if ($user instanceof eZUser) {
$login = trim($http->postVariable('data_user_login'));
$email = trim($http->postVariable('data_user_email'));
$password = trim($http->postVariable('data_user_password'));
if (empty($password) && $siteINI->variable('UserSettings', 'GeneratePasswordIfEmpty') == 'true') {
$password = $user->createPassword($siteINI->variable('UserSettings', 'GeneratePasswordLength'));
}
// we created the new account, but still need to set things up so users can login using a regular login form
$db = eZDB::instance();
$db->begin();
$user->setAttribute('login', $login);
$user->setAttribute('email', $email);
$user->setAttribute('password_hash', eZUser::createHash($login, $password, eZUser::site(), eZUser::hashType()));
$user->setAttribute('password_hash_type', eZUser::hashType());
$user->store();
ngConnectFunctions::connectUser($user->ContentObjectID, $authResult['login_method'], $authResult['id']);
$db->commit();
$http->removeSessionVariable('NGConnectStartedRegistration');
$http->removeSessionVariable('NGConnectAuthResult');
$http->removeSessionVariable('NGConnectForceRedirect');
$verifyUserType = $siteINI->variable('UserSettings', 'VerifyUserType');
if ($verifyUserType === 'email' && $siteINI->hasVariable('UserSettings', 'VerifyUserEmail') && $siteINI->variable('UserSettings', 'VerifyUserEmail') !== 'enabled') {
$verifyUserType = false;
}
if ($authResult['email'] == '' || $email != $authResult['email'] && $verifyUserType) {
// we only validate the account if no email was provided by social network or entered email is not the same
// as the one from social network and if email verification is active of course
ngConnectUserActivation::processUserActivation($user, $siteINI->variable('UserSettings', 'GeneratePasswordIfEmpty') == 'true' ? $password : false);
return $module->redirectToView('success');
} else {
if ($user->canLoginToSiteAccess($GLOBALS['eZCurrentAccess'])) {
//we don't allow ngconnect/profile to run by default
$http->removeSessionVariable('NGConnectRedirectToProfile');
$http->removeSessionVariable('NGConnectAuthResult');
$http->removeSessionVariable('NGConnectForceRedirect');
if (function_exists('curl_init') && function_exists('json_decode')) {
if (in_array($loginMethod, $availableLoginMethods) && isset($authHandlerClasses[$loginMethod]) && class_exists(trim($authHandlerClasses[$loginMethod]))) {
$authHandlerClassName = trim($authHandlerClasses[$loginMethod]);
$authHandler = new $authHandlerClassName();
if ($authHandler instanceof INGConnectAuthInterface) {
$result = $authHandler->processAuth();
if ($result['status'] == 'success' && $result['login_method'] == $loginMethod) {
$currentUser = eZUser::currentUser();
if (!$currentUser->isAnonymous()) {
// non anonymous user is requesting connection to social network
// who are we to say no? connect the user and bail out
ngConnectFunctions::connectUser($currentUser->ContentObjectID, $result['login_method'], $result['id']);
} else {
// we check if there are accounts that have a connection to social network
// we consider a disabled account as connected too, to allow admins to disable them and actually
// keep users from logging to a new account with same social network account
$socialNetworkConnections = ngConnect::fetchBySocialNetwork($result['login_method'], $result['id']);
if (is_array($socialNetworkConnections) && !empty($socialNetworkConnections)) {
// there are connected accounts, find them and login in
$usersFound = array();
$userIDs = array();
foreach ($socialNetworkConnections as $connection) {
$userToLogin = eZUser::fetch($connection->UserID);
if ($userToLogin instanceof eZUser && $userToLogin->isEnabled() && $userToLogin->canLoginToSiteAccess($GLOBALS['eZCurrentAccess'])) {
$usersFound[] = $userToLogin;
$userIDs[] = $userToLogin->ContentObjectID;
}
