search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Simple status box for the sidebar.
[elgg_plugins.git] / openid_client / return.php
blobaf20356dbd48e99f665062c0ab74a0c77deeb7f8
1 <?php
2
3 /**
4 * Callback for return_to url redirection. The identity server will
5 * redirect back to this handler with the results of the
6 * authentication attempt.
7 */
8
9 require_once('openid_includes.php');
10
11 $store = new OpenID_ElggStore();
12 $consumer = new Auth_OpenID_Consumer($store);
13
14 $query = array_merge( $_GET, $_POST );
15
16 // TODO - handle passthru_url properly
17 // $dest = $query['destination'];
18 $response = $consumer->complete($query);
19
20 if ($response->status == Auth_OpenID_CANCEL) {
21 $messages[] = __gettext("OpenID authentication cancelled.");
22 } else if ($response->status != Auth_OpenID_SUCCESS) {
23 $messages[] = __gettext("OpenID authentication failed (status: {$response->status}, url: {$response->url}, message: {$response->message} )");
24 } else { // SUCCESS.
25 $openid_url = $response->identity_url;
26
27 // Look for sreg data.
28 $sreg = $response->extensionResponse('sreg');
29 if ($sreg) {
30 $email = trim($sreg['email']);
31 $fullname = trim($sreg['fullname']);
32 }
33 $user = get_record_select('users',"alias = ? AND user_type = ? ", array($openid_url,'external'));
34 if (!$user || $user->active == 'no') {
35 if (!$user) {
36 // this account does not exist
37 if (!$email || !validateEmailSyntax($email)) {
38 if ($ident = openid_client_create_external_user($openid_url,$email, $fullname, true)) {
39 $code = openid_client_generate_i_code('a',$openid_url,$ident,$email,$fullname);
40 $body = openid_client_generate_missing_data_form($openid_url,'',$fullname,true,$code);
41 }
42 $missing_data = true;
43 } elseif (!$fullname) {
44 $email_confirmation = openid_client_check_email_confirmation($openid_url);
45 if ($email_confirmation) {
46 $prefix = 'a';
47 } else {
48 $prefix = 'n';
49 }
50 // create the account
51 if ($ident = openid_client_create_external_user($openid_url,$email, $fullname, $email_confirmation)) {
52 $code = openid_client_generate_i_code($prefix,$openid_url,$ident,$email,$fullname);
53 $body = openid_client_generate_missing_data_form($openid_url,$email,'',$email_confirmation,$code);
54 }
55 $missing_data = true;
56 } else {
57 // email address and name look good
58
59 $login = false;
60
61 // create a new account
62
63 $email_confirmation = openid_client_check_email_confirmation($openid_url);
64
65 $ident = openid_client_create_external_user($openid_url,$email, $fullname, $email_confirmation);
66 $missing_data = false;
67 }
68 } else {
69 // this is an inactive account
70 $ident = $user->ident;
71 // assume that the account is inactive because the user
72 // previously made an unconfirmed registration attempt
73 // and that confirmation is still required
74 $email_confirmation = true;
75 $missing_data = false;
76 }
77 if ($ident && !$missing_data) {
78
79 if ($email_confirmation) {
80 $i_code = openid_client_generate_i_code('a',$openid_url,$ident,$email,$fullname);
81 openid_client_send_activate_confirmation_message($i_code);
82 $messages[] = $activate_confirmation1 . $email . $activate_confirmation2;
83 } else {
84 $messages[] = $created_external_msg." $email, $fullname";
85 $login = true;
86 }
87 }
88
89 } else {
90
91 // account is active, check to see if this user has been banned
92
93 if (run("users:flags:get", array("banned", $user->ident))) { // this needs to change.
94 $ok = false;
95 $user = false;
96 $USER = false;
97 global $messages;
98 $messages[] = __gettext("You have been banned from the system!");
99 } else {
100 // user has not been banned
101 // check to see if email address has changed
102 if ($email && $email != $user->email && validateEmailSyntax($email)) {
103 // the email on the OpenID server is not the same as the email registered on this local client system
104 $email_confirmation = openid_client_check_email_confirmation($openid_url);
105 if ($CFG->openid_client_always_sync == 'yes') {
106 // this client always forces client/server data syncs
107 if ($fullname) {
108 set_field('users','name',$fullname,'ident',$user->ident);
109 }
110 if ($email_confirmation) {
111 // don't let this user in until the email address change is confirmed
112 $login = false;
113 $i_code = openid_client_generate_i_code('c',$openid_url,$user->ident,$email,$fullname);
114 openid_client_send_change_confirmation_message($i_code);
115 $messages[] = $change_confirmation1 . $email . $change_confirmation2;
116 } else {
117 $login = true;
118 if (count_records('users','email',$email)) {
119 $messages[] = __gettext("Cannot change your email address to $email because it is already in use.");
120 } else {
121 set_field('users','email',$email,'ident',$user->ident);
122 $messages[] = __gettext("Your email address has been updated to $email");
123 }
124 }
125 } else {
126 $login = true;
127 if (!$store->getNoSyncStatus($user->ident)) {
128 // the following conditions are true:
129 // the email address has changed on the server,
130 // this client does not *require* syncing with the server,
131 // but this user has not turned off syncing
132 // therefore the user needs to be offered the chance to sync his or her data
133 $body = openid_client_generate_sync_form($email,$fullname,$user,$email_confirmation);
134 }
135 }
136 } elseif ($fullname && $fullname != $user->name) {
137 // the fullname on the OpenID server is not the same as the name registered on this local client system
138 $login = true;
139 if ($CFG->openid_client_always_sync == 'yes') {
140 // this client always forces client/server data syncs
141 set_field('users','name',$fullname,'ident',$user->ident);
142 } else {
143 if (!$store->getNoSyncStatus($user->ident)) {
144 // the following conditions are true:
145 // the fullname has changed on the server,
146 // this client does not *require* syncing with the server,
147 // but this user has not turned off syncing
148 // therefore the user needs to be offered the chance to sync his or her data
149 $body = openid_client_generate_sync_form($email,$fullname,$user,false);
150 }
151 }
152 } else {
153 // nothing has changed or the data is null so let this person in
154 $login = true;
155 }
156 }
157 }
158
159 if ($login) {
160
161 // Set persistent cookie
162 $rememberme = optional_param('remember',0);
163 if (!empty($rememberme)) {
164 remember_login($user->ident);
165 }
166
167 // log the user in
168
169 $user = get_record_select('users',"alias = ? AND active = ? AND user_type = ? ", array($openid_url,'yes','external'));
170 $USER = init_user_var($user);
171 }
172 }
173
174 if($body) {
175
176 define("context", "OpenID register");
177
178 templates_page_setup();
179
180 echo templates_page_draw( array(
181 sitename,
182 templates_draw(array(
183 'body' => $body,
184 'title' => __gettext("OpenID information"),
185 'context' => 'contentholder'
186 )
187 )
188 )
189 );
190 } else {
191 $_SESSION['messages'] = $messages;
192 header("Location: " .$CFG->wwwroot);
193 exit;
194 }
195
196 ?>
Elgg Plugins