Created
October 13, 2011 17:53
-
-
Save dkobia/1284934 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/ee_system/expressionengine/modules/member/mod.member_auth.php b/ee_system/expressionengine/modules/member/mod.member_auth.php | |
| index 510fb4c..4d2aef9 100644 | |
| --- a/ee_system/expressionengine/modules/member/mod.member_auth.php | |
| +++ b/ee_system/expressionengine/modules/member/mod.member_auth.php | |
| @@ -94,7 +94,7 @@ class Member_auth extends Member { | |
| /** Member Login | |
| /** ----------------------------------------*/ | |
| function member_login() | |
| - { | |
| + { | |
| /** ---------------------------------------- | |
| /** Is user banned? | |
| /** ----------------------------------------*/ | |
| @@ -163,7 +163,7 @@ class Member_auth extends Member { | |
| /** ----------------------------------------*/ | |
| if ( ! $this->EE->input->get('multi')) | |
| { | |
| - $sql = "SELECT exp_members.password, exp_members.unique_id, exp_members.member_id, exp_members.group_id | |
| + $sql = "SELECT exp_members.username, exp_members.screen_name, exp_members.email, exp_members.password, exp_members.unique_id, exp_members.member_id, exp_members.group_id | |
| FROM exp_members, exp_member_groups | |
| WHERE username = '".$this->EE->db->escape_str($this->EE->input->post('username'))."' | |
| AND exp_members.group_id = exp_member_groups.group_id | |
| @@ -197,7 +197,7 @@ class Member_auth extends Member { | |
| // Check Session ID | |
| - $query = $this->EE->db->query("SELECT exp_members.member_id, exp_members.password, exp_members.unique_id | |
| + $query = $this->EE->db->query("SELECT exp_members.username, exp_members.screen_name, exp_members.email, exp_members.member_id, exp_members.password, exp_members.unique_id | |
| FROM exp_sessions, exp_members | |
| WHERE exp_sessions.session_id = '".$this->EE->db->escape_str($this->EE->input->get('multi'))."' | |
| AND exp_sessions.member_id = exp_members.member_id | |
| @@ -258,8 +258,12 @@ class Member_auth extends Member { | |
| $this->EE->config->site_prefs($final_site_name, $final_site_id); | |
| } | |
| } | |
| - | |
| - $this->EE->output->show_message($data); | |
| + | |
| + //++ Using Tender | |
| + //$this->EE->output->show_message($data); | |
| + | |
| + // Tender Login | |
| + $this->_tender_login($query, $sites[$this->EE->input->get('orig')]); | |
| } | |
| else | |
| { | |
| @@ -268,7 +272,11 @@ class Member_auth extends Member { | |
| $next_url = $sites[$next].'?ACT='.$this->EE->functions->fetch_action_id('Member', 'member_login'). | |
| '&multi='.$this->EE->input->get('multi').'&cur='.$next.'&orig='.$this->EE->input->get_post('orig').'&orig_site_id='.$this->EE->input->get('orig_site_id'); | |
| - return $this->EE->functions->redirect($next_url); | |
| + //++ Using Tender | |
| + //return $this->EE->functions->redirect($next_url); | |
| + | |
| + // Tender Login | |
| + $this->_tender_login($query, $next_url); | |
| } | |
| } | |
| @@ -532,7 +540,9 @@ class Member_auth extends Member { | |
| 'link' => array($return, $site_name) | |
| ); | |
| - $this->EE->output->show_message($data); | |
| + //++Tender Login | |
| + //$this->EE->output->show_message($data); | |
| + $this->_tender_login($query, $return); | |
| } | |
| @@ -891,7 +901,58 @@ class Member_auth extends Member { | |
| $this->EE->output->show_message($data); | |
| } | |
| + | |
| + | |
| + /** | |
| + * Log into TenderApp | |
| + * | |
| + * @access private | |
| + * @return void | |
| + */ | |
| + private function _tender_login($query, $next_url) | |
| + { | |
| + $account_key = "test"; | |
| + $api_key = "c3ebafb1b162a2f6fa"; | |
| + | |
| + $salted = $api_key . $account_key; | |
| + $hash = hash('sha1',$salted,true); | |
| + $saltedHash = substr($hash,0,16); | |
| + $iv = "OpenSSL for Ruby"; | |
| + | |
| + // use an expires date in the future, of course | |
| + $user_data = array( | |
| + "unique_id" => $query->row('unique_id'), | |
| + "email" => $query->row('email'), | |
| + "name" => $query->row('screen_name'), | |
| + "expires" => date('Y-m-d H:i:s', strtotime ( '+1 week' , strtotime(date('Y-m-d H:i:s')) )), | |
| + "to" => $next_url | |
| + ); | |
| + | |
| + $data = json_encode($user_data); | |
| + // double XOR first block | |
| + for ($i = 0; $i < 16; $i++) | |
| + { | |
| + $data[$i] = $data[$i] ^ $iv[$i]; | |
| + } | |
| + $pad = 16 - (strlen($data) % 16); | |
| + $data = $data . str_repeat(chr($pad), $pad); | |
| + | |
| + $cipher = mcrypt_module_open(MCRYPT_RIJNDAEL_128,'','cbc',''); | |
| + mcrypt_generic_init($cipher, $saltedHash, $iv); | |
| + $encryptedData = mcrypt_generic($cipher,$data); | |
| + mcrypt_generic_deinit($cipher); | |
| + $encryptedData = base64_encode($encryptedData); | |
| + $encryptedData = preg_replace('/\=$/', '', $encryptedData); | |
| + $encryptedData = preg_replace('/\n/', '', $encryptedData); | |
| + $encryptedData = preg_replace('/\+/', '-', $encryptedData); | |
| + $encryptedData = preg_replace('/\//', '_', $encryptedData); | |
| + | |
| + //print_r($user_data); | |
| + //echo $encryptedData; | |
| + header("Location: http://help.ushahidi.com/?sso=".urlencode($encryptedData)); | |
| + die(); | |
| + } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment