Exemplo n.º 1
0
 public function Authorize()
 {
     global $APPLICATION, $USER;
     $errorCode = 1;
     if ($arOpenID = $this->Validate()) {
         $arFields = array('EXTERNAL_AUTH_ID' => 'OPENID#' . $arOpenID['server'], 'XML_ID' => $arOpenID['identity'], 'PASSWORD' => randString(30), 'LID' => SITE_ID, "PERSONAL_WWW" => $arOpenID['identity']);
         if (array_key_exists('openid_sreg_email', $_GET)) {
             $arFields['EMAIL'] = $_GET['openid_sreg_email'];
         }
         if (array_key_exists('openid_sreg_gender', $_GET) && ($_GET['openid_sreg_gender'] == 'M' || $_GET['openid_sreg_gender'] == 'F')) {
             $arFields['PERSONAL_GENDER'] = $_GET['openid_sreg_gender'];
         }
         if (array_key_exists('openid_sreg_fullname', $_GET)) {
             $fullname = defined("BX_UTF") ? $_GET['openid_sreg_fullname'] : CharsetConverter::ConvertCharset($_GET['openid_sreg_fullname'], 'UTF-8', LANG_CHARSET);
             $fullname = trim($fullname);
             if (($pos = strpos($fullname, ' ')) !== false) {
                 $arFields['NAME'] = substr($fullname, 0, $pos);
                 $arFields['LAST_NAME'] = substr($fullname, $pos + 1);
             } else {
                 $arFields['NAME'] = $fullname;
             }
         }
         if (array_key_exists('openid_sreg_postcode', $_GET)) {
             $arFields['PERSONAL_ZIP'] = $_GET['openid_sreg_postcode'];
         }
         if (array_key_exists('openid_sreg_timezone', $_GET)) {
             $arFields['TIME_ZONE'] = $_GET['openid_sreg_timezone'];
         }
         if (array_key_exists('openid_sreg_country', $_GET)) {
             $arFields['PERSONAL_COUNTRY'] = GetCountryIdByCode($_GET['openid_sreg_country']);
         }
         if (array_key_exists('openid_sreg_dob', $_GET)) {
             $arFields['PERSONAL_BIRTHDAY'] = CDatabase::FormatDate($_GET['openid_sreg_dob'], "YYYY-MM-DD", FORMAT_DATE);
         }
         if (array_key_exists('BX_OPENID_IDENTITY', $_SESSION)) {
             $arFields['LOGIN'] = $_SESSION['BX_OPENID_IDENTITY'];
         } else {
             $arFields['LOGIN'] = $arOpenID['identity'];
         }
         $arFields['LOGIN'] = preg_replace("#^(http://|https://)#i", "", $arFields['LOGIN']);
         $USER_ID = 0;
         if ($GLOBALS["USER"]->IsAuthorized() && $GLOBALS["USER"]->GetID()) {
             if (!CSocServAuth::isSplitDenied()) {
                 $arFields['USER_ID'] = $GLOBALS["USER"]->GetID();
                 CSocServAuthDB::Add($arFields);
                 self::CleanParam();
             } else {
                 $errorCode = SOCSERV_REGISTRATION_DENY;
             }
         } else {
             $dbUsersOld = $GLOBALS["USER"]->GetList($by, $ord, array('XML_ID' => $arFields['XML_ID'], 'EXTERNAL_AUTH_ID' => $arFields['EXTERNAL_AUTH_ID'], 'ACTIVE' => 'Y'), array('NAV_PARAMS' => array("nTopCount" => "1")));
             $dbUsersNew = $GLOBALS["USER"]->GetList($by, $ord, array('XML_ID' => $arFields['XML_ID'], 'EXTERNAL_AUTH_ID' => 'socservices', 'ACTIVE' => 'Y'), array('NAV_PARAMS' => array("nTopCount" => "1")));
             $dbSocUser = CSocServAuthDB::GetList(array(), array('XML_ID' => $arFields['XML_ID'], 'EXTERNAL_AUTH_ID' => $arFields['EXTERNAL_AUTH_ID']), false, false, array("USER_ID", "ACTIVE"));
             if ($arUser = $dbSocUser->Fetch()) {
                 if ($arUser["ACTIVE"] === 'Y') {
                     $USER_ID = $arUser["USER_ID"];
                 }
             } elseif ($arUser = $dbUsersOld->Fetch()) {
                 $USER_ID = $arUser['ID'];
             } elseif ($arUser = $dbUsersNew->Fetch()) {
                 $USER_ID = $arUser["ID"];
             } elseif (COption::GetOptionString("main", "new_user_registration", "N") == "Y") {
                 $def_group = COption::GetOptionString('main', 'new_user_registration_def_group', '');
                 if ($def_group != '') {
                     $arFields['GROUP_ID'] = explode(',', $def_group);
                 }
                 if (!empty($arFields['GROUP_ID']) && CSocServAuth::isAuthDenied($arFields['GROUP_ID'])) {
                     $errorCode = SOCSERV_REGISTRATION_DENY;
                 } else {
                     foreach (GetModuleEvents("main", "OnBeforeOpenIDUserAdd", true) as $arEvent) {
                         ExecuteModuleEventEx($arEvent, array($arFields));
                     }
                     $arFieldsUser = $arFields;
                     $arFieldsUser["EXTERNAL_AUTH_ID"] = "socservices";
                     if (!($USER_ID = $GLOBALS["USER"]->Add($arFieldsUser))) {
                         return false;
                     }
                     $arFields['CAN_DELETE'] = 'N';
                     $arFields['USER_ID'] = $USER_ID;
                     CSocServAuthDB::Add($arFields);
                     unset($arFields['CAN_DELETE']);
                 }
             } elseif (COption::GetOptionString("main", "new_user_registration", "N") == "N") {
                 $errorCode = 2;
             }
             if (intval($USER_ID) > 0) {
                 $arGroups = $USER->GetUserGroup($USER_ID);
                 if (CSocServAuth::isAuthDenied($arGroups)) {
                     $errorCode = SOCSERV_AUTHORISATION_ERROR;
                 } else {
                     $USER->AuthorizeWithOtp($USER_ID);
                     $arKillParams = array("auth_service_id", "check_key");
                     foreach (array_keys($_GET) as $k) {
                         if (strpos($k, 'openid_') === 0) {
                             $arKillParams[] = $k;
                         }
                     }
                     $redirect_url = $APPLICATION->GetCurPageParam('', $arKillParams, false);
                     foreach (GetModuleEvents("main", "OnBeforeOpenIDAuthFinalRedirect", true) as $arEvent) {
                         ExecuteModuleEventEx($arEvent, array($redirect_url, $USER_ID, $arFields));
                     }
                     if ($redirect_url) {
                         LocalRedirect($redirect_url, true);
                     }
                     return $USER_ID;
                 }
             }
         }
     }
     $arKillParams = array("check_key");
     foreach (array_keys($_GET) as $k) {
         if (strpos($k, 'openid') === 0) {
             $arKillParams[] = $k;
         }
     }
     $redirect_url = $APPLICATION->GetCurPageParam('auth_service_error=' . $errorCode, $arKillParams, false);
     LocalRedirect($redirect_url, true);
     return false;
 }
Exemplo n.º 2
0
	function Authorize()
	{
		global $APPLICATION, $USER;

