diff options
| author | Cash Costello <cash.costello@gmail.com> | 2011-12-11 06:38:23 -0500 |
|---|---|---|
| committer | Cash Costello <cash.costello@gmail.com> | 2011-12-11 06:38:23 -0500 |
| commit | d9bf22a0e29c2a70049443a0ae8521a2c0492c8b (patch) | |
| tree | c7599a9169d5def7df56c480ad6d67f312443d6f /return.php | |
| download | elgg-d9bf22a0e29c2a70049443a0ae8521a2c0492c8b.tar.gz elgg-d9bf22a0e29c2a70049443a0ae8521a2c0492c8b.tar.bz2 | |
initial commit for git repository
Diffstat (limited to 'return.php')
| -rw-r--r-- | return.php | 210 |
1 files changed, 210 insertions, 0 deletions
diff --git a/return.php b/return.php new file mode 100644 index 000000000..3d949b492 --- /dev/null +++ b/return.php @@ -0,0 +1,210 @@ +<?php
+
+/**
+ * Callback for return_to url redirection. The identity server will
+ * redirect back to this handler with the results of the
+ * authentication attempt.
+ *
+ * Note: the Elgg action system strips off the query string and is incompatible with
+ * the JanRain OpenID library, so we need to keep this as an ordinary PHP file
+ * for now.
+ *
+ */
+
+require_once(dirname(dirname(dirname(__FILE__))).'/engine/start.php');
+require_once(dirname(__FILE__).'/models/model.php');
+
+global $CONFIG;
+
+set_context('openid');
+$store = new OpenID_ElggStore();
+$consumer = new Auth_OpenID_Consumer($store);
+
+$return_url = $CONFIG->wwwroot.'mod/openid_client/return.php';
+
+// TODO - handle passthru_url properly
+// $dest = $query['destination'];
+$response = $consumer->complete($return_url);
+
+if ($response->status == Auth_OpenID_CANCEL) {
+ register_error(elgg_echo("openid_client:authentication_cancelled"));
+} else if ($response->status != Auth_OpenID_SUCCESS) {
+ register_error(sprintf(elgg_echo("openid_client:authentication_failed"),$response->status,$response->message) );
+} else { // SUCCESS.
+ $openid_url = $response->getDisplayIdentifier();
+
+ // Look for sreg data.
+ $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response);
+ $sreg = $sreg_resp->contents();
+ if ($sreg) {
+ $email = trim($sreg['email']);
+ $fullname = trim($sreg['fullname']);
+ //print ($email.' '.$fullname);
+ }
+
+ $entities = get_entities_from_metadata('alias', $openid_url, 'user', 'openid');
+
+ if (!$entities || $entities[0]->active == 'no') {
+ if (!$entities) {
+ // this account does not exist
+ if (!$email || !validate_email_address($email)) {
+ // there is a problem with the email provided by the profile exchange, so generate a form to collect it
+ if ($user = openid_client_create_openid_user($openid_url,$email, $fullname, true)) {
+ $details = openid_client_create_invitation('a',$openid_url,$user->getGUID(),$email,$fullname);
+ $body = openid_client_generate_missing_data_form($openid_url,'',$fullname,true,$details);
+ }
+ $missing_data = true;
+ } elseif (!$fullname) {
+ // the name is missing
+ $email_confirmation = openid_client_check_email_confirmation($openid_url);
+ if ($email_confirmation) {
+ $prefix = 'a';
+ } else {
+ $prefix = 'n';
+ }
+ // create the account
+ if ($user = openid_client_create_openid_user($openid_url,$email, $fullname, $email_confirmation)) {
+ $details = openid_client_create_invitation($prefix,$openid_url,$user->getGUID(),$email,$fullname);
+ $body = openid_client_generate_missing_data_form($openid_url,$email,'',$email_confirmation,$details);
+ }
+ $missing_data = true;
+ } else {
+ // email address and name look good
+
+ $login = false;
+
+ // create a new account
+
+ $email_confirmation = openid_client_check_email_confirmation($openid_url);
+
+ $user = openid_client_create_openid_user($openid_url,$email, $fullname, $email_confirmation);
+ $missing_data = false;
+ }
+ } else {
+ // this is an inactive account
+ $user = $entities[0];
+
+ // need to figure out why the account is inactive
+
+ $email_confirmation = openid_client_check_email_confirmation($openid_url);
+
+ if ($user->email && $user->name) {
+ $missing_data = false;
+ // no missing information
+ if (!$email_confirmation) {
+ // OK, this is weird - no email confirmation required and all the information has been supplied
+ // this should not happen, so just go ahead and activate the account
+ $user->active = 'yes';
+ $user->save();
+ }
+ } else {
+ // missing information
+ $missing_data = true;
+ // does this person have an existing magic code?
