BarryCarlyon/gist:d3327fd065eadbb358c58bae7dbc285f Secret

## gistfile1.txt
<?php

namespace bcarlyon\foo\service;

class foo
{
    private $_token;
    protected $user;//phpbb user
    protected $user_loader;
    protected $_foo_groups;

    public function __construct(\phpbb\user_loader $user_loader) {
        $this->user_loader = $user_loader;

        $this->_foo_groups = array(
            'FOO_SUBSCRIBER' => false,
        );

        return $this;
    }

    public function setUser(\phpbb\user $user) {
        $this->user = $user;
        return $this;
    }

    public function setToken($token) {
        $this->_token = $token;
        return $this;
    }

    public function getUser()
    {
        global $db;
        include_once('includes/functions_user.php');

        /*
        A Removed cURL call
        */

        if ($i['http_code'] == 200) {
            $raw = json_decode($r);

            $r = $raw->data[0];//helix

            if (JSON_ERROR_NONE === json_last_error()) {
                if (!$r->email) {
                    trigger_error('There does not appear to be a Email Address on your FOO Account.', E_USER_ERROR);
                    exit;
                }

                $group_ids = $this->_determine_user_groups($r);

                $sql_array = array(
                    'pf_foo_id' => $r->id
                );
                // find user by Foo ID in the profile fields table
                $sql = 'SELECT user_id FROM forum_profile_fields_data '
                    . ' WHERE ' . $db->sql_build_array('SELECT', $sql_array);
                $result = $db->sql_query($sql);
                $row = $db->sql_fetchrow($result);

                $db->sql_freeresult($result);

                if ($row['user_id']) {
                    // found user
                    // update and login
                    $this->updateAndLogin($row, $r, $group_ids);

                    exit;
                } else {
                    // try to find by clean username
                    $sql_array = array(
                        'username_clean' => $r->login
                    );
                    // find user by Foo ID in the profile fields table
                    $sql = 'SELECT u.user_id, pf_foo_id FROM ' . USERS_TABLE . ' u LEFT JOIN forum_profile_fields_data fpfd ON fpfd.user_id = u.user_id '
                        . ' WHERE ' . $db->sql_build_array('SELECT', $sql_array);
                    $result = $db->sql_query($sql);
                    $row = $db->sql_fetchrow($result);
                    $db->sql_freeresult($result);

                    if ($row['user_id']) {
                        // got a hit
                        // update

                        // check profile field
                        if (!$row['pf_foo_id']) {
                            $this->updateAndLogin($row, $r, $group_ids);

                            exit;
                        }
                    }

                    // create user
                    $test_name = validate_username($r->login);
                    if ($test_name) {
                        trigger_error(''
                            . 'An error occured during Registration.'
                            . '<br />You can drop BarryCarlyon a message to get your Account fixed.'
                            . '<br />Please mention the following response code'
                            . '<br />The Response code is ' . $test_name);
                    }

                    $user_row = array(
                        'username'              => ($r->display_name ? $r->display_name : $r->login),
                        'user_password'         => phpbb_hash(time()),
                        'user_email'            => $r->email,
                        'group_id'              => 2,// registered to start with
                        'user_timezone'         => 'UTC',
                        'user_lang'             => 'en',
                        'user_type'             => USER_NORMAL,
                        'user_ip'               => $this->user->ip,
                        'user_regdate'          => time()
                    );

                    if ($r->profile_image_url) {
                        $user_row['user_avatar']        = $r->profile_image_url;
                        $user_row['user_avatar_type']   = 'avatar.driver.remote';
                        $user_row['user_avatar_width']  = 90;
                        $user_row['user_avatar_height'] = 90;
                    }

                    $user_id = user_add($user_row);

                    if ($user_id === false) {
                        // should not happen but just in case
                        trigger_error('NO_USER', E_USER_ERROR);
                    } else {
                        // user group initial
                        foreach ($group_ids as $group_id) {
                            group_user_add($group_id, array($user_id));
                        }

                        $this->_group_update($user_id, $group_ids);
                        $this->_update_profile_fields($user_id, $r);


                        // user created
                        // perform login
                        $this->user->session_begin();
                        $result = $this->user->session_create($user_id, false, true, true);

                        global $phpbb_root_path, $phpEx;
                        $redirect = request_var('redirect', "{$phpbb_root_path}index.$phpEx");;
                        redirect($redirect);

                        exit;
                    }
                }
            }
        }

        trigger_error('Looks like we hit the Foo Rate limit! Please try again shortly');
    }

    private function _group_update($user_id, $group_ids) {
        global $db;

