Campustream 1.0
A social network MQP for WPI
application/controllers/session.php
Go to the documentation of this file.
00001 <?php
00002 include_once $GLOBALS['APPROOT'] . 'application/lib/twitteroauth/twitteroauth.php';
00003 
00008 class Session_Controller extends Controller {
00009         public $template = 'template/main';
00010         public $enable_session = true;
00011         
00016         public function new_action() {
00017                 
00018                 /*
00019                  * If we want to redirect somewhere besides
00020                  * the site root
00021                  */
00022                 if(!empty($_GET['r'])) {
00023                         $redirect = $_GET['r'];
00024                 }
00025                 
00026                 try{
00027                         
00028                         $username = reset(explode('@', $_POST['username']));
00029                         
00030                         $user = User_Model::find_user_for_login($username, $_POST['password']);
00031                         $this->session->set_session($user);
00032 
00033                         return Hub::redirect('/');
00034                         
00035                 } catch(Exception $e) {
00036                         //echo $e->getMessage();
00037                         return Hub::redirect('/login?fail=true');
00038                         
00039                 }
00040         }
00041         
00047         public function twitter_login() {
00048                 $twitter = twitter::api();
00049                 
00050                 $callback = 'http://campustream.com/session/twitter/finish';
00051                 if ($GLOBALS['ISDEV']) {
00052                         $callback = 'http://dev.campustream.com/session/twitter/finish';
00053                 }
00054                 
00055                 $request_token = $twitter->getRequestToken($callback);
00056                 
00057                 $this->session->set('oauth_token', $request_token['oauth_token']);
00058                 $this->session->set('oauth_secret', $request_token['oauth_token_secret']);
00059                 
00060                 switch ($twitter->http_code) {
00061                         case 200:
00062                                 $url = $twitter->getAuthorizeURL($this->session->get('oauth_token'));
00063                                 Hub::redirect($url);
00064                                 break;
00065                         default:
00066                                 echo "Error connecting with Twitter, please try again! Error code: {$twitter->http_code}";
00067                 }
00068         }
00069         
00074         public function twitter_finish() {
00075                 if (isset($_REQUEST['oauth_token']) && $this->session->get('oauth_token') !== $_REQUEST['oauth_token']) {
00076                         $this->session->set('oauth_token', null);
00077                         $this->session->set('oauth_secret', null);
00078                         
00079                         echo "Old OAuth token, please try signing in again.";
00080                         return false;
00081                 }
00082                 
00083                 $oauth_token = $this->session->get('oauth_token');
00084                 $oauth_secret = $this->session->get('oauth_secret');
00085                 
00086                 $twitter = new TwitterOAuth($GLOBALS['TWITTER_CONSUMER_KEY'], $GLOBALS['TWITTER_CONSUMER_SECRET'], $oauth_token, $oauth_secret);
00087                 $access_token = $twitter->getAccessToken($_REQUEST['oauth_verifier']);
00088                 
00089                 $this->session->set('oauth_token', false);
00090                 $this->session->set('oauth_secret', false);
00091                 
00092                 $tweeter = $twitter->get('account/verify_credentials');
00093                 
00094                 $usertwitter = ActiveRecord::find('Usertwitter_Model', "SELECT * FROM usertwitter WHERE twitter_id = {$tweeter->id} LIMIT 1");
00095                 if ($usertwitter->is_loaded()) {
00096                         $usertwitter->load_user();
00097                         $this->session->set_session($usertwitter->user);
00098                         
00099                         return Hub::redirect('/');
00100                 } else {
00101                         return Hub::redirect('/login');
00102                 }
00103         }
00104         
00108         public function create() {
00109                 // Server-side validation
00110                 foreach ($_POST as $key=>$val) {
00111                         $_POST[$key] = trim($val);
00112                         
00113                         if(strlen($_POST[$key]) == 0) {
00114                                 if ($key == 'full_name') {
00115                                         $_POST['full_name'] = $_POST['username'];
00116                                         continue;
00117                                 }
00118                                 
00119                                 return Hub::redirect('/register?fail=' . $key);
00120                         }
00121                 }
00122                 
00123                 if (!preg_match('/[A-Za-z0-9_]+@wpi.edu/i', $_POST['email'])) {
00124                         return Hub::redirect('/register?fail=email');
00125                 }
00126                 
00127                 $username = reset(explode('@', $_POST['email']));
00128                 
00129                 $user = ActiveRecord::find('User_Model', "SELECT * FROM users WHERE username = '$username' LIMIT 1");
00130                 if ($user->is_loaded()) {
00131                         return Hub::redirect('/register?fail=username_taken');
00132                 }
00133                 
00134                 if (strlen($_POST['password']) <=3) {
00135                         return Hub::redirect('/register?fail=password');
00136                 }
00137                 
00138                 if ($_POST['password'] != $_POST['password_confirm']) {
00139                         return Hub::redirect('/register?fail=password_confirm');
00140                 }
00141 
00142                 $user = new User_Model();
00143                 $user->username = $username;
00144                 $user->name = $_POST['full_name'];
00145                 $user->email = $_POST['email'];
00146                 $user->password = sha1($_POST['password']);
00147                 $user->join_date = ActiveRecord::NOW();
00148                 $user->confirmed = 0;
00149                 $user->confirm_code = md5(time() + $username + rand(0,1000));
00150                 $user->save();
00151                 
00152                 $r = RedisManager::connection();
00153                 $first_letter = strtolower(substr($user->name, 0, 1));
00154                 $r->sadd("users:by_first_letter:$first_letter", $user->id);
00155                 
00156                 // Send the confirmation email
00157                 email::send_confirmation($user);
00158                 
00159                 $this->session->set_session($user);
00160                 
00161                 return Hub::redirect('/settings/profile');
00162         }
00163         
00168         public static function rebuild_using_access_token($access_token) {
00169                 $r = RedisManager::connection();
00170                 $user_id = $r->get("auth:access_token:$access_token");
00171                 
00172                 if (!$user_id) {
00173                         Hub::http_error(403, "Unauthorized");
00174                         die();
00175                 }
00176                 
00177                 $user = ActiveCache::find('User_Model', $user_id, 43200)->sql(
00178                         "SELECT * FROM users WHERE id = $user_id LIMIT 1"
00179                 );
00180                 
00181                 if (!$user->is_loaded()) {
00182                         Hub::http_error(404, "User not found");
00183                         die();
00184                 }
00185                 
00186                 $check = self::generate_access_token($user);
00187                 
00188                 if ($check != $access_token) {
00189                         Hub::http_error(403, "Invalid access token");
00190                         die();
00191                 } else {
00192                         return new ImmutableSession($user);
00193                 }
00194         }
00195         
00199         public static function generate_access_token($user) {
00200                 $auth = sha1("KSDFP*(D0-9sdfpiuhD" . $user->username . "FD98sydfkjh*DFhkf" . $user->password . "(*YSDHIUGHSDLF" . $user->join_date);
00201                 $r = RedisManager::connection();
00202                 $r->set("auth:access_token:$auth", $user->id);
00203                 return $auth;
00204         }
00205                 
00206         public function destroy()  {
00207                 
00208                 $this->session->destroy();
00209                 
00210                 Hub::redirect( '/' );
00211                 
00212         }
00213         
00214 }