function handle_facebook_connection_login($current_logged_in_member)
{
if (!class_exists('ocp_tempcode')) {
return NULL;
}
if (is_guest($current_logged_in_member)) {
$current_logged_in_member = NULL;
// We are not a normal cookie login so ocPortal has loaded up a Guest session already in the expectation of keeping it. Unsetting it will force a rebind (existing session may be reused though)
require_code('users_inactive_occasionals');
set_session_id(-1);
}
// If already session-logged-in onto a Facebook account, don't bother doing anything
if (!is_null($current_logged_in_member) && $GLOBALS['FORUM_DRIVER']->get_member_row_field($current_logged_in_member, 'm_password_compat_scheme') == 'facebook') {
return $current_logged_in_member;
}
// Who is this user, from Facebook's point of view?
global $FACEBOOK_CONNECT;
$facebook_uid = $FACEBOOK_CONNECT->getUser();
if (is_null($facebook_uid)) {
return $current_logged_in_member;
}
try {
$details = $FACEBOOK_CONNECT->api('/me');
} catch (Exception $e) {
return $current_logged_in_member;
}
$details2 = $FACEBOOK_CONNECT->api('/me', array('fields' => 'picture', 'type' => 'normal'));
if (!is_array($details) || !is_array($details2)) {
return $current_logged_in_member;
}
$details = array_merge($details, $details2);
if (!isset($details['name'])) {
return $current_logged_in_member;
}
$username = $details['name'];
$photo_url = array_key_exists('picture', $details) ? $details['picture'] : '';
if (is_array($photo_url)) {
$photo_url = $photo_url['data']['url'];
}
if ($photo_url != '') {
$photo_url = 'http://graph.facebook.com/' . strval($facebook_uid) . '/picture?type=large';
// In case URL changes
}
$avatar_url = $photo_url == '' ? mixed() : $photo_url;
$photo_thumb_url = '';
if ($photo_url != '') {
$photo_thumb_url = $photo_url;
}
$email_address = array_key_exists('email', $details) ? $details['email'] : '';
$timezone = mixed();
if (isset($details['timezone'])) {
require_code('temporal');
$timezone = convert_timezone_offset_to_formal_timezone($details['timezone']);
}
$language = mixed();
if (isset($details['locale'])) {
$language = strtoupper($details['locale']);
}
if ($language !== NULL) {
if (!file_exists(get_custom_file_base() . '/lang_custom/' . $language)) {
$language = preg_replace('#\\_.*$#', '', $language);
if (!file_exists(get_custom_file_base() . '/lang_custom/' . $language)) {
$language = '';
}
}
}
$dob = array_key_exists('birthday', $details) ? $details['birthday'] : '';
$dob_day = mixed();
$dob_month = mixed();
$dob_year = mixed();
if ($dob != '') {
$_dob = explode('/', $dob);
$dob_day = intval($_dob[1]);
$dob_month = intval($_dob[0]);
$dob_year = intval($_dob[2]);
}
// See if they have logged in before - i.e. have a synched account
$member_row = $GLOBALS['FORUM_DB']->query_select('f_members', array('*'), array('m_password_compat_scheme' => 'facebook', 'm_pass_hash_salted' => $facebook_uid), 'ORDER BY id DESC', 1);
$member = array_key_exists(0, $member_row) ? $member_row[0]['id'] : NULL;
if (is_guest($member)) {
$member = NULL;
}
/*if (!is_null($member)) // Useful for debugging
{
require_code('ocf_members_action2');
ocf_delete_member($member);
$member=NULL;
}*/
// If logged in before using Facebook, see if they've changed their name or email or timezone on Facebook -- if so, try and update locally to match
if (!is_null($member)) {
if (!is_null($current_logged_in_member) && $current_logged_in_member !== NULL && !is_guest($current_logged_in_member) && $current_logged_in_member != $member) {
return $current_logged_in_member;
}
// User has an active login, and the Facebook account is bound to a DIFFERENT login. Take precedence to the other login that is active on top of this
$last_visit_time = $member[0]['m_last_visit_time'];
if ($timezone !== NULL) {
if (tz_time(time(), $timezone) == tz_time(time(), $member[0]['m_timezone_offset'])) {
$timezone = $member[0]['m_timezone_offset'];
}
// If equivalent, don't change
}
$test = $GLOBALS['FORUM_DB']->query_value_null_ok('f_members', 'id', array('m_username' => $username));
if (!is_null($test)) {
$update_map = array('m_username' => $username, 'm_dob_day' => $dob_day, 'm_dob_month' => $dob_month, 'm_dob_year' => $dob_year);
if ($email_address != '') {
$update_map['m_email_address'] = $email_address;
}
if ($avatar_url !== NULL && ($test == '' || strpos($test, 'facebook') !== false || strpos($test, 'fbcdn') !== false)) {
