function login(&$args) { $args->retval = false; $is_valid = isset($_SESSION['nonce']) === true && strlen($_SESSION['nonce']) > 0 && $_SESSION['nonce'] === $_GET['state']; unset($_SESSION['nonce']); if ($is_valid === true) { /* take the supplied code and check with clef for the user info */ \Clef\Clef::initialize(AUTH_APPID, AUTH_SECRET); try { $response = \Clef\Clef::get_login_information($_GET['code']); $usr = $response->info; /* check if email is in out dataset */ $user =& $this->_find_user($usr->id, $usr->email); if ($user !== NULL) { /* this user is allowed to login - give this session a new id */ session_regenerate_id(true); $_SESSION['user'] = $usr->id; $_SESSION['logged_in_at'] = time(); $_SESSION[Auth::AUTHORIZED] = true; /* now update email and username in database */ $this->_update_user($user, $usr); error_log('login successful: ' . $usr->id . ', ' . $usr->email); /* updated model so save */ // XXX: this isn't multi user safe - we write in once hit $this->_teapot->put_model('users', $this->_users); $args->retval = true; } else { error_log('login failed: ' . $usr->id . ', ' . $usr->email); } } catch (Exception $e) { /* pass */ } } }
header('HTTP/1.0 403 Forbidden'); echo "The state parameter didn't match what was passed in to the Clef button."; exit; } else { unset($_SESSION['state']); } return $is_valid; } if (!session_id()) { session_start(); } if (isset($_GET["code"]) && $_GET["code"] != "") { validate_state($_GET["state"]); \Clef\Clef::initialize(CLEF_ID, CLEF_SECRET); try { $response = \Clef\Clef::get_login_information($_GET["code"]); $result = $response->info; // reset the user's session if (isset($result->id) && $result->id != '') { //remove all the variables in the session session_unset(); // destroy the session session_destroy(); if (!session_id()) { session_start(); } $clef_id = $result->id; $clef_email = $result->email; require_once 'classes/user.php'; $user = new User($config); if ($clef_users = $user->select_user(array('clef' => $clef_id))) {