<?php
/**
* OAuth Configuration
*
* This file contains configuration for Google and other OAuth providers.
* Before using, you must set up OAuth credentials in the Google Cloud Console,
* Facebook Developers, Twitter Developer Portal, etc.
*/
// Google OAuth Configuration
define('GOOGLE_CLIENT_ID', '1083250401299-34p3qtevuk9f258hbudavd22s56os972.apps.googleusercontent.com');
define('GOOGLE_CLIENT_SECRET', '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');
// Use flexible redirect URI determination
// Get the current scheme (http or https)
$scheme = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http';
// Get the current host
$host = $_SERVER['HTTP_HOST'] ?? 'localhost';
// Define the redirect URI
define('GOOGLE_REDIRECT_URL', $scheme . '://' . $host . '/google_auth.php');
// Facebook OAuth Configuration (for future implementation)
define('FACEBOOK_APP_ID', 'your-facebook-app-id');
define('FACEBOOK_APP_SECRET', 'your-facebook-app-secret');
define('FACEBOOK_REDIRECT_URL', 'http://' . $_SERVER['HTTP_HOST'] . '/facebook_auth.php');
// Twitter OAuth Configuration (for future implementation)
define('TWITTER_API_KEY', 'your-twitter-api-key');
define('TWITTER_API_SECRET', 'your-twitter-api-secret');
define('TWITTER_REDIRECT_URL', 'http://' . $_SERVER['HTTP_HOST'] . '/twitter_auth.php');
/**
* Function to generate OAuth login URLs
*
* @param string $provider The OAuth provider (google, facebook, twitter)
* @param string $redirect_after Optional URL to redirect after login
* @return string The login URL
*/
function getOAuthLoginUrl($provider, $redirect_after = '') {
switch (strtolower($provider)) {
case 'google':
$url = 'https://accounts.google.com/o/oauth2/v2/auth';
$params = [
'client_id' => GOOGLE_CLIENT_ID,
'redirect_uri' => GOOGLE_REDIRECT_URL,
'response_type' => 'code',
'scope' => 'email profile',
'access_type' => 'online',
'state' => !empty($redirect_after) ? urlencode($redirect_after) : '',
];
return $url . '?' . http_build_query($params);
case 'facebook':
$url = 'https://www.facebook.com/v12.0/dialog/oauth';
$params = [
'client_id' => FACEBOOK_APP_ID,
'redirect_uri' => FACEBOOK_REDIRECT_URL,
'state' => !empty($redirect_after) ? urlencode($redirect_after) : '',
'scope' => 'email',
];
return $url . '?' . http_build_query($params);
case 'twitter':
// Twitter uses OAuth 1.0a which is more complex
// This is a placeholder for future implementation
return '#';
default:
return '#';
}
}
/**
* Function to get Google user information from authorization code
*
* @param string $code The authorization code from Google
* @return array|false User information or false on failure
*/
function getGoogleUserInfo($code) {
// Enable error reporting for debugging
error_reporting(E_ALL);
ini_set('display_errors', 1);
// Exchange authorization code for access token
$token_url = 'https://oauth2.googleapis.com/token';
$token_data = [
'code' => $code,
'client_id' => GOOGLE_CLIENT_ID,
'client_secret' => GOOGLE_CLIENT_SECRET,
'redirect_uri' => GOOGLE_REDIRECT_URL,
'grant_type' => 'authorization_code',
];
// Log request parameters for debugging
error_log("Google OAuth token request: " . json_encode($token_data));
$token_options = [
'http' => [
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'method' => 'POST',
'content' => http_build_query($token_data),
'ignore_errors' => true, // This allows us to see error responses
],
'ssl' => [
'verify_peer' => false,
'verify_peer_name' => false,
],
];
$token_context = stream_context_create($token_options);
// Use try-catch to capture errors
try {
$token_response = file_get_contents($token_url, false, $token_context);
// Get response headers to check for errors
$response_headers = $http_response_header ?? [];
$status_line = $response_headers[0] ?? '';
error_log("Google OAuth token response status: " . $status_line);
error_log("Google OAuth token response: " . $token_response);
if (!$token_response) {
error_log("Failed to get access token from Google OAuth");
return false;
}
$token_data = json_decode($token_response, true);
