private function doLogin($moduleInstance, $moduleName)
{
global $config;
// if used login module is not local, then an external login has been used
$externalLogin = strcasecmp($moduleName, 'local') !== 0;
// init user id to reserved value 0
$uid = 0;
// load operations framework
include dirname(__FILE__) . '/classes/userOperations.php';
$userOperations = new userOperations();
if ($externalLogin) {
// lookup internal id using external id
$uid = \user::getIdByExternalId($moduleInstance->getID());
} else {
// local login id is equal to internal login id by definition
$uid = $moduleInstance->getID();
}
// if uid is 0 this means
// either new user
// or user already registered using local login
if ($uid === 0) {
if ($externalLogin) {
// try to recover uid by username based db lookup
$uid_list = \user::getIdByName($moduleInstance->getName());
// iterate through the list, trying to update old callsigns
// and hoping to find the proper user account for this login attempt
foreach ($uid_list as $one_uid) {
// check external login id for match with external login module id
// $moduleInstance->getID() must have a valid value if login got approved
// by the external login module used
$user = new \user($one_uid);
$servicematch = false;
foreach ($user->getExternalIds as $eservice) {
// only act on matching service type
if ($eservice->service === $moduleInstance->getType) {
$servicematch = true;
if ($eservice->euid !== $moduleInstance->getID()) {
// try to resolve the name conflict by updating a username that might be forgotten
$userOperations->updateUserName($one_uid, $eservice->euid, $moduleInstance->getName());
} else {
$uid = $one_uid;
break;
}
}
}
if (!$servicematch) {
$uid = $one_uid;
}
}
unset($servicematch);
unset($eservice);
unset($uid_list);
unset($one_uid);
}
// init newUser to false (do not send welcome message by default)
$newUser = false;
// find out if an internal id can be found for callsign
$newUser = $uid !== 0 ? false : true;
if ($newUser) {
// a new user, be happy :)
if ($config->getValue('login.welcome.summary')) {
$this->moduleOutput[] = strval($config->getValue('login.welcome.summary'));
} else {
$this->moduleOutput[] = 'Welcome and thanks for registering on this website.';
}
// register the account on db
if ($uid = $userOperations->registerAccount($moduleInstance, $externalLogin)) {
// send welcome message if registering was successful
\pm::sendWelcomeMessage($uid);
}
} else {
// existing account with no external login
// call logout as bandaid for erroneous login modules
$user->logout();
$this->moduleOutput[] = 'This account does not have any external logins enabled. ' . 'You may try using ' . '<a href="./?module=local&action=form">local login</a>' . ' first.';
// login failed without any possibility to recover from user error
return false;
}
// does a user try to log in using reserved id 0?
if ($uid === 0) {
// call logout as bandaid for erroneous login modules
// these may log the user in, even though they never should
$user->logout();
$this->moduleOutput[] = 'An internal error occurred: $uid === 0 on login.';
return false;
}
}
$user = new \user($uid);
// re-activate deleted accounts
// stop processing disabled/banned or broken accounts
// call logout as bandaid for erroneous login modules
$status = $user->getStatus();
switch ($status) {
case 'active':
break;
case 'deleted':
$user->setStatus('active');
break;
case 'login disabled':
$this->moduleOutput[] = 'Your account is disabled: No login possible.';
$user->logout();
return false;
break;
// TODO: implement site wide ban list
// TODO: implement site wide ban list
case 'banned':
$this->moduleOutput[] = 'You have been banned from this website.';
$user->logout();
return false;
break;
default:
$this->moduleOutput[] = 'The impossible happened: Account status is' . htmlent($status) . '.';
$user->logout();
return false;
}
if ($uid > 0) {
// update username first because online user list uses the name directly instead of an id
//hmm, uid := $moduleInstance->getID()
$userOperations->updateUserName($uid, $externalLogin ? $moduleInstance->getID() : 0, $moduleInstance->getName());
user::setCurrentUserID($uid);
$moduleInstance->givePermissions();
$userOperations->addToVisitsLog($uid);
$user->setLastLogin();
$user->update();
$userOperations->addToOnlineUserList($moduleInstance->getName(), $uid);
invitation::deleteOldInvitations();
$this->moduleOutput[] = 'Login was successful!';
return true;
} else {
$user->logout();
}
return false;
}
