API tools faq
paste
Guest User

Untitled

a guest
Jul 29th, 2022
61
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 19.58 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. /* --------------------------------------------------------------------
  4.  
  5. Chevereto
  6. https://chevereto.com/
  7.  
  8. @author Rodolfo Berrios A. <http://rodolfoberrios.com/>
  9. <[email protected]>
  10.  
  11. Copyright (C) Rodolfo Berrios A. All rights reserved.
  12.  
  13. BY USING THIS SOFTWARE YOU DECLARE TO ACCEPT THE CHEVERETO EULA
  14. https://chevereto.com/license
  15.  
  16. --------------------------------------------------------------------- */
  17.  
  18. use Abraham\TwitterOAuth\TwitterOAuth;
  19.  
  20. $route = function ($handler) {
  21. if (!CHV\Login::isPi()) {
  22. echo 'Route not available until the system update gets installed.';
  23. die();
  24. }
  25.  
  26. $doing = $handler->request[0];
  27.  
  28. if (!in_array($doing, ['google', 'facebook', 'twitter', 'vk'])) {
  29. return $handler->issue404();
  30. }
  31.  
  32. $logged_user = CHV\Login::getUser();
  33.  
  34. // User status override redirect
  35. CHV\User::statusRedirect($logged_user['status'] ?? null);
  36.  
  37. // Detect return _REQUEST
  38. if ($_REQUEST['return']) {
  39. $_SESSION['connect_return'] = $_REQUEST['return'];
  40. }
  41.  
  42. // Forbidden connection
  43. if (!CHV\getSetting($doing)) {
  44. return $handler->issue404();
  45. }
  46.  
  47. $cookieName = CHV\Login::getSocialCookieName($doing);
  48.  
  49. if ($logged_user) {
  50. $validate = CHV\Login::validateCookie($cookieName);
  51. $login_cookies = CHV\Login::getSession()['login_cookies'];
  52. if (
  53. isset($logged_user['login']['cookie_' . $doing])
  54. && $validate['valid']
  55. && in_array($validate['login_id'], $login_cookies)
  56. ) {
  57. G\redirect($logged_user['url'] . '?conn');
  58. return;
  59. }
  60. $logged_doing = $logged_user['login'][$doing][0] ?? null;
  61. $token = $logged_doing['token_hash'] ?? null;
  62. $secret = $logged_doing['secret'] ?? null;
  63. }
  64.  
  65. /**
  66. * @var bool TRUE to INSERT a new login $doing
  67. */
  68. $do_insert = false;
  69.  
  70. /**
  71. * @var bool TRUE to INSERT a new cookie_$doing
  72. */
  73. $do_cookie = false;
  74.  
  75. /**
  76. * @var bool TRUE to attempt /connect redirection process
  77. */
  78. $redirCallback = true;
  79.  
