├── LICENSE ├── README.md ├── demo.php └── steamauthOOP.class.php /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) modified version 2 | 3 | Copyright (c) 2015 BlackCetha 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish and/or distribute copies of the Software, 9 | and to permit persons to whom the Software is furnished to do so, subject to 10 | the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | YOU MAY NOT SUBLICENSE AND/OR SELL COPIES OR PARTS OF THE SOFTWARE. 24 | ALL COPIES OF THE SOFTWARE MAY ONLY BE DISTRIBUTED FREE OF CHARGE FOR THE SOFTWARE ITSELF. 25 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # SteamAuthOOP 2 | OOP-based Steam-Login library 3 | 4 | # Features 5 | - One-File class 6 | - Doesnt rely on an external library 7 | - Easy to use 8 | - Easy to modify with commented code and function reference 9 | - Saves *all* information the Steam-API provides on a per-user basis 10 | - Doesnt recreate/delete your session if you use it elsewhere 11 | 12 | # Installation 13 | - Drop the `steamauthoop.class.php` file into your projects directory 14 | - Insert your API-Key from http://steamcommunity.com/dev/apikey into the config (`$settings["apikey"]`) 15 | - Include it with `require "steamauthoop.class.php";` 16 | - Initialize it with `$steam = new SteamAuthOOP();` 17 | 18 | # Basic usage 19 | If you want to have a link, go with 20 | `Link` 21 | 22 | 23 | Check if the user is logged in with 24 | `$steam->loggedIn();` 25 | (Will return true or false) 26 | 27 | 28 | User-Data is accessible through `$steam->varName;` 29 | You can find a basic list of variables in the demo file or a more advanced one in the code. 30 | 31 | 32 | ### Example 33 | 34 | ```php 35 | loggedIn()) { 39 | echo "Hello ".$steam->personaname."!"; 40 | } else { 41 | echo "Login"; 42 | } 43 | ?> 44 | ``` 45 | 46 | # Planned 47 | Nothing at the moment. 48 | Open an issue if you think there is something that could be better. 49 | 50 | # Data security 51 | The library does not deliver safe/escaped data as it would limit the functionality. 52 | This will leave your site vulnerable to cross-site-scripting ("XSS") and SQL-injection attacks if you dont take actions to prevent them. 53 | 54 | ### XSS 55 | For example if a user calls himself `` and you print that name to other users, their browser will download `hacks.js`. 56 | 57 | You can prevent that by passing the string through `htmlspecialchars($string)`. 58 | 59 | ### SQL injection 60 | For example if a user calls himself `"; DROP TABLE *;--` and you directly execute that as an SQL-query, you will loose all your data. 61 | 62 | You can prevent that by passing the strings through `mysqli_escape_string($link, $string)` or `$mysqli->escape_string($string)`. 63 | 64 | # Legal stuff 65 | If you choose to use the steam web-api you need to follow the Steam Web API Terms of Use found at 66 | http://steamcommunity.com/dev/apiterms 67 | 68 | The marked code is taken from Syntax_Error's "Ultra Simple Steam-Login" Class found at ~~ (Link is dead, [archive version](https://web.archive.org/web/20170524123709/http://forums.steampowered.com/forums/showthread.php?t=1430511)) 69 | -------------------------------------------------------------------------------- /demo.php: -------------------------------------------------------------------------------- 1 | logout(); 6 | } 7 | ?> 8 | 9 | 10 | 11 | 12 | 13 | 14 | SteamAuthOOP Demo 15 | 16 | 20 | 26 | 27 | 28 |

29 |

SteamAuthOOP Demo

30 | for SteamAuthOOP 1.0 31 |

32 | loggedIn()) { 34 | echo "

Welcome Guest! Please log in!

"; 37 | } else { 38 | echo "

39 |

Steam WebAPI-Output: There are more variables ready to use but not listed here as they are not always available.

