$thisURI = AppendKVP($thisURI, 'offset=1'); $thisURIEncoded = rawurlencode($thisURI); $thisScript = $pathArray[count($pathArray) - 1]; $sid = $_COOKIE['sid']; //TODO:SEC: Consider regenerating session id if ($sid == '') { MakeNewSession(); } else { /* Use composite index to quickly discover user if it's logged in */ $session = new Session("loggedIn = 1 AND sessionID = '{$sid}'"); /* If session isn't logged in search on sid */ if ($session->IsEmpty()) { $session = new Session("sessionID = '{$sid}'"); if ($session->IsEmpty()) { /* This would happen if the session database changed */ MakeNewSession(); } } else { /* TODO:TEST: Need to test transporting cookies to another workstation to see if this works */ if ($session->GetIPAddress() != $_SERVER['REMOTE_ADDR']) { $user =& $session->User(); $session->SessionIPChanged('User', $user->ID(), $session->GetIPAddress() . ' -> ' . $_SERVER['REMOTE_ADDR']); $user->Logout(); } } } if ($post) { switch ($postType) { case 'LOGIN': $ret = Login($_POST['txtUsername'], $_POST['txtPassword']);
function ProcessAuthCode($state, $code) { // user auth'd to battle.net, and came back with a code we can confirm w/battle.net $state = preg_replace('/[^a-zA-Z0-9_-]/', '', substr($state, 0, 24)); if (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == '') { return '#subscription/nohttps'; } $stateInfo = MCGet('bnetstate_' . $state); if ($stateInfo === false) { return '#subscription/nostate'; } MCDelete('bnetstate_' . $state); // get access token using the code $url = sprintf(BATTLE_NET_TOKEN_URI, strtolower($stateInfo['region'])); $toPost = ['redirect_uri' => 'https://' . strtolower($_SERVER["HTTP_HOST"]) . $_SERVER["SCRIPT_NAME"], 'scope' => '', 'grant_type' => 'authorization_code', 'code' => $code, 'client_id' => BATTLE_NET_KEY, 'client_secret' => BATTLE_NET_SECRET]; $outHeaders = []; $tokenData = \Newsstand\HTTP::Post($url, $toPost, [], $outHeaders); if ($tokenData === false) { return '#subscription/notoken'; } $tokenData = json_decode($tokenData, true); if (json_last_error() != JSON_ERROR_NONE) { return '#subscription/badtoken'; } if (!isset($tokenData['access_token'])) { return '#subscription/missingtoken'; } $token = $tokenData['access_token']; // get user id and battle.net tag $url = sprintf('https://%s.api.battle.net/account/user?access_token=%s', strtolower($stateInfo['region']), $token); $userData = \Newsstand\HTTP::Get($url); if ($userData === false) { return '#subscription/nouser'; } $userData = json_decode($userData, true); if (json_last_error() != JSON_ERROR_NONE) { return '#subscription/baduser'; } if (!isset($userData['id']) || !isset($userData['battletag'])) { return '#subscription/missinguser'; } // at this point we have the battle.net user id and battletag in $userData $session = MakeNewSession('Battle.net', $userData['id'], $userData['battletag'], $stateInfo['locale']); if ($session === false) { return '#subscription/nosession'; } setcookie(SUBSCRIPTION_LOGIN_COOKIE, $session, time() + SUBSCRIPTION_SESSION_LENGTH, '/api/', '', true, true); return $stateInfo['from']; }