  80. switch ($doing) {
  81. case 'facebook':
  82. // Redirect to home on error
  83. if (isset($_REQUEST['state'], $_REQUEST['error'])) {
  84. G\redirect();
  85. }
  86. $facebook = new Facebook\Facebook([
  87. 'app_id' => CHV\getSetting('facebook_app_id'),
  88. 'app_secret' => CHV\getSetting('facebook_app_secret'),
  89. 'default_graph_version' => 'v2.8',
  90. ]);
  91. $connectURL = G\get_base_url('connect/facebook');
  92. $helper = $facebook->getRedirectLoginHelper();
  93. $accessToken = $helper->getAccessToken($connectURL);
  94. if (isset($accessToken)) {
  95. $redirCallback = false;
  96. $response = $facebook->get('/me?fields=id,name,cover,link,picture.type(large)', $accessToken);
  97. $get_user = $response->getGraphUser();
  98. $do_cookie = true;
  99. $do_insert = true;
  100. } elseif (isset($logged_doing)) {
  101. try {
  102. $response = $facebook->get('/me?fields=id,name,cover,link,picture.type(large)', $token);
  103. $get_user = $response->getGraphUser();
  104. $redirCallback = false;
  105. $do_cookie = true;
  106. } catch (Exception $e) {
  107. $redirCallback = true;
  108. $error = 'Google connect error: bad stored credentials';
  109. }
  110. }
  111. if ($redirCallback !== false) {
  112. $loginUrl = $helper->getLoginUrl($connectURL);
  113. G\redirect($loginUrl);
  114. }
  115. if (isset($error)) {
  116. unset($_SESSION['facebook']);
  117. throw new Exception($error, 400);
  118. }
  119. $social_pictures = [
  120. 'avatar' => $get_user['picture']['url'],
  121. 'background' => $get_user['cover']['source']
  122. ];
  123. $connect_user = [
  124. 'id' => $get_user['id'],
  125. 'username' => G\sanitize_string(G\unaccent_string($get_user['name']), true, true),
  126. 'name' => $get_user['name'],
  127. 'avatar' => $social_pictures['avatar'],
  128. 'url' => $get_user['link'],
  129. 'website' => null
  130. ];
  131. $connect_tokens = [
  132. 'secret' => null,
  133. 'token_hash' => $accessToken
  134. ];
  135.  
  136. break;
  137.  
  138. case 'twitter':
  139. if (isset($_REQUEST['denied'])) {
  140. G\redirect();
  141. }
  142. $twitter = [
  143. 'key' => CHV\getSetting('twitter_api_key'),
  144. 'secret' => CHV\getSetting('twitter_api_secret')
  145. ];
  146. $error = null;
  147. if (isset($_REQUEST['oauth_verifier'], $_SESSION['twitter']['token'], $_SESSION['twitter']['token_secret'])) {
  148. $redirCallback = false;
  149. $twitteroauth = new TwitterOAuth($twitter['key'], $twitter['secret'], $_SESSION['twitter']['token'], $_SESSION['twitter']['token_secret']);
  150. $access_token = $twitteroauth->oauth("oauth/access_token", [
  151. 'oauth_verifier' => $_REQUEST['oauth_verifier'],
  152. ]);
  153. $twitteroauth = new TwitterOAuth($twitter['key'], $twitter['secret'], $access_token['oauth_token'], $access_token['oauth_token_secret']);
  154. $get_user = $twitteroauth->get('account/verify_credentials');
  155. if ($get_user->errors) {
  156. $error = 'Twitter connect error: bad credentials or tokens';
  157. } else {
  158. $do_insert = true;
  159. $do_cookie = true;
  160. }
  161. } elseif (isset($logged_doing)) {
  162. $twitteroauth = new TwitterOAuth($twitter['key'], $twitter['secret'], $token, $secret);
  163. $get_user = $twitteroauth->get('account/verify_credentials');
  164. if ($get_user->errors) {
  165. $redirCallback = true;
  166. $error = 'Twitter connect error: bad stored credentials';
  167. } else {
  168. $redirCallback = false;
  169. $do_cookie = true;
  170. }
  171. }
  172. if ($redirCallback !== false) {
  173. try {
  174. $twitteroauth = new TwitterOAuth($twitter['key'], $twitter['secret']);
  175. $request_token = $twitteroauth->oauth("oauth/request_token", ["oauth_callback" => G\get_base_url('connect/twitter')]);
  176. if (($request_token['oauth_callback_confirmed'] ?? false) == true) {
  177. $url = $twitteroauth->url("oauth/authorize", ["oauth_token" => $request_token['oauth_token']]);
  178. $_SESSION['twitter']['token'] = $request_token['oauth_token'];
  179. $_SESSION['twitter']['token_secret'] = $request_token['oauth_token_secret'];
  180. G\redirect($url);
  181. } else {
  182. throw new Exception('Twitter connect error: oauth callback not confirmed', 400);
  183. }
  184. } catch (Exception $e) {
  185. $error = $e->getMessage();
  186. }
  187. }
  188. if (isset($error)) {
  189. unset($_SESSION['twitter']);
  190. throw new Exception($error, 400);
  191. }
  192. $social_pictures = [
  193. 'avatar' => str_replace('_normal.', '.', $get_user->profile_image_url_https),
  194. 'background' => $get_user->profile_background_image_url
  195. ];
  196. $connect_user = [
  197. 'id' => $get_user->id,
  198. 'username' => $get_user->screen_name,
  199. 'name' => $get_user->name,
  200. 'avatar' => $social_pictures['avatar'],
  201. 'url' => 'http://twitter.com/' . $get_user->screen_name,
  202. 'website' => $get_user->entities->url ? $get_user->entities->url->urls[0]->expanded_url : null
  203. ];
  204. $connect_tokens = [
  205. 'secret' => $access_token['oauth_token_secret'],
  206. 'token_hash' => $access_token['oauth_token']
  207. ];
  208. break;
  209.  