        $to_add = $group_ids;
        $to_remove = array();

        $sql = 'SELECT group_id FROM ' . USER_GROUP_TABLE . '
            WHERE user_id = ' . (int) $user_id;
        $result = $db->sql_query($sql);
        while ($row = $db->sql_fetchrow($result)) {
            if (in_array($row['group_id'], $this->_foo_groups)) {
                // user is in this control groups
                if (!in_array($row['group_id'], $group_ids)) {
                    // user should be removed
                    $to_remove[] = $row['group_id'];
                } else {
                    // user should remain in group
                    $key = array_search($row['group_id'], $to_add);
                    unset($to_add[$key]);
                }
            }
        }
        $db->sql_freeresult($result);

        foreach ($to_add as $group_id) {
            group_user_add($group_id, array($user_id));
        }
        foreach ($to_remove as $group_id) {
            group_user_del($group_id, array($user_id));
        }

        // primary group
        $primary_group = array_pop($group_ids);

        $sql = 'SELECT group_id FROM ' . USERS_TABLE . '
            WHERE user_id = ' . (int) $user_id;
        $result = $db->sql_query($sql);
        $user = $db->sql_fetchrow($result);
        $db->sql_freeresult($result);

        if ($user['group_id'] != $primary_group) {
            $test = group_memberships(array(
                38,
                39
            ), $user_id);
            if (!$test) {
                group_user_attributes('default', $primary_group, array($user_id));
            }
        }
    }

    private function _update_profile_fields($user_id, $r) {
        // main fields
        $sql_ary = array(
            'pf_phpbb_website'  => 'https://foo.tv/' . $r->login,
            'pf_foo_id' => $r->id
        );
        // should only be set at REGISTER

        // and go update
        global $phpbb_container;
        $cp = $phpbb_container->get('profilefields.manager');
        $cp->update_profile_field_data($user_id, $sql_ary);
    }

    /* Gets group ID's and creates where relevant */
    private function _user_groups() {
        global $db;

        $sql = 'SELECT group_id, group_name
            FROM ' . GROUPS_TABLE;
        $result = $db->sql_query($sql);

        while ($row = $db->sql_fetchrow($result)) {
            if (isset($this->_foo_groups[$row['group_name']])) {
                $this->_foo_groups[$row['group_name']] = $row['group_id'];
            }
        }
        $db->sql_freeresult($result);

        $base_group = $this->_get_group_detailsbyname('REGISTERED');

        foreach ($this->_foo_groups as $name => $group_id) {
            if (!$group_id) {
                if (!($error = group_create(
                    $group_id,
                    3,// Core Group
                    $name,//defer to language
                    '',
                    array(),
                    false,
                    false,
                    false
                    ))) {
                        // perms
                        $this->_perms_copy($group_id, $base_group['group_id']);
                        $this->_foo_groups[$name] = $group_id;
                } else {
                    trigger_error('An error occured (groups)');
                }
            }
        }

        return $this->_foo_groups;
    }

    private function _determine_user_groups($foo_user) {
        // group interrupt
        $groups = $this->_user_groups();

        $base = $this->_get_group_detailsbyname('REGISTERED');

        $target_user_groups = array(
            $base['group_id']
        );

        /*
        A removed cURL call
        */

        if ($i['http_code'] == 200) {
            // no need to process $r
            $target_user_groups[] = $groups['FOO_SUBSCRIBER'];
        }

        // on failed go with default
        return $target_user_groups;
    }

    private function _get_group_detailsbyname($group_name) {
        global $db;

        $sql = 'SELECT *
            FROM ' . GROUPS_TABLE . '
            WHERE group_name = \'' . (string) $group_name . '\'';
        $result = $db->sql_query($sql);
        $row = $db->sql_fetchrow($result);
        $db->sql_freeresult($result);

        return $row;
    }
    private function _perms_copy($group_id, $group_perm_from) {
        global $db, $user, $auth, $cache;

        // line 557 acp_groups.php
        $sql = 'SELECT group_founder_manage
            FROM ' . GROUPS_TABLE . '
            WHERE group_id = ' . $group_perm_from;
        $result = $db->sql_query($sql);
        $check_row = $db->sql_fetchrow($result);
        $db->sql_freeresult($result);

        // Check the group if non-founder
        if ($check_row && ($user->data['user_type'] == USER_FOUNDER || $check_row['group_founder_manage'] == 0))
        {
            // From the mysql documentation:
            // Prior to MySQL 4.0.14, the target table of the INSERT statement cannot appear in the FROM clause of the SELECT part of the query. This limitation is lifted in 4.0.14.
            // Due to this we stay on the safe side if we do the insertion "the manual way"

