1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
<?php
if ($_SESSION['accepted'] == 1) {
header("Location: $mydomain");
exit;
}
require 'includes/openid.php';
try {
$openid = new LightOpenID;
//Require Email, and first name.
$openid->required = array('namePerson/first', 'contact/email');
//$openid->optional = array('namePerson/friendly', 'pref/timezone');
//Are we not logged in?
if(!$openid->mode) {
$openid->identity = 'https://www.google.com/accounts/o8/id';
header('Location: ' . $openid->authUrl());
} //Did we try to log in, but then the user canceled it?
elseif($openid->mode == 'cancel') {
// header('Location: ' . $mydomain);
//echo 'User has canceled authentication!';
} //We logged in and it worked!
elseif ($openid->validate()) {
//echo 'User has logged in.';
//What's in the goodie bag labeled "personal information"... hmmm
$tmp = $openid->getAttributes();
$display = $tmp['namePerson/first'];
//You don't have a name entered? whyfore!?
if (strlen($display) == 0) {
$display = 'noname';
}
$email = $tmp['contact/email'];
//print_r ($tmp);
//exit;
$claimedid = $openid->__get('identity');
//I know just where to put this stuff!
require './includes/db.inc.php';
//Unless I already have this information...
$sql = "SELECT `ID`, `isAdmin` FROM `users` WHERE `openID` = '$claimedid'";
$result = mysql_query($sql);
$_SESSION['isAdmin'] = false;
//echo "\n$sql\n";
//What a loser, he's already registered.
if (mysql_num_rows($result) > 0) {
$userID = mysql_result($result, 0, 'ID');
//Is he a cool admin person?
if (mysql_result($result, 0, 'isAdmin') == 1)
$_SESSION['isAdmin'] = true;
//I last-see you now!
$sql = "UPDATE `users`
SET `dateLogin` = NOW()
WHERE `ID` = '$userID'";
mysql_query($sql);
} //Well hello there new dude!
else {
//About that personal information - give me a second while save it.
// sql_clean is an addslashes equivilent
$sql = "INSERT INTO `users` (`openID`, `displayName`, `email`, `dateJoined`, `dateLogin`)
VALUES (
'$claimedid',
'".sql_clean($display)."',
'".sql_clean($email)."',
NOW(), NOW())";
$result = mysql_query($sql);
//Allright, all set.
//echo "$sql <br /> <br />";
If ($result) {
$userID = mysql_insert_id();
} //Oh crap?
else {
//echo "monkeys and etc";
DoRedirect("<br />new-user db register failure of unknown cause.\n
<br />Also, there were no monkeys trained or otherwise sent to resolve this problem.\n
<br />Sorry. youtube offered them more.\n", NULL, 10);
exit;
}
}
//If 'remember me' use this for cookie password
//$_SESSION['Passcode'] = MD5($Password.$Pepper.$Username);
$_SESSION['accepted'] = 1;
$_SESSION['userID'] = $userID;
$_SESSION['displayName'] = $display;
//The below is me hashing the claimedID.
$salt = "33qs5d4j6z98gt1a7n6b5d4x1c66f5nuh8a6d8g9j09aphgf56z5745";
$pepper = "Dear sir, have you ever heard of a wild goose chase?
If you've gotten this far, please email me: snapwilliam@gmail.com with this message.
I'll give you some sort of prize.";
$one = MD5($claimedid);
$two = MD5($one.$salt);
$three = MD5($pepper.$two);
$expire = time() + (7 * 24 * 60 * 60);
setcookie("userID", $userID, $expire);
setcookie("doLogin", "yes", $expire);
setcookie("auth", $three, $expire);
//DoRedirect("Thank you $display.", $_GET['ref']);
DoRedirect("", $_GET['ref'], 0);
exit;
} //Okay well, we considered logging in at least, right?
else {
DoRedirect("Login failed. Back to the home page with you!");
}
//The defaults will do fine here.
DoRedirect();
} catch(ErrorException $e) {
echo $e->getMessage();
}
?>
|
