function _bakery_taste_chocolatechip_cookie in Bakery Single Sign-On System 7.2
Same name and namespace in other branches
- 6.2 bakery.module \_bakery_taste_chocolatechip_cookie()
- 6 bakery.module \_bakery_taste_chocolatechip_cookie()
- 7.4 bakery.module \_bakery_taste_chocolatechip_cookie()
Test identification cookie.
1 call to _bakery_taste_chocolatechip_cookie()
- bakery_boot in ./
bakery.module - Implements hook_boot().
File
- ./
bakery.module, line 1084 - Module file for the Bakery.
Code
function _bakery_taste_chocolatechip_cookie() {
$cookie = _bakery_validate_cookie();
// Continue if this is a valid cookie. That only happens for users who have
// a current valid session on the master site.
if ($cookie) {
$destroy_cookie = FALSE;
global $user;
// Detect SSO cookie mismatch if there is already a valid session for user.
if ($user->uid && $cookie['name'] !== $user->name) {
// The SSO cookie doesn't match the existing session so force a logout.
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
_bakery_user_logout();
}
if (variable_get('bakery_is_master', 0)) {
if ($user->uid || variable_get('bakery_subsite_login', 0)) {
// User is logged in or acquired a chocolatechip cookie from a subsite.
// Bake a fresh cookie. Yum.
_bakery_bake_chocolatechip_cookie($cookie['name'], $cookie['mail'], $cookie['init']);
}
else {
// User is not logged in and couldn't have logged in from a subsite,
// destroy their cookie.
$destroy_cookie = TRUE;
}
}
// If the user is not logged in and their cookie is not marked for
// destruction.
if (!$user->uid && !$destroy_cookie) {
// Since this might happen in hook_boot we need to bootstrap first.
// Note that this only runs if they have a valid session on the master
// and do not have one on the slave so it only creates the extra load of
// a bootstrap on one pageview per session on the site which is not much.
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
// User is anonymous. If they do not have an account we'll create one by
// requesting their information from the master site. If they do have an
// account we may need to correct some disparant information.
$account = user_load_multiple(array(), array(
'name' => $cookie['name'],
'mail' => $cookie['mail'],
));
$account = reset($account);
// Fix out of sync users with valid init.
if (!$account && !variable_get('bakery_is_master', 0) && $cookie['master']) {
$count = db_select('users', 'u')
->fields('u', array(
'uid',
))
->condition('init', $cookie['init'])
->countQuery()
->execute()
->fetchField();
if ($count > 1) {
// Uh oh.
watchdog('bakery', 'Account uniqueness problem: Multiple users found with init %init.', array(
'%init' => $cookie['init'],
), WATCHDOG_ERROR);
drupal_set_message(t('Account uniqueness problem detected. <a href="@contact">Please contact the site administrator.</a>', array(
'@contact' => variable_get('bakery_master', 'http://drupal.org/') . 'contact',
)), 'error');
}
if ($count == 1) {
$account = user_load_multiple(array(), array(
'init' => $cookie['init'],
));
if (is_array($account)) {
$account = reset($account);
}
if ($account) {
watchdog('bakery', 'Fixing out of sync uid %uid. Changed name %name_old to %name_new, mail %mail_old to %mail_new.', array(
'%uid' => $account->uid,
'%name_old' => $account->name,
'%name_new' => $cookie['name'],
'%mail_old' => $account->mail,
'%mail_new' => $cookie['mail'],
));
user_save($account, array(
'name' => $cookie['name'],
'mail' => $cookie['mail'],
));
$account = user_load_multiple(array(), array(
'name' => $cookie['name'],
'mail' => $cookie['mail'],
));
$account = reset($account);
}
}
}
// Create the account if it doesn't exist.
