-
Notifications
You must be signed in to change notification settings - Fork 47
/
goauth.php
93 lines (75 loc) · 2.66 KB
/
goauth.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
<?php
include 'config.php';
require_once 'libs/google/apiClient.php';
require_once 'libs/google/contrib/apiOauth2Service.php';
$db = new PDO($config['db'], $config['dbUser'], $config['dbPassword']);
$db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_OBJ);
$userId = false;
$sessionId = false;
// Delete old session if present
if ( isset($_COOKIE['hexauser']) ) {
$cookie = $_COOKIE['hexauser'];
$cookie = explode('+', $cookie);
if ( !empty($cookie[1]) ) {
$userId = $cookie[0];
$sessionId = $cookie[1];
$stmt = $db->prepare( "SELECT `token` FROM `sessions` WHERE `id`=:sessionId AND `user_id`=:userId" );
$stmt->execute( array(':sessionId' => $sessionId, ':userId' => $userId) );
$session = $stmt->fetch();
if ( $session ) {
$stmt = $db->prepare( "DELETE FROM `sessions` WHERE `id` = :sessionId" );
$stmt->execute( array(':sessionId' => $sessionId) );
}
}
setcookie('hexauser', '', time() - 60*60*24*365, '/', $_SERVER['HTTP_HOST']);
}
$client = new apiClient();
$client->setApplicationName('Hexagame');
$client->setClientId( $config['googleId'] );
$client->setClientSecret( $config['googleSecret'] );
$client->setRedirectUri( $config['googleRedirect'] );
$client->setApprovalPrompt('auto');
$oauth2 = new apiOauth2Service($client);
if ( isset($_GET['logout']) ) {
if ( $session ) {
$client->setAccessToken($session->token);
$client->revokeToken();
}
$redirect = 'http://' . $_SERVER['HTTP_HOST'];
header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
exit;
}
if ( isset($_GET['code']) ) {
$client->authenticate();
$token = $client->getAccessToken();
if ( $token ) {
$googleUser = $oauth2->userinfo->get();
// Search the email in the database
$stmt = $db->prepare( "SELECT `id` FROM `users` WHERE `email` = :email LIMIT 1" );
$stmt->execute( array(':email' => $googleUser['email']) );
$user = $stmt->fetch();
// Returning visitor
if ( $user ) {
$userId = $user->id;
}
// New user
else {
$stmt = $db->prepare( "INSERT INTO `users` (`email`) VALUES (:email)" );
$stmt->execute( array(
':email' => $googleUser['email'])
);
$userId = $db->lastInsertId();
}
// Create session
$sessionId = sha1(uniqid($userId, true) . $googleUser['email'] . $config['salt']);
$stmt = $db->prepare( "INSERT INTO `sessions` (`id`, `user_id`, `token`) VALUES (:sessionId, :userId, :token)" );
$stmt->execute( array(
':sessionId' => $sessionId,
':userId' => $userId,
':token' => $token)
);
setcookie('hexauser', $userId . '+' . $sessionId, time() + 60*60*24*365, '/', $_SERVER['HTTP_HOST']);
}
}
$redirect = 'http://' . $_SERVER['HTTP_HOST'];
header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));