API tools faq
paste
Advertisement
Faguss

Userspice 4.4.14 fb-callback.php

Faguss
Aug 10th, 2019
212
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.94 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. require_once '../users/init.php';
  3.  
  4. $db=DB::getInstance();
  5.  
  6. $settingsQ=$db->query("SELECT * FROM settings");
  7. $settings=$settingsQ->first();
  8.  
  9. if(!isset($_SESSION)){session_start();}
  10.  
  11. $appID=$settings->fbid;
  12. $secret=$settings->fbsecret;
  13. $version=$settings->graph_ver;
  14. $whereNext=$settings->finalredir;
  15.  
  16. require_once($abs_us_root.$us_url_root."users/src/Facebook/autoload.php");
  17. $fb = new Facebook\Facebook([
  18. 'app_id' => $appID, // Replace {app-id} with your app id
  19. 'app_secret' => $secret,
  20. 'default_graph_version' => $version,
  21. ]);
  22.  
  23. $helper = $fb->getRedirectLoginHelper();
  24. $_SESSION['FBRLH_state']=$_GET['state'];
  25.  
  26. try {
  27. $accessToken = $helper->getAccessToken(NULL,$_SERVER['REQUEST_SCHEME'].'://'.$_SERVER['HTTP_HOST'].$us_url_root.'users/fb-callback.php');
  28. } catch(Facebook\Exceptions\FacebookResponseException $e) {
  29. // When Graph returns an error
  30. echo 'Graph returned an error: ' . $e->getMessage();
  31. exit;
  32. } catch(Facebook\Exceptions\FacebookSDKException $e) {
  33. // When validation fails or other local issues
  34. echo 'Facebook SDK returned an error: ' . $e->getMessage();
  35. exit;
  36. }
  37.  
  38. if (! isset($accessToken)) {
  39. if ($helper->getError()) {
  40. header('HTTP/1.0 401 Unauthorized');
  41. echo "Error: " . $helper->getError() . "\n";
  42. echo "Error Code: " . $helper->getErrorCode() . "\n";
  43. echo "Error Reason: " . $helper->getErrorReason() . "\n";
  44. echo "Error Description: " . $helper->getErrorDescription() . "\n";
  45. } else {
  46. header('HTTP/1.0 400 Bad Request');
  47. echo 'Bad request';
  48. }
  49. exit;
  50. }
  51.  
  52. // Logged in
  53. //echo '<h3>Access Token</h3>';
  54. //var_dump($accessToken->getValue());
  55.  
  56. // The OAuth 2.0 client handler helps us manage access tokens
  57. $oAuth2Client = $fb->getOAuth2Client();
  58.  
  59. // Get the access token metadata from /debug_token
  60. $tokenMetadata = $oAuth2Client->debugToken($accessToken);
  61. //echo '<h3>Metadata</h3>';
  62. //var_dump($tokenMetadata);
  63.  
  64. // Validation (these will throw FacebookSDKException's when they fail)
  65. $tokenMetadata->validateAppId($appID); // Replace {app-id} with your app id
  66. // If you know the user ID this access token belongs to, you can validate it here
  67. //$tokenMetadata->validateUserId('123');
  68. $tokenMetadata->validateExpiration();
  69.  
  70. if (! $accessToken->isLongLived()) {
  71. // Exchanges a short-lived access token for a long-lived one
  72. try {
  73. $accessToken = $oAuth2Client->getLongLivedAccessToken($accessToken);
  74. } catch (Facebook\Exceptions\FacebookSDKException $e) {
  75. echo "<p>Error getting long-lived access token: " . $helper->getMessage() . "</p>\n\n";
  76. exit;
  77. }
  78.  
  79. echo '<h3>Long-lived</h3>';
  80. var_dump($accessToken->getValue());
  81. }
  82.  
  83. $_SESSION['fb_access_token'] = (string) $accessToken;
  84.  
  85. // User is logged in with a long-lived access token.
  86. // You can redirect them to a members-only page.
  87. //header('Location: https://example.com/members.php');
  88. try {
  89. // Returns a `Facebook\FacebookResponse` object
  90. $response = $fb->get('/me?fields=id,first_name,last_name,email', $_SESSION['fb_access_token']);
  91. } catch(Facebook\Exceptions\FacebookResponseException $e) {
  92. echo 'Graph returned an error: ' . $e->getMessage();
  93. exit;
  94. } catch(Facebook\Exceptions\FacebookSDKException $e) {
  95. echo 'Facebook SDK returned an error: ' . $e->getMessage();
  96. exit;
  97. }
  98.  
  99. $fbuser = $response->getGraphUser();
  100.  
  101. //In case you want to test what you get back from FriendFace
  102. // var_dump($user);
  103. // echo 'Name: ' . $fbuser['name'];
  104. // echo '<br>email: ' . $fbuser['email'];
  105. // echo '<br>id: ' . $fbuser['id'];
  106.  
  107. //Facebook Authenticated - Let's do something with that info
  108.  
  109. //Check to see if the user has an account
  110. $fbEmail = $fbuser['email'];
  111.  
  112.  
  113. $checkExistingQ = $db->query("SELECT * FROM users WHERE email = ?",array ($fbEmail));
  114.  
  115. $CEQCount = $checkExistingQ->count();
  116.  
  117. //Existing UserSpice User Found
  118. if ($CEQCount>0){
  119. $checkExisting = $checkExistingQ->first();
  120. $newLoginCount = $checkExisting->logins+1;
  121. $newLastLogin = date("Y-m-d H:i:s");
  122.  