            // Copy permisisons from/to the acl groups table (only group_id gets changed)
            $sql = 'SELECT forum_id, auth_option_id, auth_role_id, auth_setting
                FROM ' . ACL_GROUPS_TABLE . '
                WHERE group_id = ' . $group_perm_from;
            $result = $db->sql_query($sql);

            $groups_sql_ary = array();
            while ($row = $db->sql_fetchrow($result))
            {
                $groups_sql_ary[] = array(
                    'group_id'          => (int) $group_id,
                    'forum_id'          => (int) $row['forum_id'],
                    'auth_option_id'    => (int) $row['auth_option_id'],
                    'auth_role_id'      => (int) $row['auth_role_id'],
                    'auth_setting'      => (int) $row['auth_setting']
                );
            }
            $db->sql_freeresult($result);

            // Now insert the data
            $db->sql_multi_insert(ACL_GROUPS_TABLE, $groups_sql_ary);

            $auth->acl_clear_prefetch();
        }

        $cache->destroy('sql', array(GROUPS_TABLE, TEAMPAGE_TABLE));

        return;
    }

    private function updateAndLogin($row, $r, $group_ids) {
        global $db;

        $user_id = $row['user_id'];

        // update data
        $user = $this->user_loader->get_user($user_id, true);

        $user_row = array(
            'username'              => ($r->display_name ? $r->display_name : $r->login),
            'username_clean'        => $r->login,
            'user_email'            => $r->email,
        );

        if ($r->profile_image_url) {
            $user_row['user_avatar']        = $r->profile_image_url;
            $user_row['user_avatar_type']   = 'avatar.driver.remote';
            $user_row['user_avatar_width']  = 90;
            $user_row['user_avatar_height'] = 90;
        }

        $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $user_row) . ' WHERE user_id = ' . $user_id;
        $result = $db->sql_query($sql);
        $db->sql_freeresult($result);

        $this->_group_update($user_id, $group_ids);
        $this->_update_profile_fields($user_id, $r);

        // user exists login
        $this->user->session_begin();
        $result = $this->user->session_create($user_id, false, true, true);

        global $phpbb_root_path, $phpEx;
        $redirect = request_var('redirect', "{$phpbb_root_path}index.$phpEx");;
        redirect($redirect);
    }
}
	<?php

	namespace bcarlyon\foo\service;

	class foo
	{
	private $_token;
	protected $user;//phpbb user
	protected $user_loader;
	protected $_foo_groups;

	public function __construct(\phpbb\user_loader $user_loader) {
	$this->user_loader = $user_loader;

	$this->_foo_groups = array(
	'FOO_SUBSCRIBER' => false,
	);

	return $this;
	}

	public function setUser(\phpbb\user $user) {
	$this->user = $user;
	return $this;
	}

	public function setToken($token) {
	$this->_token = $token;
	return $this;
	}

	public function getUser()
	{
	global $db;
	include_once('includes/functions_user.php');

	/*
	A Removed cURL call
	*/

	if ($i['http_code'] == 200) {
	$raw = json_decode($r);

	$r = $raw->data[0];//helix

	if (JSON_ERROR_NONE === json_last_error()) {
	if (!$r->email) {
	trigger_error('There does not appear to be a Email Address on your FOO Account.', E_USER_ERROR);
	exit;
	}

	$group_ids = $this->_determine_user_groups($r);

	$sql_array = array(
	'pf_foo_id' => $r->id
	);
	// find user by Foo ID in the profile fields table
	$sql = 'SELECT user_id FROM forum_profile_fields_data '
	. ' WHERE ' . $db->sql_build_array('SELECT', $sql_array);
	$result = $db->sql_query($sql);
	$row = $db->sql_fetchrow($result);

