header('HTTP/1.0 500 Internal Server Error');
require 'www-header.php';
-function getOrCreateUser($mode, $name, $email)
+function getOrCreateUser($mode, $name, $imageurl, $email)
{
if ($mode == 'anonymous') {
- $name = 'Anonymous';
- $email = '';
+ $name = 'Anonymous';
+ $email = '';
+ $imageurl = '';
} else {
if ($name == '') {
$name = 'Anonymous';
}
}
- $imageurl = getImageUrl($email);
+ if ($imageurl == '') {
+ $imageurl = getImageUrl($email);
+ }
$storage = new Storage();
$id = $storage->findUser($name, $imageurl);
$response_type = getOptionalParameter($_GET, 'response_type', 'id');
$scope = getOptionalParameter($_GET, 'scope', null);
- //FIXME: if $me is an actual user, load his data
+ $id = array(
+ 'mode' => 'anonymous',
+ 'name' => '',
+ 'imageurl' => '',
+ );
+ $userbaseurl = Urls::full('/user/');
+ if (substr($me, 0, strlen($userbaseurl)) == $userbaseurl) {
+ //actual user URL - loads his data
+ $userid = substr($me, strrpos($me, '/') + 1, -4);
+ if (intval($userid) == $userid) {
+ $storage = new Storage();
+ $rowUser = $storage->getUser($userid);
+ if ($rowUser !== null) {
+ $id['mode'] = 'data';
+ $id['name'] = $rowUser->user_name;
+ $id['imageurl'] = $rowUser->user_imageurl;
+ if ($id['imageurl'] == Urls::userImg()) {
+ $id['imageurl'] = '';
+ }
+ }
+ }
+ }
//let the user choose his identity
header('HTTP/1.0 200 OK');
'response_type' => $response_type,
'scope' => $scope,
),
+ 'id' => $id,
'formaction' => '/auth.php?action=login',
)
);
verifyParameter($id, 'mode');
$userId = getOrCreateUser(
- $id['mode'], trim($id['name']), trim($id['email'])
+ $id['mode'], trim($id['name']), trim($id['imageurl']),
+ trim($id['email'])
);
$me = Urls::full(Urls::user($userId));
//redirect back to client
$url = new \Net_URL2($redirect_uri);
- if ($response_type == 'code') {
- $url->setQueryVariable('code', $code);
- }
+ $url->setQueryVariable('code', $code);
$url->setQueryVariable('me', $me);
$url->setQueryVariable('state', $state);
header('Location: ' . $url->getURL());
exit();
} else {
//auth code verification
+ $code = base64_decode(verifyParameter($_POST, 'code'));
$redirect_uri = verifyUrlParameter($_POST, 'redirect_uri');
$client_id = verifyUrlParameter($_POST, 'client_id');
$state = getOptionalParameter($_POST, 'state', null);
- $code = getOptionalParameter($_POST, 'code', null);
- if ($code !== null && $code !== '') {
- //code only given for "code" response_type, not for "id" mode
- parse_str(base64_decode($code), $codeParts);
- $emoji = verifyParameter($codeParts, 'emoji');
- $signature = verifyParameter($codeParts, 'signature');
- $me = verifyUrlParameter($codeParts, 'me');
- if ($emoji != '\360\237\222\251') {
- error('Dog poo missing');
- }
- if ($signature != 'FIXME') {
- error('Invalid signature');
- }
+ parse_str($code, $codeParts);
+ $emoji = verifyParameter($codeParts, 'emoji');
+ $signature = verifyParameter($codeParts, 'signature');
+ $me = verifyUrlParameter($codeParts, 'me');
+ if ($emoji != '\360\237\222\251') {
+ error('Dog poo missing');
+ }
+ if ($signature != 'FIXME') {
+ error('Invalid signature');
}
header('HTTP/1.0 200 OK');
header('Content-type: application/x-www-form-urlencoded');