  123. $picture_link = download_fb_image($fbuser['id']);
  124. $fields=array('fb_uid'=>$fbuser['id'], 'logins'=>$newLoginCount, 'last_login'=>$newLastLogin, 'picture'=>$picture_link);
  125.  
  126. $db->update('users',$checkExisting->id,$fields);
  127. $_SESSION["user"] = $checkExisting->id;
  128.  
  129. $twoQ = $db->query("select twoKey from users where id = ? and twoEnabled = 1",[$checkExisting->id]);
  130. if($twoQ->count()>0) {
  131. $_SESSION['twofa']=1;
  132. $page=encodeURIComponent(Input::get('redirect'));
  133. logger($user->data()->id,"Two FA","Two FA being requested.");
  134. Redirect::To($us_url_root.'users/twofa.php');
  135. }
  136. $ip = ipCheck();
  137. $q = $db->query("SELECT id FROM us_ip_list WHERE ip = ?",array($ip));
  138. $c = $q->count();
  139. if($c < 1){
  140. $db->insert('us_ip_list', array(
  141. 'user_id' => $feusr->id,
  142. 'ip' => $ip,
  143. ));
  144. }else{
  145. $f = $q->first();
  146. $db->update('us_ip_list',$f->id, array(
  147. 'user_id' => $feusr->id,
  148. 'ip' => $ip,
  149. ));
  150. }
  151. Redirect::to($us_url_root.'users/account.php');
  152. }else{
  153. if($settings->registration==0) {
  154. session_destroy();
  155. Redirect::to($us_url_root.'users/join.php');
  156. die();
  157. } else {
  158. // //No Existing UserSpice User Found
  159. // if ($CEQCount<0){
  160. //$fbpassword = password_hash(Token::generate(),PASSWORD_BCRYPT,array('cost' => 12));
  161. $date = date("Y-m-d H:i:s");
  162. $fb_fname = $fbuser['first_name'];
  163. $fb_lname = $fbuser['last_name'];
  164. $fbname=$fb_fname.' '.$fb_lname;
  165. if($settings->auto_assign_un==1) {
  166. $username=username_helper($fb_fname,$fb_lname,$fbEmail);
  167. if(!$username) $username=NULL;
  168. } else {
  169. $username=$fbEmail;
  170. }
  171. $new_username = $username;
  172. $atsymbol = strpos($username, '@');
  173. if ($atsymbol !== FALSE) $new_username = substr($username, 0, $atsymbol);
  174.  
  175. $picture_link = download_fb_image($fbuser['id']);
  176. $fields=array('email'=>$fbEmail,'username'=>$new_username,'fname'=>$fb_fname,'lname'=>$fb_lname,'permissions'=>1,'logins'=>1,'company'=>'none','join_date'=>$date,'last_login'=>$date,'email_verified'=>1,'password'=>NULL,'fb_uid'=>$fbuser['id'],'picture'=>$picture_link);
  177.  
  178. $db->insert('users',$fields);
  179. $lastID = $db->lastId();
  180.  
  181. $insert2 = $db->query("INSERT INTO user_permission_matches SET user_id = $lastID, permission_id = 1");
  182.  
  183. $theNewId=$lastID;
  184. include($abs_us_root.$us_url_root.'usersc/scripts/during_user_creation.php');
  185.  
  186. $_SESSION["user"] = $lastID;
  187. Redirect::to($whereNext);
  188. }
  189. }
  190.  
  191.  
  192. //http://markuzweb.blogspot.com/2010/09/grab-picture-of-facebook-graph-object.html
  193. function download_fb_image($id) {
  194. if (!is_array($options))
  195. $options = array();
  196.  
  197. $options = array_merge(array(
  198. 'connectionTimeout' => 5, // seconds
  199. 'timeout' => 10, // seconds
  200. 'sslVerifyPeer' => false,
  201. 'followLocation' => true, // if true, limit recursive redirection by
  202. 'maxRedirs' => 5, // setting value for "maxRedirs"
  203. ), $options);
  204.  
  205. // create a temporary file (we are assuming that we can write to the system's temporary directory)
  206. //$tempFileName = tempnam(sys_get_temp_dir(), '');
  207. $fh = fopen(__DIR__ . "/images/$id.jpg", 'w');
  208.  
  209. $curl = curl_init("http://graph.facebook.com/$id/picture?type=large");
  210. curl_setopt($curl, CURLOPT_FILE, $fh);
  211. curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, $options['connectionTimeout']);
  212. curl_setopt($curl, CURLOPT_TIMEOUT, $options['timeout']);
  213. curl_setopt($curl, CURLOPT_HEADER, false);
  214. curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, $options['sslVerifyPeer']);
  215. curl_setopt($curl, CURLOPT_FOLLOWLOCATION, $options['followLocation']);
  216. curl_setopt($curl, CURLOPT_MAXREDIRS, $options['maxRedirs']);
  217. curl_exec($curl);
  218.  
  219. curl_close($curl);
  220. fclose($fh);
  221.  
  222. $picture_link = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}";
  223. $last_item = strrpos($picture_link, '/');
  224. if ($last_item !== FALSE)
  225. $picture_link = substr($picture_link, 0, $last_item+1);
  226. $picture_link .= "images/$id.jpg";
  227.  
  228. return $picture_link;
  229. }
  230. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!