Subversion Repositories oidplus

Rev

Rev 1005 | Rev 1149 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
635 daniel-mar 1 
<?php
2 
 
3 
/*
4 
 * OIDplus 2.0
5 
 * Copyright 2019 - 2021 Daniel Marschall, ViaThinkSoft
6 
 *
7 
 * Licensed under the Apache License, Version 2.0 (the "License");
8 
 * you may not use this file except in compliance with the License.
9 
 * You may obtain a copy of the License at
10 
 *
11 
 *     http://www.apache.org/licenses/LICENSE-2.0
12 
 *
13 
 * Unless required by applicable law or agreed to in writing, software
14 
 * distributed under the License is distributed on an "AS IS" BASIS,
15 
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 
 * See the License for the specific language governing permissions and
17 
 * limitations under the License.
18 
 */
19 
 
1050 daniel-mar 20 
use ViaThinkSoft\OIDplus\OIDplus;
21 
use ViaThinkSoft\OIDplus\OIDplusGui;
22 
use ViaThinkSoft\OIDplus\OIDplusException;
23 
use ViaThinkSoft\OIDplus\OIDplusRA;
24 
 
635 daniel-mar 25 
# More information about the OAuth2 implementation:
26 
# - https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow
27 
# - https://developers.facebook.com/tools/explorer/
28 
 
29 
require_once __DIR__ . '/../../../../includes/oidplus.inc.php';
30 
 
31 
OIDplus::init(true);
1050 daniel-mar 32 
set_exception_handler(array(OIDplusGui::class, 'html_exception_handler'));
635 daniel-mar 33 
 
1050 daniel-mar 34 
if (OIDplus::baseConfig()->getValue('DISABLE_PLUGIN_ViaThinkSoft\OIDplus\OIDplusPagePublicLoginFacebook', false)) {
635 daniel-mar 35 
        throw new OIDplusException(_L('This plugin was disabled by the system administrator!'));
36 
}
37 
 
38 
if (!OIDplus::baseConfig()->getValue('FACEBOOK_OAUTH2_ENABLED', false)) {
39 
        throw new OIDplusException(_L('Facebook OAuth authentication is disabled on this system.'));
40 
}
41 
 
42 
_CheckParamExists($_GET, 'code');
43 
_CheckParamExists($_GET, 'state');
44 
_CheckParamExists($_COOKIE, 'csrf_token_weak');
45 
 
46 
if ($_GET['state'] != $_COOKIE['csrf_token_weak']) {
866 daniel-mar 47 
        die(_L('Missing or wrong CSRF Token'));
635 daniel-mar 48 
}
49 
 
50 
if (!function_exists('curl_init')) {
51 
        die(_L('The "%1" PHP extension is not installed at your system. Please enable the PHP extension <code>%2</code>.','CURL','php_curl'));
52 
}
53 
 
54 
// Get access token
55 
 
56 
$ch = curl_init();
57 
if (ini_get('curl.cainfo') == '') curl_setopt($ch, CURLOPT_CAINFO, OIDplus::localpath() . 'vendor/cacert.pem');
58 
curl_setopt($ch, CURLOPT_URL,"https://graph.facebook.com/v8.0/oauth/access_token?".
59 
        "client_id=".urlencode(OIDplus::baseConfig()->getValue('FACEBOOK_OAUTH2_CLIENT_ID'))."&".
801 daniel-mar 60 
        "redirect_uri=".urlencode(OIDplus::webpath(__DIR__,OIDplus::PATH_ABSOLUTE_CANONICAL).'oauth.php')."&".
635 daniel-mar 61 
        "client_secret=".urlencode(OIDplus::baseConfig()->getValue('FACEBOOK_OAUTH2_CLIENT_SECRET'))."&".
62 
        "code=".$_GET['code']
63 
);
715 daniel-mar 64 
curl_setopt($ch, CURLOPT_USERAGENT, 'ViaThinkSoft-OIDplus/2.0');
635 daniel-mar 65 
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
66 
$cont = curl_exec($ch);
67 
curl_close($ch);
68 
$data = json_decode($cont,true);
69 
if (isset($data['error'])) {
70 
        echo '<h2>Error at step 2</h2>';
71 
        echo '<p>'.$data['error']['message'].'</p>';
72 
        die();
73 
}
74 
$access_token = $data['access_token'];
75 
 
76 
// Get user infos
77 
 
78 
$ch = curl_init();
79 
if (ini_get('curl.cainfo') == '') curl_setopt($ch, CURLOPT_CAINFO, OIDplus::localpath() . 'vendor/cacert.pem');
80 
curl_setopt($ch, CURLOPT_URL,"https://graph.facebook.com/v8.0/me?".
81 
        "fields=id,email,name&".
82 
        "access_token=".urlencode($access_token)
83 
);
715 daniel-mar 84 
curl_setopt($ch, CURLOPT_USERAGENT, 'ViaThinkSoft-OIDplus/2.0');
635 daniel-mar 85 
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
86 
$cont = curl_exec($ch);
87 
curl_close($ch);
88 
$data = json_decode($cont,true);
89 
if (isset($data['error'])) {
90 
        throw new OIDplusException(_L('Error receiving the authentication token from %1: %2','Facebook',$data['error']['message']));
91 
}
92 
$personal_name = $data['name'];
93 
$email = !isset($data['email']) ? '' : $data['email'];
94 
if (empty($email)) {
95 
        throw new OIDplusException(_L('Your Facebook account does not have an email address.'));
96 
}
97 
 
98 
// Everything's done! Now login and/or create account
99 
 
705 daniel-mar 100 
$ra = new OIDplusRA($email);
101 
if (!$ra->existing()) {
102 
        $ra->register_ra(null); // create a user account without password
635 daniel-mar 103 
 
705 daniel-mar 104 
        OIDplus::db()->query("update ###ra set ra_name = ?, personal_name = ? where email = ?", array($personal_name, $personal_name, $email));
635 daniel-mar 105 
 
705 daniel-mar 106 
        OIDplus::logger()->log("[INFO]RA($email)!", "RA '$email' was created because of successful Facebook OAuth2 login");
107 
}
635 daniel-mar 108 
 
705 daniel-mar 109 
OIDplus::authUtils()->raLoginEx($email, $remember_me=false, 'Facebook-OAuth2');
635 daniel-mar 110 
 
705 daniel-mar 111 
OIDplus::db()->query("UPDATE ###ra set last_login = ".OIDplus::db()->sqlDate()." where email = ?", array($email));
635 daniel-mar 112 
 
705 daniel-mar 113 
// Go back to OIDplus
635 daniel-mar 114 
 
1005 daniel-mar 115 
OIDplus::invoke_shutdown();
116 
 
801 daniel-mar 117 
header('Location:'.OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL));