required = array('namePerson/first', 'contact/email'); //Are we not logged in? if (!$openid->mode) { if (!$_GET['op'] || $_GET['op'] == 'google') $openid->identity = 'https://www.google.com/accounts/o8/id'; else if ($_GET['op'] == 'yahoo') $openid->identity = 'https://me.yahoo.com'; header('Location: ' . $openid->authUrl()); } //Did we try to log in, but then the user canceled it? else if ($openid->mode == 'cancel') { // header('Location: ' . $mydomain); //echo 'User has canceled authentication!'; } //We logged in and it worked! else if ($openid->validate()) { //What's in the goodie bag labeled "personal information"... hmmm $tmp = $openid->getAttributes(); $display = $tmp['namePerson/first']; //You don't have a name entered? whyfore!? if (strlen($display) == 0) { $display = 'noname'; } $email = $tmp['contact/email']; if ($email == '') { $tmp['op'] = $_GET['op']; die(throwLoginError($tmp, "No email provided from OpenID Provider")); } $claimedid = $openid->__get('identity'); } else { DoRedirect("Login failed. Back to the home page with you!"); } } //Use OAuth for Twitter/Facebook else if($_GET['op'] == 'twitter') { $twitter_consumer_key = "8Y7PY1dk7Mz8VpZWQSTzQ"; $twitter_consumer_secret = "MUv2qCQVysxqddue5TWhvJDLL0y0v1VMWXDhJtwEps"; $redirect_uri = $mydomain."login?op=twitter"; $twitter = new Twitter($twitter_consumer_key, $twitter_consumer_secret, $redirect_uri); $response = $twitter->validateAccessToken(); echo "Response: "; print_r($response); echo "Making next request..."; try { $response = $twitter->makeRequest("https://api.twitter.com/1/account/settings.json"); echo "
Response 2:
"; print_r($response); } catch(Exception $e) { echo "Exception was thrown: "; echo $e->getMessage(); } return; } else if($_GET['op'] == 'facebook') { //TODO } //Unknown provider else { DoRedirect("Unknown login provider. Back to the home page with you!"); } //I know just where to put this stuff! //Unless I already have this information... $sql = "SELECT `ID`, `isAdmin`, `openID`, `displayName`, `dateJoined` FROM `users` WHERE `openID` = '$claimedid' OR `email` = '$email'"; $result = mysql_query($sql); $_SESSION['isAdmin'] = false; //What a loser, he's already registered. if (mysql_num_rows($result) > 0) { $userID = mysql_result($result, 0, 'ID'); //Is he a cool admin person? if (mysql_result($result, 0, 'isAdmin') == 1) $_SESSION['isAdmin'] = true; $display = mysql_result($result, 0, 'displayName'); $dateJoined = mysql_result($result, 0, 'dateJoined'); //Multiple accounts found? if (mysql_num_rows($result) > 1) { $d['page'] = "Login"; $d['error'] = "Multiple results on lookup"; $d['rows'] = mysql_num_rows($result); $d['OpenIDProvider'] = $_GET['op']; $d['userID'] = $userID; $d['claimedid'] = $claimedid; $d['email'] = $email; $d['display'] = $display; EmailError($d); } // Continue Loging in; should be fine. //TEMPORARY CODE //Check openID; and update it if necessary if (mysql_result($result, 0, 'openID') == $claimedid) { //Don't need to do anything } else { //Update the OpenID Code $sql = "UPDATE `users` SET `openID` = '$claimedid' WHERE `ID` = '$userID'"; mysql_query($sql); } // //I last-see you now! $sql = "UPDATE `users` SET `dateLogin` = NOW() WHERE `ID` = '$userID'"; mysql_query($sql); } //Well hello there new dude! else { //About that personal information - give me a second while save it. // sql_clean is an addslashes equivilent $sql = "INSERT INTO `users` (`openID`, `displayName`, `email`, `dateJoined`, `dateLogin`) VALUES ( '$claimedid', '" . sql_clean($display) . "', '" . sql_clean($email) . "', NOW(), NOW())"; $result = mysql_query($sql); //Allright, all set. if ($result) { $userID = mysql_insert_id(); $dateJoined = date(DateTime::ISO8601); //Tutorial done? if (isset($_SESSION['preCompletedTutorial'])) { if ($_SESSION['preCompletedTutorial'] == true) { onCompletedTutorial($userID); } } //Oh crap? } else { $d['sqlError'] = mysql_error(); $d['result'] = $result; throwLoginError($d, "Unknown DB Registration failure"); exit; } addchat(null, "New user registered: \"$display\""); sendNewUserEmail($userID, $email, $display, $dateJoined); } //If 'remember me' use this for cookie password //$_SESSION['Passcode'] = MD5($Password.$Pepper.$Username); $_SESSION['accepted'] = 1; $_SESSION['userID'] = $userID; $_SESSION['email'] = $email; $_SESSION['displayName'] = $display; $_SESSION['dateJoined'] = $dateJoined; //The below is me hashing the claimedID. //TODO: Store these values in a single location... $salt = "33qs5d4j6z98gt1a7n6b5d4x1c66f5nuh8a6d8g9j09aphgf56z5745"; $pepper = "chilis baby-back ribss! I want my baby back, baby back, baby back, baby back, baby back, I want my, baby backTREE3!"; $one = MD5($claimedid); $two = MD5($one . $salt); $three = MD5($pepper . $two); $expire = time() + (6 * 31 * 24 * 60 * 60); setcookie("userID", $userID, $expire); setcookie("doLogin", "yes", $expire); setcookie("auth", $three, $expire); $refTo = null; if (isset($_GET['ref'])) $refTo = $_GET['ref']; //DoRedirect("Thank you $display.", $_GET['ref']); DoRedirect("", $refTo, 0); exit; //The defaults will do fine here. DoRedirect(); } catch (ErrorException $e) { echo $e->getMessage(); } function sendNewUserEmail($userID, $email, $display, $dateJoined) { global $mydomain; $emailBody = "Thank you for signing in to Pathery! Questions or feedback? Please reply to this email! Useful Links: Change your display name: $mydomain" . "cp View your achievements and stats: $mydomain" . "achievements?id=" . "$userID Happy Pathing, The Pathery Team "; $emailSubject = 'Welcome to Pathery.com!'; QueueEmail(null, $email, $emailSubject, $emailBody, 5); } function throwLoginError($data, $explination) { $randCode = rand(10000, 99999); $errortext = "
Error; $explination \n
The error details have been emailed to the administrator.
If this problem continues; please email me: snap@pathery.com
Your error code is: $randCode
"; $errortext .= mysql_error(); DoRedirect($errortext, NULL, 500); $data['explination'] = $explination; $data['randCode'] = $randCode; EmailError($data); } ?>