if ($timezone !== NULL) {
$update_map['m_timezone_offset'] = $timezone;
}
$update_map['m_avatar_url'] = $avatar_url;
$update_map['m_photo_url'] = $photo_url;
$update_map['m_photo_thumb_url'] = $photo_thumb_url;
}
$GLOBALS['FORUM_DB']->query_update('f_members', $update_map, array('m_password_compat_scheme' => 'facebook', 'm_pass_hash_salted' => strval($facebook_uid)), '', 1);
if ($username != $member[0]['m_username']) {
// Fix cacheing for usernames
$to_fix = array('f_forums/f_cache_last_username', 'f_posts/p_poster_name_if_guest', 'f_topics/t_cache_first_username', 'f_topics/t_cache_last_username');
foreach ($to_fix as $fix) {
list($table, $field) = explode('/', $fix);
$GLOBALS['FORUM_DB']->query_update($table, array($field => $username), array($field => $member[0]['m_username']));
}
}
}
}
// Not logged in before using Facebook, so we need to create an account, or bind to the active ocPortal login if there is one
$in_a_sane_place = get_page_name() != 'login' && (running_script('index') || running_script('execute_temp'));
// If we're in some weird script, or the login module UI, it's not a sane place, don't be doing account creation yet
if (is_null($member) && $in_a_sane_place) {
// Bind to existing ocPortal login?
if (!is_null($current_logged_in_member)) {
/*if (post_param_integer('associated_confirm',0)==0) Won't work because Facebook is currently done in JS and cookies force this. If user wishes to cancel they must go to http://www.facebook.com/settings?tab=applications and remove the app, then run a lost password reset.
{
$title=get_page_title('LOGIN_FACEBOOK_HEADER');
$message=do_lang_tempcode('LOGGED_IN_SURE_FACEBOOK',escape_html($GLOBALS['FORUM_DRIVER']->get_username($current_logged_in_member)));
$middle=do_template('YESNO_SCREEN',array('TITLE'=>$title,'TEXT'=>$message,'HIDDEN'=>form_input_hidden('associated_confirm','1'),'URL'=>get_self_url_easy()));
$tpl=globalise($middle,NULL,'',true);
$tpl->evaluate_echo();
exit();
}*/
$GLOBALS['FORUM_DB']->query_update('f_members', array('m_password_compat_scheme' => 'facebook', 'm_pass_hash_salted' => $facebook_uid), array('id' => $current_logged_in_member), '', 1);
require_code('site');
require_lang('facebook');
attach_message(do_lang_tempcode('FACEBOOK_ACCOUNT_CONNECTED', escape_html(get_site_name()), escape_html($GLOBALS['FORUM_DRIVER']->get_username($current_logged_in_member)), array(escape_html($username))), 'inform');
return $current_logged_in_member;
}
// If we're still here, we have to create a new account...
// -------------------------------------------------------
$completion_form_submitted = post_param('email_address', '') != '';
// If there's a conflicting username, we may need to change it (suffix a number)
require_code('ocf_members_action2');
$username = get_username_from_human_name($username);
// Ask ocP to finish off the profile from the information presented in the POST environment (a standard mechanism in ocPortal, for third party logins of various kinds)
require_lang('ocf');
require_code('ocf_members');
require_code('ocf_groups');
require_code('ocf_members2');
require_code('ocf_members_action');
$_custom_fields = ocf_get_all_custom_fields_match(ocf_get_all_default_groups(true), NULL, NULL, NULL, 1);
if (!$completion_form_submitted && count($_custom_fields) != 0 && get_value('no_finish_profile') !== '1') {
$GLOBALS['FACEBOOK_FINISHING_PROFILE'] = true;
$middle = ocf_member_external_linker_ask($username, 'facebook', $email_address, $dob_day, $dob_month, $dob_year);
$tpl = globalise($middle, NULL, '', true);
$tpl->evaluate_echo();
exit;
} else {
$username = post_param('username', $username);
if (count($_custom_fields) != 0 && get_value('no_finish_profile') !== '1') {
// Was not auto-generated, so needs to be checked
ocf_check_name_valid($username, NULL, NULL);
}
$member = ocf_member_external_linker($username, $facebook_uid, 'facebook', false, $email_address, $dob_day, $dob_month, $dob_year, $timezone, $language, $avatar_url, $photo_url, $photo_thumb_url);
}
}
if (!is_null($member)) {
require_code('users_inactive_occasionals');
create_session($member, 1, isset($_COOKIE[get_member_cookie() . '_invisible']) && $_COOKIE[get_member_cookie() . '_invisible'] == '1');
// This will mark it as confirmed
}
return $member;
}
/**
* Get the ID of the currently active member.
