<?php // Facebook Multi Page/Group Poster v2.2 // Created by Novartis (Safwan) if (count(get_included_files()) == 1) { die; } // Page/Groups Refresh Data if ($hardDemo && $userName == "Multi") { return; } authRedirect();
function checkLogin($user, $hashed_pass, $uid = 0) { global $dbName, $adminloggedIn, $loggedIn, $cookie, $warn, $step, $failImg, $lang; global $tempData, $userName, $fullname, $password, $userId, $userToken, $pageData, $groupData, $userOptions, $userIds; global $fb, $hardDemo; if ($db = new PDO('sqlite:' . $dbName . '-settings.db')) { //Is admin Login? $statement = $db->prepare("SELECT * FROM Settings"); if ($statement) { $statement->execute(); } else { showHTML("{$failImg} Error while checking login/cookie information. Settings Database opened OK but statement execution failed."); } $tempData = $statement->fetchAll(); if (strcasecmp($user, $tempData[0]['admin']) == 0 && $hashed_pass === md5(decrypt($tempData[0]['adminpass']))) { $adminloggedIn = true; $cookie = base64_encode("{$user}:" . $hashed_pass); setcookie('FBMPGPLogin', $cookie); if (isset($_GET['logs'])) { showLogs(); } elseif (isset($_GET['rg']) && !$hardDemo) { //This refresh is used for Admin Token Install authRedirect(); } elseif (isset($_GET['users'])) { require_once 'includes/showusers.php'; } elseif (isset($_GET['crons'])) { require_once 'includes/showcrons.php'; } elseif (isset($_GET['clogs'])) { if (file_exists($dbName . '-logs.db')) { unlink($dbName . '-logs.db'); } header("Location: ./?logs"); exit; } else { showHTML(include_once 'includes/admin.php', $lang['Admin Panel']); } } } else { showHTML("{$failImg} Failed to open settings database while checking login information. Exiting..."); } if ($db = new PDO('sqlite:' . $dbName . '-users.db')) { $statement = $db->prepare("SELECT COUNT(*) FROM FB WHERE username = \"{$user}\""); if ($statement) { $statement->execute(); } else { showHTML("{$failImg} Error while checking login/cookie information. Users Database opened OK but statement execution failed."); } if ($statement->fetchColumn() > 0) { if ($uid) { $statement = $db->prepare("SELECT * FROM FB WHERE username = \"{$user}\" AND userid = \"{$uid}\""); } else { $statement = $db->prepare("SELECT * FROM FB WHERE username = \"{$user}\""); } if ($statement) { $statement->execute(); } else { showHTML("{$failImg} Users Database query failed while checking login information"); } $tempData = $statement->fetchAll(); if (!$tempData) { $warn = $lang['User does not exist']; showLogin(); } $userName = $tempData[0]['username']; $password = decrypt($tempData[0]['password']); $userToken = $tempData[0]['usertoken']; $fullname = $tempData[0]['fullname']; $pageData = $tempData[0]['pagedata']; $groupData = $tempData[0]['groupdata']; $userId = $tempData[0]['userid']; $userOptions = readOptions($tempData[0]['useroptions']); $userOptions = checkUserOptions($userOptions); $userOptions['lastActive'] = time(); saveUserOptions(); if ($uid) { $statement = $db->prepare("SELECT * FROM FB WHERE username = \"{$user}\""); if ($statement) { $statement->execute(); } else { showHTML("{$failImg} Users Database query failed while checking id information"); } $tempData = $statement->fetchAll(); } foreach ($tempData as $s) { $userIds[$s['fullname']] = $s['userid']; } } } else { showHTML("{$failImg} Failed to open users database while checking login information. Exiting..."); } if (strcasecmp($user, $userName) != 0 || $hashed_pass != md5($password)) { if (isset($_POST['un'])) { $warn = $lang['Incorrect login info']; } showLogin(); } $cookie = base64_encode("{$userName}:" . md5($password)); $loggedIn = true; }
function validatePlayer() { // Figure out who's playing global $passToClient; // A simple auth system built to be replaced: if (!$GLOBALS['on']['auth']) { if (isset($_COOKIE['uid'])) { $uid = explode('.', $_COOKIE['uid']); if (count($uid) == 2) { $hashedID = md5($uid[0] . $GLOBALS['uidsalt']); if ($hashedID == $uid[1]) { // good - extend and return setcookie('uid', $_COOKIE['uid'], time() + 2592000, '/'); return $uid[0]; } } } // if we're here, we need to set a new UID $uid[0] = mt_rand(); $uid[1] = md5($uid[0] . $GLOBALS['uidsalt']); $uidCookie = implode('.', $uid); setcookie('uid', $uidCookie, time() + 2592000, '/'); return $uid[0]; } //TAG:AUTH // If $on['auth'], instead use Facebook's server auth flow global $facebook; if ($GLOBALS['on']['auth']) { require_once './fb/facebook.php'; // Initialize the Facebook PHP SDK $facebook = new Facebook(array('appId' => $GLOBALS['appID'], 'secret' => $GLOBALS['appSecret'])); $sr = $facebook->getSignedRequest(); // Turn these on to get a dribble of the browser state/security interaction: // error_log('function [' . getparam('f') . ', sr: ]' . var_export($sr, true)); // error_log(var_export($_REQUEST, true)); // error_log(var_export($_COOKIE, true)); if (isset($sr['user_id'])) { $GLOBALS['fbid'] = $facebook->getUser(); $GLOBALS['userToken'] = $facebook->getAccessToken(); // error_log("using browser state for auth, user $GLOBALS[fbid], " . // "token $GLOBALS[userToken]"); // work around Safari 3p cookie weirdness $rawRequest = getParam('signed_request'); if ($rawRequest) { $passToClient['sr'] = "signed_request={$rawRequest}"; } } else { // Send the user to the auth dialog authRedirect(); } try { $fbProfile = $facebook->api('/me?fields=first_name,gender,id,currency,locale', 'GET'); $passToClient['profile'] = $fbProfile; //TAG:REQUESTS if ($GLOBALS['on']['requests']) { $passToClient['appRequests'] = getRequests(); } } catch (FacebookApiException $e) { // TODO deal with it throw $e; } return $GLOBALS['fbid']; } }