admin/30873-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
30873-vm/callback.php
Flatlogic Bot c358b51930 v1
2025-09-16 12:40:12 +00:00

101 lines
3.6 KiB
PHP
Raw Permalink Blame History

<?php
session_start();
// If the authorization code is not present, redirect to the homepage.
if (!isset($_GET['code'])) {
header('Location: index.php');
exit();
}
require_once 'google_config.php';
// Prevent refreshing the page with the same code.
if (isset($_SESSION['last_auth_code']) && $_SESSION['last_auth_code'] === $_GET['code']) {
// This code has been processed already. Redirect to avoid re-using it.
header('Location: index.php?error=code_reused');
exit();
}
// The code from Google.
$code = $_GET['code'];
$_SESSION['last_auth_code'] = $code; // Store the code to detect reuse.
// Exchange authorization code for an access token.
$token_url = 'https://oauth2.googleapis.com/token';
$token_data = [
'code' => $code,
'client_id' => GOOGLE_CLIENT_ID,
'client_secret' => GOOGLE_CLIENT_SECRET,
'redirect_uri' => GOOGLE_REDIRECT_URI,
'grant_type' => 'authorization_code'
];
$ch = curl_init($token_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($token_data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);
$token_info = json_decode($response, true);
if (isset($token_info['access_token'])) {
// Success! Store the token and redirect.
$_SESSION['access_token'] = $token_info['access_token'];
if (isset($token_info['refresh_token'])) {
$_SESSION['refresh_token'] = $token_info['refresh_token'];
}
unset($_SESSION['last_auth_code']); // Clean up the used code.
header('Location: index.php');
exit();
} else {
// Log the detailed error from Google for server-side debugging.
error_log("Google OAuth Error: " . $response);
// Display a clear, actionable error message to the user.
$error_title = "Authentication Failed!";
$error_message = "The application was unable to get an access token from Google.";
$google_response = "<pre>" . htmlspecialchars($response, ENT_QUOTES, 'UTF-8') . "</pre>";
$most_likely_cause = "This is most likely due to an incorrect <strong>Client ID</strong> or <strong>Client Secret</strong> in the <code>google_config.php</code> file.";
$instructions = "Please double-check that the credentials you copied from the Google Cloud Console are correct and have no typos or extra spaces.";
// Simple HTML for the error page
echo <<<HTML
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>{$error_title}</title>
<style>
body { font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif; background-color: #f8f9fa; color: #212529; margin: 40px; }
.container { max-width: 700px; margin: 0 auto; background-color: #fff; border: 1px solid #dee2e6; border-radius: 8px; padding: 20px; }
h1 { color: #dc3545; }
code { background-color: #e9ecef; padding: 2px 4px; border-radius: 4px; }
.response { background-color: #f1f1f1; border: 1px solid #ddd; padding: 10px; margin-top: 15px; font-family: monospace; }
.footer { margin-top: 20px; }
</style>
</head>
<body>
<div class="container">
<h1>{$error_title}</h1>
<p>{$error_message}</p>
<p><strong>{$most_likely_cause}</strong></p>
<p>{$instructions}</p>
<div class="response">
<strong>Google's Raw Response:</strong>
{$google_response}
</div>
<div class="footer">
<a href="index.php">Go back to homepage and try again</a>
</div>
</div>
</body>
</html>
HTML;
exit();
}
?>
Reference in New Issue View Git Blame Copy Permalink