/** * Get attributes from OpenID response and populate 'user'-like structure * If matching user exists then return matching user * * @param string $resp - the OpenID response * @return user object - false on multiple matches, or the matching user object * _or_ new user object with members: * username, email, firstname, lastname, country */ function openid_resp_to_user(&$resp) { $tmp_users = array(); $user = new stdClass(); $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($resp); $sreg = $sreg_resp->contents(); if (defined('ADD_AX_SUPPORT')) { $ax_resp = new Auth_OpenID_AX_FetchResponse(); $ax = $ax_resp->fromSuccessResponse($resp); } // We'll attempt to use the user's nickname to set their username if (isset($sreg['nickname']) && !empty($sreg['nickname']) && !($tmp_users['username'] = get_records('user', 'username', addslashes($sreg['nickname']))) || defined('USE_EMAIL_FOR_USERNAME') && isset($sreg['email']) && !empty($sreg['email']) && !($tmp_users['username_email'] = get_records('user', 'username', $sreg['email']))) { $user->username = addslashes(isset($sreg['nickname']) && !empty($sreg['nickname']) ? $sreg['nickname'] : $sreg['email']); } else { if (defined('ADD_AX_SUPPORT') && (($nickname = get_ax_data(AX_SCHEMA_NICKNAME, $ax)) && !($tmp_users['username'] = get_records('user', 'username', addslashes($nickname))) || defined('USE_EMAIL_FOR_USERNAME') && ($useremail = get_ax_data(AX_SCHEMA_EMAIL, $ax)) && !($tmp_users['username_email'] = get_records('user', 'username', $useremail)))) { // better to fall-back to email? may show-up in various display blocks $user->username = addslashes($nickname ? $nickname : $useremail); } else { $user->username = openid_normalize_url_as_username($resp->identity_url); } } // SREG fullname if (isset($sreg['fullname']) && !empty($sreg['fullname'])) { $name = openid_parse_full_name($sreg['fullname']); $user->firstname = addslashes($name['first']); $user->lastname = addslashes($name['last']); } else { if (defined('ADD_AX_SUPPORT') && (get_ax_data(AX_SCHEMA_FULLNAME, $ax) || get_ax_data(AX_SCHEMA_LASTNAME, $ax))) { if (get_ax_data(AX_SCHEMA_LASTNAME, $ax)) { $user->firstname = addslashes(get_ax_data(AX_SCHEMA_FIRSTNAME, $ax)); $user->lastname = addslashes(get_ax_data(AX_SCHEMA_LASTNAME, $ax)); } else { // fullname $name = openid_parse_full_name(get_ax_data(AX_SCHEMA_FULLNAME, $ax)); $user->firstname = addslashes($name['first']); $user->lastname = addslashes($name['last']); } } } if (!empty($user->lastname)) { $tmp_users['fullname'] = get_records_select('user', "firstname = '" . $user->firstname . "' AND lastname = '" . $user->lastname . "'"); } // SREG email if (!empty($sreg['email']) && !($tmp_users['email'] = get_records('user', 'email', $sreg['email']))) { $user->email = addslashes($sreg['email']); } else { if (defined('ADD_AX_SUPPORT') && ($useremail = get_ax_data(AX_SCHEMA_EMAIL, $ax)) && !($tmp_users['email'] = get_records('user', 'email', $useremail))) { $user->email = addslashes($useremail); } } // SREG country $country = ''; if (isset($sreg['country']) && !empty($sreg['country'])) { $country = $sreg['country']; } else { if (defined('ADD_AX_SUPPORT') && get_ax_data(AX_SCHEMA_COUNTRY, $ax)) { $country = get_ax_data(AX_SCHEMA_COUNTRY, $ax); } } if (!empty($country)) { $country_code = strtoupper($country); $countries = get_list_of_countries(); if (strlen($country) != 2 || !isset($countries[$country_code])) { $countries_keys = array_keys($countries); $countries_vals = array_values($countries); $country_code = array_search($country, $countries_vals); if ($country_code > 0) { $country_code = $countries_keys[$country_code]; } else { $country_code = ''; } } if (!empty($country_code)) { $user->country = $country_code; } } /* We're currently not attempting to get language and timezone values // SREG language if (isset($sreg['language']) && !empty($sreg['language'])) { } // SREG timezone if (isset($sreg['timezone']) && !empty($sreg['timezone'])) { } */ $config = get_config('auth/openid'); //error_log("/auth/openid/locallib.php::auth/openid::config=..."); //err_dump($config); //error_log("/auth/openid/locallib.php::openid_resp_to_user() - check for user matching ..."); //err_dump($user); // Map OpenID fields to whether field MUST be unique // TBD: make unique fields configurable im OpenID: auth_config_users.html // Keys must match keys in tmp_users[] array - set above. $openid_fields = array('email' => 1, 'fullname' => 0, 'username' => 0, 'username_email' => 1); foreach ($openid_fields as $openid_field => $field_unique) { $match_array = str_word_count($config->auth_openid_match_fields, 1, '_'); $num = !empty($match_array) ? 1 : 0; if ($field_unique && !empty($tmp_users[$openid_field]) && count($tmp_users[$openid_field]) > $num) { //error_log("/auth/openid/locallib.php::openid_resp_to_user() - multiple matches on count(tmp_users[{$openid_field}])=".count($tmp_users[$openid_field])." ..."); //err_dump($tmp_users[$openid_field]); //error_log("> match_array=..."); //err_dump($match_array); return false; } } $matching_user = null; // check tmp_users[] matches for valid existing user, // return false if conflicts between matching fields if (!empty($config->auth_openid_match_fields)) { $openid_match_fields = explode(',', $config->auth_openid_match_fields); foreach ($openid_match_fields as $match_field) { $match_field = trim($match_field); if (!empty($tmp_users[$match_field]) && count($tmp_users[$match_field]) == 1) { if (!$matching_user) { $matching_user = reset($tmp_users[$match_field]); } else { if ($openid_fields[$match_field] && $matching_user->id != reset($tmp_users[$match_field])->id) { // unique field matches different user! return false; } } } } } if (!empty($matching_user)) { merge_user_fields($matching_user, $user); //error_log( "openid_resp_to_user() - merged matching user: "); //err_dump($matching_user); return $matching_user; } return $user; }
function compare_useremail_response($user, $response, &$return_email = null) { $email = null; if (empty($user) || empty($user->email)) { return true; } // cannot compare, assume ok $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response); $sreg = $sreg_resp->contents(); if (defined('ADD_AX_SUPPORT')) { $ax_resp = new Auth_OpenID_AX_FetchResponse(); $ax = $ax_resp->fromSuccessResponse($response); $email = get_ax_data(AX_SCHEMA_EMAIL, $ax); } if (empty($email) && !empty($sreg['email'])) { $email = $sreg['email']; } if ($return_email !== null) { $return_email = $email; } //error_log("/auth/openid/auth.php::compare_useremail_response(): $user->email ?= $email "); return !empty($email) ? $user->email == $email : true; }