* It see's if the session exists / cookie is valid -- and gets the member id accordingly
*
* @param boolean Whether to just do a quick check, don't establish new sessions
* @return MEMBER The member requesting this web page (possibly the guest member - which strictly speaking, is not a member)
*/
function get_member($quick_only = false)
{
global $SESSION_CACHE, $MEMBER_CACHED, $GETTING_MEMBER, $SITE_INFO;
if ($MEMBER_CACHED !== NULL) {
$GETTING_MEMBER = false;
return $MEMBER_CACHED;
}
// If lots of aging sessions, clean out
reset($SESSION_CACHE);
if (count($SESSION_CACHE) > 50 && $SESSION_CACHE[key($SESSION_CACHE)]['last_activity'] < time() - 60 * 60 * max(1, intval(get_option('session_expiry_time')))) {
delete_expired_sessions_or_recover();
}
// Try via backdoor that someone with full server access can place
$backdoor_ip_address = mixed();
// Enable to a real IP address to force login from FTP access (if lost admin password)
if (array_key_exists('backdoor_ip', $SITE_INFO)) {
$backdoor_ip_address = $SITE_INFO['backdoor_ip'];
}
if (is_string($backdoor_ip_address) && get_ip_address() == $backdoor_ip_address) {
require_code('users_active_actions');
$MEMBER_CACHED = restricted_manually_enabled_backdoor();
// Will have created a session in here already
return $MEMBER_CACHED;
}
if ($GETTING_MEMBER) {
if (!isset($GLOBALS['FORUM_DRIVER'])) {
return db_get_first_id();
}
// :S
return $GLOBALS['FORUM_DRIVER']->get_guest_id();
}
$GETTING_MEMBER = true;
global $FORCE_INVISIBLE_GUEST;
if ($FORCE_INVISIBLE_GUEST) {
$GETTING_MEMBER = false;
if (!isset($GLOBALS['FORUM_DRIVER'])) {
fatal_exit(do_lang_tempcode('INTERNAL_ERROR'));
}
$MEMBER_CACHED = $GLOBALS['FORUM_DRIVER']->get_guest_id();
return $MEMBER_CACHED;
}
$member = NULL;
$cookie_bits = explode(':', str_replace('|', ':', get_member_cookie()));
$base = $cookie_bits[0];
// Try by session
$session = get_session_id();
if ($session != -1 && get_param_integer('keep_force_htaccess', 0) == 0) {
$ip = get_ip_address(3);
// I hope AOL can cope with this
$allow_unbound_guest = true;
// Note: Guest sessions are not IP bound
$member_row = NULL;
if ($SESSION_CACHE !== NULL && array_key_exists($session, $SESSION_CACHE) && $SESSION_CACHE[$session] !== NULL && array_key_exists('the_user', $SESSION_CACHE[$session]) && (get_option('ip_strict_for_sessions') == '0' || $SESSION_CACHE[$session]['ip'] == $ip || is_guest($SESSION_CACHE[$session]['the_user']) && $allow_unbound_guest || $SESSION_CACHE[$session]['session_confirmed'] == 0 && !is_guest($SESSION_CACHE[$session]['the_user'])) && $SESSION_CACHE[$session]['last_activity'] > time() - 60 * 60 * max(1, intval(get_option('session_expiry_time')))) {
$member_row = $SESSION_CACHE[$session];
}
if ($member_row !== NULL && (!array_key_exists($base, $_COOKIE) || !is_guest($member_row['the_user']))) {
$member = $member_row['the_user'];
if ($member !== NULL && time() - $member_row['last_activity'] > 10) {
//$GLOBALS['SITE_DB']->query_update('sessions',array('last_activity'=>time(),'the_zone'=>get_zone_name(),'the_page'=>get_page_name()),array('the_session'=>$session),'',1); Done in get_page_title now
$SESSION_CACHE[$session]['last_activity'] = time();
if (get_value('session_prudence') !== '1') {
persistant_cache_set('SESSION_CACHE', $SESSION_CACHE);
}
}
global $SESSION_CONFIRMED;
$SESSION_CONFIRMED = $member_row['session_confirmed'];
if (get_forum_type() == 'ocf') {
$GLOBALS['FORUM_DRIVER']->ocf_flood_control($member);
}
if (!is_guest($member) && $GLOBALS['FORUM_DRIVER']->is_banned($member)) {
warn_exit(do_lang_tempcode('USER_BANNED'));
}
// Test this member still exists
if ($GLOBALS['FORUM_DRIVER']->get_username($member) === NULL) {
$member = $GLOBALS['FORUM_DRIVER']->get_guest_id();
}
if (array_key_exists($base, $_COOKIE)) {
global $IS_A_COOKIE_LOGIN;
$IS_A_COOKIE_LOGIN = true;
}
} else {
require_code('users_inactive_occasionals');
set_session_id(-1);
}
}
if ($member === NULL && get_session_id() == -1 && get_param_integer('keep_force_htaccess', 0) == 0) {
// Try by cookie (will defer to forum driver to authorise against detected cookie)
require_code('users_inactive_occasionals');
$member = try_cookie_login();
// Can forum driver help more directly?
