Файл: wenr.online/app/user/soc/ok.php
Строк: 105
<?php
if($user->isAuth()){
redirect('/game');
exit;
}
$params = [
'client_id' => '512000618076',
'redirect_uri' => 'https://wenr.online/ok',
'scope' => 'GET_EMAIL',
'response_type' => 'code',
'layout' => 'm'
];
$url = 'https://ok.ru/oauth/authorize?' . urldecode(http_build_query($params));
if (!empty($_GET['code'])) {
$params = [
'code' => $_GET['code'],
'redirect_uri' => 'https://wenr.online/ok',
'grant_type' => 'authorization_code',
'client_id' => '512000618076',
'client_secret' => 'E77DDFF0F7A5C1FD3755A993'
];
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'http://api.ok.ru/oauth/token.do'); // url, куда будет отправлен запрос
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, urldecode(http_build_query($params))); // передаём параметры
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
$result = curl_exec($curl);
curl_close($curl);
$tokenInfo = json_decode($result, true);
if (isset($tokenInfo['access_token'])) {
$sign = md5('application_key=CNFPGOJGDIHBABABAformat=jsonmethod=users.getCurrentUser'.md5($tokenInfo['access_token'].'E77DDFF0F7A5C1FD3755A993'));
$params = array(
'method' => 'users.getCurrentUser',
'access_token' => $tokenInfo['access_token'],
'application_key' => 'CNFPGOJGDIHBABABA',
'format' => 'json',
'sig' => $sign
);
$userInfo = json_decode(file_get_contents('http://api.ok.ru/fb.do' . '?' . urldecode(http_build_query($params))), true);
$check = $db->prepare('select user_id from users where soc = ?');
$check -> execute([$userInfo['uid']]);
$check = $check -> fetch(PDO :: FETCH_OBJ);
if(!isset($check->user_id)){
$form =
['value' =>
[
'password' => random_string(12),
'nick' => 'Безымянный',
'uid' => $userInfo['uid']
]];
$password = password_hash($form['value']['password'], PASSWORD_DEFAULT);
$created_at = date('Y-m-d H:i:s', time());
$stmt = $db->prepare("INSERT INTO users SET password = :password, nick = :nick, created_at = :created_at, soc = :uid");
$stmt->bindParam(':password', $password, PDO::PARAM_STR);
$stmt->bindParam(':nick', $form['value']['nick'], PDO::PARAM_STR);
$stmt->bindParam(':created_at', $created_at, PDO::PARAM_STR);
$stmt->bindParam(':uid', $userInfo['uid'], PDO::PARAM_STR);
$stmt->execute();
$user_id = $db->lastInsertId();
$token = md5(random_string());
$auth = $db->prepare("INSERT INTO users_sessions SET user_id = :user_id, token = :token, created_at = :created_at");
$auth->bindParam(':user_id', $user_id, PDO::PARAM_INT);
$auth->bindParam(':token', $token, PDO::PARAM_STR);
$auth->bindParam(':created_at', $created_at, PDO::PARAM_STR);
$auth->execute();
$session = json_encode([
'user_id' => base64_encode($user_id),
'token' => base64_encode($token),
]);
$session = base64_encode($session);
setcookie('__session', $session, 86400 * 365 + time(), '/');
$_SESSION['__session'] = $session;
redirect('/start/quest');
exit;
}
else
{
$user_id = $check->user_id;
$token = md5(random_string());
$created_at = date('Y-m-d H:i:s', time());
$stmt = $db->prepare("INSERT INTO users_sessions SET user_id = :user_id, token = :token, created_at = :created_at");
$stmt->bindParam(':user_id', $user_id, PDO::PARAM_INT);
$stmt->bindParam(':token', $token, PDO::PARAM_STR);
$stmt->bindParam(':created_at', $created_at, PDO::PARAM_STR);
$stmt->execute();
$session = json_encode([
'user_id' => base64_encode($user_id),
'token' => base64_encode($token),
]);
$session = base64_encode($session);
setcookie('__session', $session, 86400 * 365 + time(), '/');
$_SESSION['__session'] = $session;
redirect('/game');
exit;
}
}
}
else {
redirect($url);
exit;
}