$thisURI = AppendKVP($thisURI, 'offset=1');
$thisURIEncoded = rawurlencode($thisURI);
$thisScript = $pathArray[count($pathArray) - 1];
$sid = $_COOKIE['sid'];
//TODO:SEC: Consider regenerating session id
if ($sid == '') {
MakeNewSession();
} else {
/* Use composite index to quickly discover user if it's logged in */
$session = new Session("loggedIn = 1 AND sessionID = '{$sid}'");
/* If session isn't logged in search on sid */
if ($session->IsEmpty()) {
$session = new Session("sessionID = '{$sid}'");
if ($session->IsEmpty()) {
/* This would happen if the session database changed */
MakeNewSession();
}
} else {
/* TODO:TEST: Need to test transporting cookies to another workstation
to see if this works */
if ($session->GetIPAddress() != $_SERVER['REMOTE_ADDR']) {
$user =& $session->User();
$session->SessionIPChanged('User', $user->ID(), $session->GetIPAddress() . ' -> ' . $_SERVER['REMOTE_ADDR']);
$user->Logout();
}
}
}
if ($post) {
switch ($postType) {
case 'LOGIN':
$ret = Login($_POST['txtUsername'], $_POST['txtPassword']);
function ProcessAuthCode($state, $code)
{
// user auth'd to battle.net, and came back with a code we can confirm w/battle.net
$state = preg_replace('/[^a-zA-Z0-9_-]/', '', substr($state, 0, 24));
if (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == '') {
return '#subscription/nohttps';
}
$stateInfo = MCGet('bnetstate_' . $state);
if ($stateInfo === false) {
return '#subscription/nostate';
}
MCDelete('bnetstate_' . $state);
// get access token using the code
$url = sprintf(BATTLE_NET_TOKEN_URI, strtolower($stateInfo['region']));
$toPost = ['redirect_uri' => 'https://' . strtolower($_SERVER["HTTP_HOST"]) . $_SERVER["SCRIPT_NAME"], 'scope' => '', 'grant_type' => 'authorization_code', 'code' => $code, 'client_id' => BATTLE_NET_KEY, 'client_secret' => BATTLE_NET_SECRET];
$outHeaders = [];
$tokenData = \Newsstand\HTTP::Post($url, $toPost, [], $outHeaders);
if ($tokenData === false) {
return '#subscription/notoken';
}
$tokenData = json_decode($tokenData, true);
if (json_last_error() != JSON_ERROR_NONE) {
return '#subscription/badtoken';
}
if (!isset($tokenData['access_token'])) {
return '#subscription/missingtoken';
}
$token = $tokenData['access_token'];
// get user id and battle.net tag
$url = sprintf('https://%s.api.battle.net/account/user?access_token=%s', strtolower($stateInfo['region']), $token);
$userData = \Newsstand\HTTP::Get($url);
if ($userData === false) {
return '#subscription/nouser';
}
$userData = json_decode($userData, true);
if (json_last_error() != JSON_ERROR_NONE) {
return '#subscription/baduser';
}
if (!isset($userData['id']) || !isset($userData['battletag'])) {
return '#subscription/missinguser';
}
// at this point we have the battle.net user id and battletag in $userData
$session = MakeNewSession('Battle.net', $userData['id'], $userData['battletag'], $stateInfo['locale']);
if ($session === false) {
return '#subscription/nosession';
}
setcookie(SUBSCRIPTION_LOGIN_COOKIE, $session, time() + SUBSCRIPTION_SESSION_LENGTH, '/api/', '', true, true);
return $stateInfo['from'];
}