+ if ($details = openid_client_get_invitation_by_username($user->alias)) {
+ $body = openid_client_generate_missing_data_form($openid_url,$user->email,$user->name,$email_confirmation,$details);
+ } else {
+ // create a new magic code
+ $details = openid_client_create_invitation('a',$openid_url,$user->getGUID(),$user->email,$user->name);
+ $body = openid_client_generate_missing_data_form($openid_url,$user->email,$user->name,$email_confirmation,$details);
+ }
+ }
+ }
+ if ($user && !$missing_data) {
+
+ if ($email_confirmation) {
+ $i_code = openid_client_create_invitation('a',$openid_url,$user->guid,$email,$fullname);
+ openid_client_send_activate_confirmation_message($i_code);
+ system_message(sprintf(elgg_echo("openid_client:activate_confirmation"), $email));
+ } else {
+ system_message(sprintf(elgg_echo("openid_client:created_openid_account"),$email, $fullname));
+ $login = true;
+ }
+ }
+
+ } else {
+
+ $user = $entities[0];
+
+ // account is active, check to see if this user has been banned
+
+ if (isset($user->banned) && $user->banned == 'yes') { // this needs to change.
+ register_error(elgg_echo("openid_client:banned"));
+ } else {
+ // user has not been banned
+ // check to see if email address has changed
+ if ($email && $email != $user->email && validate_email_address($email)) {
+ // the email on the OpenID server is not the same as the email registered on this local client system
+ $email_confirmation = openid_client_check_email_confirmation($openid_url);
+ if ($CONFIG->openid_client_always_sync == 'yes') {
+ // this client always forces client/server data syncs
+ if ($fullname) {
+ $user->name = $fullname;
+ }
+ if ($email_confirmation) {
+ // don't let this user in until the email address change is confirmed
+ $login = false;
+ $i_code = openid_client_create_invitation('c',$openid_url,$user->guid,$email,$fullname);
+ openid_client_send_change_confirmation_message($i_code);
+ system_message(sprintf(elgg_echo("openid_client:change_confirmation"), $email));
+ } else {
+ $login = true;
+ if (openid_client_get_user_by_email($email)) {
+ register_error(elgg_echo("openid_client:email_in_use"),$email);
+ } else {
+ $user->email = $email;
+ system_message(sprintf(elgg_echo("openid_client:email_updated"),$email));
+ }
+ }
+ } else {
+ $login = true;
+ if (!$store->getNoSyncStatus($user)) {
+ // the following conditions are true:
+ // the email address has changed on the server,
+ // this client does not *require* syncing with the server,
+ // but this user has not turned off syncing
+ // therefore the user needs to be offered the chance to sync his or her data
+ $body = openid_client_generate_sync_form($email,$fullname,$user,$email_confirmation);
+ }
+ }
+ } elseif ($fullname && $fullname != $user->name) {
+ // the fullname on the OpenID server is not the same as the name registered on this local client system
+ $login = true;
+ if ($CONFIG->openid_client_always_sync == 'yes') {
+ // this client always forces client/server data syncs
+ $user->name = $fullname;
+ } else {
+ if (!$store->getNoSyncStatus($user)) {
+ // the following conditions are true:
+ // the fullname has changed on the server,
+ // this client does not *require* syncing with the server,
+ // but this user has not turned off syncing
+ // therefore the user needs to be offered the chance to sync his or her data
+ $body = openid_client_generate_sync_form($email,$fullname,$user,false);
+ }
+ }
+ } else {
+ // nothing has changed or the data is null so let this person in
+ $login = true;
+ }
+ }
+ }
+
+ if ($login) {
+
+ $rememberme = get_input('remember',0);
+ if (!empty($rememberme)) {
+ login($user,true);
+ } else {
+ login($user);
+ }
+ }
+}
+
+if(isset($body) && $body) {
+
+ page_draw(elgg_echo('openid_client:information_title'),$body);
+
+} else {
+ forward();
+}
|