Server/munzee.php

<?php

/*
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 */

require __DIR__ . "/required.php";


if (empty($VARS['code'])) {
    $user = User::byUsername($VARS["username"]);
    if (!$user->exists()) {
        return false;
    }
    if ($user->checkPassword($VARS["password"], true)) {
        $_SESSION["userid"] = User::byUsername($VARS["username"])->getUID();
        $_SESSION["munzeeauthed"] = true;
        header("Location: https://api.munzee.com/oauth?response_type=code&client_id=" . $SETTINGS["munzee"]["id"] . "&redirect_uri=" . urlencode($SETTINGS["munzee"]["redirecturl"]) . "&scope=read capture_light");
        die("OK");
    }
    die("Login incorrect.");
} else {
    if ($_SESSION["munzeeauthed"] !== true) {
        die("Invalid session or session expired.  Try again.");
    }
    $code = $VARS['code'];
    $url = 'https://api.munzee.com/oauth/login';
    $fields = array(
        'client_id' => urlencode($SETTINGS["munzee"]["id"]),
        'client_secret' => urlencode($SETTINGS["munzee"]["secret"]),
        'grant_type' => 'authorization_code',
        'code' => urlencode($code),
        'redirect_uri' => urlencode($SETTINGS["munzee"]["redirecturl"])
    );
    //url-ify the data for the POST
    foreach ($fields as $key => $value) {
        $fields_string .= $key . '=' . $value . '&';
    }
    rtrim($fields_string, '&');
    //open connection
    $ch = curl_init();

    $options = array(
        CURLOPT_URL => $url,
        CURLOPT_POST => 1,
        CURLOPT_POSTFIELDS => $fields_string,
        CURLOPT_RETURNTRANSFER => true, // return web page
        CURLOPT_HEADER => false, // don't return headers
        CURLOPT_FOLLOWLOCATION => true, // follow redirects
        CURLOPT_MAXREDIRS => 10, // stop after 10 redirects
        CURLOPT_ENCODING => "", // handle compressed
        CURLOPT_USERAGENT => "TerranQuest Game Server", // name of client
        CURLOPT_AUTOREFERER => true, // set referrer on redirect
        CURLOPT_CONNECTTIMEOUT => 120, // time-out on connect
        CURLOPT_TIMEOUT => 120, // time-out on response
    );
    curl_setopt_array($ch, $options);
    //execute post
    $result = curl_exec($ch);
    //close connection
    curl_close($ch);

    $jsonresult = json_decode($result, TRUE);
    $data = $jsonresult['data'];
    if ($jsonresult['status_code'] == 200) {
        if ($database->has('munzee', ['accountid' => $_SESSION['userid']])) {
            $database->update('munzee', ['bearertoken' => $data['token']['access_token'], 'refreshtoken' => $data['token']['refresh_token'], 'expires' => $data['token']['expires']], ['accountid' => $_SESSION['userid']]);
        } else {
            $database->insert('munzee', ['bearertoken' => $data['token']['access_token'], 'refreshtoken' => $data['token']['refresh_token'], 'expires' => $data['token']['expires'], 'accountid' => $_SESSION['userid']]);
        }
        die($Strings->get("Your Munzee account has been linked to TerranQuest!", false));
    } else {
        die($Strings->get("Munzee is having problems right now.  Try again later.", false));
    }
}