public static function finishAuth()
{
Social_Client::init();
$network_name = trim(strip_tags(Social_Client::$request["sa_login_finish"]));
$network = Social_Auth::prepare($network_name);
if (!$network) {
Social_Logger::error("Invalid parameter given on sa_login_finish");
$network->adapter->disconnectUser();
header("HTTP/1.0 404 Not Found");
die("Invalid parameter given on sa_login_finish. Try login again");
}
try {
Social_Logger::info("Login finish: {$network_name}");
$network->adapter->finishLogin();
$user_profile = $network->adapter->getUserProfile();
if ($network_name == 'facebook') {
$user_profile->photoURL = $user_profile->photoURL . '&ts=' . getTimeStamp();
}
$user_profile->network_name = $network_name;
$userid = socialLogin($user_profile);
Social_Auth::session()->set("SA_USER", $user_profile);
} catch (Exception $e) {
$network->adapter->disconnectUser();
}
Social_Logger::info("Returned to callback");
$network->goToCallbackPage();
die;
}
function chatLogin($userName, $userPass)
{
$userid = 0;
if (!empty($userName) && !empty($_REQUEST['social_details'])) {
$social_details = json_decode($_REQUEST['social_details']);
$userid = socialLogin($social_details);
}
return $userid;
}
function chatLogin($userName, $userPass)
{
$userid = 0;
global $guestsMode;
if (filter_var($userName, FILTER_VALIDATE_EMAIL)) {
$sql = "SELECT * FROM `" . TABLE_PREFIX . DB_USERTABLE . "` WHERE email = '" . mysqli_real_escape_string($GLOBALS['dbh'], $userName) . "'";
} else {
$sql = "SELECT * FROM `" . TABLE_PREFIX . DB_USERTABLE . "` WHERE " . DB_USERTABLE_NAME . " = '" . mysqli_real_escape_string($GLOBALS['dbh'], $userName) . "'";
}
$result = mysqli_query($GLOBALS['dbh'], $sql);
$row = mysqli_fetch_assoc($result);
if (CAKEPHP_VERSION == '3.x.x') {
$checkpass = 0;
$hash = $row['password'];
if (substr($hash, 0, 4) == '$2a$' || substr($hash, 0, 4) == '$2y$') {
if (substr($hash, 0, 4) == '$2y$') {
$type = '$2y$';
} else {
$type = '$2a$';
}
$hash = $type . substr($hash, 4);
$checkpass = crypt($userPass, $hash) === $hash;
}
if (substr($hash, 0, 3) == '$1$') {
$checkpass = crypt($userPass, $hash) === $hash;
}
if (preg_match('#[a-z0-9]{32}:[A-Za-z0-9]{32}#', $hash) === 1) {
$checkpass = md5($userPass . substr($hash, 33)) == substr($hash, 0, 32);
}
if ($checkpass) {
$userid = $row[DB_USERTABLE_USERID];
}
} else {
if (CAKEPHP_VERSION == '2.x.x') {
$salt = 'fvjhdj8fvn85grg73fbrvfn9fjFGfnhvt758nADG';
/* Add here the string used in security hashing methods from 'app/core.php'. */
/* Add your password validation mechanism here. For eg: salted_password = md5($row['value'].$userPass.$row['salt']);*/
$salted_password = sha1($salt . $userPass);
if ($row['password'] == $salted_password) {
$userid = $row[DB_USERTABLE_USERID];
}
}
}
if (!empty($userName) && !empty($_REQUEST['social_details'])) {
$social_details = json_decode($_REQUEST['social_details']);
$userid = socialLogin($social_details);
}
if (!empty($_REQUEST['guest_login']) && $userPass == "CC^CONTROL_GUEST" && $guestsMode == 1) {
$userid = getGuestID($userName);
}
if (!empty($userid) && isset($_REQUEST['callbackfn']) && $_REQUEST['callbackfn'] == 'mobileapp') {
$sql = "insert into cometchat_status (userid,isdevice) values ('" . mysqli_real_escape_string($GLOBALS['dbh'], $userid) . "','1') on duplicate key update isdevice = '1'";
mysqli_query($GLOBALS['dbh'], $sql);
}
if ($userid && function_exists('mcrypt_encrypt') && defined('ENCRYPT_USERID') && ENCRYPT_USERID == '1') {
$key = "";
if (defined('KEY_A') && defined('KEY_B') && defined('KEY_C')) {
$key = KEY_A . KEY_B . KEY_C;
}
$userid = rawurlencode(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $userid, MCRYPT_MODE_CBC, md5(md5($key)))));
}
return $userid;
}
unset($_SESSION['oauth_token']);
// Remove old OAuth token
unset($_SESSION['oauth_token_secret']);
// Same
$twitter = twitter();
// Initialize Twitter again with the new OAuth token
$get = $twitter->get("account/verify_credentials");
// Retrieve user info
$get = (array) $get;
$sid = $get['id'];
$_SESSION['sid'] = $sid;
// Save social ID to session
$usercheck = mysqli_query($con, "SELECT * FROM users WHERE type='twitter' AND sid='{$sid}'");
if (mysqli_num_rows($usercheck) > 0) {
// Check if user exists
$login = explode("|||", socialLogin($sid, "twitter"));
// Login
if ($login[0]) {
header('Location: ' . $login[1]);
exit;
} else {
echo "<div class='col-sm-12'>" . $login[1] . "</div>";
}
} else {
// Show registration form
?>
<form method='post' id='social_register'>
<div class='row'>
<div class='col-md-12'>
<div class='form-group'>
<label class='col-sm-4 control-label'><?php