if (!isset($token_data['access_token'])) {
error_log("No access token in Google OAuth response: " . $token_response);
return false;
}
// Get user info with access token
$info_url = 'https://www.googleapis.com/oauth2/v2/userinfo';
$info_options = [
'http' => [
'header' => "Authorization: Bearer " . $token_data['access_token'] . "\r\n",
'method' => 'GET',
'ignore_errors' => true, // This allows us to see error responses
],
'ssl' => [
'verify_peer' => false,
'verify_peer_name' => false,
],
];
error_log("Google OAuth userinfo request with token: " . substr($token_data['access_token'], 0, 10) . "...");
$info_context = stream_context_create($info_options);
try {
$info_response = file_get_contents($info_url, false, $info_context);
// Get response headers
$response_headers = $http_response_header ?? [];
$status_line = $response_headers[0] ?? '';
error_log("Google OAuth userinfo response status: " . $status_line);
error_log("Google OAuth userinfo response: " . $info_response);
if (!$info_response) {
error_log("Failed to get user info from Google OAuth - empty response");
return false;
}
$user_info = json_decode($info_response, true);
if (!$user_info) {
error_log("Failed to parse user info JSON: " . json_last_error_msg());
return false;
}
if (empty($user_info['id']) || empty($user_info['email'])) {
error_log("Missing required user info fields. Response: " . json_encode($user_info));
return false;
}
// Add token data to user info
$user_info['access_token'] = $token_data['access_token'];
$user_info['refresh_token'] = $token_data['refresh_token'] ?? null;
error_log("Successfully retrieved Google user info for email: " . $user_info['email']);
return $user_info;
} catch (Exception $e) {
error_log("Google OAuth userinfo request failed: " . $e->getMessage());
return false;
}
} catch (Exception $e) {
error_log("Google OAuth token request failed: " . $e->getMessage());
return false;
}
}
/**
* Create or get user from OAuth data
*
* @param array $oauth_data OAuth user data
* @param string $provider Provider name (google, facebook, etc)
* @return array|false User data array with user_id or false on failure
*/
function processOAuthLogin($oauth_data, $provider) {
global $conn;
if (empty($oauth_data) || empty($oauth_data['id']) || empty($oauth_data['email'])) {
error_log("Invalid OAuth data for provider: $provider");
return false;
}
// Check if this OAuth account is already linked to a user
$provider = mysqli_real_escape_string($conn, strtolower($provider));
$provider_id = mysqli_real_escape_string($conn, $oauth_data['id']);
$email = mysqli_real_escape_string($conn, $oauth_data['email']);
// First check if the oauth_providers table exists
$table_exists = mysqli_query($conn, "SHOW TABLES LIKE 'oauth_providers'");
if (!$table_exists || mysqli_num_rows($table_exists) == 0) {
// Table doesn't exist - try to create it
$create_table_sql = "CREATE TABLE oauth_providers (
id INT AUTO_INCREMENT PRIMARY KEY,
user_id INT NOT NULL,
provider VARCHAR(50) NOT NULL,
provider_user_id VARCHAR(255) NOT NULL,
email VARCHAR(255) NOT NULL,
display_name VARCHAR(255),
photo_url VARCHAR(255),
access_token TEXT,
refresh_token TEXT,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE,
UNIQUE KEY provider_user_id_unique (provider, provider_user_id)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4";
if (!mysqli_query($conn, $create_table_sql)) {
error_log("Failed to create oauth_providers table: " . mysqli_error($conn));
}
}
// Now check for existing OAuth link
$check_oauth_query = "SELECT * FROM oauth_providers WHERE provider = '$provider' AND provider_user_id = '$provider_id'";
$result = mysqli_query($conn, $check_oauth_query);
if ($result && mysqli_num_rows($result) > 0) {
// OAuth account exists, get the user
$oauth_account = mysqli_fetch_assoc($result);
$user_id = $oauth_account['user_id'];
// Update OAuth data if needed
$update_oauth_query = "UPDATE oauth_providers SET
email = '$email',
display_name = '" . mysqli_real_escape_string($conn, $oauth_data['name'] ?? '') . "',
