function init()
{
global $CFG;
if (elgg_is_logged_in()) {
setLoggedInUser(normaliseUsername($_SESSION['user']->username));
} else {
setLoggedInUser(null);
}
}
/**
* Log in a user and potentially continue the requested identity approval
*/
function action_login()
{
$method = $_SERVER['REQUEST_METHOD'];
switch ($method) {
case 'GET':
return login_render();
case 'POST':
$info = getRequestInfo();
$fields = $_POST;
if (isset($fields['cancel'])) {
return authCancel($info);
}
list($errors, $openid_url) = login_checkInput($fields);
if (count($errors) || !$openid_url) {
$needed = $info ? $info->identity : false;
//KJ - use $openid_url instead
// return login_render($errors, @$fields['openid_url'], $needed);
return login_render($errors, $openid_url, $needed);
} else {
setLoggedInUser(normaliseUsername($openid_url));
return doAuth($info);
}
default:
return login_render(array('Unsupported HTTP method: $method'));
}
}
// There is no authentication information, so bail
system_message(elgg_echo("openid_server:cancelled"));
forward();
} else {
if ($idpSelect = $info->idSelect()) {
if ($idpSelect) {
$identity = getLoggedInUser();
//$req_url = idURL($idpSelect);
$req_url = $info->identity;
//XXX fixing dirty https stuff
//$req_url = str_replace('http', 'https', $req_url);
} else {
$trusted = false;
}
} else {
$req_url = normaliseUsername($info->identity);
}
$user = getLoggedInUser();
$identity = $user;
setRequestInfo($info);
$req_url_path = substr($req_url, strpos($req_url, ":"));
$user_path = substr($user, strpos($user, ":"));
if ($info->message->isOpenID1() && $req_url_path != $user_path) {
register_error(sprintf(elgg_echo("openid_server:loggedin_as_wrong_user"), $req_url, $user));
forward();
} else {
$trust_root = $info->trust_root;
$trusted = isset($trusted) ? $trusted : isTrusted($identity, $trust_root);
if ($trusted) {
setRequestInfo();
$server =& getServer();
