Skip to content

Commit

Permalink
PUSH
Browse files Browse the repository at this point in the history 
-> Added so you can login using discord if you have your account linked
  • Loading branch information
@NaysKutzu
NaysKutzu committed Oct 19, 2023
1 parent 3a8fe61 commit 6757fc9
Show file tree
Hide file tree
Showing 6 changed files with 158 additions and 26 deletions.
Binary file added public/assets/img/discord-mark-blue.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
1 change: 1 addition & 0 deletions public/assets/img/discord-mark-white.svg
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
5 changes: 5 additions & 0 deletions public/index.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,11 @@
});

$router->add('/auth/link/discord', function () {
require("../include/main.php");
require("../view/auth/link/discord.php");
});

$router->add('/auth/discord', function () {
require("../include/main.php");
require("../view/auth/discord.php");
});
Expand Down
80 changes: 69 additions & 11 deletions view/auth/discord.php
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
<?php
include(__DIR__ . '/../requirements/page.php');
if ($settings['enable_discord_link'] == "true") {
if (isset($_GET['code'])) {
$tokenUrl = 'https://discord.com/api/oauth2/token';
Expand All @@ -8,7 +7,7 @@
'client_secret' => $settings["discord_clientsecret"],
'grant_type' => 'authorization_code',
'code' => $_GET['code'],
'redirect_uri' => $appURL . '/auth/link/discord',
'redirect_uri' => $appURL . '/auth/discord',
'scope' => 'identify guilds email guilds.join'
);
$options = array(
Expand All @@ -35,20 +34,79 @@
$result = file_get_contents($userUrl, false, $context);

$userInfo = json_decode($result, true);
echo $result;
if (isset($userInfo)) {
$conn->query("UPDATE `mythicaldash_users` SET `discord_linked` = 'true' WHERE `mythicaldash_users`.`api_key` = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "';");
$conn->query("UPDATE `mythicaldash_users` SET `discord_id` = '" . $userInfo['id'] . "' WHERE `mythicaldash_users`.`api_key` = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "';");
$conn->query("UPDATE `mythicaldash_users` SET `discord_username` = '" . $userInfo['username'] . "' WHERE `mythicaldash_users`.`api_key` = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "';");
$conn->query("UPDATE `mythicaldash_users` SET `discord_global_username` = '" . $userInfo['global_name'] . "' WHERE `mythicaldash_users`.`api_key` = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "';");
$conn->query("UPDATE `mythicaldash_users` SET `discord_email` = '" . $userInfo['email'] . "' WHERE `mythicaldash_users`.`api_key` = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "';");
$discord_email = $userInfo['email'];
$discord_id = $userInfo['id'];
$query = "SELECT * FROM mythicaldash_users WHERE discord_id = '$discord_id'";
$result = mysqli_query($conn, $query);
if ($result) {
if (mysqli_num_rows($result) == 1) {
$row = mysqli_fetch_assoc($result);
$token = $row['api_key'];
$email = $row['email'];
$banned = $row['banned'];
if (!$banned == "") {
header('location: /auth/login?e=We are sorry but you are banned from using our system!');
die();
} else {
$usr_id = $row['api_key'];
if ($ip_address == "127.0.0.1") {
$ip_address = "12.34.56.78";
}
$url = "http://ipinfo.io/$ip_address/json";
$data = json_decode(file_get_contents($url), true);

if (isset($data['error']) || $data['org'] == "AS1221 Telstra Pty Ltd") {
header('location: /auth/login?e=Hmmm it looks like you are trying to abuse. You are trying to use a VPN, which is not allowed.');
die();
}
$userids = array();
$loginlogs = mysqli_query($conn, "SELECT * FROM mythicaldash_login_logs WHERE userkey = '$usr_id'");
foreach ($loginlogs as $login) {
$ip = $login['ipaddr'];
if ($ip == "12.34.56.78") {
continue;
}
$saio = mysqli_query($conn, "SELECT * FROM mythicaldash_login_logs WHERE ipaddr = '" . $ip . "'");
foreach ($saio as $hello) {
if (in_array($hello['userkey'], $userids)) {
continue;
}
if ($hello['userkey'] == $usr_id) {
continue;
}
array_push($userids, $hello['userkey']);
}
}
if (count($userids) !== 0) {
header('location: /auth/login?e=Using multiple accounts is really sad when using free services!');
die();
}
$conn->query("INSERT INTO mythicaldash_login_logs (ipaddr, userkey) VALUES ('" . $ip_address . "', '$usr_id')");

$cookie_name = 'token';
$cookie_value = $token;
setcookie($cookie_name, $cookie_value, time() + (10 * 365 * 24 * 60 * 60), '/');
$conn->query("UPDATE `mythicaldash_users` SET `last_ip` = '" . $ip_address . "' WHERE `mythicaldash_users`.`api_key` = '" . $usr_id . "';");
header('location: /dashboard');
}
} else {
header('location: /auth/login?e=No accounts were found under this discord account.');
$conn->close();
die();
}
} else {
header('location: /auth/login?e=No accounts were found under this discord account.');
$conn->close();
die();
}
$conn->close();
header("location: /user/connections");

