PageRenderTime 47ms CodeModel.GetById 17ms RepoModel.GetById 0ms app.codeStats 0ms

/elgg/mod/openid_client/actions/return.php

https://bitbucket.org/rhizomatik/lorea_production/
PHP | 207 lines | 139 code | 26 blank | 42 comment | 60 complexity | 1945a653931a5e74d1978e156ff12f5a MD5 | raw file
Possible License(s): GPL-3.0, GPL-2.0, BSD-3-Clause, LGPL-2.1 
    

  1. <?php

    2. 

  2. 

    3. 

  3. /**

    4. 

  4.  * Callback for return_to url redirection. The identity server will

    5. 

  5.  * redirect back to this handler with the results of the

    6. 

  6.  * authentication attempt.

    7. 

  7.  */

    8. 

  8. ini_set('display_errors', '1');

    9. 

  9. require_once(dirname(dirname(dirname(dirname(__FILE__)))) . "/engine/start.php");

    10. 

  10. require_once('../openid_include.php');

    11. 

  11. set_context('openid');

    12. 

  12. $store = new OpenID_ElggStore();

    13. 

  13. $consumer = new Auth_OpenID_Consumer($store);

    14. 

  14. 

    15. 

  15. $return_url = $CONFIG->wwwroot.'mod/openid_client/actions/return.php';

    16. 

  16. 

    17. 

  17. // TODO - handle passthru_url properly

    18. 

  18. // $dest = $query['destination'];

    19. 

  19. $response = $consumer->complete($return_url);

    20. 

  20. 

    21. 

  21. if ($response->status == Auth_OpenID_CANCEL) {

    22. 

  22.     register_error(elgg_echo("openid_client:authentication_cancelled"));

    23. 

  23. } else if ($response->status != Auth_OpenID_SUCCESS) {

    24. 

  24.     register_error(sprintf(elgg_echo("openid_client:authentication_failed"),$response->status,$response->message) );

    25. 

  25. } else { // SUCCESS.

    26. 

  26. 	$openid_url = $response->getDisplayIdentifier();

    27. 

  27. 	

    28. 

  28.     // Look for sreg data.

    29. 

  29.     $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response);

    30. 

  30.     $sreg = $sreg_resp->contents();

    31. 

  31. 	if ($sreg) {

    32. 

  32.         $email = trim($sreg['email']);

    33. 

  33.         $fullname = trim($sreg['fullname']);

    34. 

  34.         "client:".error_log($email);

    35. 

  35.         "client:".error_log($fullname);

    36. 

  36.         //print ($email.' '.$fullname);

    37. 

  37.     }

    38. 

  38.     

    39. 

  39.     $entities = get_entities_from_metadata('alias', $openid_url, 'user', 'openid');

    40. 

  40. 

    41. 

  41. 	if (!$entities || $entities[0]->active == 'no') {

    42. 

  42. 		if (!$entities) {

    43. 

  43. 			// this account does not exist

    44. 

  44. 	    	if (!$email || !openid_validate_email($email)) {

    45. 

  45.     	    	// there is a problem with the email provided by the profile exchange, so generate a form to collect it

    46. 

  46. 				if ($user = openid_client_create_openid_user($openid_url,$email, $fullname, true)) {

    47. 

  47. 		    		$details = openid_client_create_invitation('a',$openid_url,$user->getGUID(),$email,$fullname);

    48. 

  48. 	    			$body = openid_client_generate_missing_data_form($openid_url,'',$fullname,true,$details);

    49. 

  49. 				}

    50. 

  50. 				$missing_data = true;

    51. 

  51. 			} elseif (!$fullname) {

    52. 

  52.     			// the name is missing

    53. 

  53. 				$email_confirmation = openid_client_check_email_confirmation($openid_url);

    54. 

  54. 				if ($email_confirmation) {

    55. 

  55. 					$prefix = 'a';

    56. 

  56. 				} else {

    57. 

  57. 					$prefix = 'n';

    58. 

  58. 				}

    59. 

  59. 				// create the account

    60. 

  60. 				if ($user = openid_client_create_openid_user($openid_url,$email, $fullname, $email_confirmation)) {

    61. 

