public function extra_process_login($network, $account_id, $message_id, $extra_ids) { if ($network != 'envato') { dir('Incorrect network in request_extra_login() - this should not happen'); } $accounts = $this->get_accounts(); if (!isset($accounts[$account_id])) { die('Invalid account, please report this error.'); } if (false) { // for testing without doing a full login: $shub_message = new shub_message(false, false, $message_id); ob_start(); $shub_message->output_message_list(false); return array('message' => ob_get_clean()); } // check if the user is already logged in via oauth. if (!empty($_SESSION['shub_oauth_envato']) && is_array($_SESSION['shub_oauth_envato']) && $_SESSION['shub_oauth_envato']['expires'] > time() && $_SESSION['shub_oauth_envato']['account_id'] == $account_id && $_SESSION['shub_oauth_envato']['message_id'] == $message_id) { // user is logged in $shub_message = new shub_message(false, false, $message_id); if ($shub_message->get('account')->get('shub_account_id') == $account_id && $shub_message->get('shub_message_id') == $message_id) { ob_start(); if (!empty($_SESSION['shub_oauth_envato']['is_admin'])) { echo "<p>You are currently logged in as the Administrator account. You can see all message history.</p>"; } $shub_message->output_message_list(false); if (isset($_GET['done'])) { // submission of extra data was successful, clear the token so the user has to login again $_SESSION['shub_oauth_envato'] = false; } return array('message' => ob_get_clean()); } } else { // user isn't logged in or the token has expired. show the login url again. // find the account. if (isset($accounts[$account_id])) { $shub_envato_account = new shub_envato_account($accounts[$account_id]['shub_account_id']); // found the account, pull in the API and build the url $api = $shub_envato_account->get_api(); // check if we have a code from a previous redirect: if (!empty($_SESSION['shub_oauth_doing_envato']['code'])) { // grab a token from the api $token = $api->get_authentication($_SESSION['shub_oauth_doing_envato']['code']); unset($_SESSION['shub_oauth_doing_envato']['code']); if (!empty($token) && !empty($token['access_token'])) { // good so far, time to check their username matches from the api $shub_message = new shub_message(false, false, $message_id); if ($shub_message->get('account')->get('shub_account_id') == $shub_envato_account->get('shub_account_id')) { // grab the details from the envato message: $envato_comments = $shub_message->get_comments(); $first_comment = current($envato_comments); if (!empty($first_comment)) { $api_result = $api->api('v1/market/private/user/username.json', array(), false); $api_result_email = $api->api('v1/market/private/user/email.json', array(), false); $api_user = new SupportHubUser_Envato(); if ($api_result && !empty($api_result['username'])) { if ($api_result_email && !empty($api_result_email['email'])) { $email = trim(strtolower($api_result_email['email'])); $api_user->load_by('user_email', $email); if (!$api_user->get('shub_user_id')) { // see if we can load by envato username instead $api_user->load_by_meta('envato_username', $api_result['username']); if (!$api_user->get('shub_user_id')) { // no match on envato username // try to find a match by plain old username instead // no existing match by email, find a match by username $api_user->load_by('user_username', $api_result['username']); if (!$api_user->get('shub_user_id')) { // no existing match by email, envato_username or plain username, pump a new entry in the db $api_user->create_new(); $api_user->add_meta('envato_username', $api_result['username']); $api_user->update('user_email', $email); $api_user->update('user_username', $api_result['username']); } else { // we got a match by username } } else { // yes! we got a match by envato username. } } } else { // no email from the user, strange! we should always get an email from the API. // well just incase we fall back and try to load based on username. // (COPIED CODE FROM ABOVE ) // see if we can load by envato username instead $api_user->load_by_meta('envato_username', $api_result['username']); if (!$api_user->get('shub_user_id')) { // no match on envato username // try to find a match by plain old username instead // no existing match by email, find a match by username $api_user->load_by('user_username', $api_result['username']); if (!$api_user->get('shub_user_id')) { // no existing match by email, envato_username or plain username, pump a new entry in the db $api_user->create_new(); $api_user->add_meta('envato_username', $api_result['username']); $api_user->update('user_username', $api_result['username']); } else { // we got a match by username } } else { // yes! we got a match by envato username. } } } if (!$api_result || empty($api_result['username']) || !