		if ($arOpenID = $this->Validate())
		{
			$arFields = array(
				'EXTERNAL_AUTH_ID' => 'OPENID#' . $arOpenID['server'],
				'XML_ID' => $arOpenID['identity'],
				'PASSWORD' => randString(30),
				'LID' => SITE_ID,
			);
			if (array_key_exists('openid_sreg_email', $_GET))
				$arFields['EMAIL'] = $_GET['openid_sreg_email'];

			if (array_key_exists('openid_sreg_gender', $_GET) && ($_GET['openid_sreg_gender'] == 'M' || $_GET['openid_sreg_gender'] == 'F'))
				$arFields['PERSONAL_GENDER'] = $_GET['openid_sreg_gender'];

			if (array_key_exists('openid_sreg_fullname', $_GET))
			{
				if(!defined("BX_UTF"))
					$fullname = CharsetConverter::ConvertCharset($_GET['openid_sreg_fullname'], 'UTF-8', LANG_CHARSET);

				$fullname = trim($fullname);
				if (($pos = strpos($fullname, ' ')) !== false)
				{
					$arFields['NAME'] = substr($fullname, 0, $pos);
					$arFields['LAST_NAME'] = substr($fullname, $pos + 1);
				}
				else
				{
					$arFields['NAME'] = $fullname;
				}
			}

			if (array_key_exists('openid_sreg_postcode', $_GET))
				$arFields['PERSONAL_ZIP'] = $_GET['openid_sreg_postcode'];

			if (array_key_exists('openid_sreg_timezone', $_GET))
				$arFields['TIME_ZONE'] = $_GET['openid_sreg_timezone'];

			if (array_key_exists('openid_sreg_country', $_GET))
				$arFields['PERSONAL_COUNTRY'] = GetCountryIdByCode($_GET['openid_sreg_country']);

			if (array_key_exists('openid_sreg_dob', $_GET))
				$arFields['PERSONAL_BIRTHDAY'] = CDatabase::FormatDate($_GET['openid_sreg_dob'], "YYYY-MM-DD", FORMAT_DATE);

			if (array_key_exists('BX_OPENID_IDENTITY', $_SESSION))
				$arFields['LOGIN'] = $_SESSION['BX_OPENID_IDENTITY'];
			else
				$arFields['LOGIN'] = $arOpenID['identity'];

			$arFields['LOGIN'] = preg_replace("#^(http://|https://)#i", "", $arFields['LOGIN']);

			$USER_ID = 0;

			$rsUsers = $USER->GetList($B, $O, array('XML_ID' => $arFields['XML_ID'], 'EXTERNAL_AUTH_ID' => $arFields['EXTERNAL_AUTH_ID']));
			if ($arUser = $rsUsers->Fetch())
			{
				$USER_ID = $arUser['ID'];
			}
			else
			{
				$def_group = COption::GetOptionString('main', 'new_user_registration_def_group', '');
				if($def_group != '')
					$arFields['GROUP_ID'] = explode(',', $def_group);

				$rsEvents = GetModuleEvents('main', 'OnBeforeOpenIDUserAdd');
				while ($arEvent = $rsEvents->Fetch())
					$arFields = ExecuteModuleEventEx($arEvent, array($arFields));

				if ( !($USER_ID = $USER->Add($arFields)) )
					return false;
			}
			if (intval($USER_ID) > 0)
			{
				$USER->Authorize($USER_ID);

				$arKillParams = array("auth_service_id");
				foreach (array_keys($_GET) as $k)
					if (strpos($k, 'openid_') === 0)
						$arKillParams[] = $k;

				$redirect_url = $APPLICATION->GetCurPageParam('', $arKillParams, false);

				$rsEvents = GetModuleEvents('main', 'OnBeforeOpenIDAuthFinalRedirect');
				while ($arEvent = $rsEvents->Fetch())
					$redirect_url = ExecuteModuleEventEx($arEvent, array($redirect_url, $USER_ID, $arFields));

				if ($redirect_url)
					LocalRedirect($redirect_url, true);

				return $USER_ID;
			}
		}
		return false;
	}