if (method_exists($GLOBALS['FORUM_DRIVER'], 'get_member')) {
$member = $GLOBALS['FORUM_DRIVER']->get_member();
}
}
// Try via additional login providers. They can choose whether to respect existing $member of get_session_id() settings. Some may do an account linkage, so we need to let them decide what to do.
$hooks = find_all_hooks('systems', 'login_providers');
foreach (array_keys($hooks) as $hook) {
require_code('hooks/systems/login_providers/' . $hook);
$ob = object_factory('Hook_login_provider_' . $hook);
$member = $ob->try_login($member);
}
// Guest or banned
if ($member === NULL) {
$member = $GLOBALS['FORUM_DRIVER']->get_guest_id();
$is_guest = true;
} else {
$is_guest = is_guest($member);
}
// If we are doing a very quick init, bomb out now - no need to establish session etc
global $SITE_INFO;
if ($quick_only) {
$GETTING_MEMBER = false;
return $member;
}
// If one of the try_* functions hasn't actually created the session, call it here
$session = get_session_id();
if ($session == -1) {
require_code('users_inactive_occasionals');
create_session($member);
}
// If we are logged in, maybe do some further processing
if (!$is_guest) {
// Is there a su operation?
$ks = get_param('keep_su', '');
if ($ks != '') {
require_code('users_inactive_occasionals');
$member = try_su_login($member);
}
// Run hooks, if any exist
$hooks = find_all_hooks('systems', 'upon_login');
foreach (array_keys($hooks) as $hook) {
require_code('hooks/systems/upon_login/' . filter_naughty($hook));
$ob = object_factory('upon_login' . filter_naughty($hook), true);
if ($ob === NULL) {
continue;
}
$ob->run(false, NULL, $member);
// false means "not a new login attempt"
}
}
// Ok we have our answer
$MEMBER_CACHED = $member;
$GETTING_MEMBER = false;
// We call this to ensure any HTTP-auth specific code has a chance to run
is_httpauth_login();
return $member;
}
/**
* Function to add item to cart.
*
* @return tempcode The UI
*/
function add_item_to_cart()
{
if (is_guest()) {
require_code('users_inactive_occasionals');
set_session_id(get_session_id(), true);
// Persist guest sessions longer
}
$title = get_page_title('SHOPPING');
$product_details = get_product_details();
add_to_cart($product_details);
log_cart_actions('Added to cart');
$cart_view = build_url(array('page' => '_SELF', 'type' => 'misc'), '_SELF');
return redirect_screen($title, $cart_view, do_lang_tempcode('SUCCESS'));
}
while ($row = pg_fetch_array($result)) {
$passhash_md5 = $row['passhash_md5'];
}
}
}
return $passhash_md5;
}
/** Aseta istuntomuuttujat
* @param $passhash_md5 string
*/
function set_login_session($passhash_md5)
{
// users from registration/login form
if ($passhash_md5 == md5($_POST['login']['password'])) {
$_SESSION['login']['logged_in'] = 1;
$_SESSION['login']['email'] = $_POST['login']['email'];
$_SESSION['login']['passhash_md5'] = md5($_POST['login']['password']);
} else {
if ($passhash_md5 == $_SESSION['login']['passhash_md5']) {
$_SESSION['login']['logged_in'] = 1;
}
}
}
// Let's fire!