Log out 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 |

Variable name	Value	Description
\$steam->loggedIn()	".$steam->loggedIn()."	1 (true) - Logged in, 0 (false) - not
\$steam->steamid	".$steam->steamid."	SteamID64 of the user
\$steam->communityvisibilitystate	".$steam->communityvisibilitystate."	1 - Account not visible; 3 - Account is public (Depends on the relationship of your account to the others)
\$steam->profilestate	".$steam->profilestate."	1 - The user has a Steam Community profile; 0 - if not
\$steam->personaname	".$steam->personaname."	Public name of the user
\$steam->lastlogoff	".$steam->lastlogoff."	Unix timestamp of the user's last logoff
\$steam->profileurl	".$steam->profileurl."	Link to the user's profile
\$steam->personastate	".$steam->personastate."	0 - Offline, 1 - Online, 2 - Busy, 3 - Away, 4 - Snooze, 5 - looking to trade, 6 - looking to play
\$steam->realname	".$steam->realname."	\"Real\" name
\$steam->primaryclanid	".$steam->primaryclanid."	The ID of the user's primary group
\$steam->timecreated	".$steam->timecreated."	Unix timestamp for the time the user's account was created
\$steam->avatar	".$steam->avatar."	Address of the user's 32x32px avatar
\$steam->avatarmedium	".$steam->avatarmedium."	Address of the user's 64x64px avatar
\$steam->avatarfull	".$steam->avatarfull."	Address of the user's 184x184px avatar

