1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
<?php
if ($_SESSION['accepted'] == 1) {
header("Location: $mydomain");
exit;
}
require 'includes/openid.php';
try {
$openid = new LightOpenID;
//Require Email, and first name.
$openid->required = array('namePerson/first', 'contact/email');
//$openid->optional = array('namePerson/friendly', 'pref/timezone');
//Are we not logged in?
if(!$openid->mode) {
$openid->identity = 'https://www.google.com/accounts/o8/id';
header('Location: ' . $openid->authUrl());
} //Did we try to log in, but then the user canceled it?
elseif($openid->mode == 'cancel') {
// header('Location: ' . $mydomain);
//echo 'User has canceled authentication!';
} //We logged in and it worked!
elseif ($openid->validate()) {
//echo 'User has logged in.';
//What's in the goodie bag labeled "personal information"... hmmm
$tmp = $openid->getAttributes();
$display = $tmp['namePerson/first'];
//You don't have a name entered? whyfore!?
if (strlen($display) == 0) {
$display = 'noname';
}
$email = $tmp['contact/email'];
//print_r ($tmp);
//exit;
$claimedid = $openid->__get('identity');
//I know just where to put this stuff!
require './includes/db.inc.php';
//Unless I already have this information...
//* Modify this to WHERE `email`
$sql = "SELECT `ID`, `isAdmin`, `openID`, `displayName` FROM `users` WHERE `email` = '$email'";
//$sql = "SELECT `ID`, `isAdmin` FROM `users` WHERE `openID` = '$claimedid'";
$result = mysql_query($sql);
$_SESSION['isAdmin'] = false;
//echo "\n$sql\n";
//What a loser, he's already registered.
if (mysql_num_rows($result) > 0) {
$userID = mysql_result($result, 0, 'ID');
//Is he a cool admin person?
if (mysql_result($result, 0, 'isAdmin') == 1)
$_SESSION['isAdmin'] = true;
//Use the displayname we have on record.
$display = mysql_result($result, 0, 'displayName');
//TEMPORARY CODE
//Check openID; and update it if necessary
if (mysql_result($result, 0, 'openID') == $claimedid) {
//Don't need to do anything
} else {
//Update the OpenID Code
$sql = "UPDATE `users`
SET `openID` = '$claimedid'
WHERE `ID` = '$userID'";
mysql_query($sql);
}
// </TEMPORARY CODE>
//I last-see you now!
$sql = "UPDATE `users`
SET `dateLogin` = NOW()
WHERE `ID` = '$userID'";
mysql_query($sql);
} //Well hello there new dude!
else {
//About that personal information - give me a second while save it.
// sql_clean is an addslashes equivilent
$sql = "INSERT INTO `users` (`openID`, `displayName`, `email`, `dateJoined`, `dateLogin`)
VALUES (
'$claimedid',
'".sql_clean($display)."',
'".sql_clean($email)."',
NOW(), NOW())";
$result = mysql_query($sql);
//Allright, all set.
//echo "$sql <br /> <br />";
If ($result) {
$userID = mysql_insert_id();
} //Oh crap?
else {
//echo "monkeys and etc";
DoRedirect("<br />new-user db register failure of unknown cause.\n
<br />Also, there were no monkeys trained or otherwise sent to resolve this problem.\n
<br />Sorry. youtube offered them more.\n", NULL, 10);
exit;
}
}
//If 'remember me' use this for cookie password
//$_SESSION['Passcode'] = MD5($Password.$Pepper.$Username);
$_SESSION['accepted'] = 1;
$_SESSION['userID'] = $userID;
$_SESSION['displayName'] = $display;
//The below is me hashing the claimedID.
$salt = "33qs5d4j6z98gt1a7n6b5d4x1c66f5nuh8a6d8g9j09aphgf56z5745";
$pepper = "Dear sir, have you ever heard of a wild goose chase?
If you've gotten this far, please email me: snapwilliam@gmail.com with this message.
I'll give you some sort of prize.";
$one = MD5($claimedid);
$two = MD5($one.$salt);
$three = MD5($pepper.$two);
$expire = time() + (31 * 24 * 60 * 60);
setcookie("userID", $userID, $expire);
setcookie("doLogin", "yes", $expire);
setcookie("auth", $three, $expire);
//DoRedirect("Thank you $display.", $_GET['ref']);
DoRedirect("", $_GET['ref'], 0);
exit;
} //Okay well, we considered logging in at least, right?
else {
DoRedirect("Login failed. Back to the home page with you!");
}
//The defaults will do fine here.
DoRedirect();
} catch(ErrorException $e) {
echo $e->getMessage();
}
?>
|
