function _auto_login_url_page in Auto Login URL 7
Auto login the user.
Parameters
integer $uid: User id.
string $hash: Code that passes through URL.
1 string reference to '_auto_login_url_page'
- auto_login_url_menu in ./
auto_login_url.module - Implements hook_menu().
File
- ./
auto_login_url.module, line 52 - Main file for auto_login_url module.
Code
function _auto_login_url_page($uid, $hash) {
// Check for flood events.
if (!flood_is_allowed('failed_login_attempt_ip', variable_get('user_failed_login_ip_limit', 50), variable_get('user_failed_login_ip_window', 3600))) {
drupal_set_message(t('Sorry, too many failed login attempts from your IP address. This IP address is temporarily blocked. Try again later.'), 'error');
// Return access denied.
drupal_access_denied();
return;
}
// Get ALU secret.
$auto_login_url_secret = _auto_login_url_get_secret();
// Get user password.
$password = db_query("SELECT pass FROM {users} WHERE uid = :uid", array(
':uid' => $uid,
))
->fetchField();
// Create key.
$key = drupal_get_hash_salt() . $auto_login_url_secret . $password;
// Get if the hash is in the db.
$result = db_select('auto_login_url', 'a')
->fields('a', array(
'id',
'uid',
'destination',
))
->condition('hash', drupal_hmac_base64($hash, $key), '=')
->execute()
->fetchAssoc();
if ($result !== FALSE && count($result) > 0) {
$current_user = user_load($result['uid']);
// Get destination URL.
$destination = urldecode($result['destination']);
// Account for anchor.
if (strrpos($destination, '#') !== FALSE) {
$fragment = substr($destination, strrpos($destination, '#') + 1);
$url_array['fragment'] = $fragment;
$url_array['alias'] = TRUE;
$destination = substr($destination, 0, strrpos($destination, '#'));
}
// Account for GET[] arguments.
if (strrpos($destination, '?') !== FALSE) {
$arguments = substr($destination, strrpos($destination, '?') + 1);
$arguments = explode('&', $arguments);
$arguments_array = array();
foreach ($arguments as $argument) {
$temp_array = explode('=', $argument);
$arguments_array[$temp_array[0]] = isset($temp_array[1]) ? $temp_array[1] : '';
}
$url_array['query'] = $arguments_array;
$destination = substr($destination, 0, strrpos($destination, '?'));
}
// Create auto login url pre hook.
module_invoke_all('pre_auto_login_url', $current_user, $destination);
// Auto login the user.
global $user;
// Update the user table timestamp noting user has logged in.
$current_user->login = REQUEST_TIME;
db_update('users')
->fields(array(
'login' => $current_user->login,
))
->condition('uid', $current_user->uid)
->execute();
$user = $current_user;
// Regenerate the session ID to prevent against session fixation attacks.
// This is called before hook_user in case one of those functions fails
// or incorrectly does a redirect which would leave the old session in place.
drupal_session_regenerate();
// Finalize the login process.
user_login_finalize();
// Delete auto login URL, if option checked.
if (variable_get('auto_login_url_delete_on_use', FALSE)) {
db_delete('auto_login_url')
->condition('id', array(
$result['id'],
))
->execute();
}
// A generic array for arguments.
$url_array = array();
// Create auto login url post hook.
module_invoke_all('post_auto_login_url', $current_user, $destination);
if (count($url_array)) {
drupal_goto($destination, $url_array);
}
else {
drupal_goto($destination);
}
}
else {
// Register flood event for this IP.
_auto_login_url_register_flood($hash);
// Return access denied.
return MENU_ACCESS_DENIED;
}
}