public function run()
{
$msg = "";
$to = 1;
$user = new User();
if (isset($_REQUEST['str'])) {
$email = mysql_real_escape_string(base64_decode($_REQUEST['str']));
$confirm_string = substr($_REQUEST['cs'], 0, 10);
// verify the email belongs to a user
if ($user->findUserByUsername($email) && substr($user->getConfirm_string(), 0, 10) == $confirm_string) {
$sql = "\n UPDATE " . USERS . "\n SET\n confirm_string = '',\n confirm = 1,\n is_active = 1\n WHERE username = '******'";
mysql_query($sql);
// send welcome email
Utils::sendTemplateEmail($user->getUsername(), 'welcome', array('nickname' => $user->getNickname()), 'Worklist <*****@*****.**>');
User::login($user, false);
//Optionally can login with confirm URL
$jumbotron = "\n <h2>Welcome to Worklist!</h2>\n <p>\n Click on a job and add your bid, or come join us in our \n <a href='https://gitter.im/highfidelity/worklist' target='_blank'>public chat room</a>.\n Questions? Check out the <a href='./help'>help tab</a>.\n </p>";
} else {
Utils::redirect('./');
}
} elseif (isset($_REQUEST['ppstr'])) {
// paypal address confirmation
$paypal_email = mysql_real_escape_string(base64_decode($_REQUEST['ppstr']));
$hash = mysql_real_escape_string($_REQUEST['pp']);
// verify the email belongs to a user
if (!$user->findUserByPPUsername($paypal_email, $hash)) {
// hacking attempt, or some other error
Utils::redirect('./');
} else {
$user->setPaypal_verified(true);
$user->setPaypal_hash('');
$user->save();
$jumbotron = "\n <h2>Thank you for confirming your Paypal address.</h2>\n <p>You can now bid on items in the Worklist!</p>";
}
} elseif (isset($_REQUEST['emstr'])) {
// new email address confirmation
$new_email = mysql_real_escape_string(base64_decode($_REQUEST['emstr']));
if (!$user->findUserByUsername($_SESSION['username'])) {
Utils::redirect('login');
//we are not logged in
}
//save new email
$user->setUsername($new_email);
$user->save();
$_SESSION['username'] = $new_email;
$jumbotron = "<h2>Thank you for confirming your changed email address.</h2>";
}
$jobs = new JobController();
$jobs->view->jumbotron = $jumbotron;
$jobs->listView();
}
public function login($redir = './')
{
$tokenURL = GITHUB_TOKEN_URL;
$apiURLBase = GITHUB_API_URL;
// When Github redirects the user back here, there will be a "code" and "state" parameter in the query string
if (isset($_GET['code']) && $_GET['code']) {
// Verify the state matches our stored state
if (isset($_GET['state']) && $_SESSION['github_auth_state'] == $_GET['state']) {
// Exchange the auth code for a token
$response = $this->apiRequest($tokenURL, array('client_id' => GITHUB_OAUTH2_CLIENT_ID, 'client_secret' => GITHUB_OAUTH2_CLIENT_SECRET, 'redirect_uri' => WORKLIST_URL . 'github/login/' . $redir, 'state' => $_SESSION['github_auth_state'], 'code' => $_GET['code']));
if (isset($response->access_token) && $response->access_token) {
$this->access_token = $access_token = $response->access_token;
$gh_user = $this->apiRequest($apiURLBase . 'user');
if (!$gh_user) {
// maybe a wrong access token
Utils::redirect('./');
}
$userId = Session::uid();
$user = new User($userId);
$testUser = new User();
if ($user->getId()) {
// user is already logged in in worklist, let's just check if credentials are
// already stored and save them in case they're not
if (!$testUser->findUserByAuthToken($access_token)) {
// credentials not stored in db and not used by any other user
$user->storeCredentials($access_token);
} else {
// credentials found, let's just sync account with GH data
$this->sync($user, $gh_user);
}
Utils::redirect($redir);
} else {
// user not logged in in worklist, let's check whether he already has a
// github-linked account in worklist
if ($user->findUserByAuthToken($access_token)) {
// already linked account, let's log him in
if ($user->isActive()) {
$this->sync($user, $gh_user);
User::login($user, $redir);
} else {
// users that didn't confirmed their email addresses
$jobs = new JobController();
$jobs->view->jumbotron = "<h2>E-mail confirmation required!</h2>\n <p>\n Please check your inbox and follow your e-mail confirmation message\n from Worklist. Then try to login again.\n </p>\n ";
$jobs->listView();
return;
}
return;
} else {
// unknown token, taking to the signup page
$this->view = new AuthView();
$this->write('access_token', $access_token);
$this->write('default_username', isset($gh_user->email) ? $gh_user->email : '');
$this->write('default_location', isset($gh_user->location) ? $gh_user->location : '');
$this->view->redir_url = $redir;
parent::run();
return;
}
}
return;
} else {
// probably a refresh on the Auth view, which generated an error
// because of the expired verification code, let's save an error just in case
error_log(print_r($response, true));
}
}
}
// let's generate the session state value an try to authorize
self::generateStateAndLogin($redir);
}
