You are here

Home » API reference » Bakery Single Sign-On System 6.2 » bakery.module

function _bakery_taste_chocolatechip_cookie in Bakery Single Sign-On System 6.2

Same name and namespace in other branches
  1. 6 bakery.module \_bakery_taste_chocolatechip_cookie()
  2. 7.4 bakery.module \_bakery_taste_chocolatechip_cookie()
  3. 7.2 bakery.module \_bakery_taste_chocolatechip_cookie()

Test identification cookie.

1 call to _bakery_taste_chocolatechip_cookie()
bakery_boot in ./bakery.module
Implementation of hook_boot().

File

./bakery.module, line 982

Code

function _bakery_taste_chocolatechip_cookie() {
  $cookie = _bakery_validate_cookie();

  // Continue if this is a valid cookie. That only happens for users who have
  // a current valid session on the master site.
  if ($cookie) {
    $destroy_cookie = FALSE;
    global $user;

    // Detect SSO cookie mismatch if there is already a valid session for user.
    if ($user->uid && $cookie['name'] !== $user->name) {

      // The SSO cookie doesn't match the existing session so force a logout.
      drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
      bakery_user_logout();
    }

    // Bake a fresh cookie. Yum.
    _bakery_bake_chocolatechip_cookie($cookie['name'], $cookie['mail'], $cookie['init']);
    if (!$user->uid) {

      // Since this might happen in hook_boot we need to bootstrap first.
      // Note that this only runs if they have a valid session on the master
      // and do not have one on the slave so it only creates the extra load of
      // a bootstrap on one pageview per session on the site which is not much.
      drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);

      // User is anonymous. If they do not have an account we'll create one by
      // requesting their information from the master site. If they do have an
      // account we may need to correct some disparant information.
      $account = user_load(array(
        'name' => $cookie['name'],
        'mail' => $cookie['mail'],
      ));

      // Fix out of sync users with valid init.
      if (!$account && !variable_get('bakery_is_master', 0) && $cookie['master']) {
        $count = db_result(db_query("SELECT COUNT(*) FROM {users} WHERE init = '%s'", $cookie['init']));
        if ($count > 1) {

          // Uh oh.
          watchdog('bakery', 'Account uniqueness problem: Multiple users found with init %init.', array(
            '%init' => $cookie['init'],
          ), WATCHDOG_ERROR);
          drupal_set_message(t('Account uniqueness problem detected. <a href="@contact">Please contact the site administrator.</a>', array(
            '@contact' => variable_get('bakery_master', 'http://drupal.org/') . 'contact',
          )), 'error');
        }
        if ($count == 1) {
          $account = user_load(array(
            'init' => $cookie['init'],
          ));
          if ($account) {
            watchdog('bakery', 'Fixing out of sync uid %uid. Changed name %name_old to %name_new, mail %mail_old to %mail_new.', array(
              '%uid' => $account->uid,
              '%name_old' => $account->name,
              '%name_new' => $cookie['name'],
              '%mail_old' => $account->mail,
              '%mail_new' => $cookie['mail'],
            ));
            user_save($account, array(
              'name' => $cookie['name'],
              'mail' => $cookie['mail'],
            ));
            $account = user_load(array(
              'name' => $cookie['name'],
              'mail' => $cookie['mail'],
            ));
          }
        }
      }

      // Create the account if it doesn't exist.
      if (!$account && !variable_get('bakery_is_master', 0) && $cookie['master']) {
        $checks = TRUE;
        if (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != %d AND mail != '' AND LOWER(mail) = LOWER('%s')", $user->uid, $cookie['mail'])) > 0) {
          $checks = FALSE;
        }
        if (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != %d AND LOWER(name) = LOWER('%s')", $user->uid, $cookie['name'])) > 0) {
          $checks = FALSE;
        }
        if (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != %d AND init = '%s'", $user->uid, $cookie['init'])) > 0) {
          $checks = FALSE;
        }
        if ($checks) {

          // Request information from master to keep data in sync.
          $uid = bakery_request_account($cookie['name']);

          // In case the account creation failed we want to make sure the user
          // gets their bad cookie destroyed by not returning too early.
          if ($uid) {
            $account = user_load($uid);
          }
          else {
            $destroy_cookie = TRUE;
          }
        }
        else {
          drupal_set_message(t('Your user account on %site appears to have problems. Would you like to try to <a href="@url">repair it yourself</a>?', array(
            '%site' => variable_get('site_name', 'Drupal'),
            '@url' => url('bakery/repair'),
          )));
          drupal_set_message(filter_xss_admin(variable_get('bakery_help_text', 'Otherwise you can contact the site administrators.')));
          $_SESSION['BAKERY_CRUMBLED'] = TRUE;
        }
      }
      if ($account && $cookie['master'] && $account->uid && !variable_get('bakery_is_master', 0) && $account->init != $cookie['init']) {

        // User existed previously but init is wrong. Fix it to ensure account
        // remains in sync.
        // Make sure that there aren't any OTHER accounts with this init already.
        if (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE init = '%s'", $cookie['init'])) == 0) {
          db_query("UPDATE {users} SET init = '%s' WHERE uid = %d", $cookie['init'], $account->uid);
          watchdog('bakery', 'uid %uid out of sync. Changed init field from %oldinit to %newinit', array(
            '%oldinit' => $account->init,
            '%newinit' => $cookie['init'],
            '%uid' => $account->uid,
          ));
        }
        else {

          // Username and email matched, but init belonged to a DIFFERENT account.
          // Something got seriously tangled up.
          watchdog('bakery', 'Accounts mixed up! Username %user and init %init disagree with each other!', array(
            '%user' => $account->name,
            '%init' => $cookie['init'],
          ), WATCHDOG_CRITICAL);
        }
      }
      if ($account && $user->uid == 0) {

        // If the login attempt fails we need to destroy the cookie to prevent
        // infinite redirects (with infinite failed login messages).
        $login = bakery_user_external_login($account);
        if ($login) {
          if (isset($_REQUEST['destination'])) {
            $destination = $_REQUEST['destination'];
          }
          else {

            // Use $_GET here to retrieve the original path in source form.
            $destination = isset($_GET['q']) ? $_GET['q'] : '';
            $query = drupal_query_string_encode($_GET, array(
              'q',
            ));
          }
          drupal_goto($destination, $query);
        }
        else {
          $destroy_cookie = TRUE;
        }
      }
    }
    if ($destroy_cookie !== TRUE) {
      return TRUE;
    }
  }

  // Eat the bad cookie. Burp.
  if ($cookie === FALSE) {
    _bakery_eat_cookie();
  }

  // No cookie or invalid cookie
  if (!$cookie) {
    global $user;

    // Log out users that have lost their SSO cookie, with the exception of
    // UID 1 and any applied roles with permission to bypass.
    if ($user->uid > 1) {

      // This runs for logged in users. Those folks are going to get a full bootstrap anyway so this isn't a problem.
      drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
      if (!user_access('bypass bakery')) {
        watchdog('bakery', 'Logging out the user with the bad cookie.');
        bakery_user_logout();
      }
    }
  }
  return FALSE;
}