-
Notifications
You must be signed in to change notification settings - Fork 0
/
return_users_index.php
82 lines (80 loc) · 2.84 KB
/
return_users_index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
<?php
require_once "config_index.php";
require_once "g-config.php";
require_once "./includes/db_connect.php";
if (!isset($_SESSION['access_token']))
{
if (!isset($_COOKIE['access_token']) || !isset($_COOKIE['source']))
{
//redirect to login
//header('Location: ./login.php');
include('./includes/not_login_navbar.php');
}
else
{
$_SESSION['source'] = base64_decode($_COOKIE['source']);
if($_SESSION['source'] == "facebook") //Returning Facebook User
{
$accessToken = base64_decode($_COOKIE['access_token']);
//$_SESSION['source'] = base64_decode($_COOKIE['source']);
$response = $FB->get("me?fields=id,first_name,last_name,email,picture.type(large),gender",$accessToken);
$userData = $response->getGraphNode()->asArray();
$_SESSION['userData'] = $userData;
$_SESSION['userData']['picture'] = $_SESSION['userData']['picture']['url'];
$_SESSION['access_token'] = (string) $accessToken;
}
elseif ($_SESSION['source'] == "google") //Returning Google User
{
//retreive id from cookie
$_SESSION['access_token'] = base64_decode($_COOKIE['access_token']);
//sanitize the cookie data
//search for data with id in database
$searchUser = "SELECT `fb_id`, `first_name`, `last_name`, `email`, `picture` FROM `myusers` WHERE `fb_id` LIKE '".$_SESSION['access_token']."'";
$resultUser = mysqli_query($connection, $searchUser);
if (mysqli_num_rows($resultUser) == 1)
{
//set the results in session
$userData = mysqli_fetch_assoc($resultUser);
$_SESSION['userData']['email'] = $userData['email'];
$_SESSION['userData']['first_name'] = $userData['first_name'];
$_SESSION['userData']['last_name'] = $userData['last_name'];
$_SESSION['userData']['id'] = $userData['fb_id'];
$_SESSION['userData']['picture'] = $userData['picture'];
}
else
{
header('Location: ./login.php');
exit();
}
}
else if ($_SESSION['source'] == "guest")
{
//retreive id from cookie
$_SESSION['access_token'] = base64_decode($_COOKIE['access_token']);
//sanitize the cookie data
//search for data with id in database
$searchUser = "SELECT `fb_id`, `first_name`, `last_name`, `email`, `picture` FROM `myusers` WHERE `fb_id` LIKE '".$_SESSION['access_token']."'";
$resultUser = mysqli_query($connection, $searchUser);
if (mysqli_num_rows($resultUser) == 1)
{
//set the results in session
$userData = mysqli_fetch_assoc($resultUser);
$_SESSION['userData']['email'] = $userData['email'];
$_SESSION['userData']['first_name'] = $userData['first_name'];
$_SESSION['userData']['last_name'] = $userData['last_name'];
$_SESSION['userData']['id'] = $userData['fb_id'];
$_SESSION['userData']['picture'] = $userData['picture'];
}
else
{
header('Location: ./login.php');
exit();
}
}
else //Manupulated cookie hacker
{
header('Location: ./login.php');
}
}
}
?>