<?php
/*
* @CODOLICENSE
*/
defined('IN_CODOF') or die;
dispatch_post('sso/authorize', function () {
//CSRF protection
if (\CODOF\Access\Request::valid($_POST['token'])) {
//$id = $_POST['uid'];
$user = $_POST['sso'];
$posted_token = $user['token'];
$secret = CODOF\Util::get_opt('sso_secret');
if (!empty($user)) {
unset($user['token']);
$sso_token = md5(urlencode(json_encode($user)) . $secret . $_POST['timestamp']);
}
$username = $user['name'];
$mail = $user['mail'];
if ($sso_token != $posted_token) {
echo 'error';
exit;
}
$db = DB::getPDO();
if (!CODOF\User\User::mailExists($mail)) {
//this user does not have an account in codoforum
$reg = new \CODOF\User\Register($db);
if (\CODOF\User\User::usernameExists($username)) {
$username .= time();
}
$reg->username = $username;
CODOF\Smarty\Layout::load($user->view, $user->css_files, $user->js_files);
});
dispatch_get('/user/avatar/', function () {
CODOF\Smarty\Layout::not_found();
});
dispatch_get('/user/avatar/:id', function ($id) {
$user = CODOF\User\User::get();
if ($user->rawAvatar == null) {
$avatar = new \CODOF\User\Avatar();
$avatar->generate($id);
} else {
return $user->avatar;
}
});
dispatch_post('/user/profile/:id/edit', function ($id) {
if (Request::valid($_POST['token'])) {
$user = new \Controller\user();
$user->edit_profile($id);
CODOF\Smarty\Layout::load($user->view, $user->css_files, $user->js_files);
}
});
dispatch_get('/user/profile/:id/:action', function ($id, $action) {
$user = new \Controller\user();
$user->profile($id, $action);
CODOF\Smarty\Layout::load($user->view, $user->css_files, $user->js_files);
});
dispatch_get('/user/confirm', function () {
$user = new \Controller\user();
$user->confirm();
CODOF\Smarty\Layout::load($user->view, $user->css_files, $user->js_files);
});
