<?php
if ($accepted) {
   header("Location: $mydomain");
   exit;
}

require 'includes/openid.php';
include_once 'globe.php';
try {
   $openid = new LightOpenID;
   
   //Require Email, and first name.
   $openid->required = array('namePerson/first', 'contact/email');
   //$openid->optional = array('namePerson/friendly', 'pref/timezone');

   //Are we not logged in?
   if(!$openid->mode) {
		if (!$_GET['op'])
			$openid->identity = 'https://www.google.com/accounts/o8/id';
		if ($_GET['op'] == 'yahoo') 
			$openid->identity = 'https://me.yahoo.com';
		if ($_GET['op'] == 'google') 
			$openid->identity = 'https://www.google.com/accounts/o8/id';
		
      //$openid->identity = 'https://www.google.com/accounts/o8/id';
      header('Location: ' . $openid->authUrl());
   } //Did we try to log in, but then the user canceled it?
   elseif($openid->mode == 'cancel') {
      // header('Location: ' . $mydomain);
      //echo 'User has canceled authentication!';
   } //We logged in and it worked!
   elseif ($openid->validate()) {
      //echo 'User has logged in.';
      
      //What's in the goodie bag labeled "personal information"... hmmm
      $tmp = $openid->getAttributes();
      $display = $tmp['namePerson/first'];
      //You don't have a name entered? whyfore!?
      if (strlen($display) == 0) {
         $display = 'noname';
      }
      $email = $tmp['contact/email'];
		//print_r ($tmp);
		//exit;
      $claimedid = $openid->__get('identity');
      
      //I know just where to put this stuff!
      require './includes/db.inc.php';
      //Unless I already have this information...
		//* Modify this to WHERE `email`
      //$sql = "SELECT `ID`, `isAdmin`, `openID`, `displayName` FROM `users` WHERE `email` = '$email'";
      //$sql = "SELECT `ID`, `isAdmin` FROM `users` WHERE `openID` = '$claimedid'";
      $sql = "SELECT `ID`, `isAdmin`, `openID`, `displayName`, `dateJoined` FROM `users` WHERE `openID` = '$claimedid' OR `email` = '$email'";
      $result = mysql_query($sql);
      
      $_SESSION['isAdmin'] = false;
      //echo "\n$sql\n";
      //What a loser, he's already registered.
      if (mysql_num_rows($result) > 0) {
         $userID = mysql_result($result, 0, 'ID');
			//Is he a cool admin person?
         if (mysql_result($result, 0, 'isAdmin') == 1)
				$_SESSION['isAdmin'] = true;
			
			$display = mysql_result($result, 0, 'displayName');
			$dateJoined = mysql_result($result, 0, 'dateJoined');
			
			// <DEBUG>
			//Multiple accounts found?
			if (mysql_num_rows($result) > 1) {
				$d['page'] = "Login";
				$d['error'] = "Multiple results on lookup";
				$d['rows'] = mysql_num_rows($result);
				$d['OpenIDProvider'] = $_GET['op'];
				$d['userID'] = $userID;
				$d['claimedid'] = $claimedid;
				$d['email'] = $email;
				$d['display'] = $display;
				EmailError($d);
			}
			// </DEBUG>
			
			//TEMPORARY CODE
			//Check openID; and update it if necessary
			if (mysql_result($result, 0, 'openID') == $claimedid) {
				//Don't need to do anything
			} else {
				//Update the OpenID Code
				$sql = "UPDATE `users`
				SET `openID` = '$claimedid'
				WHERE `ID` = '$userID'";
				mysql_query($sql); 
			}
			// </TEMPORARY CODE>

			//I last-see you now!
         $sql = "UPDATE `users`
         SET `dateLogin` = NOW()
         WHERE `ID` = '$userID'";
         mysql_query($sql); 
			
      } //Well hello there new dude!
      else {

         //About that personal information - give me a second while save it.
         // sql_clean is an addslashes equivilent
         $sql = "INSERT INTO `users` (`openID`, `displayName`, `email`, `dateJoined`, `dateLogin`)
            VALUES (
                  '$claimedid', 
                  '".sql_clean($display)."', 
                  '".sql_clean($email)."', 
                   NOW(), NOW())";
         $result = mysql_query($sql) or die(mysql_error());
         //Allright, all set.
			//echo "$sql <br /> <br />";
         if ($result) {
            $userID = mysql_insert_id();
            $dateJoined = date(DateTime::ISO8601);
				
				//Tutorial done?
				if (isset($_SESSION['preCompletedTutorial'])) {
					if ($_SESSION['preCompletedTutorial'] == true) {
						include_once('./includes/datas.php');
						onCompletedTutorial($userID);
					}
				}
				
         } //Oh crap?
         else {
				$errortext = "<br />new-user db register failure of unknown cause.\n
					<br />Also, there were no monkeys trained or otherwise sent to resolve this problem.\n
					<br />Sorry. youtube offered them more.\n
					<br />Is this issue repeating? Please email me: snap@pathery.com \n
					<br />Debug data:\n
					<br />Result: $result\n
					<br />SQL Used: $sql\n
					<br />MySQL Error:\n";
					$errortext .= mysql_error();
					DoRedirect($errortext, NULL, 10);
            exit;
         }
      }
      //If 'remember me' use this for cookie password
      //$_SESSION['Passcode'] = MD5($Password.$Pepper.$Username);
      $_SESSION['accepted'] = 1;
      $_SESSION['userID'] = $userID;
      $_SESSION['email'] = $email;
      $_SESSION['displayName'] = $display;
      $_SESSION['dateJoined'] = $dateJoined;
		
		//The below is me hashing the claimedID.
		$salt = "33qs5d4j6z98gt1a7n6b5d4x1c66f5nuh8a6d8g9j09aphgf56z5745";
		$pepper = "Dear sir, have you ever heard of a wild goose chase? 
		If you've gotten this far, please email me: snapwilliam@gmail.com with this message.
		I'll give you some sort of prize.";
		$one = MD5($claimedid);
		$two = MD5($one.$salt);
		$three = MD5($pepper.$two);
		
		$expire = time() + (6 * 31 * 24 * 60 * 60);
		setcookie("userID", $userID, $expire);
      setcookie("doLogin", "yes", $expire);
      setcookie("auth", $three, $expire);
		
      
      //DoRedirect("Thank you $display.", $_GET['ref']);
      DoRedirect("", $_GET['ref'], 0);
      exit;
   } //Okay well, we considered logging in at least, right?
   else {
      DoRedirect("Login failed. Back to the home page with you!");
   }
   //The defaults will do fine here.
   DoRedirect();
} catch(ErrorException $e) {
    echo $e->getMessage();
}
?>