName : $userProfile->displayName);
		$email = $userProfile->email;

		//TODO: This will always fail for Twitter - we need to reconsider our needs...
		if($email == '') {
			//$userProfile['op'] = $_GET['op']; //TODO This isn't valid, whoops - but, plan on deleting anyways...
			die(throwLoginError($userProfile, "No email provided by {$authenticator->id} - please try a different provider"));
		}
		createNewUser($claimedid, $display, $email);
		return;
		
	//HybridAuth's OpenID Method
//	} else if ($_GET['op'] == 'yahoo') {
//		$config = array( 
//			"base_url" => $mydomain . "HybridAuth/",
//			"providers" => array ( "OpenID" => array ( "enabled" => true ) )
//		);
//		$ha = new Hybrid_Auth( $config );
//		
//		// Authenticate with Yahoo! then grab the user profile
//		$adapter = $ha->authenticate( "OpenID", array( "openid_identifier" => "https://me.yahoo.com/"));
//		$user_profile = $adapter->getUserProfile(); 
	
		//Unknown provider
	} else {
		DoRedirect("Unknown login provider. Back to the home page with you!");
	}
	
} catch (ErrorException $e) {
	echo $e->getMessage();
}



function createNewUser($claimedid, $display, $email, $oldID = NULL)
{
	//I know just where to put this stuff!
	//Unless I already have this information...
	$sql = "SELECT `ID`, `isAdmin`, `openID`, `displayName`, `dateJoined` FROM `users` 
	WHERE `openID` = '$claimedid' OR `email` = '$email'";
	if (isset($oldID)) {
		$sql = $sql." OR `openID` = '$oldID'";
	}
	$result = mysql_query($sql);

	$_SESSION['isAdmin'] = false;

	//What a loser, he's already registered.
	if (mysql_num_rows($result) > 0) {
		$userID = mysql_result($result, 0, 'ID');
		//Is he a cool admin person?
		if (mysql_result($result, 0, 'isAdmin') == 1)
			$_SESSION['isAdmin'] = true;

		$display = mysql_result($result, 0, 'displayName');
		$dateJoined = mysql_result($result, 0, 'dateJoined');

		//Multiple accounts found?
		if (mysql_num_rows($result) > 1) {
			$d['page'] = "Login";
			$d['error'] = "Multiple results on lookup";
			$d['rows'] = mysql_num_rows($result);
			$d['OpenIDProvider'] = $_GET['op'];
			$d['userID'] = $userID;
			$d['claimedid'] = $claimedid;
			$d['email'] = $email;
			$d['display'] = $display;
			$d['oldID'] = $oldID;
			EmailError($d);
		}
		// Continue Logging in; should be fine.
		//TEMPORARY CODE
		//Check openID; and update it if necessary
		if (mysql_result($result, 0, 'openID') == $claimedid) {
			//Don't need to do anything
		} else {
			//Update the OpenID Code
			$sql = "UPDATE `users`
				SET `openID` = '$claimedid'
				WHERE `ID` = '$userID'";
			mysql_query($sql);
		}
		// </TEMPORARY CODE>
		//I last-see you now!
		$sql = "UPDATE `users`
         SET `dateLogin` = NOW()
         WHERE `ID` = '$userID'";
		mysql_query($sql);
	} //Well hello there new dude!
	else {

		//About that personal information - give me a second while save it.
		// sql_clean is an addslashes equivilent
		$sql = "INSERT INTO `users` (`openID`, `displayName`, `email`, `dateJoined`, `dateLogin`)
            VALUES (
                  '$claimedid', 
                  '" . sql_clean($display) . "', 
                  '" . sql_clean($email) . "', 
                   NOW(), NOW())";
		$result = mysql_query($sql);
		//Allright, all set.
		if ($result) {
			$userID = mysql_insert_id();
			$dateJoined = date(DateTime::ISO8601);

			//Tutorial done?
			if (isset($_SESSION['preCompletedTutorial'])) {
				if ($_SESSION['preCompletedTutorial'] == true) {
					onCompletedTutorial($userID);
				}
			}
			//Oh crap?
		} else {
			$d['sqlError'] = mysql_error();
			$d['result'] = $result;
			throwLoginError($d, "Unknown DB Registration failure");
			exit;
		}
		addchat(null, "New user registered: \"$display\"");
		sendNewUserEmail($userID, $email, $display, $dateJoined);
	}
	//If 'remember me' use this for cookie password
	//$_SESSION['Passcode'] = MD5($Password.$Pepper.$Username);
	$_SESSION['accepted'] = 1;
	$_SESSION['userID'] = $userID;
	$_SESSION['email'] = $email;
	$_SESSION['displayName'] = $display;
	$_SESSION['dateJoined'] = $dateJoined;

	//The below is me hashing the claimedID.
	//TODO: Store these values in a single location...
	$salt = "33qs5d4j6z98gt1a7n6b5d4x1c66f5nuh8a6d8g9j09aphgf56z5745";
	$pepper = "chilis baby-back ribss! I want my baby back, baby back, baby back, baby back, baby back, I want my, baby backTREE3!";
	$one = MD5($claimedid);
	$two = MD5($one . $salt);
	$three = MD5($pepper . $two);

	$expire = time() + (6 * 31 * 24 * 60 * 60);
	setcookie("userID", $userID, $expire);
	setcookie("doLogin", "yes", $expire);
	setcookie("auth", $three, $expire);

	$refTo = null;
	if (isset($_GET['ref']))
		$refTo = $_GET['ref'];
	//DoRedirect("Thank you $display.", $_GET['ref']);
	DoRedirect("", $refTo, 0);
	exit;
}

function sendNewUserEmail($userID, $email, $display, $dateJoined) {
	global $mydomain;
	$emailBody = "Thank you for signing in to Pathery!

Questions or feedback? Please reply to this email!

Useful Links:
Change your display name: $mydomain" . "cp
View your achievements and stats: $mydomain" . "achievements?id=" . "$userID

Happy Pathing,

 The Pathery Team
";
	$emailSubject = 'Welcome to Pathery.com!';
	QueueEmail(null, $email, $emailSubject, $emailBody, 5);
}

function throwLoginError($data, $explanation) {
	$randCode = rand(10000, 99999);
	$errortext = "<br />Error; $explanation \n
		<br />The error details have been emailed to the administrator.
		<br />If this problem continues; please email me:
		<!--email_off--> 
		<a target='top' href='mailto:snap@pathery.com?Subject=Pathery%20Login%20Error%20$randCode'>
			snap@pathery.com
		</a>
		<!--/email_off-->
		<br />Please use this code for reference when emailing me: $randCode
		<br />";
	$errortext .= mysql_error();
	DoRedirect($errortext, NULL, 500);
	
	$data['explanation'] = $explanation;
	$data['randCode'] = $randCode;
	EmailError($data);
}

?>