All pastes #2077308 Raw Edit

Something

public php v1 · immutable
#2077308 ·published 2011-06-09 15:34 UTC
rendered paste body
<?php// This function will check a username and token returned by the bzflag// weblogin page at http://my.bzflag.org/weblogin?action=weblogin. You can use// this URL to ask a user for his bzflag global login. Your page needs to pass// in an URL paramater to the weblogin that contains your URL to be called with// the username and token. This allows your site to use the same usernames and// passwords as the forums with out having to worry about being accused of// stealing passwords. The URL paramater can have the keys %TOKEN% and// %USERNAME% that will be replaced with the real username and token when the// URL is called. For example://// http://my.bzflag.org/weblogin?action=weblogin&url=http://www.mysite.com/mydir/login.php?token=%TOKEN%&callsign=%USERNAME%//// This would call mysite.com with the token and username passed in as// paramaters after the user has given the page a valid username and password.// This function should be used after you get the info from the login callback,// to verify that it is a valid token, and the user belongs to any groups you// care about.function validate_token($token, $callsign, $groups=array()){	//Some config options	$list_server='http://my.bzflag.org/db/';	//The program	//$key => $group	$group_list='&groups=';	foreach($groups as $group){		$group_list.="$group%0D%0A";	}	//Trim the last 6 characters, wich are "%0D%0A", off of the last group	$group_list=substr($group_list, 0, strlen($group_list)-6);	$reply=file_get_contents(''.$list_server.'?action=CHECKTOKENS&checktokens='.$callsign.'%3D'.$token.''.$group_list.'');	//If we got a TOKBAD, return false, because the token can't be right	if(strpos($reply, 'TOKBAD: ')) return false;	//Here's where it gets tricky: making sure the user is in all groups specified	$group_list='';	foreach($groups as $group){		$group_list.=":$group";	}	if(strpos($reply, "TOKGOOD: $callsign$group_list")){		return true;	}else{		return false;	}}?>