/** Aseta istuntotunniste ja tee istuntomuuttujat
*/
set_session_id();
if (!get_original_passhash_md5() == '') {
set_login_session(get_original_passhash_md5());
}
// http://stackoverflow.com/questions/415005/php-session-variables-not-carrying-over-to-my-logged-in-page-but-session-id-is
/**
* Set up a new session / Restore an existing one that was lost.
*
* @param MEMBER Logged in member
* @param BINARY Whether the session should be considered confirmed
* @param boolean Whether the session should be invisible
* @return AUTO_LINK New session ID
*/
function create_session($member, $session_confirmed = 0, $invisible = false)
{
global $SESSION_CACHE;
global $MEMBER_CACHED;
$MEMBER_CACHED = $member;
if ($invisible && get_option('is_on_invisibility') == '0') {
$invisible = false;
}
$new_session = mixed();
$restored_session = delete_expired_sessions_or_recover($member);
if (is_null($restored_session)) {
// Generate random session
$new_session = mt_rand(0, mt_getrandmax() - 1);
// Store session
$username = $GLOBALS['FORUM_DRIVER']->get_username($member);
$new_session_row = array('the_session' => $new_session, 'last_activity' => time(), 'the_user' => $member, 'ip' => get_ip_address(3), 'session_confirmed' => $session_confirmed, 'session_invisible' => $invisible ? 1 : 0, 'cache_username' => $username, 'the_title' => '', 'the_zone' => get_zone_name(), 'the_page' => substr(get_page_name(), 0, 80), 'the_type' => substr(get_param('type', '', true), 0, 80), 'the_id' => substr(either_param('id', ''), 0, 80));
$GLOBALS['SITE_DB']->query_insert('sessions', $new_session_row, false, true);
$SESSION_CACHE[$new_session] = $new_session_row;
$big_change = true;
} else {
$new_session = $restored_session;
$prior_session_row = $SESSION_CACHE[$new_session];
$new_session_row = array('the_title' => '', 'the_zone' => get_zone_name(), 'the_page' => get_page_name(), 'the_type' => substr(either_param('type', ''), 0, 80), 'the_id' => substr(either_param('id', ''), 0, 80), 'last_activity' => time(), 'ip' => get_ip_address(3), 'session_confirmed' => $session_confirmed);
$big_change = $prior_session_row['last_activity'] < time() - 10 || $prior_session_row['session_confirmed'] != $session_confirmed || $prior_session_row['ip'] != $new_session_row['ip'];
if ($big_change) {
$GLOBALS['SITE_DB']->query_update('sessions', $new_session_row, array('the_session' => $new_session), '', 1, NULL, false, true);
}
$SESSION_CACHE[$new_session] = array_merge($SESSION_CACHE[$new_session], $new_session_row);
}
if ($big_change) {
if (get_value('session_prudence') !== '1') {
// With session prudence we don't store all these in persistant cache due to the size of it all. So only re-save if that's not on.
persistant_cache_set('SESSION_CACHE', $SESSION_CACHE);
}
}
set_session_id($new_session);
// We won't set it true here, but something that really needs it to persist might come back and re-set it
// New sessions = Login points
if (!is_null($member) && addon_installed('points') && addon_installed('stats') && !is_guest($member)) {
$points_per_daily_visit = intval(get_option('points_per_daily_visit', true));
if ($points_per_daily_visit != 0) {
// See if this is the first visit today
$test = $GLOBALS['SITE_DB']->query_value('stats', 'MAX(date_and_time)', array('the_user' => $member));
if (!is_null($test)) {
require_code('temporal');
require_code('tempcode');
if (date('d/m/Y', tz_time($test, get_site_timezone())) != date('d/m/Y', tz_time(time(), get_site_timezone()))) {
require_code('points');
$_before = point_info($member);
if (array_key_exists('points_gained_given', $_before)) {
$GLOBALS['FORUM_DRIVER']->set_custom_field($member, 'points_gained_given', strval(intval($_before['points_gained_given']) + $points_per_daily_visit));
}
}
}
}
}
$GLOBALS['SESSION_CONFIRMED'] = $session_confirmed;
return $new_session;
}
/**
* Delete a session.
*
* @param integer The new session
*/
function delete_session($session)
{
require_code('users_inactive_occasionals');
set_session_id(-1);
$GLOBALS['SITE_DB']->query_delete('sessions', array('the_session' => $session), '', 1);
global $SESSION_CACHE;
unset($SESSION_CACHE[$session]);
if (get_value('session_prudence') !== '1') {
persistant_cache_set('SESSION_CACHE', $SESSION_CACHE);
}
}