/**
* Log in via a third party provider.
*
* For now facebook is the only provider supported. We do not support control panel logins via
* external providers.
*
* @param string $provider. Currently ignored, should be passed as 'facebook' since that is the only
* provider recognized.
*
* @param array $info. The various information needed for the provider to log in. One of
* 'token' or 'signedrequest' must be provided. If both are then 'token' will be tried first.
* * 'token' string the facebook access/oAuth token. (optional)
* * 'signedrequest' string the facebook signedrequest. this is a one use token that can be used
* to retrieve the auth token. (optional)
*
* @return array.
* 'login' => array (should match the return from "login" function). Only present if the login succeeded.
* 'userid' => int the id of the vbulletin user logged in
* 'password' => string "remeber me token" will always be blank for this method
* 'lastvisit'
* 'lastactivity'
* 'sessionhash' => the session value used to authenticate the user on subsequent page loads
* 'cpsessionhash' => will never be set for this function
*/
public function loginExternal($provider, $info)
{
$fblib = vB_Library::instance('facebook');
$vbuserid = $fblib->createSessionForLogin($info);
if (!$vbuserid) {
//shouldn't be here, should throw an exception is vbuserid isn't valid
//this error isn't 100% correct but somes up the basic problem and we
//don't really know what precisely happened.
throw new vB_Exception_Api('error_external_no_vb_user', $provider);
}
$session = vB::getRequest()->createSessionForUser($vbuserid);
$sessionUserInfo = $session->fetch_userinfo();
//don't try to set "rememberme" for FB logins (the remember me token is called 'password' for legacy reasons.
$auth = array('userid' => $vbuserid, 'password' => $provider, 'lastvisit' => $sessionUserInfo['lastvisit'], 'lastactivity' => $sessionUserInfo['lastactivity']);
// create new session -- this is probably 90% unnecesary both for us and for the
// normal login, but that's how we used to do it and using it doesn't make things
// any worse.
$res = vB_User::processNewLogin($auth, $logintype);
return array('login' => $res);
}
define('VB_ERROR_PERMISSION', true);
$show['useurl'] = true;
$show['specificerror'] = true;
$url = $vbulletin->url;
if ($vbulletin->options['usestrikesystem']) {
admin_login_error('badlogin_strikes_passthru', array('strikes' => $strikes + 1));
eval(standard_error(fetch_error('badlogin_strikes_passthru', vB5_Route::buildUrl('lostpw|fullurl'), $strikes + 1)));
} else {
admin_login_error('badlogin_passthru', array('strikes' => $strikes + 1));
eval(standard_error(fetch_error('badlogin_passthru', vB5_Route::buildUrl('lostpw|fullurl'), $strikes + 1)));
}
}
}
vB_User::execUnstrikeUser($vbulletin->GPC['vb_login_username']);
// create new session
$res = vB_User::processNewLogin($auth, $vbulletin->GPC['logintype'], $vbulletin->GPC['cssprefs']);
// set cookies (temp hack for admincp)
if (isset($res['cpsession'])) {
vbsetcookie('cpsession', $res['cpsession'], false, true, true);
}
vbsetcookie('userid', $res['userid'], false, true, true);
vbsetcookie('password', $res['password'], false, true, true);
vbsetcookie('sessionhash', $res['sessionhash'], false, false, true);
// do redirect
do_login_redirect();
} else {
if ($_GET['do'] == 'login') {
// add consistency with previous behavior
exec_header_redirect(vB5_Route::buildUrl('home|fullurl'));
}
}