  210. case 'google':
  211. $google = [
  212. 'id' => CHV\getSetting('google_client_id'),
  213. 'secret' => CHV\getSetting('google_client_secret')
  214. ];
  215. if (isset($_REQUEST['state'], $_SESSION['google']['state']) && $_SESSION['google']['state'] !== $_REQUEST['state']) {
  216. G\set_status_header(403);
  217. $handler->template = 'request-denied';
  218. return;
  219. } else {
  220. $_SESSION['google']['state'] = md5(uniqid(mt_rand(), true));
  221. }
  222. if (($_REQUEST['error'] ?? null) == 'access_denied') {
  223. G\redirect('login');
  224. }
  225. $client = new Google\Client();
  226. $client->setApplicationName(CHV\getSetting('website_name') . ' connect');
  227. $client->setClientId($google['id']);
  228. $client->setClientSecret($google['secret']);
  229. $client->setRedirectUri(G\get_base_url('connect/google'));
  230. if ($_SESSION['google']['state']) {
  231. $client->setState($_SESSION['google']['state']);
  232. }
  233. $client->setScopes([Google\Service\Oauth2::USERINFO_PROFILE]);
  234. $oauth2Service = new Google\Service\Oauth2($client);
  235. if (isset($_GET['code'])) {
  236. $client->fetchAccessTokenWithAuthCode($_GET['code']);
  237. $access_token = $client->getAccessToken();
  238. $redirCallback = false;
  239. $client->setAccessToken($access_token);
  240. $get_user = $oauth2Service->userinfo->get();
  241. if (!$get_user) {
  242. $error = 'Google connect error: bad credentials or tokens';
  243. } else {
  244. $do_insert = true;
  245. $do_cookie = true;
  246. }
  247. } elseif (isset($logged_doing)) {
  248. try {
  249. $client->setAccessToken($token);
  250. $get_user = $oauth2Service->userinfo->get();
  251. $redirCallback = false;
  252. $do_cookie = true;
  253. } catch (Exception $e) {
  254. $redirCallback = true;
  255. $error = 'Google connect error: bad stored credentials';
  256. }
  257. }
  258. if ($redirCallback !== false) {
  259. G\redirect($client->createAuthUrl());
  260. }
  261. if (isset($error)) {
  262. unset($_SESSION['google']);
  263. throw new Exception($error, 400);
  264. }
  265. $social_pictures = [
  266. 'avatar' => $get_user->getPicture(),
  267. 'background' => null
  268. ];
  269. $connect_user = [
  270. 'id' => $get_user->getId(),
  271. 'username' => G\sanitize_string(G\unaccent_string($get_user->getName()), true, true),
  272. 'name' => $get_user->getName(),
  273. 'avatar' => $get_user->getPicture(),
  274. 'url' => $get_user->getLink(),
  275. ];
  276. $connect_tokens = [
  277. 'secret' => null,
  278. 'token_hash' => json_encode($client->getAccessToken())
  279. ];
  280. break;
  281.  
