Exemplo n.º 1
0
/**
 * Check validity of user/password/entity
 * If test is ko, reason must be filled into $_SESSION["dol_loginmesg"]
 *
 * @param	string	$usertotest		Login
 * @param	string	$passwordtotest	Password
 * @param   int		$entitytotest   Number of instance (always 1 if module multicompany not enabled)
 * @return	string					Login if OK, '' if KO
 */
function check_user_password_openid($usertotest, $passwordtotest, $entitytotest)
{
    global $_POST, $db, $conf, $langs;
    dol_syslog("functions_openid::check_user_password_openid usertotest=" . $usertotest);
    $login = '';
    // Get identity from user and redirect browser to OpenID Server
    if (isset($_POST['username'])) {
        $openid = new SimpleOpenID();
        $openid->SetIdentity($_POST['username']);
        $protocol = $conf->file->main_force_https ? 'https://' : 'http://';
        $openid->SetTrustRoot($protocol . $_SERVER["HTTP_HOST"]);
        $openid->SetRequiredFields(array('email', 'fullname'));
        $_SESSION['dol_entity'] = $_POST["entity"];
        //$openid->SetOptionalFields(array('dob','gender','postcode','country','language','timezone'));
        if ($openid->sendDiscoveryRequestToGetXRDS()) {
            $openid->SetApprovedURL($protocol . $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"]);
            // Send Response from OpenID server to this script
            $openid->Redirect();
            // This will redirect user to OpenID Server
        } else {
            $error = $openid->GetError();
            return false;
        }
        return false;
    } elseif ($_GET['openid_mode'] == 'id_res') {
        $openid = new SimpleOpenID();
        $openid->SetIdentity($_GET['openid_identity']);
        $openid_validation_result = $openid->ValidateWithServer();
        if ($openid_validation_result == true) {
            // OK HERE KEY IS VALID
            $sql = "SELECT login";
            $sql .= " FROM " . MAIN_DB_PREFIX . "user";
            $sql .= " WHERE openid = '" . $db->escape($_GET['openid_identity']) . "'";
            $sql .= " AND entity IN (0," . ($_SESSION["dol_entity"] ? $_SESSION["dol_entity"] : 1) . ")";
            dol_syslog("functions_openid::check_user_password_openid", LOG_DEBUG);
            $resql = $db->query($sql);
            if ($resql) {
                $obj = $db->fetch_object($resql);
                if ($obj) {
                    $login = $obj->login;
                }
            }
        } else {
            if ($openid->IsError() == true) {
                // ON THE WAY, WE GOT SOME ERROR
                $error = $openid->GetError();
                return false;
            } else {
                // Signature Verification Failed
                //echo "INVALID AUTHORIZATION";
                return false;
            }
        }
    } else {
        if ($_GET['openid_mode'] == 'cancel') {
            // User Canceled your Request
            //echo "USER CANCELED REQUEST";
            return false;
        }
    }
    return $login;
}