	$db->sql_freeresult($result);

	if ($row['user_id']) {
	// found user
	// update and login
	$this->updateAndLogin($row, $r, $group_ids);

	exit;
	} else {
	// try to find by clean username
	$sql_array = array(
	'username_clean' => $r->login
	);
	// find user by Foo ID in the profile fields table
	$sql = 'SELECT u.user_id, pf_foo_id FROM ' . USERS_TABLE . ' u LEFT JOIN forum_profile_fields_data fpfd ON fpfd.user_id = u.user_id '
	. ' WHERE ' . $db->sql_build_array('SELECT', $sql_array);
	$result = $db->sql_query($sql);
	$row = $db->sql_fetchrow($result);
	$db->sql_freeresult($result);

	if ($row['user_id']) {
	// got a hit
	// update

	// check profile field
	if (!$row['pf_foo_id']) {
	$this->updateAndLogin($row, $r, $group_ids);

	exit;
	}
	}

	// create user
	$test_name = validate_username($r->login);
	if ($test_name) {
	trigger_error(''
	. 'An error occured during Registration.'
	. '<br />You can drop BarryCarlyon a message to get your Account fixed.'
	. '<br />Please mention the following response code'
	. '<br />The Response code is ' . $test_name);
	}

	$user_row = array(
	'username' => ($r->display_name ? $r->display_name : $r->login),
	'user_password' => phpbb_hash(time()),
	'user_email' => $r->email,
	'group_id' => 2,// registered to start with
	'user_timezone' => 'UTC',
	'user_lang' => 'en',
	'user_type' => USER_NORMAL,
	'user_ip' => $this->user->ip,
	'user_regdate' => time()
	);

	if ($r->profile_image_url) {
	$user_row['user_avatar'] = $r->profile_image_url;
	$user_row['user_avatar_type'] = 'avatar.driver.remote';
	$user_row['user_avatar_width'] = 90;
	$user_row['user_avatar_height'] = 90;
	}

	$user_id = user_add($user_row);

	if ($user_id === false) {
	// should not happen but just in case
	trigger_error('NO_USER', E_USER_ERROR);
	} else {
	// user group initial
	foreach ($group_ids as $group_id) {
	group_user_add($group_id, array($user_id));
	}

	$this->_group_update($user_id, $group_ids);
	$this->_update_profile_fields($user_id, $r);



	// user created
	// perform login
	$this->user->session_begin();
	$result = $this->user->session_create($user_id, false, true, true);

	global $phpbb_root_path, $phpEx;
	$redirect = request_var('redirect', "{$phpbb_root_path}index.$phpEx");;
	redirect($redirect);

	exit;
	}
	}
	}
	}

	trigger_error('Looks like we hit the Foo Rate limit! Please try again shortly');
	}

	private function _group_update($user_id, $group_ids) {
	global $db;

	$to_add = $group_ids;
	$to_remove = array();

	$sql = 'SELECT group_id FROM ' . USER_GROUP_TABLE . '
	WHERE user_id = ' . (int) $user_id;
	$result = $db->sql_query($sql);
	while ($row = $db->sql_fetchrow($result)) {
	if (in_array($row['group_id'], $this->_foo_groups)) {
	// user is in this control groups
	if (!in_array($row['group_id'], $group_ids)) {
	// user should be removed
	$to_remove[] = $row['group_id'];
	} else {
	// user should remain in group
	$key = array_search($row['group_id'], $to_add);
	unset($to_add[$key]);
	}
	}
	}
	$db->sql_freeresult($result);

	foreach ($to_add as $group_id) {
	group_user_add($group_id, array($user_id));
	}
	foreach ($to_remove as $group_id) {
	group_user_del($group_id, array($user_id));
	}

	// primary group
	$primary_group = array_pop($group_ids);

	$sql = 'SELECT group_id FROM ' . USERS_TABLE . '
	WHERE user_id = ' . (int) $user_id;
	$result = $db->sql_query($sql);
	$user = $db->sql_fetchrow($result);
	$db->sql_freeresult($result);

	if ($user['group_id'] != $primary_group) {
	$test = group_memberships(array(
	38,
	39
	), $user_id);
	if (!$test) {
	group_user_attributes('default', $primary_group, array($user_id));
	}
	}
	}

	private function _update_profile_fields($user_id, $r) {
	// main fields
	$sql_ary = array(
	'pf_phpbb_website' => 'https://foo.tv/' . $r->login,
	'pf_foo_id' => $r->id
	);
	// should only be set at REGISTER

	// and go update
	global $phpbb_container;
	$cp = $phpbb_container->get('profilefields.manager');
	$cp->update_profile_field_data($user_id, $sql_ary);
	}

	/* Gets group ID's and creates where relevant */
	private function _user_groups() {
	global $db;

	$sql = 'SELECT group_id, group_name
	FROM ' . GROUPS_TABLE;
	$result = $db->sql_query($sql);

	while ($row = $db->sql_fetchrow($result)) {
	if (isset($this->_foo_groups[$row['group_name']])) {
	$this->_foo_groups[$row['group_name']] = $row['group_id'];
	}
	}
	$db->sql_freeresult($result);