  282. case 'vk':
  283. $vk = [
  284. 'client_id' => CHV\getSetting('vk_client_id'),
  285. 'client_secret' => CHV\getSetting('vk_client_secret'),
  286. 'redirect_uri' => G\get_base_url('connect/vk')
  287. ];
  288. $error = null;
  289. $client = new \BW\Vkontakte($vk);
  290. if (isset($_GET['code'])) {
  291. $redirCallback = false;
  292. $client->authenticate();
  293. $access_token = $client->getAccessToken();
  294. $redirCallback = false;
  295. $client->setAccessToken($access_token);
  296. $query = [
  297. 'user_id' => $client->getUserId(),
  298. 'fields' => ['photo_200', 'site', 'domain']
  299. ];
  300. $get_user = $client->api('users.get', $query)[0] ?? null;
  301. if (empty($get_user)) {
  302. $error = 'VK connect error: bad credentials or tokens';
  303. } else {
  304. $do_insert = true;
  305. $do_cookie = true;
  306. }
  307. } elseif (isset($logged_doing)) {
  308. $client->setAccessToken($token);
  309. $query = [
  310. 'user_id' => $client->getUserId(),
  311. 'fields' => ['photo_200', 'site', 'domain']
  312. ];
  313. $get_user = $client->api('users.get', $query)[0] ?? null;
  314. if (empty($get_user)) {
  315. $redirCallback = true;
  316. $error = 'VK connect error: bad stored credentials';
  317. } else {
  318. $redirCallback = false;
  319. $do_cookie = true;
  320. }
  321. }
  322. if ($redirCallback !== false) {
  323. G\redirect($client->getLoginUrl());
  324. }
  325. if (isset($error)) {
  326. unset($_SESSION['vk']);
  327. throw new Exception($error, 400);
  328. }
  329. $social_pictures = [
  330. 'avatar' => $get_user['photo_200'],
  331. 'background' => null
  332. ];
  333. $connect_user = [
  334. 'id' => $get_user['id'] ?: $get_user['uid'],
  335. 'username' => G\sanitize_string(G\unaccent_string($get_user['first_name'] . $get_user['last_name']), true, true),
  336. 'name' => trim($get_user['first_name'] . ' ' . $get_user['last_name']),
  337. 'avatar' => $get_user['photo_200'],
  338. 'url' => 'http://vk.com/' . $get_user['domain'],
  339. 'website' => $get_user['site']
  340. ];
  341. $connect_tokens = [
  342. 'secret' => null,
  343. 'token_hash' => json_encode($client->getAccessToken())
  344. ];
  345. break;
  346. }
  347.  
  348. if (!empty($logged_user)) {
  349. $user = $logged_user;
  350. }
  351.  
  352. if ($do_insert) {
  353. $login = CHV\Login::get(['type' => $doing, 'resource_id' => $connect_user['id']]);
  354. if (count($login) > 1) {
  355. foreach ($login as $v) {
  356. $isUser = CHV\User::getSingle($v['user_id']);
  357. if (!$isUser) {
  358. CHV\Login::delete(['id' => $v['id']]);
  359. } else {
  360. $login = $v;
  361. break;
  362. }
  363. }
  364. } else {
  365. $login = $login[0];
  366. }
  367. if ($login && !$user) {
  368. $user = CHV\User::getSingle($login['user_id']);
  369. }
  370. if (!$user) {
  371. if (!CHV\Settings::get('enable_signups')) {
  372. _se('Signup is disabled');
  373. die();
  374. }
  375. // Create user (bound to social network login)
  376. $username = '';
  377. preg_match_all('/[\w]/', $connect_user['username'], $user_matches);
  378. foreach ($user_matches[0] as $match) {
  379. $username .= $match;
  380. }
  381. $baseUsername = substr(strtolower($username), 0, CHV\getSetting('username_max_length'));
  382. $username = $baseUsername;
  383. $j = 1;
  384. while (!CHV\User::isValidUsername($username)) {
  385. if(strlen($username) > CHV\getSetting('username_max_length')) {
  386. $username = substr($baseUsername, 0, -strlen($j)) . $j;
  387. } else {
  388. $username .= $j;
  389. }
  390. $j++;
  391. }
  392. $i = 1;
  393. while (CHV\User::getSingle($username, 'username', false)) {
  394. if(strlen($username) > CHV\getSetting('username_max_length')) {
  395. $username = substr($baseUsername, 0, -strlen($i)) . $i;
  396. } else {
  397. $username .= $i;
  398. }
  399. $i++;
  400. }
  401. $insert_user_values = [
  402. 'username' => $username,
  403. 'name' => $connect_user['name'],
  404. 'status' => CHV\getSetting('require_user_email_social_signup') ? 'awaiting-email' : 'valid',
  405. 'website' => $connect_user['website'],
  406. 'timezone' => CHV\getSetting('default_timezone'),
  407. 'language' => CHV\L10n::getLocale(),
  408. ];
  409.  