"; 56 | } 57 | ?> 58 |

59 |

This page is powered by Steam

60 | GitHub Repo
61 | Demo page by BlackCetha

62 | 63 | 64 | 65 | 66 | -------------------------------------------------------------------------------- /steamauthOOP.class.php: -------------------------------------------------------------------------------- 1 | "", // Get yours today from http://steamcommunity.com/dev/apikey 11 | "domainname" => "", // Displayed domain in the login-screen 12 | "loginpage" => "", // Returns to last page if not set 13 | "logoutpage" => "", 14 | "skipAPI" => false // true = dont get the data from steam, just return the steamid64 15 | ); 16 | 17 | function __construct() { 18 | if (session_id() == "") session_start(); // Start a session if none exists 19 | if ($this->settings["apikey"] == "") die("SteamAuthOOP: Please supply a valid API-Key!"); 20 | if ($this->settings["loginpage"] == "") $this->settings["loginpage"] = /* [ */ (!empty($_SERVER['HTTPS']) ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME']; // Code (c) 2010 ichimonai.com, released under MIT-License 21 | if (isset($_GET["openid_assoc_handle"]) && !isset($_SESSION["steamdata"]["steamid"])) { // Did we just return from steam login-page? If so, validate idendity and save the data 22 | $steamid = $this->validate(); 23 | if ($steamid != "") { // ID Proven, get data from steam and save them 24 | if ($this->settings["skipAPI"]) { 25 | $_SESSION["steamdata"]["steamid"] = $steamid; 26 | return; // Skip API here 27 | } 28 | @$apiresp = json_decode(file_get_contents("https://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=".$this->settings["apikey"]."&steamids=".$steamid),true); 29 | foreach ($apiresp["response"]["players"][0] as $key => $value) $_SESSION["steamdata"][$key] = $value; 30 | } 31 | } 32 | if (isset($_SESSION["steamdata"]["steamid"])) { // If we are logged in, make user-data accessable through $steam->var 33 | foreach ($_SESSION["steamdata"] as $key => $value) $this->{$key} = $value; 34 | } 35 | } 36 | 37 | /** 38 | * Generate SteamLogin-URL 39 | * @copyright loginUrl function (c) 2010 ichimonai.com, released under MIT-License 40 | * Modified by BlackCetha for OOP use 41 | */ 42 | function loginUrl() 43 | { 44 | $params = array( 45 | 'openid.ns' => 'http://specs.openid.net/auth/2.0', 46 | 'openid.mode' => 'checkid_setup', 47 | 'openid.return_to' => $this->settings["loginpage"], 48 | 'openid.realm' => (!empty($_SERVER['HTTPS']) ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'], 49 | 'openid.identity' => 'http://specs.openid.net/auth/2.0/identifier_select', 50 | 'openid.claimed_id' => 'http://specs.openid.net/auth/2.0/identifier_select', 51 | ); 52 | return 'https://steamcommunity.com/openid/login' . '?' . http_build_query($params, '', "&"); 53 | } 54 | 55 | /* 56 | * Validate data against Steam-Servers 57 | * @copyright validate function (c) 2010 ichimonai.com, released under MIT-License 58 | * Modified by BlackCetha for OOP use 59 | */ 60 | private static function validate() 61 | { 62 | // Star off with some basic params 63 | $params = array( 64 | 'openid.assoc_handle' => $_GET['openid_assoc_handle'], 65 | 'openid.signed' => $_GET['openid_signed'], 66 | 'openid.sig' => $_GET['openid_sig'], 67 | 'openid.ns' => 'http://specs.openid.net/auth/2.0', 68 | ); 69 | 70 | // Get all the params that were sent back and resend them for validation 71 | $signed = explode(',', $_GET['openid_signed']); 72 | foreach($signed as $item) 73 | { 74 | $val = $_GET['openid_' . str_replace('.', '_', $item)]; 75 | $params['openid.' . $item] = get_magic_quotes_gpc() ? stripslashes($val) : $val; 76 | } 77 | 78 | // Finally, add the all important mode. 79 | $params['openid.mode'] = 'check_authentication'; 80 | 81 | // Stored to send a Content-Length header 82 | $data = http_build_query($params); 83 | $context = stream_context_create(array( 84 | 'http' => array( 85 | 'method' => 'POST', 86 | 'header' => 87 | "Accept-language: en\r\n". 88 | "Content-type: application/x-www-form-urlencoded\r\n" . 89 | "Content-Length: " . strlen($data) . "\r\n", 90 | 'content' => $data, 91 | ), 92 | )); 93 | 94 | $result = file_get_contents("https://steamcommunity.com/openid/login", false, $context); 95 | 96 | // Validate wheather it's true and if we have a good ID 97 | preg_match("#^https?://steamcommunity.com/openid/id/([0-9]{17,25})#", $_GET['openid_claimed_id'], $matches); 98 | $steamID64 = is_numeric($matches[1]) ? $matches[1] : 0; 99 | 100 | // Return our final value 101 | return preg_match("#is_valid\s*:\s*true#i", $result) == 1 ? $steamID64 : ''; 102 | } 103 | function logout() { 104 | if (!$this->loggedIn()) return false; 105 | unset($_SESSION["steamdata"]); // Delete the users info from the cache, DOESNT DESTROY YOUR SESSION! 106 | if (!isset($_SESSION[0])) session_destroy(); // End the session if theres no more data in it 107 | if ($this->settings["logoutpage"] != "") header("Location: ".$this->settings["logoutpage"]); // If the logout-page is set, go there 108 | return true; 109 | } 110 | function loggedIn() { 111 | return (isset($_SESSION["steamdata"]["steamid"]) && $_SESSION["steamdata"]["steamid"] != "") ? true : false; 112 | } 113 | function forceReload() { 114 | if (!isset($_SESSION["steamdata"]["steamid"])) return false; // User is not logged in, nothing to reload 115 | @$apiresp = json_decode(file_get_contents("https://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=".$this->settings["apikey"]."&steamids=".$_SESSION["steamdata"]["steamid"]),true); 116 | foreach ($apiresp["response"]["players"][0] as $key => $value) $_SESSION["steamdata"][$key] = $value; 117 | foreach ($_SESSION["steamdata"] as $key => $value) $this->{$key} = $value; // Make user-data accessable through $steam->var 118 | return true; 119 | } 120 | /** 121 | * Prints debug information about steamauth 122 | */ 123 | function debug() { 124 | echo "

SteamAuth debug report

Settings-array:
"; 125 | echo "

".print_r($this->settings,true)."

"; 126 | echo "

Data:
"; 127 | echo "

".print_r($_SESSION["steamdata"],true)."

"; 128 | } 129 | } 130 | ?> 131 | --------------------------------------------------------------------------------