photo_url = '" . mysqli_real_escape_string($conn, $oauth_data['picture'] ?? '') . "',
access_token = '" . mysqli_real_escape_string($conn, $oauth_data['access_token'] ?? '') . "',
refresh_token = '" . mysqli_real_escape_string($conn, $oauth_data['refresh_token'] ?? '') . "',
updated_at = NOW()
WHERE id = " . $oauth_account['id'];
mysqli_query($conn, $update_oauth_query);
// Get user data
$user_query = "SELECT * FROM users WHERE id = $user_id";
$user_result = mysqli_query($conn, $user_query);
if ($user_result && mysqli_num_rows($user_result) > 0) {
$user = mysqli_fetch_assoc($user_result);
// Check if user is active
if ($user['status'] != 'active') {
error_log("User account not active for OAuth login: $email");
return ['error' => 'Your account is not active. Please contact support.'];
}
return $user;
} else {
error_log("User not found for OAuth link: $user_id");
return false;
}
} else {
// Check if a user with this email already exists
$check_email_query = "SELECT * FROM users WHERE email = '$email'";
$email_result = mysqli_query($conn, $check_email_query);
if ($email_result && mysqli_num_rows($email_result) > 0) {
// User exists, link OAuth account
$user = mysqli_fetch_assoc($email_result);
$user_id = $user['id'];
// Check if user is active
if ($user['status'] != 'active') {
error_log("User account not active for OAuth linking: $email");
return ['error' => 'Your account is not active. Please contact support.'];
}
// Create OAuth link
$create_oauth_query = "INSERT INTO oauth_providers (
user_id, provider, provider_user_id, email, display_name, photo_url,
access_token, refresh_token, created_at, updated_at
) VALUES (
$user_id,
'$provider',
'$provider_id',
'$email',
'" . mysqli_real_escape_string($conn, $oauth_data['name'] ?? '') . "',
'" . mysqli_real_escape_string($conn, $oauth_data['picture'] ?? '') . "',
'" . mysqli_real_escape_string($conn, $oauth_data['access_token'] ?? '') . "',
'" . mysqli_real_escape_string($conn, $oauth_data['refresh_token'] ?? '') . "',
NOW(),
NOW()
)";
mysqli_query($conn, $create_oauth_query);
return $user;
} else {
// Create new user and link OAuth account
$first_name = mysqli_real_escape_string($conn, $oauth_data['given_name'] ?? '');
$last_name = mysqli_real_escape_string($conn, $oauth_data['family_name'] ?? '');
$display_name = mysqli_real_escape_string($conn, $oauth_data['name'] ?? '');
$profile_image = mysqli_real_escape_string($conn, $oauth_data['picture'] ?? '');
// Generate username from email
$username_base = strtolower(explode('@', $email)[0]);
$username = $username_base;
$counter = 1;
// Make sure username is unique
while (true) {
$check_username_query = "SELECT id FROM users WHERE username = '$username'";
$username_result = mysqli_query($conn, $check_username_query);
if (!$username_result || mysqli_num_rows($username_result) == 0) {
break;
}
$username = $username_base . $counter;
$counter++;
}
// Create user
$create_user_query = "INSERT INTO users (
username, email, password, first_name, last_name, profile_image,
role, status, email_verified, created_at
) VALUES (
'$username',
'$email',
'',
'$first_name',
'$last_name',
'$profile_image',
'student',
'active',
1,
NOW()
)";
if (mysqli_query($conn, $create_user_query)) {
$user_id = mysqli_insert_id($conn);
// Create OAuth link
$create_oauth_query = "INSERT INTO oauth_providers (
user_id, provider, provider_user_id, email, display_name, photo_url,
access_token, refresh_token, created_at, updated_at
) VALUES (
$user_id,
'$provider',
'$provider_id',
'$email',
'$display_name',
'$profile_image',
'" . mysqli_real_escape_string($conn, $oauth_data['access_token'] ?? '') . "',
'" . mysqli_real_escape_string($conn, $oauth_data['refresh_token'] ?? '') . "',
NOW(),
NOW()
)";
mysqli_query($conn, $create_oauth_query);
// Get user data
$user_query = "SELECT * FROM users WHERE id = $user_id";
$user_result = mysqli_query($conn, $user_query);
if ($user_result && mysqli_num_rows($user_result) > 0) {
return mysqli_fetch_assoc($user_result);
}
}
error_log("Failed to create user for OAuth registration: $email");
return false;
}
}
}
