function loginpage_hook() { global $CFG, $SESSION, $DB, $USER; require_once $CFG->dirroot . '/auth/vatsim/config.php'; // initiate the SSO class with consumer details and encryption details $SSO = new SSO($sso['base'], $sso['key'], $sso['secret'], $sso['method'], $sso['cert']); // return variable is needed later in this script $sso_return = $sso['return']; // remove other config variables unset($sso); // if VATSIM has redirected the member back if (isset($_GET['oauth_verifier']) && !isset($_GET['oauth_cancel'])) { // check to make sure there is a saved token for this user if (isset($_SESSION[SSO_SESSION]) && isset($_SESSION[SSO_SESSION]['key']) && isset($_SESSION[SSO_SESSION]['secret'])) { if (@$_GET['oauth_token'] != $_SESSION[SSO_SESSION]['key']) { throw new moodle_exception("An error occurred with the login process - please try again", 'auth_vatsim'); } if (@(!isset($_GET['oauth_verifier']))) { throw new moodle_exception("An error occurred with the login process", 'auth_vatsim'); } // obtain the details of this user from VATSIM $vatsimUser = $SSO->checkLogin($_SESSION[SSO_SESSION]['key'], $_SESSION[SSO_SESSION]['secret'], @$_GET['oauth_verifier']); if ($vatsimUser) { // One-time use of tokens, token no longer valid unset($_SESSION[SSO_SESSION]); $vatsim = $vatsimUser->user; //print_r($user->user); $username = $vatsim->id; // plugin only designed where email address is returned, if no email specified, if (@empty($vatsim->email)) { throw new moodle_exception('noemail', "auth_vatsim"); } $useremail = $vatsim->email; // find the user in the current database, by CID, not email $user = $DB->get_record('user', array('username' => $username, 'deleted' => 0, 'mnethostid' => $CFG->mnet_localhost_id)); // create the user if it doesn't exist if (empty($user)) { // deny login if setting "Prevent account creation when authenticating" is on if ($CFG->authpreventaccountcreation) { throw new moodle_exception("noaccountyet", "auth_vatsim"); } //retrieve more information from the provider $newuser = new stdClass(); $newuser->email = $useremail; $newuser->firstname = $vatsim->name_first; $newuser->lastname = $vatsim->name_last; $newuser->country = $vatsim->country->code; create_user_record($username, '', 'vatsim'); } else { $username = $user->username; } add_to_log(SITEID, 'auth_vatsim', '', '', $username . '/' . $useremail); $user = authenticate_user_login($username, null); if ($user) { //prefill more user information if new user if (!empty($newuser)) { $newuser->id = $user->id; $DB->update_record('user', $newuser); $user = (object) array_merge((array) $user, (array) $newuser); } complete_user_login($user); // Redirection if (user_not_fully_set_up($USER)) { $urltogo = $CFG->wwwroot . '/user/edit.php'; // We don't delete $SESSION->wantsurl yet, so we get there later } else { if (isset($SESSION->wantsurl) and strpos($SESSION->wantsurl, $CFG->wwwroot) === 0) { $urltogo = $SESSION->wantsurl; // Because it's an address in this site unset($SESSION->wantsurl); } else { // No wantsurl stored or external - go to homepage $urltogo = $CFG->wwwroot . '/'; unset($SESSION->wantsurl); } } redirect($urltogo); } } else { // OAuth or cURL errors have occurred //$error = $SSO->error(); throw new moodle_exception("An error occurred with the login process", 'auth_vatsim'); } } // the user cancelled their login and were sent back } else { if (isset($_GET['oauth_cancel'])) { throw new moodle_exception("You cancelled your login", 'auth_vatsim'); } } // create a request token for this login. Provides return URL and suspended/inactive settings $token = $SSO->requestToken($sso_return, false, false); if ($token) { // store the token information in the session so that we can retrieve it when the user returns $_SESSION[SSO_SESSION] = array('key' => (string) $token->token->oauth_token, 'secret' => (string) $token->token->oauth_token_secret); // redirect the member to VATSIM $SSO->sendToVatsim(); } else { throw new moodle_exception("An error occurred with the login process", 'auth_vatsim'); } }
require 'OAuth/reporting.php'; require 'config.php'; $SSO = new SSO($sso['base'], $sso['key'], $sso['secret'], $sso['method'], $sso['cert']); $sso_return = $sso['return']; unset($sso); if (isset($_GET['return']) && isset($_GET['oauth_verifier']) && !isset($_GET['oauth_cancel'])) { if (isset($_SESSION[SSO_SESSION]) && isset($_SESSION[SSO_SESSION]['key']) && isset($_SESSION[SSO_SESSION]['secret'])) { if (@$_GET['oauth_token'] != $_SESSION[SSO_SESSION]['key']) { reportStatus("Returned token does not match", $Auth_ErrorURL); die; } if (@(!isset($_GET['oauth_verifier']))) { reportStatus("No verification code provided", $Auth_ErrorURL); die; } $user = $SSO->checkLogin($_SESSION[SSO_SESSION]['key'], $_SESSION[SSO_SESSION]['secret'], @$_GET['oauth_verifier']); if ($user) { unset($_SESSION[SSO_SESSION]); loggedIn($user->user); die; } else { $error = $SSO->error(); reportStatus("Code: " . $error['code'] . PHP_EOL . $error['message'], $Auth_ErrorURL); die; } } } else { if (isset($_GET['return']) && isset($_GET['oauth_cancel'])) { reportStatus("You cancelled your login!", $Auth_ErrorURL); die; }