  61. 					$details = openid_client_create_invitation($prefix,$openid_url,$user->getGUID(),$email,$fullname);

    62. 

  62. 					$body = openid_client_generate_missing_data_form($openid_url,$email,'',$email_confirmation,$details);

    63. 

  63. 				}

    64. 

  64. 				$missing_data = true;

    65. 

  65. 			} else {

    66. 

  66. 				// email address and name look good 

    67. 

  67. 				

    68. 

  68. 				$login = false;			

    69. 

  69. 							    

    70. 

  70. 			    // create a new account

    71. 

  71. 				   

    72. 

  72. 			   	$email_confirmation = openid_client_check_email_confirmation($openid_url);		    					    

    73. 

  73. 			    							

    74. 

  74. 				$user = openid_client_create_openid_user($openid_url,$email, $fullname, $email_confirmation);

    75. 

  75. 				$missing_data = false;

    76. 

  76. 			}

    77. 

  77. 		} else {

    78. 

  78. 			// this is an inactive account

    79. 

  79. 			$user = $entities[0];

    80. 

  80. 			

    81. 

  81. 			// need to figure out why the account is inactive

    82. 

  82. 			

    83. 

  83. 			$email_confirmation = openid_client_check_email_confirmation($openid_url);

    84. 

  84. 			

    85. 

  85. 			if ($user->email && $user->name) {

    86. 

  86.     			$missing_data = false;

    87. 

  87.     			// no missing information

    88. 

  88. 			    if (!$email_confirmation) {

    89. 

  89.     			    // OK, this is weird - no email confirmation required and all the information has been supplied

    90. 

  90.     			    // this should not happen, so just go ahead and activate the account

    91. 

  91.     			    $user->active = 'yes';

    92. 

  92.     			    $user->save();

    93. 

  93. 			    }

    94. 

  94. 		    } else {    		    

    95. 

  95.     		    // missing information

    96. 

  96.     		    $missing_data = true;

    97. 

  97.     		    // does this person have an existing magic code?

    98. 

  98.     		    if ($details = openid_client_get_invitation_by_username($user->alias)) {

    99. 

  99.         		    $body = openid_client_generate_missing_data_form($openid_url,$user->email,$user->name,$email_confirmation,$details);

    100. 

  100.     		    } else {

    101. 

  101.         		    // create a new magic code

    102. 

  102.         		    $details = openid_client_create_invitation('a',$openid_url,$user->getGUID(),$user->email,$user->name);

    103. 

  103. 	    			$body = openid_client_generate_missing_data_form($openid_url,$user->email,$user->name,$email_confirmation,$details);

    104. 

  104.     			}   

    105. 

  105. 		    }

    106. 

  106. 		}

    107. 

  107. 		if ($user && !$missing_data) {

    108. 

  108. 				

    109. 

  109. 			if ($email_confirmation) {

    110. 

  110. 				$i_code = openid_client_create_invitation('a',$openid_url,$user->guid,$email,$fullname);

    111. 

  111. 				openid_client_send_activate_confirmation_message($i_code);

    112. 

  112. 				system_message(sprintf(elgg_echo("openid_client:activate_confirmation"), $email));

    113. 

  113. 			} else {

    114. 

  114. 				system_message(sprintf(elgg_echo("openid_client:created_openid_account"),$email, $fullname));

    115. 

  115. 				$login = true;

    116. 

  116. 			}

    117. 

  117. 		}

    118. 

  118. 				

    119. 

  119. 	} else {

    120. 

  120.     	

    121. 

  121.     	$user = $entities[0];

    122. 

  122. 		

    123. 

  123. 		// account is active, check to see if this user has been banned

    124. 

  124. 	

    125. 

  125. 	    if (isset($user->banned) && $user->banned == 'yes') { // this needs to change.

    126. 

  126. 	        register_error(elgg_echo("openid_client:banned"));

    127. 

  127. 	    } else {

    128. 

  128. 		    // user has not been banned

    129. 

  129. 		    // check to see if email address has changed

    130. 

  130. 		    if ($email && $email != $user->email && openid_validate_email($email)) {

    131. 

