/**
* Check if user confirmation is required for the OpenID server
*
* @param string $server
* @param optional object $config - the OpenID auth plugin config settings
* @return boolean
*/
function openid_server_requires_confirm($server, $config = null)
{
if ($config == null) {
$config = get_config('auth/openid');
}
switch ($config->openid_non_whitelisted_status) {
case OPENID_NONWHITELISTED_ALLOW:
case OPENID_NONWHITELISTED_DENY:
return openid_server_is_greylisted($server);
case OPENID_NONWHITELISTED_CONFIRM:
return !openid_server_is_whitelisted($server);
default:
error_log("/auth/openid/lib.php::openid_server_requires_confirm() - invalid setting for config->openid_non_whitelisted_status ({$config->openid_non_whitelisted_status})");
}
return true;
}
/**
* Create a new account using simple registration data if available
*
* @access private
* @param object &$resp An OpenID consumer response object
* @return object The new user
*/
function _create_account(&$resp)
{
global $CFG, $USER;
$url = $resp->identity_url;
$password = hash_internal_user_password('openid');
$server = $resp->endpoint->server_url;
$sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($resp);
$sreg = $sreg_resp->contents();
// We'll attempt to use the user's nickname to set their username
if (isset($sreg['nickname']) && !empty($sreg['nickname']) && !record_exists('users', 'username', $sreg['nickname'])) {
$username = $sreg['nickname'];
} else {
$username = openid_normalize_url_as_username($url);
}
create_user_record($username, $password, 'openid');
$user = get_complete_user_data('username', $username);
openid_append_url($user, $url);
// SREG fullname
if (isset($sreg['fullname']) && !empty($sreg['fullname'])) {
$name = openid_parse_full_name($sreg['fullname']);
$user->firstname = $name['first'];
$user->lastname = $name['last'];
}
// SREG email
if (isset($sreg['email']) && !empty($sreg['email']) && !record_exists('user', 'email', $sreg['email'])) {
$user->email = $sreg['email'];
}
// SREG country
if (isset($sreg['country']) && !empty($sreg['country'])) {
$country = $sreg['country'];
$country_code = strtoupper($country);
$countries = get_list_of_countries();
if (strlen($country) != 2 || !isset($countries[$country_code])) {
$countries_keys = array_keys($countries);
$countries_vals = array_values($countries);
$country_code = array_search($country, $countries_vals);
if ($country_code > 0) {
$country_code = $countries_keys[$country_code];
} else {
$country_code = '';
}
}
if (!empty($country_code)) {
$user->country = $country_code;
}
}
if (isset($sreg['city']) && !empty($sreg['city'])) {
$user->city = $sreg['city'];
}
/* We're currently not attempting to get language and timezone values
// SREG language
if (isset($sreg['language']) && !empty($sreg['language'])) {
}
// SREG timezone
if (isset($sreg['timezone']) && !empty($sreg['timezone'])) {
}
*/
if (function_exists('on_openid_create_account')) {
on_openid_create_account($resp, $user);
}
update_record('user', $user);
$user = get_complete_user_data('id', $user->id);
// Redirect the user to their profile page if not set up properly
if (!empty($user) && user_not_fully_set_up($user)) {
$USER = clone $user;
$urltogo = $CFG->wwwroot . '/user/edit.php';
redirect($urltogo);
}
$glconfirm = $this->config->openid_require_greylist_confirm == 'true';
if ($glconfirm && !openid_server_is_whitelisted($server)) {
$secret = random_string(15);
set_field('user', 'secret', $secret, 'id', $user->id);
$user->secret = $secret;
set_field('user', 'confirmed', 0, 'id', $user->id);
$user->confirmed = 0;
openid_send_confirmation_email($user);
}
return $user;
}
