* - Work on a better validation for webservices paths. Current is very poor and exit */ $subsso = api_get_setting('sso_authentication_subclass'); if (!empty($subsso)) { require_once api_get_path(SYS_CODE_PATH) . 'auth/sso/sso.' . $subsso . '.class.php'; $subsso = 'sso' . $subsso; $osso = new $subsso(); //load the subclass } else { $osso = new sso(); } if (isset($_SESSION['_user']['user_id'])) { if ($logout) { // Make custom redirect after logout online_logout($_SESSION['_user']['user_id'], false); $osso->logout(); //redirects and exits } } elseif (!$logout) { // Handle cookie from Master Server $forceSsoRedirect = api_get_setting('sso_force_redirect'); if ($forceSsoRedirect === 'true') { // all users to be redirected unless they are connected (removed req on sso_cookie) $redirectToMasterConditions = !isset($_GET['sso_referer']) && !isset($_GET['loginFailed']); } else { // Users to still see the homepage without connecting $redirectToMasterConditions = !isset($_GET['sso_referer']) && !isset($_GET['loginFailed']) && isset($_GET['sso_cookie']); } if ($redirectToMasterConditions) { // Redirect to master server $osso->ask_master();
* TODO: * - Work on a better validation for webservices paths. Current is very poor and exit */ $subsso = api_get_setting('sso_authentication_subclass'); if (!empty($subsso)) { require_once api_get_path(SYS_CODE_PATH).'auth/sso/sso.'.$subsso.'.class.php'; $subsso = 'sso'.$subsso; $osso = new $subsso(); //load the subclass } else { $osso = new sso(); } if (isset($_SESSION['_user']['user_id'])) { if ($logout) { // Make custom redirect after logout online_logout($_SESSION['_user']['user_id'], false); $osso->logout(); //redirects and exits } } elseif (!$logout) { // Handle cookie comming from Master Server // Use this first line if you want users to still see the // homepage without connecting //if (!isset($_GET['sso_referer']) && !isset($_GET['loginFailed']) && isset($_GET['sso_cookie'])) { // Use this second line if you want all users to be redirected // unless they are connected (removed req on sso_cookie) if (!isset($_GET['sso_referer']) && !isset($_GET['loginFailed'])) { // Redirect to master server $osso->ask_master(); } elseif (isset($_GET['sso_cookie'])) { // Here we are going to check the origin of // what the call says should be used for