You are here

Home » API reference » Bakery Single Sign-On System 6 » bakery.module

function _bakery_taste_chocolatechip_cookie in Bakery Single Sign-On System 6

Same name and namespace in other branches
  1. 6.2 bakery.module \_bakery_taste_chocolatechip_cookie()
  2. 7.4 bakery.module \_bakery_taste_chocolatechip_cookie()
  3. 7.2 bakery.module \_bakery_taste_chocolatechip_cookie()

Test identification cookie

1 call to _bakery_taste_chocolatechip_cookie()
bakery_init in ./bakery.module
Implementation of hook_init().

File

./bakery.module, line 380

Code

function _bakery_taste_chocolatechip_cookie() {
  $cookie = _bakery_validate_cookie();

  // Valid cookie
  if ($cookie) {
    global $user;

    // Bake a fresh cookie. Yum.
    _bakery_bake_chocolatechip_cookie($cookie['name'], $cookie['mail'], $cookie['init']);
    if (!$user->uid) {
      $account = user_load(array(
        'name' => $cookie['name'],
        'mail' => $cookie['mail'],
      ));

      // Fix out of sync users with valid init.
      if (!$account && !variable_get('bakery_is_master', 0) && $cookie['master']) {
        $count = db_result(db_query("SELECT COUNT(*) FROM {users} WHERE init = '%s'", $cookie['init']));
        if ($count > 1) {

          // Uh oh.
          watchdog('bakery', 'Account uniqueness problem: Multiple users found with init %init.', array(
            '%init' => $cookie['init'],
          ), 'error');
          drupal_set_message(t('Account uniqueness problem detected. <a href="@contact">Please contact the site administrator.</a>', array(
            '@contact' => variable_get('bakery_master', 'http://drupal.org/') . 'contact',
          )), 'error');
        }
        if ($count == 1) {
          $account = user_load(array(
            'init' => $cookie['init'],
          ));
          if ($account) {
            watchdog('bakery', 'Fixing out of sync uid %uid. Changed name %name_old to %name_new, mail %mail_old to %mail_new.', array(
              '%uid' => $account->uid,
              '%name_old' => $account->name,
              '%name_new' => $cookie['name'],
              '%mail_old' => $account->mail,
              '%mail_new' => $cookie['mail'],
            ));
            user_save($account, array(
              'name' => $cookie['name'],
              'mail' => $cookie['mail'],
            ));
            $account = user_load(array(
              'name' => $cookie['name'],
              'mail' => $cookie['mail'],
            ));
          }
        }
      }

      // Create the account if it doesn't exist.
      if (!$account && !variable_get('bakery_is_master', 0) && $cookie['master']) {
        $checks = TRUE;
        if (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != %d AND mail != '' AND LOWER(mail) = LOWER('%s')", $user->uid, $cookie['mail'])) > 0) {
          $checks = FALSE;
        }
        if (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != %d AND LOWER(name) = LOWER('%s')", $user->uid, $cookie['name'])) > 0) {
          $checks = FALSE;
        }
        if (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != %d AND init = '%s'", $user->uid, $cookie['init'])) > 0) {
          $checks = FALSE;
        }
        if ($checks) {

          // Status = 1 because we never want accounts started as "blocked".
          $new = array(
            'name' => $cookie['name'],
            'mail' => $cookie['mail'],
            'init' => $cookie['init'],
            'status' => 1,
            'pass' => user_password(),
          );
          $account = user_save(new stdClass(), $new);
          $account = user_load($account->uid);
        }
        else {
          drupal_set_message(t('Your user account on %site appears to have problems. Would you like to try to <a href="@url">repair it yourself</a>?', array(
            '%site' => variable_get('site_name', 'Drupal'),
            '@url' => url('bakery/repair'),
          )));
          drupal_set_message(filter_xss_admin(variable_get('bakery_help_text', 'Otherwise you can contact the site administrators.')));
          $_SESSION['BAKERY_CRUMBLED'] = TRUE;
        }
      }
      if ($account && $cookie['master'] && $account->uid && !variable_get('bakery_is_master', 0) && $account->init != $cookie['init']) {

        // User existed previously but init is wrong. Fix it to ensure account
        // remains in sync.
        // Make sure that there aren't any OTHER accounts with this init already.
        if (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE init = '%s'", $cookie['init'])) == 0) {
          db_query("UPDATE {users} SET init = '%s' WHERE uid = %d", $cookie['init'], $account->uid);
          watchdog('bakery', 'uid %uid out of sync. Changed init field from %oldinit to %newinit', array(
            '%oldinit' => $account->init,
            '%newinit' => $cookie['init'],
            '%uid' => $account->uid,
          ));
        }
        else {

          // Username and email matched, but init belonged to a DIFFERENT account.
          // Something got seriously tangled up.
          watchdog('bakery', 'Accounts mixed up! Username %user and init %init disagree with each other!', array(
            '%user' => $account->name,
            '%init' => $cookie['init'],
          ), 'critical');
        }
      }
      if ($account && $user->uid == 0) {
        bakery_user_external_login($account);
      }
    }
    return TRUE;
  }

  // Eat the bad cookie. Burp.
  if ($cookie === FALSE) {
    _bakery_eat_cookie();
  }

  // No cookie or invalid cookie
  if (!$cookie) {
    global $user;

    // we log out users that have lost their SSO cookie, with the exception of
    // UID 1.
    if ($user->uid > 1) {
      watchdog('bakery', 'Logging out the user with the bad cookie.');
      bakery_user_logout();
    }
  }
  return FALSE;
}