} else {
header('location: /auth/link/discord');
header('location: /auth/discord');
}
} else {
$authorizeUrl = 'https://discord.com/api/oauth2/authorize?client_id=' . $settings["discord_clientid"] . '&redirect_uri=' . urlencode($appURL . '/auth/link/discord') . '&response_type=code&scope=' . urlencode('identify guilds email guilds.join');
$authorizeUrl = 'https://discord.com/api/oauth2/authorize?client_id=' . $settings["discord_clientid"] . '&redirect_uri=' . urlencode($appURL . '/auth/discord') . '&response_type=code&scope=' . urlencode('identify guilds email guilds.join');
header('Location: ' . $authorizeUrl);
}
} else {
Expand Down
59 changes: 59 additions & 0 deletions view/auth/link/discord.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
<?php
include(__DIR__ . '/../../requirements/page.php');
if ($settings['enable_discord_link'] == "true") {
if (isset($_GET['code'])) {
$tokenUrl = 'https://discord.com/api/oauth2/token';
$data = array(
'client_id' => $settings["discord_clientid"],
'client_secret' => $settings["discord_clientsecret"],
'grant_type' => 'authorization_code',
'code' => $_GET['code'],
'redirect_uri' => $appURL . '/auth/link/discord',
'scope' => 'identify guilds email guilds.join'
);
$options = array(
'http' => array(
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'method' => 'POST',
'content' => http_build_query($data),
),
);
$context = stream_context_create($options);
$result = file_get_contents($tokenUrl, false, $context);

$accessToken = json_decode($result, true)['access_token'];

$userUrl = 'https://discord.com/api/users/@me';

$options = array(
'http' => array(
'header' => "Authorization: Bearer $accessToken\r\n",
'method' => 'GET',
),
);
$context = stream_context_create($options);
$result = file_get_contents($userUrl, false, $context);

$userInfo = json_decode($result, true);
echo $result;
if (isset($userInfo)) {
$conn->query("UPDATE `mythicaldash_users` SET `discord_linked` = 'true' WHERE `mythicaldash_users`.`api_key` = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "';");
$conn->query("UPDATE `mythicaldash_users` SET `discord_id` = '" . $userInfo['id'] . "' WHERE `mythicaldash_users`.`api_key` = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "';");
$conn->query("UPDATE `mythicaldash_users` SET `discord_username` = '" . $userInfo['username'] . "' WHERE `mythicaldash_users`.`api_key` = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "';");
$conn->query("UPDATE `mythicaldash_users` SET `discord_global_username` = '" . $userInfo['global_name'] . "' WHERE `mythicaldash_users`.`api_key` = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "';");
$conn->query("UPDATE `mythicaldash_users` SET `discord_email` = '" . $userInfo['email'] . "' WHERE `mythicaldash_users`.`api_key` = '" . mysqli_real_escape_string($conn, $_COOKIE['token']) . "';");
$conn->close();
header("location: /user/connections");
} else {
header('location: /auth/link/discord');
}
} else {
$authorizeUrl = 'https://discord.com/api/oauth2/authorize?client_id=' . $settings["discord_clientid"] . '&redirect_uri=' . urlencode($appURL . '/auth/link/discord') . '&response_type=code&scope=' . urlencode('identify guilds email guilds.join');
header('Location: ' . $authorizeUrl);
}
} else {
header("location: /dashboard?e=We are sorry but we don't provide support for discord link right now");
die();
}

?>
39 changes: 24 additions & 15 deletions view/auth/login.php
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<?php
include(__DIR__.'/../../include/php-csrf.php');
include(__DIR__.'/../../functions/telemetry.php');
include(__DIR__.'/../../functions/report.php');
include(__DIR__ . '/../../include/php-csrf.php');
include(__DIR__ . '/../../functions/telemetry.php');
include(__DIR__ . '/../../functions/report.php');
session_start();
$csrf = new CSRF();
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
Expand Down Expand Up @@ -69,7 +69,7 @@
$cookie_name = 'token';
$cookie_value = $token;
setcookie($cookie_name, $cookie_value, time() + (10 * 365 * 24 * 60 * 60), '/');
$conn->query("UPDATE `mythicaldash_users` SET `last_ip` = '".$ip_address."' WHERE `mythicaldash_users`.`api_key` = '".$usr_id."';");
$conn->query("UPDATE `mythicaldash_users` SET `last_ip` = '" . $ip_address . "' WHERE `mythicaldash_users`.`api_key` = '" . $usr_id . "';");
if (isset($_GET['r'])) {
header('location: ' . $_GET['r']);
} else {
Expand Down Expand Up @@ -145,6 +145,17 @@ class="platform-bg" data-app-light-img="illustrations/bg-shape-image-light.png"
<?= $settings['name'] ?>!
</h3>
<p class="mb-4">Please sign-in to your account and start the adventure</p>
<?php
if (isset($_GET['e'])) {
?>
<div class="text-center alert alert-danger" role="alert">
<?= $_GET['e'] ?>
</div>
<?php
} else {

}
?>
<form method="POST">
<div class="mb-3">
<label for="email" class="form-label">Email</label>
Expand Down Expand Up @@ -191,17 +202,15 @@ class="platform-bg" data-app-light-img="illustrations/bg-shape-image-light.png"
<span>Create an account</span>
</a>
</p>
<?php
if (isset($_GET['e'])) {
?>
<div class="text-center alert alert-danger" role="alert">
<?= $_GET['e'] ?>
</div>
<?php
} else {

}
?>
<div class="divider my-2">
<div class="divider-text"> or </div>
</div>
<div class="auth-footer-btn d-flex justify-content-center">
<a href="/auth/discord" target="_self" class="btn btn-primary">
<img width="18px" height="18px" src="/assets/img/discord-mark-white.svg" alt="Discord Logo">
</a>
</div>
<br>
</p>
</div>
</div>
Expand Down

0 comments on commit 6757fc9

Please sign in to comment.