/**
* Check validity of user/password/entity
* If test is ko, reason must be filled into $_SESSION["dol_loginmesg"]
*
* @param string $usertotest Login
* @param string $passwordtotest Password
* @param int $entitytotest Number of instance (always 1 if module multicompany not enabled)
* @return string Login if OK, '' if KO
*/
function check_user_password_openid($usertotest, $passwordtotest, $entitytotest)
{
global $_POST, $db, $conf, $langs;
dol_syslog("functions_openid::check_user_password_openid usertotest=" . $usertotest);
$login = '';
// Get identity from user and redirect browser to OpenID Server
if (isset($_POST['username'])) {
$openid = new SimpleOpenID();
$openid->SetIdentity($_POST['username']);
$protocol = $conf->file->main_force_https ? 'https://' : 'http://';
$openid->SetTrustRoot($protocol . $_SERVER["HTTP_HOST"]);
$openid->SetRequiredFields(array('email', 'fullname'));
$_SESSION['dol_entity'] = $_POST["entity"];
//$openid->SetOptionalFields(array('dob','gender','postcode','country','language','timezone'));
if ($openid->sendDiscoveryRequestToGetXRDS()) {
$openid->SetApprovedURL($protocol . $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"]);
// Send Response from OpenID server to this script
$openid->Redirect();
// This will redirect user to OpenID Server
} else {
$error = $openid->GetError();
return false;
}
return false;
} elseif ($_GET['openid_mode'] == 'id_res') {
$openid = new SimpleOpenID();
$openid->SetIdentity($_GET['openid_identity']);
$openid_validation_result = $openid->ValidateWithServer();
if ($openid_validation_result == true) {
// OK HERE KEY IS VALID
$sql = "SELECT login";
$sql .= " FROM " . MAIN_DB_PREFIX . "user";
$sql .= " WHERE openid = '" . $db->escape($_GET['openid_identity']) . "'";
$sql .= " AND entity IN (0," . ($_SESSION["dol_entity"] ? $_SESSION["dol_entity"] : 1) . ")";
dol_syslog("functions_openid::check_user_password_openid", LOG_DEBUG);
$resql = $db->query($sql);
if ($resql) {
$obj = $db->fetch_object($resql);
if ($obj) {
$login = $obj->login;
}
}
} else {
if ($openid->IsError() == true) {
// ON THE WAY, WE GOT SOME ERROR
$error = $openid->GetError();
return false;
} else {
// Signature Verification Failed
//echo "INVALID AUTHORIZATION";
return false;
}
}
} else {
if ($_GET['openid_mode'] == 'cancel') {
// User Canceled your Request
//echo "USER CANCELED REQUEST";
return false;
}
}
return $login;
}