	$base_group = $this->_get_group_detailsbyname('REGISTERED');

	foreach ($this->_foo_groups as $name => $group_id) {
	if (!$group_id) {
	if (!($error = group_create(
	$group_id,
	3,// Core Group
	$name,//defer to language
	'',
	array(),
	false,
	false,
	false
	))) {
	// perms
	$this->_perms_copy($group_id, $base_group['group_id']);
	$this->_foo_groups[$name] = $group_id;
	} else {
	trigger_error('An error occured (groups)');
	}
	}
	}

	return $this->_foo_groups;
	}

	private function _determine_user_groups($foo_user) {
	// group interrupt
	$groups = $this->_user_groups();

	$base = $this->_get_group_detailsbyname('REGISTERED');

	$target_user_groups = array(
	$base['group_id']
	);

	/*
	A removed cURL call
	*/

	if ($i['http_code'] == 200) {
	// no need to process $r
	$target_user_groups[] = $groups['FOO_SUBSCRIBER'];
	}

	// on failed go with default
	return $target_user_groups;
	}

	private function _get_group_detailsbyname($group_name) {
	global $db;

	$sql = 'SELECT *
	FROM ' . GROUPS_TABLE . '
	WHERE group_name = \'' . (string) $group_name . '\'';
	$result = $db->sql_query($sql);
	$row = $db->sql_fetchrow($result);
	$db->sql_freeresult($result);

	return $row;
	}
	private function _perms_copy($group_id, $group_perm_from) {
	global $db, $user, $auth, $cache;

	// line 557 acp_groups.php
	$sql = 'SELECT group_founder_manage
	FROM ' . GROUPS_TABLE . '
	WHERE group_id = ' . $group_perm_from;
	$result = $db->sql_query($sql);
	$check_row = $db->sql_fetchrow($result);
	$db->sql_freeresult($result);

	// Check the group if non-founder
	if ($check_row && ($user->data['user_type'] == USER_FOUNDER \|\| $check_row['group_founder_manage'] == 0))
	{
	// From the mysql documentation:
	// Prior to MySQL 4.0.14, the target table of the INSERT statement cannot appear in the FROM clause of the SELECT part of the query. This limitation is lifted in 4.0.14.
	// Due to this we stay on the safe side if we do the insertion "the manual way"

	// Copy permisisons from/to the acl groups table (only group_id gets changed)
	$sql = 'SELECT forum_id, auth_option_id, auth_role_id, auth_setting
	FROM ' . ACL_GROUPS_TABLE . '
	WHERE group_id = ' . $group_perm_from;
	$result = $db->sql_query($sql);

	$groups_sql_ary = array();
	while ($row = $db->sql_fetchrow($result))
	{
	$groups_sql_ary[] = array(
	'group_id' => (int) $group_id,
	'forum_id' => (int) $row['forum_id'],
	'auth_option_id' => (int) $row['auth_option_id'],
	'auth_role_id' => (int) $row['auth_role_id'],
	'auth_setting' => (int) $row['auth_setting']
	);
	}
	$db->sql_freeresult($result);

	// Now insert the data
	$db->sql_multi_insert(ACL_GROUPS_TABLE, $groups_sql_ary);

	$auth->acl_clear_prefetch();
	}

	$cache->destroy('sql', array(GROUPS_TABLE, TEAMPAGE_TABLE));

	return;
	}

	private function updateAndLogin($row, $r, $group_ids) {
	global $db;

	$user_id = $row['user_id'];

	// update data
	$user = $this->user_loader->get_user($user_id, true);

	$user_row = array(
	'username' => ($r->display_name ? $r->display_name : $r->login),
	'username_clean' => $r->login,
	'user_email' => $r->email,
	);

	if ($r->profile_image_url) {
	$user_row['user_avatar'] = $r->profile_image_url;
	$user_row['user_avatar_type'] = 'avatar.driver.remote';
	$user_row['user_avatar_width'] = 90;
	$user_row['user_avatar_height'] = 90;
	}

	$sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $user_row) . ' WHERE user_id = ' . $user_id;
	$result = $db->sql_query($sql);
	$db->sql_freeresult($result);

	$this->_group_update($user_id, $group_ids);
	$this->_update_profile_fields($user_id, $r);

	// user exists login
	$this->user->session_begin();
	$result = $this->user->session_create($user_id, false, true, true);

	global $phpbb_root_path, $phpEx;
	$redirect = request_var('redirect', "{$phpbb_root_path}index.$phpEx");;
	redirect($redirect);
	}
	}