if (!$account && !variable_get('bakery_is_master', 0) && $cookie['master']) {
$checks = TRUE;
$mail_count = db_select('users', 'u')
->fields('u', array(
'uid',
))
->condition('uid', $user->uid, '!=')
->condition('mail', '', '!=')
->where('LOWER(mail) = LOWER(:mail)', array(
':mail' => $cookie['mail'],
))
->countQuery()
->execute()
->fetchField();
if ($mail_count > 0) {
$checks = FALSE;
}
$name_count = db_select('users', 'u')
->fields('u', array(
'uid',
))
->condition('uid', $user->uid, '!=')
->where('LOWER(name) = LOWER(:name)', array(
':name' => $cookie['name'],
))
->countQuery()
->execute()
->fetchField();
if ($name_count > 0) {
$checks = FALSE;
}
$init_count = db_select('users', 'u')
->fields('u', array(
'uid',
))
->condition('uid', $user->uid, '!=')
->condition('init', $cookie['init'], '=')
->where('LOWER(name) = LOWER(:name)', array(
':name' => $cookie['name'],
))
->countQuery()
->execute()
->fetchField();
if ($init_count > 0) {
$checks = FALSE;
}
if ($checks) {
// Request information from master to keep data in sync.
$uid = bakery_request_account($cookie['name']);
// In case the account creation failed we want to make sure the user
// gets their bad cookie destroyed by not returning too early.
if ($uid) {
$account = user_load($uid);
}
else {
$destroy_cookie = TRUE;
}
}
else {
drupal_set_message(t('Your user account on %site appears to have problems. Would you like to try to <a href="@url">repair it yourself</a>?', array(
'%site' => variable_get('site_name', 'Drupal'),
'@url' => url('bakery/repair'),
)));
drupal_set_message(filter_xss_admin(variable_get('bakery_help_text', 'Otherwise you can contact the site administrators.')));
$_SESSION['BAKERY_CRUMBLED'] = TRUE;
}
}
if ($account && $cookie['master'] && $account->uid && !variable_get('bakery_is_master', 0) && $account->init != $cookie['init']) {
// User existed previously but init is wrong. Fix it to ensure account
// remains in sync.
// Make sure that there are not any OTHER accounts
// with this init already.
$count = db_select('users', 'u')
->fields('u', array(
'uid',
))
->condition('init', $cookie['init'], '=')
->countQuery()
->execute()
->fetchField();
if ($count == 0) {
db_update('users')
->fields(array(
'init' => $cookie['init'],
))
->condition('uid', $account->uid)
->execute();
watchdog('bakery', 'uid %uid out of sync. Changed init field from %oldinit to %newinit', array(
'%oldinit' => $account->init,
'%newinit' => $cookie['init'],
'%uid' => $account->uid,
));
}
else {
// Username and email matched,
// but init belonged to a DIFFERENT account.
// Something got seriously tangled up.
watchdog('bakery', 'Accounts mixed up! Username %user and init %init disagree with each other!', array(
'%user' => $account->name,
'%init' => $cookie['init'],
), WATCHDOG_CRITICAL);
}
}
if ($account && $user->uid == 0) {
// If the login attempt fails we need to destroy the cookie to prevent
// infinite redirects (with infinite failed login messages).
$login = bakery_user_external_login($account);
if ($login) {
// If an anonymous user has just been logged in, trigger a 'refresh'
// of the current page, ensuring that drupal_goto() does not override
// the current page with the destination query.
$query = drupal_get_query_parameters();
unset($_GET['destination']);
drupal_goto(current_path(), array(
'query' => $query,
));
}
else {
$destroy_cookie = TRUE;
}
}
}
if ($destroy_cookie !== TRUE) {
return TRUE;
}
}
// Eat the bad cookie. Burp.
if ($cookie === FALSE) {
_bakery_eat_cookie();
}
// No cookie or invalid cookie.
if (!$cookie) {
global $user;
// Log out users that have lost their SSO cookie, with the exception of
// UID 1 and any applied roles with permission to bypass.
if ($user->uid > 1) {
// This runs for logged in users. Those folks are going to get a full
// bootstrap anyway so this isn't a problem.
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
if (!user_access('bypass bakery')) {
watchdog('bakery', 'Logging out the user with the bad cookie.');
_bakery_user_logout();
}
}
}
return FALSE;
}