  410. if (in_array($doing, ['twitter', 'facebook'])) {
  411. $insert_user_values[$doing . '_username'] = $connect_user['username'];
  412. }
  413. $inserted_user = CHV\User::insert($insert_user_values);
  414. $user = CHV\User::getSingle($inserted_user, 'id', true);
  415. }
  416. $login_array = [
  417. 'user_id' => $user['id'],
  418. 'type' => $doing,
  419. 'resource_id' => $connect_user['id']
  420. ];
  421. CHV\Login::delete($login_array);
  422. $login_array = array_merge($login_array, $connect_tokens);
  423. $login_array = array_merge($login_array, [
  424. 'resource_name' => $connect_user['name'],
  425. 'resource_avatar' => $connect_user['avatar'],
  426. 'resource_url' => $connect_user['url'],
  427. ]);
  428. CHV\Login::insert($login_array);
  429. }
  430.  
  431. if ($do_cookie) {
  432. // Insert 'cookie_twitter', checks $_COOKIE due to redirects
  433. if (!isset($_COOKIE[$cookieName])) {
  434. CHV\Login::insert([
  435. 'user_id' => $user['id'],
  436. 'type' => 'cookie_' . $doing,
  437. ]);
  438. }
  439. }
  440.  
  441. if ($user) {
  442. if ($connect_user) {
  443. if ($doing == 'twitter') {
  444. $user_array[$doing . '_username'] = $connect_user['username'];
  445. }
  446. if (is_array($user_array) && count($user_array) > 0) {
  447. CHV\User::update($user['id'], $user_array);
  448. }
  449. }
  450. if ($social_pictures) {
  451. // Fetch the social network images
  452. if (!$user['avatar']['filename'] or !$user['background']['filename']) {
  453. $avatar_needed = !$user ? true : !$user['avatar']['filename'];
  454. $background_needed = !$user ? true : !$user['background']['filename'];
  455. try {
  456. if ($avatar_needed and $social_pictures['avatar']) {
  457. CHV\User::uploadPicture($user, 'avatar', $social_pictures['avatar']);
  458. }
  459. if ($background_needed and $social_pictures['background']) {
  460. CHV\User::uploadPicture($user, 'background', $social_pictures['background']);
  461. }
  462. } catch (Exception $e) {
  463. } // Silence
  464. }
  465. }
  466. }
  467.  
  468. if ($do_insert || $do_cookie) {
  469. $redirect_to = $_SESSION['connect_return'] ? urldecode($_SESSION['connect_return']) : $logged_user['url'];
  470. unset($_SESSION['connect_return'], $_SESSION[$doing]);
  471. if ($_SESSION['last_url']) {
  472. $redirect_to = $_SESSION['last_url'];
  473. }
  474. G\redirect($redirect_to);
  475. }
  476.  
  477. die();
  478. };
  479.  
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!