public function AuthorizeUser($socservUserFields) { global $USER, $APPLICATION; if (!isset($socservUserFields['XML_ID']) || $socservUserFields['XML_ID'] == '') { return false; } if (!isset($socservUserFields['EXTERNAL_AUTH_ID']) || $socservUserFields['EXTERNAL_AUTH_ID'] == '') { return false; } $oauthKeys = array(); if (isset($socservUserFields["OATOKEN"])) { $oauthKeys["OATOKEN"] = $socservUserFields["OATOKEN"]; } if (isset($socservUserFields["REFRESH_TOKEN"]) && $socservUserFields["REFRESH_TOKEN"] !== '') { $oauthKeys["REFRESH_TOKEN"] = $socservUserFields["REFRESH_TOKEN"]; } if (isset($socservUserFields["OATOKEN_EXPIRES"])) { $oauthKeys["OATOKEN_EXPIRES"] = $socservUserFields["OATOKEN_EXPIRES"]; } $errorCode = SOCSERV_AUTHORISATION_ERROR; $dbSocUser = UserTable::getList(array('filter' => array('=XML_ID' => $socservUserFields['XML_ID'], '=EXTERNAL_AUTH_ID' => $socservUserFields['EXTERNAL_AUTH_ID']), 'select' => array("ID", "USER_ID", "ACTIVE" => "USER.ACTIVE"))); $socservUser = $dbSocUser->fetch(); if ($USER->IsAuthorized()) { if (!$this->checkRestrictions || !self::isSplitDenied()) { if (!$socservUser) { $socservUserFields["USER_ID"] = $USER->GetID(); $result = UserTable::add(UserTable::filterFields($socservUserFields)); $id = $result->getId(); } else { $id = $socservUser['ID']; // socservice link split if ($socservUser['USER_ID'] != $USER->GetID()) { if ($this->allowChangeOwner) { $dbSocUser = UserTable::getList(array('filter' => array('=USER_ID' => $USER->GetID(), '=EXTERNAL_AUTH_ID' => $socservUserFields['EXTERNAL_AUTH_ID']), 'select' => array("ID"))); if ($dbSocUser->fetch()) { return SOCSERV_AUTHORISATION_ERROR; } else { $oauthKeys['USER_ID'] = $USER->GetID(); $oauthKeys['CAN_DELETE'] = 'Y'; } } else { return SOCSERV_AUTHORISATION_ERROR; } } } if ($_SESSION["OAUTH_DATA"] && is_array($_SESSION["OAUTH_DATA"])) { $oauthKeys = array_merge($oauthKeys, $_SESSION['OAUTH_DATA']); unset($_SESSION["OAUTH_DATA"]); } UserTable::update($id, $oauthKeys); } else { return SOCSERV_REGISTRATION_DENY; } } else { $entryId = 0; $USER_ID = 0; if ($socservUser) { $entryId = $socservUser['ID']; if ($socservUser["ACTIVE"] === 'Y') { $USER_ID = $socservUser["USER_ID"]; } } else { // check for user with old socialservices linking system (socservice ID in user's EXTERNAL_AUTH_ID) $dbUsersOld = CUser::GetList($by = 'ID', $ord = 'ASC', array('XML_ID' => $socservUserFields['XML_ID'], 'EXTERNAL_AUTH_ID' => $socservUserFields['EXTERNAL_AUTH_ID'], 'ACTIVE' => 'Y'), array('NAV_PARAMS' => array("nTopCount" => "1"))); $socservUser = $dbUsersOld->Fetch(); if ($socservUser) { $USER_ID = $socservUser["ID"]; } else { // theoretically possible situation with abandoned external user w/o b_socialservices_user entry $dbUsersNew = CUser::GetList($by = 'ID', $ord = 'ASC', array('XML_ID' => $socservUserFields['XML_ID'], 'EXTERNAL_AUTH_ID' => 'socservices', 'ACTIVE' => 'Y'), array('NAV_PARAMS' => array("nTopCount" => "1"))); $socservUser = $dbUsersNew->Fetch(); if ($socservUser) { $USER_ID = $socservUser["ID"]; } elseif (COption::GetOptionString("main", "new_user_registration", "N") == "Y" && COption::GetOptionString("socialservices", "allow_registration", "Y") == "Y") { $socservUserFields['PASSWORD'] = randString(30); //not necessary but... $socservUserFields['LID'] = SITE_ID; $def_group = Option::get('main', 'new_user_registration_def_group', ''); if ($def_group != '') { $socservUserFields['GROUP_ID'] = explode(',', $def_group); } if ($this->checkRestrictions && !empty($socservUserFields['GROUP_ID']) && self::isAuthDenied($socservUserFields['GROUP_ID'])) { $errorCode = SOCSERV_REGISTRATION_DENY; } else { $userFields = $socservUserFields; $userFields["EXTERNAL_AUTH_ID"] = "socservices"; if (isset($userFields['PERSONAL_PHOTO']) && is_array($userFields['PERSONAL_PHOTO'])) { $res = CFile::CheckImageFile($userFields["PERSONAL_PHOTO"]); if ($res != '') { unset($userFields['PERSONAL_PHOTO']); } } $USER_ID = $USER->Add($userFields); if ($USER_ID <= 0) { $errorCode = SOCSERV_AUTHORISATION_ERROR; } } } elseif (Option::get("main", "new_user_registration", "N") == "N") { $errorCode = SOCSERV_REGISTRATION_DENY; } $socservUserFields['CAN_DELETE'] = 'N'; } } if (isset($_SESSION["OAUTH_DATA"]) && is_array($_SESSION["OAUTH_DATA"])) { foreach ($_SESSION['OAUTH_DATA'] as $key => $value) { $socservUserFields[$key] = $value; } unset($_SESSION["OAUTH_DATA"]); } if ($USER_ID > 0) { $arGroups = $USER->GetUserGroup($USER_ID); if ($this->checkRestrictions && self::isAuthDenied($arGroups)) { return SOCSERV_AUTHORISATION_ERROR; } if ($entryId > 0) { UserTable::update($entryId, UserTable::filterFields($socservUserFields)); } else { $socservUserFields['USER_ID'] = $USER_ID; UserTable::add(UserTable::filterFields($socservUserFields)); } if (isset($socservUserFields["TIME_ZONE_OFFSET"]) && $socservUserFields["TIME_ZONE_OFFSET"] !== null) { CTimeZone::SetCookieValue($socservUserFields["TIME_ZONE_OFFSET"]); } $USER->AuthorizeWithOtp($USER_ID); if ($USER->IsJustAuthorized()) { ContactTable::onUserLoginSocserv($socservUserFields); foreach (GetModuleEvents("socialservices", "OnUserLoginSocserv", true) as $arEvent) { ExecuteModuleEventEx($arEvent, array($socservUserFields)); } } } else { return $errorCode; } // possible redirect after authorization, so no spreading. Store cookies in the session for next hit $APPLICATION->StoreCookies(); } return true; }