function fboauth_action_connect in Facebook OAuth (FBOAuth) 7
Same name and namespace in other branches
- 6 includes/fboauth.fboauth.inc \fboauth_action_connect()
- 7.2 includes/fboauth.fboauth.inc \fboauth_action_connect()
Facebook OAuth callback for initiating a Facebook connection.
1 string reference to 'fboauth_action_connect'
- fboauth_fboauth_actions in ./
fboauth.module - Implements hook_fboauth_actions().
File
- includes/
fboauth.fboauth.inc, line 80 - Provides functions used during Facebook login processes.
Code
function fboauth_action_connect($app_id, $access_token) {
global $user;
// Save access_token in session for future use.
$_SESSION['fboauth']['access_token'] = $access_token;
$fbuser = fboauth_graph_query('me', $access_token);
$uid = fboauth_uid_load($fbuser->id);
// If the user isn't logged in.
if (!$user->uid) {
// See if they are connected to FB & is an association between FB & Drupal.
if ($uid && ($account = user_load($uid))) {
fboauth_login_user($account);
}
else {
if (!empty($fbuser->email)) {
$account = NULL;
// Check and see if multiple_email module is in use.
if (module_exists('multiple_email')) {
if ($multiple_email_object = multiple_email_find_address($fbuser->email)) {
$account = user_load($multiple_email_object->uid);
if ($multiple_email_object->confirmed) {
// we're good
}
else {
// note: drupal security team doesn't consider it a vulnerabilty that UID is publicly available
// https://www.drupal.org/node/1004778
drupal_set_message(t("We found your e-mail @email in the @sitename system, but it hasn't been confirmed. " . 'Please <a href="!login">login manually</a> and then <a href="!edit">' . 'resend your confirmation code</a> to confirm that you are the owner of this email address. This is required before you can connect to the site from Facebook with it.', array(
'@email' => $fbuser->email,
'@sitename' => variable_get('site_name', ''),
'!login' => url('user/login'),
'!edit' => url('user/' . $account->uid . '/edit/email-addresses'),
)));
return;
}
}
else {
// Email address not found in System
}
}
else {
// Just use the e-mail from the users table.
$account = user_load_by_mail($fbuser->email);
}
// If the Facebook e-mail address matches an existing account, bind them
// together and log in as that account.
if ($account) {
// Connect the account only if we allow anonymous users to connect accounts that have
// never been connected before.
if (variable_get('fboauth_anon_connect', TRUE)) {
// Logins will be denied if the user's account is blocked.
if (fboauth_login_user($account)) {
fboauth_save($account->uid, $fbuser->id);
drupal_set_message(t("You've connected your account with Facebook."));
}
}
else {
drupal_set_message(t('We found your e-mail @email in the @sitename system, but the account has never been connected to Facebook before. ' . 'Please <a href="!login">login manually</a> and <a href="!edit">connect to Facebook</a> while logged in. ' . 'Once you have completed this step, you may login through Facebook whenever you like.', array(
'@email' => $fbuser->email,
'@sitename' => variable_get('site_name', ''),
'!login' => url('user/login'),
'!edit' => url('user/' . $account->uid . '/edit'),
)));
}
}
elseif (variable_get('user_register', 1)) {
$account = fboauth_create_user($fbuser);
if (!isset($account) || empty($account)) {
drupal_set_message(t('Unable to create a new account using your Facebook profile.'), 'warning');
return;
}
// Load the account fresh just to have a fully-loaded object.
$account = user_load($account->uid);
// If the account requires administrator approval the new account will
// have a status of '0' and not be activated yet.
if ($account->status == 0) {
_user_mail_notify('register_pending_approval', $account);
drupal_set_message(t('An account has been created for you on @sitename but an ' . 'administrator needs to approve your account. In the meantime, ' . 'a welcome message with further instructions has been sent ' . 'to your e-mail address.', array(
'@sitename' => variable_get('site_name', ''),
)));
}
elseif (fboauth_login_user($account)) {
drupal_set_message(t('Welcome to @sitename. ' . 'Basic information has been imported from Facebook into your account. ' . 'You may want to <a href="!edit">edit your account</a> to confirm the ' . 'details and set a password.', array(
'@sitename' => variable_get('site_name', ''),
'!edit' => url('user/' . $account->uid . '/edit'),
)));
}
// If the login fails, fboauth_login_user() throws an error message.
}
else {
drupal_set_message(t('Your Facebook e-mail address does not match
any existing accounts. If you have an account, you must first
log in before you can connect your account to Facebook.
Creation of new accounts on this site is disabled.'));
}
}
else {
drupal_set_message(t("Facebook didn't provide an e-mail address " . "to be associated with your account, so we can't compare it " . "with the e-mail addresses in this system."));
return;
}
// Done if no e-mail address provided by facebook.
}
}
else {
// The user is already logged in to Drupal.
// So just associate the two accounts.
fboauth_save($user->uid, $fbuser->id);
drupal_set_message(t("You've connected your account with Facebook."));
}
}