Campustream 1.0
A social network MQP for WPI
|
00001 <?php 00002 include_once $GLOBALS['APPROOT'] . 'application/lib/twitteroauth/twitteroauth.php'; 00003 00008 class Session_Controller extends Controller { 00009 public $template = 'template/main'; 00010 public $enable_session = true; 00011 00016 public function new_action() { 00017 00018 /* 00019 * If we want to redirect somewhere besides 00020 * the site root 00021 */ 00022 if(!empty($_GET['r'])) { 00023 $redirect = $_GET['r']; 00024 } 00025 00026 try{ 00027 00028 $username = reset(explode('@', $_POST['username'])); 00029 00030 $user = User_Model::find_user_for_login($username, $_POST['password']); 00031 $this->session->set_session($user); 00032 00033 return Hub::redirect('/'); 00034 00035 } catch(Exception $e) { 00036 //echo $e->getMessage(); 00037 return Hub::redirect('/login?fail=true'); 00038 00039 } 00040 } 00041 00047 public function twitter_login() { 00048 $twitter = twitter::api(); 00049 00050 $callback = 'http://campustream.com/session/twitter/finish'; 00051 if ($GLOBALS['ISDEV']) { 00052 $callback = 'http://dev.campustream.com/session/twitter/finish'; 00053 } 00054 00055 $request_token = $twitter->getRequestToken($callback); 00056 00057 $this->session->set('oauth_token', $request_token['oauth_token']); 00058 $this->session->set('oauth_secret', $request_token['oauth_token_secret']); 00059 00060 switch ($twitter->http_code) { 00061 case 200: 00062 $url = $twitter->getAuthorizeURL($this->session->get('oauth_token')); 00063 Hub::redirect($url); 00064 break; 00065 default: 00066 echo "Error connecting with Twitter, please try again! Error code: {$twitter->http_code}"; 00067 } 00068 } 00069 00074 public function twitter_finish() { 00075 if (isset($_REQUEST['oauth_token']) && $this->session->get('oauth_token') !== $_REQUEST['oauth_token']) { 00076 $this->session->set('oauth_token', null); 00077 $this->session->set('oauth_secret', null); 00078 00079 echo "Old OAuth token, please try signing in again."; 00080 return false; 00081 } 00082 00083 $oauth_token = $this->session->get('oauth_token'); 00084 $oauth_secret = $this->session->get('oauth_secret'); 00085 00086 $twitter = new TwitterOAuth($GLOBALS['TWITTER_CONSUMER_KEY'], $GLOBALS['TWITTER_CONSUMER_SECRET'], $oauth_token, $oauth_secret); 00087 $access_token = $twitter->getAccessToken($_REQUEST['oauth_verifier']); 00088 00089 $this->session->set('oauth_token', false); 00090 $this->session->set('oauth_secret', false); 00091 00092 $tweeter = $twitter->get('account/verify_credentials'); 00093 00094 $usertwitter = ActiveRecord::find('Usertwitter_Model', "SELECT * FROM usertwitter WHERE twitter_id = {$tweeter->id} LIMIT 1"); 00095 if ($usertwitter->is_loaded()) { 00096 $usertwitter->load_user(); 00097 $this->session->set_session($usertwitter->user); 00098 00099 return Hub::redirect('/'); 00100 } else { 00101 return Hub::redirect('/login'); 00102 } 00103 } 00104 00108 public function create() { 00109 // Server-side validation 00110 foreach ($_POST as $key=>$val) { 00111 $_POST[$key] = trim($val); 00112 00113 if(strlen($_POST[$key]) == 0) { 00114 if ($key == 'full_name') { 00115 $_POST['full_name'] = $_POST['username']; 00116 continue; 00117 } 00118 00119 return Hub::redirect('/register?fail=' . $key); 00120 } 00121 } 00122 00123 if (!preg_match('/[A-Za-z0-9_]+@wpi.edu/i', $_POST['email'])) { 00124 return Hub::redirect('/register?fail=email'); 00125 } 00126 00127 $username = reset(explode('@', $_POST['email'])); 00128 00129 $user = ActiveRecord::find('User_Model', "SELECT * FROM users WHERE username = '$username' LIMIT 1"); 00130 if ($user->is_loaded()) { 00131 return Hub::redirect('/register?fail=username_taken'); 00132 } 00133 00134 if (strlen($_POST['password']) <=3) { 00135 return Hub::redirect('/register?fail=password'); 00136 } 00137 00138 if ($_POST['password'] != $_POST['password_confirm']) { 00139 return Hub::redirect('/register?fail=password_confirm'); 00140 } 00141 00142 $user = new User_Model(); 00143 $user->username = $username; 00144 $user->name = $_POST['full_name']; 00145 $user->email = $_POST['email']; 00146 $user->password = sha1($_POST['password']); 00147 $user->join_date = ActiveRecord::NOW(); 00148 $user->confirmed = 0; 00149 $user->confirm_code = md5(time() + $username + rand(0,1000)); 00150 $user->save(); 00151 00152 $r = RedisManager::connection(); 00153 $first_letter = strtolower(substr($user->name, 0, 1)); 00154 $r->sadd("users:by_first_letter:$first_letter", $user->id); 00155 00156 // Send the confirmation email 00157 email::send_confirmation($user); 00158 00159 $this->session->set_session($user); 00160 00161 return Hub::redirect('/settings/profile'); 00162 } 00163 00168 public static function rebuild_using_access_token($access_token) { 00169 $r = RedisManager::connection(); 00170 $user_id = $r->get("auth:access_token:$access_token"); 00171 00172 if (!$user_id) { 00173 Hub::http_error(403, "Unauthorized"); 00174 die(); 00175 } 00176 00177 $user = ActiveCache::find('User_Model', $user_id, 43200)->sql( 00178 "SELECT * FROM users WHERE id = $user_id LIMIT 1" 00179 ); 00180 00181 if (!$user->is_loaded()) { 00182 Hub::http_error(404, "User not found"); 00183 die(); 00184 } 00185 00186 $check = self::generate_access_token($user); 00187 00188 if ($check != $access_token) { 00189 Hub::http_error(403, "Invalid access token"); 00190 die(); 00191 } else { 00192 return new ImmutableSession($user); 00193 } 00194 } 00195 00199 public static function generate_access_token($user) { 00200 $auth = sha1("KSDFP*(D0-9sdfpiuhD" . $user->username . "FD98sydfkjh*DFhkf" . $user->password . "(*YSDHIUGHSDLF" . $user->join_date); 00201 $r = RedisManager::connection(); 00202 $r->set("auth:access_token:$auth", $user->id); 00203 return $auth; 00204 } 00205 00206 public function destroy() { 00207 00208 $this->session->destroy(); 00209 00210 Hub::redirect( '/' ); 00211 00212 } 00213 00214 }