authenticate.php

1. <?php
2. // MySQL Credentials
3. $mysqlhost = "localhost";
4. $mysqldb = "xenforo";
5. $mysqluser = "authenticator";
6. $mysqlpass = "&Z71EMkC%tby";
7.  
8. // Opens the connection to the db
9. $db = MySQLI_Connect($mysqlhost, $mysqluser, $mysqlpass, $mysqldb);
10.  
11. $code = $_GET["code"];
12. $user = $_GET["user"];
13. $query = "SELECT user FROM tshock_auth WHERE code = '" . $db->real_escape_string($code) . "';";
14. $result = $db->query($query);
15.  
16. /* Return Codes
17.     0 - query failure
18.     404 - invalid code
19.     200 - successful binding
20. */
21. if (!result)
22.     printf('0');
23. else
24. {
25.     $data = $result->fetch_all($resulttype = MYSQLI_ASSOC);
26.     if (!$data[0])
27.         printf("404");
28.     else
29.     {
30.         // Authentication was successful, remove entry and set tshockID
31.         $xfuser_id = $data[0]["user"];
32.         $query = "UPDATE xf_user SET tshock_id = " . $user . " WHERE user_id = " . $xfuser_id . ";";
33.         $result = $db->query($query);
34.         if ($result)
35.         {
36.             $query = "DELETE FROM tshock_auth WHERE user = " . $xfuser_id . ";";
37.             $db->query($query);
38.             printf("200" . "," . $xfuser_id);
39.         }
40.         else
41.             printf("0");
42.     }
43. }
44. ?>