function init() { global $CFG; if (elgg_is_logged_in()) { setLoggedInUser(normaliseUsername($_SESSION['user']->username)); } else { setLoggedInUser(null); } }
/** * Log in a user and potentially continue the requested identity approval */ function action_login() { $method = $_SERVER['REQUEST_METHOD']; switch ($method) { case 'GET': return login_render(); case 'POST': $info = getRequestInfo(); $fields = $_POST; if (isset($fields['cancel'])) { return authCancel($info); } list($errors, $openid_url) = login_checkInput($fields); if (count($errors) || !$openid_url) { $needed = $info ? $info->identity : false; //KJ - use $openid_url instead // return login_render($errors, @$fields['openid_url'], $needed); return login_render($errors, $openid_url, $needed); } else { setLoggedInUser(normaliseUsername($openid_url)); return doAuth($info); } default: return login_render(array('Unsupported HTTP method: $method')); } }
// There is no authentication information, so bail system_message(elgg_echo("openid_server:cancelled")); forward(); } else { if ($idpSelect = $info->idSelect()) { if ($idpSelect) { $identity = getLoggedInUser(); //$req_url = idURL($idpSelect); $req_url = $info->identity; //XXX fixing dirty https stuff //$req_url = str_replace('http', 'https', $req_url); } else { $trusted = false; } } else { $req_url = normaliseUsername($info->identity); } $user = getLoggedInUser(); $identity = $user; setRequestInfo($info); $req_url_path = substr($req_url, strpos($req_url, ":")); $user_path = substr($user, strpos($user, ":")); if ($info->message->isOpenID1() && $req_url_path != $user_path) { register_error(sprintf(elgg_echo("openid_server:loggedin_as_wrong_user"), $req_url, $user)); forward(); } else { $trust_root = $info->trust_root; $trusted = isset($trusted) ? $trusted : isTrusted($identity, $trust_root); if ($trusted) { setRequestInfo(); $server =& getServer();