$db->where('email', $user['email'])->where('verified', '1');
$db->getOne('users');
if ($db->count > 0) {
// Email is already associated to another account
$verified = false;
// Record is no more usable. User will be asked to register using different email
$db->where('id', $user_id);
$db->delete('users');
} else {
$db->where('id', $user_id);
if ($db->update('users', array('verified' => '1', 'auth_code' => ''))) {
$verified = true;
/* Login the user */
require DOCUMENT_ROOT . 'classes/LoginHelper.php';
$loginHelper = new LoginHelper($db);
$loginHelper->Login($user_id);
}
}
} else {
/* Spoof request */
$invalid_request = true;
}
} else {
/* Spoof Request */
$invalid_request = true;
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
// Exchange the code for access token
$google->authenticate($_GET['code']);
$_SESSION['access_token'] = $google->getAccessToken();
$redirect = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
exit;
}
if ($google->IsAuthenticated()) {
// Google User is authenticated and authorized
// Login/Registration can be proceeded
$gUser = $google->getUserProfile();
$loginHelper = new LoginHelper($db);
$user_id = $loginHelper->IsRegistered(OAUTH_GOOGLE, $gUser['id']);
if ($user_id) {
// User is already registered - Log in the user
$redicrect_uri = $loginHelper->Login($user_id, OAUTH_GOOGLE, $gUser['id']);
header("Location: {$redirect_uri}");
exit;
} else {
// User is not registerd
// Email may be registered already
$rUser = $loginHelper->IsEmailRegistered($gUser['email']);
if ($rUser) {
// Email is already registered - Login the user
$redirect_uri = $loginHelper->Login($rUser['id'], $rUser['oauth_type'], $rUser['oauth_id']);
header("Location: {$redirect_uri}");
exit;
}
// Google user is logging in for the first time
// Register the user
$tempUser = array();
/*
This page receives the sign up information (Sign up using Treasherlocked i.e Oauth_Default)
via an AJAX request. The page validates and completes the Oauth registration.
*/
require $_SERVER['DOCUMENT_ROOT'] . '/ts2/config/consts.php';
session_start();
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['spoof_proof']) && $_POST['spoof_proof'] == $_SESSION['spoof_proof']) {
require_once DOCUMENT_ROOT . 'classes/LoginHelper.php';
require_once DOCUMENT_ROOT . 'classes/Registrar.php';
require_once DOCUMENT_ROOT . 'config/db.php';
$name = $db->escape($_POST['username']);
$password = sha1($_POST['password']);
$remember = isset($_POST['remember']) ? true : false;
$result = $db->rawQuery("SELECT id\n\t\t\t\t\t\t\tFROM users \n\t\t\t\t\t\t\tWHERE \n\t\t\t\t\t\t\t\t( email = ? OR username = ? ) \n\t\t\t\t\t\t\t\tAND oauth_type = ? \n\t\t\t\t\t\t\t\tAND password = ?\n\t\t\t\t\t\t\t\tAND verified = ?\n\t\t\t\t\t\t\t", array($name, $name, OAUTH_DEFAULT, $password, 1));
if ($db->count > 0) {
$user = $result[0];
// Valid credentials
$loginHelper = new LoginHelper($db);
$redirect_uri = $loginHelper->Login($user['id'], OAUTH_DEFAULT, null, $remember);
$result = array('success' => true, 'redirect_uri' => $redirect_uri);
} else {
// invalid credentails
$result = array('success' => false);
}
header('Content-Type: application/json');
echo json_encode($result);
exit;
} else {
header('HTTP/1.1 404 Not Found');
}
if ($facebook->IsAuthenticated()) {
/* Verify that all of the required scopes have been granted */
if (!$facebook->verifyScopes(unserialize(SCOPES))) {
//var_dump($facebook); exit;
header("Location: " . $facebook->getLoginURL($facebook->denied_scopes, REREQUEST));
exit;
}
// All scopes have been granted
// Login/Registration can be proceeded
$fb_user = $facebook->getUserProfile();
// Check if the facebook user is already registered
$loginHelper = new LoginHelper($db);
$user_id = $loginHelper->IsRegistered(OAUTH_FACEBOOK, $fb_user['id']);
if ($user_id) {
