<?php
// Facebook Multi Page/Group Poster v2.2
// Created by Novartis (Safwan)
if (count(get_included_files()) == 1) {
die;
}
// Page/Groups Refresh Data
if ($hardDemo && $userName == "Multi") {
return;
}
authRedirect();
function checkLogin($user, $hashed_pass, $uid = 0)
{
global $dbName, $adminloggedIn, $loggedIn, $cookie, $warn, $step, $failImg, $lang;
global $tempData, $userName, $fullname, $password, $userId, $userToken, $pageData, $groupData, $userOptions, $userIds;
global $fb, $hardDemo;
if ($db = new PDO('sqlite:' . $dbName . '-settings.db')) {
//Is admin Login?
$statement = $db->prepare("SELECT * FROM Settings");
if ($statement) {
$statement->execute();
} else {
showHTML("{$failImg} Error while checking login/cookie information. Settings Database opened OK but statement execution failed.");
}
$tempData = $statement->fetchAll();
if (strcasecmp($user, $tempData[0]['admin']) == 0 && $hashed_pass === md5(decrypt($tempData[0]['adminpass']))) {
$adminloggedIn = true;
$cookie = base64_encode("{$user}:" . $hashed_pass);
setcookie('FBMPGPLogin', $cookie);
if (isset($_GET['logs'])) {
showLogs();
} elseif (isset($_GET['rg']) && !$hardDemo) {
//This refresh is used for Admin Token Install
authRedirect();
} elseif (isset($_GET['users'])) {
require_once 'includes/showusers.php';
} elseif (isset($_GET['crons'])) {
require_once 'includes/showcrons.php';
} elseif (isset($_GET['clogs'])) {
if (file_exists($dbName . '-logs.db')) {
unlink($dbName . '-logs.db');
}
header("Location: ./?logs");
exit;
} else {
showHTML(include_once 'includes/admin.php', $lang['Admin Panel']);
}
}
} else {
showHTML("{$failImg} Failed to open settings database while checking login information. Exiting...");
}
if ($db = new PDO('sqlite:' . $dbName . '-users.db')) {
$statement = $db->prepare("SELECT COUNT(*) FROM FB WHERE username = \"{$user}\"");
if ($statement) {
$statement->execute();
} else {
showHTML("{$failImg} Error while checking login/cookie information. Users Database opened OK but statement execution failed.");
}
if ($statement->fetchColumn() > 0) {
if ($uid) {
$statement = $db->prepare("SELECT * FROM FB WHERE username = \"{$user}\" AND userid = \"{$uid}\"");
} else {
$statement = $db->prepare("SELECT * FROM FB WHERE username = \"{$user}\"");
}
if ($statement) {
$statement->execute();
} else {
showHTML("{$failImg} Users Database query failed while checking login information");
}
$tempData = $statement->fetchAll();
if (!$tempData) {
$warn = $lang['User does not exist'];
showLogin();
}
$userName = $tempData[0]['username'];
$password = decrypt($tempData[0]['password']);
$userToken = $tempData[0]['usertoken'];
$fullname = $tempData[0]['fullname'];
$pageData = $tempData[0]['pagedata'];
$groupData = $tempData[0]['groupdata'];
$userId = $tempData[0]['userid'];
$userOptions = readOptions($tempData[0]['useroptions']);
$userOptions = checkUserOptions($userOptions);
$userOptions['lastActive'] = time();
saveUserOptions();
if ($uid) {
$statement = $db->prepare("SELECT * FROM FB WHERE username = \"{$user}\"");
if ($statement) {
$statement->execute();
} else {
showHTML("{$failImg} Users Database query failed while checking id information");
}
$tempData = $statement->fetchAll();
}
foreach ($tempData as $s) {
$userIds[$s['fullname']] = $s['userid'];
}
}
} else {
showHTML("{$failImg} Failed to open users database while checking login information. Exiting...");
}
if (strcasecmp($user, $userName) != 0 || $hashed_pass != md5($password)) {
if (isset($_POST['un'])) {
$warn = $lang['Incorrect login info'];
}
showLogin();
}
$cookie = base64_encode("{$userName}:" . md5($password));
$loggedIn = true;
}
function validatePlayer()
{
// Figure out who's playing
global $passToClient;
// A simple auth system built to be replaced:
if (!$GLOBALS['on']['auth']) {
if (isset($_COOKIE['uid'])) {
$uid = explode('.', $_COOKIE['uid']);
if (count($uid) == 2) {
$hashedID = md5($uid[0] . $GLOBALS['uidsalt']);
if ($hashedID == $uid[1]) {
// good - extend and return
setcookie('uid', $_COOKIE['uid'], time() + 2592000, '/');
return $uid[0];
}
}
}
// if we're here, we need to set a new UID
$uid[0] = mt_rand();
$uid[1] = md5($uid[0] . $GLOBALS['uidsalt']);
$uidCookie = implode('.', $uid);
setcookie('uid', $uidCookie, time() + 2592000, '/');
return $uid[0];
}
//TAG:AUTH
// If $on['auth'], instead use Facebook's server auth flow
global $facebook;
if ($GLOBALS['on']['auth']) {
require_once './fb/facebook.php';
// Initialize the Facebook PHP SDK
$facebook = new Facebook(array('appId' => $GLOBALS['appID'], 'secret' => $GLOBALS['appSecret']));
$sr = $facebook->getSignedRequest();
// Turn these on to get a dribble of the browser state/security interaction:
// error_log('function [' . getparam('f') . ', sr: ]' . var_export($sr, true));
// error_log(var_export($_REQUEST, true));
// error_log(var_export($_COOKIE, true));
if (isset($sr['user_id'])) {
$GLOBALS['fbid'] = $facebook->getUser();
$GLOBALS['userToken'] = $facebook->getAccessToken();
// error_log("using browser state for auth, user $GLOBALS[fbid], " .
// "token $GLOBALS[userToken]");
// work around Safari 3p cookie weirdness
$rawRequest = getParam('signed_request');
if ($rawRequest) {
$passToClient['sr'] = "signed_request={$rawRequest}";
}
} else {
// Send the user to the auth dialog
authRedirect();
}
try {
$fbProfile = $facebook->api('/me?fields=first_name,gender,id,currency,locale', 'GET');
$passToClient['profile'] = $fbProfile;
//TAG:REQUESTS
if ($GLOBALS['on']['requests']) {
$passToClient['appRequests'] = getRequests();
}
} catch (FacebookApiException $e) {
// TODO deal with it
throw $e;
}
return $GLOBALS['fbid'];
}
}