$api_user->get('shub_user_id')) { // we got an API error, should always have a username. SupportHub::getInstance()->log_data(_SUPPORT_HUB_LOG_ERROR, 'envato', 'OAuth Login Fail - No Username From API', 'API Result ' . var_export($api_result, true) . ' tried to login and gain access to ticket message ' . $message_id); echo "Sorry, unable to login with Envato. <br><br> "; $item_data = $shub_message->get('item')->get('item_data'); if ($item_data && $item_data['url']) { echo '<a href="' . $item_data['url'] . '/comments' . (!empty($comment_data['id']) ? '/' . $comment_data['id'] : '') . '">Please click here to return to the Item Comment</a>'; } return false; } if (!$api_user->get('user_email') && !empty($api_result_email['email'])) { $api_user->update('user_email', trim(strtolower($api_result_email['email']))); } $api_user->add_unique_meta('envato_username', $api_result['username']); // if we get this far then we have a successul api result and we should store it so we can use the refresh token at a later date $shub_envato_oauth_id = shub_update_insert('shub_envato_oauth_id', false, 'shub_envato_oauth', array('expire_time' => time() + $token['expires_in'], 'shub_account_id' => $accounts[$account_id]['shub_account_id'], 'shub_user_id' => $api_user->get('shub_user_id'), 'access_token' => $token['access_token'], 'refresh_token' => $token['refresh_token'])); // this also updates their username/email from the API. not sure if that's a good idea. $api_user->update_purchase_history(); // NOTE AT THIS STAGE WE HAVE NOT VERIFIED THAT THE LOGGING IN USER IS INFACT THE USER WHO POSTED THE COMMENT // ANYONE COULD BE LOGGING IN NOW $comment_data = @json_decode($first_comment['data'], true); $account_data = $shub_envato_account->get('account_data'); // todo: THIS WILL FAIL IF THE USER CHANGES THEIR USERNAME. maybe? maybe not? we should refresh the comment from the API serach if a username change is detected. this will load our serialized comment data back into the db so we can confirm new username. if ($comment_data && $api_result && !empty($api_result['username']) && ($account_data && isset($account_data['user']['username']) && $api_result['username'] == $account_data['user']['username'] || $api_user->get('shub_user_id') == $shub_message->get('shub_user_id'))) { //if($comment_data && $api_result && !empty($api_result['username']) && !empty($comment_data['username']) && (($account_data && isset($account_data['user']['username']) && $api_result['username'] == $account_data['user']['username']) || $comment_data['username'] == $api_result['username'])){ SupportHub::getInstance()->log_data(_SUPPORT_HUB_LOG_ERROR, 'envato', 'OAuth Login Success - request extra', 'User ' . $api_result['username'] . ' has logged in to provide extra details'); $comment_user = new SupportHubUser_Envato($shub_message->get('shub_user_id')); $_SESSION['shub_oauth_envato'] = $token; $_SESSION['shub_oauth_envato']['shib_envato_oauth_id'] = $shub_envato_oauth_id; $_SESSION['shub_oauth_envato']['account_id'] = $account_id; $_SESSION['shub_oauth_envato']['message_id'] = $message_id; $_SESSION['shub_oauth_envato']['is_admin'] = $account_data && isset($account_data['user']['username']) && $api_result['username'] == $account_data['user']['username']; $_SESSION['shub_oauth_envato']['expires'] = time() + $token['expires_in']; $_SESSION['shub_oauth_envato']['shub_user_id'] = $comment_user->get('shub_user_id'); ob_start(); if ($_SESSION['shub_oauth_envato']['is_admin']) { echo "<p>You are currently logged in as the Administrator account. You can see all message history.</p>"; } $shub_message->output_message_list(false); return array('message' => ob_get_clean()); } else { SupportHub::getInstance()->log_data(_SUPPORT_HUB_LOG_ERROR, 'envato', 'OAuth Login Fail - Username mismatch', 'User ' . var_export($api_result, true) . ' tried to login and gain access to ticket message ' . $message_id . ': ' . var_export($comment_data, true)); echo "Sorry, unable to verify identity. Please submit a new support message if you require assistance. <br><br> "; $item_data = $shub_message->get('item')->get('item_data'); if ($item_data && $item_data['url']) { echo '<a href="' . $item_data['url'] . '/comments' . (!empty($comment_data['id']) ? '/' . $comment_data['id'] : '') . '">Please click here to return to the Item Comment</a>'; } return false; } } } } else { echo 'Failed to get access token, please try again and report this error.'; //print_r($token); } } else { $login_url = $api->get_authorization_url(); $_SESSION['shub_oauth_doing_envato'] = array('url' => str_replace('&done', '', $_SERVER['REQUEST_URI'])); ?> <p> To continue please login using your Envato account. </p> <a href="<?php echo esc_attr($login_url); ?> " class="submit_button">Login with Envato</a> <?php } } } return false; }