<?

include('../../mb.php');

$twitter = new EpiTwitter($config['twitter_consumer_key'], $config['twitter_consumer_secret']);
try {
    if (isset($_GET['oauth_token']) && isset($_SESSION['oauth_token_secret'])) {
        $twitter->setToken($_GET['oauth_token'], $_SESSION['oauth_token_secret']);
        $accessToken = $twitter->getAccessToken();
        $_SESSION['oauth_token'] = $accessToken->oauth_token;
        $_SESSION['oauth_token_secret'] = $accessToken->oauth_token_secret;
    } else {
        $requestToken = $twitter->getRequestToken();
        $_SESSION['oauth_token_secret'] = $requestToken->oauth_token_secret;
        header('Location: ' . $twitter->getAuthenticateUrl($requestToken->oauth_token));
        die();
    }

    $twitter->setToken($_SESSION['oauth_token'], $_SESSION['oauth_token_secret']);
    $creds = $twitter->get('/account/verify_credentials.json');

    $row = dbRow("SELECT * FROM `users` WHERE `twitter_id` = '" . mysqli_real_escape_string($dblink, $creds->response['id']) . "'");
    if (is_array($row)) {
        createUserSession($row);
        dbUpdate('users', array(
            'lastlogin' => time(),
            'last_ip' => $_SERVER['REMOTE_ADDR'],
            'record_num' => $_SESSION['userid'],
        ));
        header("Location: $basehttp");
        exit;
    } else {
        $salt = generateSalt(8);
        $pass = generateSalt(6, false);
        $p = explode(",", $creds->response['location']);
        $country = trim($p[1]);
        $profile = array(
            'email' => '',
            'username' => $creds->response['screen_name'] . '.' . str_pad(rand(0, 9999), 4, '0', STR_PAD_LEFT),
            'password' => md5($pass . $salt),
            'country' => $country,
            'salt' => $salt,
            'last_ip' => $_SERVER['REMOTE_ADDR'],
            'registration_ip' => $_SERVER['REMOTE_ADDR'],
            'date_joined' => 'NOW()',
            'lastlogin' => time(),
            'email_verified' => 1,
            'twitter_id' => $creds->response['id'],
        );
        $insert_id = dbInsert('users', $profile);
        if (is_numeric($insert_id)) {
            dbInsert('users_notifications', array('user_id' => $insert_id, 'scope' => 'email'), true);
            $row = dbRow("SELECT * FROM `users` WHERE `record_num` = '$insert_id'");
            if (is_array($row)) {
                createUserSession($row);
                $img = file_get_contents($creds->response['profile_image_url']);
                if (strlen($img) > 0) {
                    $filename = $creds->response['id'] . ".jpg";
                    $target = "$misc_path/$filename";
                    $target_big = "$misc_path/big-$filename";
                    file_put_contents($target_big, $img);
                    makeImageThumbnail($target_big, $target, 800, 600, 'mogrify');
                    makeImageThumbnail($target_big, $target, 170, 130);
                    dbUpdate('users', array(
                        'avatar' => $filename,
                        'record_num' => $_SESSION['userid'],
                    ));
                }
                setMessage(_t('You have logged in with Twitter.'));
                header("Location: $basehttp");
                exit();
            } else {
                setMessage(_t('Cannot login with Twitter.'), 'error');
                header("Location: $basehttp/signup");
                exit();
            }
        }
    }
    setMessage(_t('You have been logged in.'));
} catch (Exception $e) {
    die($e->getMessage());
    setMessage(_t('An error has occured: %error', array('%error' => $e->getMessage())), 'error');
}

print '<script>window.close();</script>';
exit();