function login(&$args)
{
$args->retval = false;
$is_valid = isset($_SESSION['nonce']) === true && strlen($_SESSION['nonce']) > 0 && $_SESSION['nonce'] === $_GET['state'];
unset($_SESSION['nonce']);
if ($is_valid === true) {
/* take the supplied code and check with clef for the user info */
\Clef\Clef::initialize(AUTH_APPID, AUTH_SECRET);
try {
$response = \Clef\Clef::get_login_information($_GET['code']);
$usr = $response->info;
/* check if email is in out dataset */
$user =& $this->_find_user($usr->id, $usr->email);
if ($user !== NULL) {
/* this user is allowed to login -
give this session a new id */
session_regenerate_id(true);
$_SESSION['user'] = $usr->id;
$_SESSION['logged_in_at'] = time();
$_SESSION[Auth::AUTHORIZED] = true;
/* now update email and username in database */
$this->_update_user($user, $usr);
error_log('login successful: ' . $usr->id . ', ' . $usr->email);
/* updated model so save */
// XXX: this isn't multi user safe - we write in once hit
$this->_teapot->put_model('users', $this->_users);
$args->retval = true;
} else {
error_log('login failed: ' . $usr->id . ', ' . $usr->email);
}
} catch (Exception $e) {
/* pass */
}
}
}
header('HTTP/1.0 403 Forbidden');
echo "The state parameter didn't match what was passed in to the Clef button.";
exit;
} else {
unset($_SESSION['state']);
}
return $is_valid;
}
if (!session_id()) {
session_start();
}
if (isset($_GET["code"]) && $_GET["code"] != "") {
validate_state($_GET["state"]);
\Clef\Clef::initialize(CLEF_ID, CLEF_SECRET);
try {
$response = \Clef\Clef::get_login_information($_GET["code"]);
$result = $response->info;
// reset the user's session
if (isset($result->id) && $result->id != '') {
//remove all the variables in the session
session_unset();
// destroy the session
session_destroy();
if (!session_id()) {
session_start();
}
$clef_id = $result->id;
$clef_email = $result->email;
require_once 'classes/user.php';
$user = new User($config);
if ($clef_users = $user->select_user(array('clef' => $clef_id))) {