  131. 			    // the email on the OpenID server is not the same as the email registered on this local client system

    132. 

  132. 			    $email_confirmation = openid_client_check_email_confirmation($openid_url);

    133. 

  133. 			    if ($CONFIG->openid_client_always_sync == 'yes') {

    134. 

  134. 				    // this client always forces client/server data syncs

    135. 

  135. 				    if ($fullname) {

    136. 

  136. 				    	$user->name = $fullname;

    137. 

  137. 			    	}

    138. 

  138. 				    if ($email_confirmation) {

    139. 

  139. 					    // don't let this user in until the email address change is confirmed

    140. 

  140. 					    $login = false;

    141. 

  141. 					    $i_code = openid_client_create_invitation('c',$openid_url,$user->guid,$email,$fullname);

    142. 

  142. 					    openid_client_send_change_confirmation_message($i_code);

    143. 

  143. 					    system_message(sprintf(elgg_echo("openid_client:change_confirmation"), $email));

    144. 

  144. 					} else {

    145. 

  145. 						$login = true;

    146. 

  146. 						if (openid_client_get_user_by_email($email)) {

    147. 

  147. 							register_error(elgg_echo("openid_client:email_in_use"),$email);

    148. 

  148. 						} else {

    149. 

  149.     						$user->email = $email;

    150. 

  150. 							system_message(sprintf(elgg_echo("openid_client:email_updated"),$email));

    151. 

  151. 						}

    152. 

  152. 					}

    153. 

  153. 				} else {

    154. 

  154. 					$login = true;

    155. 

  155. 					if (!$store->getNoSyncStatus($user)) {

    156. 

  156. 						// the following conditions are true:

    157. 

  157. 						// the email address has changed on the server,

    158. 

  158. 						// this client does not *require* syncing with the server,

    159. 

  159. 						// but this user has not turned off syncing

    160. 

  160. 						// therefore the user needs to be offered the chance to sync his or her data

    161. 

  161. 						$body = openid_client_generate_sync_form($email,$fullname,$user,$email_confirmation);

    162. 

  162. 					}

    163. 

  163. 				}

    164. 

  164. 			} elseif ($fullname && $fullname != $user->name) {

    165. 

  165. 				// the fullname on the OpenID server is not the same as the name registered on this local client system

    166. 

  166. 				$login = true;

    167. 

  167. 				if ($CONFIG->openid_client_always_sync == 'yes') {

    168. 

  168. 				    // this client always forces client/server data syncs

    169. 

  169. 				    $user->name = $fullname;

    170. 

  170. 				} else {

    171. 

  171. 					if (!$store->getNoSyncStatus($user)) {

    172. 

  172. 				    	// the following conditions are true:

    173. 

  173. 						// the fullname has changed on the server,

    174. 

  174. 						// this client does not *require* syncing with the server,

    175. 

  175. 						// but this user has not turned off syncing

    176. 

  176. 						// therefore the user needs to be offered the chance to sync his or her data

    177. 

  177. 						$body = openid_client_generate_sync_form($email,$fullname,$user,false);

    178. 

  178. 					}

    179. 

  179. 				}

    180. 

  180. 			} else {

    181. 

  181. 				// nothing has changed or the data is null so let this person in

    182. 

  182. 				$login = true;

    183. 

  183. 			}

    184. 

  184. 		}							    

    185. 

  185. 	}

    186. 

  186.     

    187. 

  187.     if ($login) {

    188. 

  188. 		

    189. 

  189. 		$rememberme = get_input('remember',0);

    190. 

  190. 		if (!empty($rememberme)) {

    191. 

  191. 			login($user,true);

    192. 

  192. 		} else {

    193. 

  193.     		login($user);

    194. 

  194. 		}

    195. 

  195. 	}

    196. 

  196. } 

    197. 

  197. 

    198. 

  198. if(isset($body) && $body) {

    199. 

  199.     

    200. 

  200.     page_draw(elgg_echo('openid_client:information_title'),$body);

    201. 

  201. 

    202. 

  202. } else {

    203. 

  203. 	forward();

    204. 

  204. }

    205. 

  205. 

    206. 

  206. 

    207. 

  207. ?>

    208. 

  208.