-
Notifications
You must be signed in to change notification settings - Fork 0
/
callback.php
112 lines (92 loc) · 3.41 KB
/
callback.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
<?php
require_once 'base.php';
require_once 'connection.php';
require_once 'functions.php';
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
$state = json_decode(urldecode($_GET["state"]), true);
$csrf_token = $state["csrf_token"];
$redirect_url = $state["redirect_url"];
if (!isset($_SESSION["LOGIN_CSRF_TOKEN"]) || !hash_equals($csrf_token, $_SESSION["LOGIN_CSRF_TOKEN"])) {
die("Forged request.");
}
unset($_SESSION["LOGIN_CSRF_TOKEN"]);
$code = $_GET["code"];
$fields = json_encode(array(
"client_id" => $clientID,
"client_secret" => $clientSecret,
"code" => $code,
"grant_type" => "authorization_code",
"redirect_uri" => relUrl("/callback.php"),
));
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => 'https://osu.ppy.sh/oauth/token',
CURLOPT_CUSTOMREQUEST => 'POST',
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $fields,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPHEADER => ['Accept: application/json', 'Content-Type: application/json'],
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
));
$response = curl_exec($curl);
curl_close($curl);
$json = json_decode($response, true);
$accessToken = $json["access_token"];
$refreshToken = $json["refresh_token"];
$expiresIn = (int) $json["expires_in"];
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => 'https://osu.ppy.sh/api/v2/me/osu',
CURLOPT_HTTPHEADER => ['Accept: application/json', 'Content-Type: application/json', 'Authorization: Bearer ' . $accessToken],
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'GET',
));
$response = curl_exec($curl);
curl_close($curl);
$json = json_decode($response, true);
$userId = $json["id"];
$username = $json["username"];
$country = $json["country"];
$stmt = $conn->prepare("SELECT * FROM `users` WHERE `UserID` = ?");
$stmt->bind_param("s", $userId);
$stmt->execute();
$result = $stmt->get_result();
if ($result && $result->num_rows == 0) {
$stmt = $conn->prepare("INSERT INTO `users` (UserID, Username, AccessToken, RefreshToken) VALUES (?, ?, ?, ?);");
$stmt->bind_param("ssss", $userId, $username, $accessToken, $refreshToken);
$stmt->execute();
$stmt->close();
} else {
$stmt = $conn->prepare("UPDATE `users` SET `AccessToken` = ?, `RefreshToken` = ?, `Username` = ? WHERE `UserID` = ?");
$stmt->bind_param("ssss", $accessToken, $refreshToken, $username, $userId);
$stmt->execute();
$stmt->close();
}
$stmt = $conn->prepare("SELECT * FROM `mappernames` WHERE `UserID` = ?");
$stmt->bind_param("s", $userId);
$stmt->execute();
$result = $stmt->get_result();
if ($result && $result->num_rows == 0) {
$stmt = $conn->prepare("INSERT INTO `mappernames` (UserID, Username, Country) VALUES (?, ?, ?);");
$stmt->bind_param("iss", $userId, $username, $country->code);
$stmt->execute();
$stmt->close();
} else {
$stmt = $conn->prepare("UPDATE `mappernames` SET `Username` = ?, `Country` = ? WHERE `UserID` = ?");
$stmt->bind_param("ssi", $username, $country->code, $userId);
$stmt->execute();
$stmt->close();
}
setcookie("AccessToken", $accessToken, time() + $expiresIn);
siteRedirect($redirect_url);
?>