private function doLogin($moduleInstance, $moduleName) { global $config; // if used login module is not local, then an external login has been used $externalLogin = strcasecmp($moduleName, 'local') !== 0; // init user id to reserved value 0 $uid = 0; // load operations framework include dirname(__FILE__) . '/classes/userOperations.php'; $userOperations = new userOperations(); if ($externalLogin) { // lookup internal id using external id $uid = \user::getIdByExternalId($moduleInstance->getID()); } else { // local login id is equal to internal login id by definition $uid = $moduleInstance->getID(); } // if uid is 0 this means // either new user // or user already registered using local login if ($uid === 0) { if ($externalLogin) { // try to recover uid by username based db lookup $uid_list = \user::getIdByName($moduleInstance->getName()); // iterate through the list, trying to update old callsigns // and hoping to find the proper user account for this login attempt foreach ($uid_list as $one_uid) { // check external login id for match with external login module id // $moduleInstance->getID() must have a valid value if login got approved // by the external login module used $user = new \user($one_uid); $servicematch = false; foreach ($user->getExternalIds as $eservice) { // only act on matching service type if ($eservice->service === $moduleInstance->getType) { $servicematch = true; if ($eservice->euid !== $moduleInstance->getID()) { // try to resolve the name conflict by updating a username that might be forgotten $userOperations->updateUserName($one_uid, $eservice->euid, $moduleInstance->getName()); } else { $uid = $one_uid; break; } } } if (!$servicematch) { $uid = $one_uid; } } unset($servicematch); unset($eservice); unset($uid_list); unset($one_uid); } // init newUser to false (do not send welcome message by default) $newUser = false; // find out if an internal id can be found for callsign $newUser = $uid !== 0 ? false : true; if ($newUser) { // a new user, be happy :) if ($config->getValue('login.welcome.summary')) { $this->moduleOutput[] = strval($config->getValue('login.welcome.summary')); } else { $this->moduleOutput[] = 'Welcome and thanks for registering on this website.'; } // register the account on db if ($uid = $userOperations->registerAccount($moduleInstance, $externalLogin)) { // send welcome message if registering was successful \pm::sendWelcomeMessage($uid); } } else { // existing account with no external login // call logout as bandaid for erroneous login modules $user->logout(); $this->moduleOutput[] = 'This account does not have any external logins enabled. ' . 'You may try using ' . '<a href="./?module=local&action=form">local login</a>' . ' first.'; // login failed without any possibility to recover from user error return false; } // does a user try to log in using reserved id 0? if ($uid === 0) { // call logout as bandaid for erroneous login modules // these may log the user in, even though they never should $user->logout(); $this->moduleOutput[] = 'An internal error occurred: $uid === 0 on login.'; return false; } } $user = new \user($uid); // re-activate deleted accounts // stop processing disabled/banned or broken accounts // call logout as bandaid for erroneous login modules $status = $user->getStatus(); switch ($status) { case 'active': break; case 'deleted': $user->setStatus('active'); break; case 'login disabled': $this->moduleOutput[] = 'Your account is disabled: No login possible.'; $user->logout(); return false; break; // TODO: implement site wide ban list // TODO: implement site wide ban list case 'banned': $this->moduleOutput[] = 'You have been banned from this website.'; $user->logout(); return false; break; default: $this->moduleOutput[] = 'The impossible happened: Account status is' . htmlent($status) . '.'; $user->logout(); return false; } if ($uid > 0) { // update username first because online user list uses the name directly instead of an id //hmm, uid := $moduleInstance->getID() $userOperations->updateUserName($uid, $externalLogin ? $moduleInstance->getID() : 0, $moduleInstance->getName()); user::setCurrentUserID($uid); $moduleInstance->givePermissions(); $userOperations->addToVisitsLog($uid); $user->setLastLogin(); $user->update(); $userOperations->addToOnlineUserList($moduleInstance->getName(), $uid); invitation::deleteOldInvitations(); $this->moduleOutput[] = 'Login was successful!'; return true; } else { $user->logout(); } return false; }