/**
* Get attributes from OpenID response and populate 'user'-like structure
* If matching user exists then return matching user
*
* @param string $resp - the OpenID response
* @return user object - false on multiple matches, or the matching user object
* _or_ new user object with members:
* username, email, firstname, lastname, country
*/
function openid_resp_to_user(&$resp)
{
$tmp_users = array();
$user = new stdClass();
$sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($resp);
$sreg = $sreg_resp->contents();
if (defined('ADD_AX_SUPPORT')) {
$ax_resp = new Auth_OpenID_AX_FetchResponse();
$ax = $ax_resp->fromSuccessResponse($resp);
}
// We'll attempt to use the user's nickname to set their username
if (isset($sreg['nickname']) && !empty($sreg['nickname']) && !($tmp_users['username'] = get_records('user', 'username', addslashes($sreg['nickname']))) || defined('USE_EMAIL_FOR_USERNAME') && isset($sreg['email']) && !empty($sreg['email']) && !($tmp_users['username_email'] = get_records('user', 'username', $sreg['email']))) {
$user->username = addslashes(isset($sreg['nickname']) && !empty($sreg['nickname']) ? $sreg['nickname'] : $sreg['email']);
} else {
if (defined('ADD_AX_SUPPORT') && (($nickname = get_ax_data(AX_SCHEMA_NICKNAME, $ax)) && !($tmp_users['username'] = get_records('user', 'username', addslashes($nickname))) || defined('USE_EMAIL_FOR_USERNAME') && ($useremail = get_ax_data(AX_SCHEMA_EMAIL, $ax)) && !($tmp_users['username_email'] = get_records('user', 'username', $useremail)))) {
// better to fall-back to email? may show-up in various display blocks
$user->username = addslashes($nickname ? $nickname : $useremail);
} else {
$user->username = openid_normalize_url_as_username($resp->identity_url);
}
}
// SREG fullname
if (isset($sreg['fullname']) && !empty($sreg['fullname'])) {
$name = openid_parse_full_name($sreg['fullname']);
$user->firstname = addslashes($name['first']);
$user->lastname = addslashes($name['last']);
} else {
if (defined('ADD_AX_SUPPORT') && (get_ax_data(AX_SCHEMA_FULLNAME, $ax) || get_ax_data(AX_SCHEMA_LASTNAME, $ax))) {
if (get_ax_data(AX_SCHEMA_LASTNAME, $ax)) {
$user->firstname = addslashes(get_ax_data(AX_SCHEMA_FIRSTNAME, $ax));
$user->lastname = addslashes(get_ax_data(AX_SCHEMA_LASTNAME, $ax));
} else {
// fullname
$name = openid_parse_full_name(get_ax_data(AX_SCHEMA_FULLNAME, $ax));
$user->firstname = addslashes($name['first']);
$user->lastname = addslashes($name['last']);
}
}
}
if (!empty($user->lastname)) {
$tmp_users['fullname'] = get_records_select('user', "firstname = '" . $user->firstname . "' AND lastname = '" . $user->lastname . "'");
}
// SREG email
if (!empty($sreg['email']) && !($tmp_users['email'] = get_records('user', 'email', $sreg['email']))) {
$user->email = addslashes($sreg['email']);
} else {
if (defined('ADD_AX_SUPPORT') && ($useremail = get_ax_data(AX_SCHEMA_EMAIL, $ax)) && !($tmp_users['email'] = get_records('user', 'email', $useremail))) {
$user->email = addslashes($useremail);
}
}
// SREG country
$country = '';
if (isset($sreg['country']) && !empty($sreg['country'])) {
$country = $sreg['country'];
} else {
if (defined('ADD_AX_SUPPORT') && get_ax_data(AX_SCHEMA_COUNTRY, $ax)) {
$country = get_ax_data(AX_SCHEMA_COUNTRY, $ax);
}
}
if (!empty($country)) {
$country_code = strtoupper($country);
$countries = get_list_of_countries();
if (strlen($country) != 2 || !isset($countries[$country_code])) {
$countries_keys = array_keys($countries);
$countries_vals = array_values($countries);
$country_code = array_search($country, $countries_vals);
if ($country_code > 0) {
$country_code = $countries_keys[$country_code];
} else {
$country_code = '';
}
}
if (!empty($country_code)) {
$user->country = $country_code;
}
}
/* We're currently not attempting to get language and timezone values
// SREG language
if (isset($sreg['language']) && !empty($sreg['language'])) {
}
// SREG timezone
if (isset($sreg['timezone']) && !empty($sreg['timezone'])) {
}
*/
$config = get_config('auth/openid');
//error_log("/auth/openid/locallib.php::auth/openid::config=...");
//err_dump($config);
//error_log("/auth/openid/locallib.php::openid_resp_to_user() - check for user matching ...");
//err_dump($user);
// Map OpenID fields to whether field MUST be unique
// TBD: make unique fields configurable im OpenID: auth_config_users.html
// Keys must match keys in tmp_users[] array - set above.
$openid_fields = array('email' => 1, 'fullname' => 0, 'username' => 0, 'username_email' => 1);
foreach ($openid_fields as $openid_field => $field_unique) {
$match_array = str_word_count($config->auth_openid_match_fields, 1, '_');
$num = !empty($match_array) ? 1 : 0;
if ($field_unique && !empty($tmp_users[$openid_field]) && count($tmp_users[$openid_field]) > $num) {
//error_log("/auth/openid/locallib.php::openid_resp_to_user() - multiple matches on count(tmp_users[{$openid_field}])=".count($tmp_users[$openid_field])." ...");
//err_dump($tmp_users[$openid_field]);
//error_log("> match_array=...");
//err_dump($match_array);
return false;
}
}
$matching_user = null;
// check tmp_users[] matches for valid existing user,
// return false if conflicts between matching fields
if (!empty($config->auth_openid_match_fields)) {
$openid_match_fields = explode(',', $config->auth_openid_match_fields);
foreach ($openid_match_fields as $match_field) {
$match_field = trim($match_field);
if (!empty($tmp_users[$match_field]) && count($tmp_users[$match_field]) == 1) {
if (!$matching_user) {
$matching_user = reset($tmp_users[$match_field]);
} else {
if ($openid_fields[$match_field] && $matching_user->id != reset($tmp_users[$match_field])->id) {
// unique field matches different user!
return false;
}
}
}
}
}
if (!empty($matching_user)) {
merge_user_fields($matching_user, $user);
//error_log( "openid_resp_to_user() - merged matching user: ");
//err_dump($matching_user);
return $matching_user;
}
return $user;
}
function compare_useremail_response($user, $response, &$return_email = null)
{
$email = null;
if (empty($user) || empty($user->email)) {
return true;
}
// cannot compare, assume ok
$sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response);
$sreg = $sreg_resp->contents();
if (defined('ADD_AX_SUPPORT')) {
$ax_resp = new Auth_OpenID_AX_FetchResponse();
$ax = $ax_resp->fromSuccessResponse($response);
$email = get_ax_data(AX_SCHEMA_EMAIL, $ax);
}
if (empty($email) && !empty($sreg['email'])) {
$email = $sreg['email'];
}
if ($return_email !== null) {
$return_email = $email;
}
//error_log("/auth/openid/auth.php::compare_useremail_response(): $user->email ?= $email ");
return !empty($email) ? $user->email == $email : true;
}
