if ($user instanceof eZUser) { $login = trim($http->postVariable('data_user_login')); $email = trim($http->postVariable('data_user_email')); $password = trim($http->postVariable('data_user_password')); if (empty($password) && $siteINI->variable('UserSettings', 'GeneratePasswordIfEmpty') == 'true') { $password = $user->createPassword($siteINI->variable('UserSettings', 'GeneratePasswordLength')); } // we created the new account, but still need to set things up so users can login using a regular login form $db = eZDB::instance(); $db->begin(); $user->setAttribute('login', $login); $user->setAttribute('email', $email); $user->setAttribute('password_hash', eZUser::createHash($login, $password, eZUser::site(), eZUser::hashType())); $user->setAttribute('password_hash_type', eZUser::hashType()); $user->store(); ngConnectFunctions::connectUser($user->ContentObjectID, $authResult['login_method'], $authResult['id']); $db->commit(); $http->removeSessionVariable('NGConnectStartedRegistration'); $http->removeSessionVariable('NGConnectAuthResult'); $http->removeSessionVariable('NGConnectForceRedirect'); $verifyUserType = $siteINI->variable('UserSettings', 'VerifyUserType'); if ($verifyUserType === 'email' && $siteINI->hasVariable('UserSettings', 'VerifyUserEmail') && $siteINI->variable('UserSettings', 'VerifyUserEmail') !== 'enabled') { $verifyUserType = false; } if ($authResult['email'] == '' || $email != $authResult['email'] && $verifyUserType) { // we only validate the account if no email was provided by social network or entered email is not the same // as the one from social network and if email verification is active of course ngConnectUserActivation::processUserActivation($user, $siteINI->variable('UserSettings', 'GeneratePasswordIfEmpty') == 'true' ? $password : false); return $module->redirectToView('success'); } else { if ($user->canLoginToSiteAccess($GLOBALS['eZCurrentAccess'])) {
//we don't allow ngconnect/profile to run by default $http->removeSessionVariable('NGConnectRedirectToProfile'); $http->removeSessionVariable('NGConnectAuthResult'); $http->removeSessionVariable('NGConnectForceRedirect'); if (function_exists('curl_init') && function_exists('json_decode')) { if (in_array($loginMethod, $availableLoginMethods) && isset($authHandlerClasses[$loginMethod]) && class_exists(trim($authHandlerClasses[$loginMethod]))) { $authHandlerClassName = trim($authHandlerClasses[$loginMethod]); $authHandler = new $authHandlerClassName(); if ($authHandler instanceof INGConnectAuthInterface) { $result = $authHandler->processAuth(); if ($result['status'] == 'success' && $result['login_method'] == $loginMethod) { $currentUser = eZUser::currentUser(); if (!$currentUser->isAnonymous()) { // non anonymous user is requesting connection to social network // who are we to say no? connect the user and bail out ngConnectFunctions::connectUser($currentUser->ContentObjectID, $result['login_method'], $result['id']); } else { // we check if there are accounts that have a connection to social network // we consider a disabled account as connected too, to allow admins to disable them and actually // keep users from logging to a new account with same social network account $socialNetworkConnections = ngConnect::fetchBySocialNetwork($result['login_method'], $result['id']); if (is_array($socialNetworkConnections) && !empty($socialNetworkConnections)) { // there are connected accounts, find them and login in $usersFound = array(); $userIDs = array(); foreach ($socialNetworkConnections as $connection) { $userToLogin = eZUser::fetch($connection->UserID); if ($userToLogin instanceof eZUser && $userToLogin->isEnabled() && $userToLogin->canLoginToSiteAccess($GLOBALS['eZCurrentAccess'])) { $usersFound[] = $userToLogin; $userIDs[] = $userToLogin->ContentObjectID; }