index.php
4.35 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
<?php
// a session is required to store the token details in
session_start();
// Find redirection location
if(isset($_GET['redirect']))
{
$_SESSION['redirect'] = $_GET['redirect'];
}
ini_set('error_reporting', E_ALL);
ini_set("display_errors", 1);
require('OAuth.php');
require('SSO.class.php');
require('config.php');
require('../classes/realops.php');
// initiate the SSO class with consumer details and encryption details
$SSO = new SSO($sso['base'], $sso['key'], $sso['secret'], $sso['method'], $sso['cert']);
// return variable is needed later in this script
$sso_return = $sso['return'];
// remove other config variables
unset($sso);
// if VATSIM has redirected the member back
//file here, store session variable of where the user came from. If doesn't exist, send to index
if (isset($_GET['return']) && isset($_GET['oauth_verifier']) && !isset($_GET['oauth_cancel'])){
// check to make sure there is a saved token for this user
if (isset($_SESSION[SSO_SESSION]) && isset($_SESSION[SSO_SESSION]['key']) && isset($_SESSION[SSO_SESSION]['secret'])){
/*
* NOTE: Always request the user data as soon as the member is sent back and then redirect the user away
*/
// echo '<a href="index.php">Return</a><br />';
if (@$_GET['oauth_token']!=$_SESSION[SSO_SESSION]['key']){
echo '<p>Returned token does not match</p>';
die();
}
if (@!isset($_GET['oauth_verifier'])){
echo '<p>No verification code provided</p>';
die();
}
// obtain the details of this user from VATSIM
$user = $SSO->checkLogin($_SESSION[SSO_SESSION]['key'], $_SESSION[SSO_SESSION]['secret'], @$_GET['oauth_verifier']);
if ($user){
// One-time use of tokens, token no longer valid
unset($_SESSION[SSO_SESSION]);
// Record & Confirm User's Details
// Create instances of classes
$get = new Get();
$set = new Set();
// Check if user exists in database
if(!$get->userExists($user->user->id))
{
// Import user into database
$set->setUser($user->user->id, $user->user->email, $user->user->name_first, $user->user->name_last);
}
// Log user in thru session
$_SESSION['vatsimID'] = $user->user->id;
$_SESSION['email'] = $user->user->email;
$_SESSION['firstName'] = $user->user->name_first;
$_SESSION['lastName'] = $user->user->name_last;
$_SESSION['rating'] = $user->user->rating->short;
// Determining if valid redirect request
header("Location: /" . $_SESSION['redirect']);
// do not proceed to send the user back to VATSIM
die();
} else {
// OAuth or cURL errors have occurred, output here
echo '<p>An error occurred</p>';
$error = $SSO->error();
if ($error['code']){
echo '<p>Error code: '.$error['code'].'</p>';
}
echo '<p>Error message: '.$error['message'].'</p>';
// do not proceed to send the user back to VATSIM
die();
}
}
// the user cancelled their login and were sent back
} else if (isset($_GET['return']) && isset($_GET['oauth_cancel'])){
echo '<a href="index.php">Start Again</a><br />';
echo '<p>You cancelled your login.</p>';
die();
}
// create a request token for this login. Provides return URL and suspended/inactive settings
$token = $SSO->requestToken($sso_return, false, false);
if ($token){
// store the token information in the session so that we can retrieve it when the user returns
$_SESSION[SSO_SESSION] = array(
'key' => (string)$token->token->oauth_token, // identifying string for this token
'secret' => (string)$token->token->oauth_token_secret // secret (password) for this token. Keep server-side, do not make visible to the user
);
// redirect the member to VATSIM
$SSO->sendToVatsim();
} else {
echo '<p>An error occurred</p>';
$error = $SSO->error();
if ($error['code']){
echo '<p>Error code: '.$error['code'].'</p>';
}
echo '<p>Error message: '.$error['message'].'</p>';
}
?>