public function run() { $msg = ""; $to = 1; $user = new User(); if (isset($_REQUEST['str'])) { $email = mysql_real_escape_string(base64_decode($_REQUEST['str'])); $confirm_string = substr($_REQUEST['cs'], 0, 10); // verify the email belongs to a user if ($user->findUserByUsername($email) && substr($user->getConfirm_string(), 0, 10) == $confirm_string) { $sql = "\n UPDATE " . USERS . "\n SET\n confirm_string = '',\n confirm = 1,\n is_active = 1\n WHERE username = '******'"; mysql_query($sql); // send welcome email Utils::sendTemplateEmail($user->getUsername(), 'welcome', array('nickname' => $user->getNickname()), 'Worklist <*****@*****.**>'); User::login($user, false); //Optionally can login with confirm URL $jumbotron = "\n <h2>Welcome to Worklist!</h2>\n <p>\n Click on a job and add your bid, or come join us in our \n <a href='https://gitter.im/highfidelity/worklist' target='_blank'>public chat room</a>.\n Questions? Check out the <a href='./help'>help tab</a>.\n </p>"; } else { Utils::redirect('./'); } } elseif (isset($_REQUEST['ppstr'])) { // paypal address confirmation $paypal_email = mysql_real_escape_string(base64_decode($_REQUEST['ppstr'])); $hash = mysql_real_escape_string($_REQUEST['pp']); // verify the email belongs to a user if (!$user->findUserByPPUsername($paypal_email, $hash)) { // hacking attempt, or some other error Utils::redirect('./'); } else { $user->setPaypal_verified(true); $user->setPaypal_hash(''); $user->save(); $jumbotron = "\n <h2>Thank you for confirming your Paypal address.</h2>\n <p>You can now bid on items in the Worklist!</p>"; } } elseif (isset($_REQUEST['emstr'])) { // new email address confirmation $new_email = mysql_real_escape_string(base64_decode($_REQUEST['emstr'])); if (!$user->findUserByUsername($_SESSION['username'])) { Utils::redirect('login'); //we are not logged in } //save new email $user->setUsername($new_email); $user->save(); $_SESSION['username'] = $new_email; $jumbotron = "<h2>Thank you for confirming your changed email address.</h2>"; } $jobs = new JobController(); $jobs->view->jumbotron = $jumbotron; $jobs->listView(); }
public function login($redir = './') { $tokenURL = GITHUB_TOKEN_URL; $apiURLBase = GITHUB_API_URL; // When Github redirects the user back here, there will be a "code" and "state" parameter in the query string if (isset($_GET['code']) && $_GET['code']) { // Verify the state matches our stored state if (isset($_GET['state']) && $_SESSION['github_auth_state'] == $_GET['state']) { // Exchange the auth code for a token $response = $this->apiRequest($tokenURL, array('client_id' => GITHUB_OAUTH2_CLIENT_ID, 'client_secret' => GITHUB_OAUTH2_CLIENT_SECRET, 'redirect_uri' => WORKLIST_URL . 'github/login/' . $redir, 'state' => $_SESSION['github_auth_state'], 'code' => $_GET['code'])); if (isset($response->access_token) && $response->access_token) { $this->access_token = $access_token = $response->access_token; $gh_user = $this->apiRequest($apiURLBase . 'user'); if (!$gh_user) { // maybe a wrong access token Utils::redirect('./'); } $userId = Session::uid(); $user = new User($userId); $testUser = new User(); if ($user->getId()) { // user is already logged in in worklist, let's just check if credentials are // already stored and save them in case they're not if (!$testUser->findUserByAuthToken($access_token)) { // credentials not stored in db and not used by any other user $user->storeCredentials($access_token); } else { // credentials found, let's just sync account with GH data $this->sync($user, $gh_user); } Utils::redirect($redir); } else { // user not logged in in worklist, let's check whether he already has a // github-linked account in worklist if ($user->findUserByAuthToken($access_token)) { // already linked account, let's log him in if ($user->isActive()) { $this->sync($user, $gh_user); User::login($user, $redir); } else { // users that didn't confirmed their email addresses $jobs = new JobController(); $jobs->view->jumbotron = "<h2>E-mail confirmation required!</h2>\n <p>\n Please check your inbox and follow your e-mail confirmation message\n from Worklist. Then try to login again.\n </p>\n "; $jobs->listView(); return; } return; } else { // unknown token, taking to the signup page $this->view = new AuthView(); $this->write('access_token', $access_token); $this->write('default_username', isset($gh_user->email) ? $gh_user->email : ''); $this->write('default_location', isset($gh_user->location) ? $gh_user->location : ''); $this->view->redir_url = $redir; parent::run(); return; } } return; } else { // probably a refresh on the Auth view, which generated an error // because of the expired verification code, let's save an error just in case error_log(print_r($response, true)); } } } // let's generate the session state value an try to authorize self::generateStateAndLogin($redir); }