// Facebook user is already registered - Login the user
$redirect_uri = $loginHelper->Login($user_id, OAUTH_FACEBOOK, $fb_user['id']);
header("Location: {$redirect_uri}");
exit;
} else {
// User is not registered - Register the user
// Check if the email is already registered
if (isset($fb_user['email'])) {
$registeredUser = $loginHelper->IsEmailRegistered($fb_user['email']);
if ($registeredUser) {
// Email is already registered
$redirect_uri = $loginHelper->Login($registeredUser['id'], $registeredUser['oauth_type'], $registeredUser['oauth_id']);
header("Location: {$redirect_uri}");
exit;
}
}
// Email is not registered; Facebook user is loggin in for the first time - Register the user
}
require 'config/consumer.php';
require 'config/login.php';
require 'Twitter/Twitter.php';
$twitter = new Twitter(CONSUMER_KEY, CONSUMER_SECRET, REDIRECT_URI);
if ($twitter->IsAuthenticated()) {
// Twitter user is authenticated and authorized
// Login/Registration can be proceeded
$twitter_user = $twitter->getUserProfile();
$loginHelper = new LoginHelper($db);
$user_id = $loginHelper->IsRegistered(OAUTH_TWITTER, $twitter_user->id);
if ($user_id) {
// User is registered
// TWITTER user needs to have their email verfieid
if ($loginHelper->IsVerified($user_id)) {
$redirect_uri = $loginHelper->Login($user_id, OAUTH_TWITTER, $twitter_user->id);
header("Location: {$redirect_uri}");
} else {
$not_verified = true;
/* Keeping `access token` alive generates login URL with invalid Oauth token if
user goes to `oauth\twitter\index.php`
*/
// TBD: clearTwitterCredentials
if (isset($_SESSION['access_token'])) {
unset($_SESSION['access_token']);
}
require DOCUMENT_ROOT . 'includes/html/login/email_not_verified.php';
}
exit;
} else {
// User is not registerd
$user['institute'] = $institute;
if (isset($location)) {
$user['location'] = $location;
}
// Add user's record to the database
$registrar = new Registrar($db);
$id = $registrar->registerUser($user);
if ($id) {
// Delete tempUser record
$db->where('id', $_SESSION['temp_user_id']);
$db->delete('users_temp');
unset($_SESSION['registration_pending']);
unset($_SESSION['temp_user_id']);
// Now that the registration is complete, log in the user
$loginHelper = new LoginHelper();
$loginHelper->Login($id, $user['oauth_type'], $user['oauth_id']);
exit;
// END OF SCRIPT //
}
} else {
$registrar = new Registrar($db);
echo $registrar->getHTML($error);
// Get error HTML
var_dump($error);
exit;
}
}
/* No any data POSTed but registration is pending - show Additional Information page */
if (isset($_SESSION['registration_pending'])) {
require_once DOCUMENT_ROOT . 'classes/Registrar.php';
require_once DOCUMENT_ROOT . 'config/db.php';
$db->delete('users_temp');
unset($_SESSION['registration_pending']);
unset($_SESSION['temp_user_id']);
unset($_SESSION['spoof_proof']);
/* If email has been manually provided, it needs to be verified. */
if (isset($email)) {
$registrar->sendVerificationEmail($id, $user['email']);
// Show verification page link
$result = array('success' => true, 'verify' => true);
header('Content-Type: application/json');
echo json_encode($result);
exit;
}
// Now that the registration is complete, login the user
$loginHelper = new LoginHelper();
$redirect_uri = $loginHelper->Login($id, $user['oauth_type'], $user['oauth_id']);
// Return the success information
$result = array('success' => true, 'redirect_uri' => $redirect_uri);
header('Content-Type: application/json');
echo json_encode($result);
exit;
} else {
$result = array('success' => false, 'error' => 'Unexpected error!');
header('Content-Type: application/json');
echo json_encode($result);
exit;
}
} else {
$result = array('success' => false, 'error' => implode("<br/>", $error));
header('Content-Type: application/json');
echo json_encode($result);
