You are here

function legal_user_login in Legal 2.0.x

Same name and namespace in other branches
  1. 8 legal.module \legal_user_login()
  2. 7.2 legal.module \legal_user_login()
  3. 7 legal.module \legal_user_login()

Implements hook_user_login().

File

./legal.module, line 415
Module file for Legal.

Code

function legal_user_login(UserInterface $account) {

  // Skip T&Cs for user 1 or user with exempt role.
  $exempt = legal_user_is_exempt($account);
  if ($exempt) {
    return;
  }
  $settings = \Drupal::config('legal.settings');

  // Get last accepted version for this account.
  $uid = $account
    ->get('uid')
    ->getString();
  $legal_account = legal_get_accept($uid);

  // If no version accepted, get version with current language revision.
  $language = \Drupal::languageManager()
    ->getCurrentLanguage();
  if (empty($legal_account['version'])) {
    $conditions = legal_get_conditions($language
      ->getId());

    // No conditions set yet, skip T&Cs.
    if (empty($conditions['conditions'])) {
      return;
    }
  }
  else {

    // Get version / revision of last accepted language.
    $conditions = legal_get_conditions($legal_account['language']);

    // No conditions set yet, skip T&Cs.
    if (empty($conditions['conditions'])) {
      return;
    }

    // Check latest version of T&C has been accepted.
    $accepted = legal_version_check($uid, $conditions['version'], $conditions['revision'], $legal_account);

    // User has accepted latest T&C.
    if ($accepted) {
      if ($settings
        ->get('accept_every_login') == 0) {
        return;
      }
      else {
        $request = \Drupal::request();
        $session = $request
          ->getSession();
        $newly_accepted = $session
          ->get('legal_login', FALSE);
        if ($newly_accepted) {
          return;
        }
      }
    }
  }

  // Log the user out and regenerate the Drupal session.
  \Drupal::logger('user')
    ->notice('Session closed for %name.', [
    '%name' => $account
      ->getAccountName(),
  ]);
  \Drupal::moduleHandler()
    ->invokeAll('user_logout', [
    $account,
  ]);

  // Destroy the current session, and reset $user to the anonymous user.
  \Drupal::service('session_manager')
    ->destroy();
  $query = NULL;
  $path = \Drupal::request()
    ->getpathInfo();
  $arg = explode('/', $path);

  // One time login link - set user edit page as destination after T&Cs.
  if (isset($arg[1]) && $arg[1] == 'user' && isset($arg[2]) && $arg[2] == 'reset') {
    $query = [
      'destination' => $account
        ->toUrl('edit-form')
        ->toString(),
    ];
  }

  // Preserve custom destination if it's been set.
  if (!empty($_REQUEST['destination'])) {
    $query = [
      'destination' => $_REQUEST['destination'],
    ];
  }
  unset($_GET['destination']);
  $signatory = User::load($uid);
  $login = $signatory
    ->get('login')->value;
  $password = $signatory
    ->get('pass')->value;
  $token = Crypt::randomBytesBase64();
  $data = $login . $uid . $password;
  $hash = Crypt::hmacBase64($data, $token);
  user_cookie_save([
    'legal_hash' => $hash,
    'legal_id' => $uid,
  ]);
  $query['token'] = $token;
  $path = Url::fromUserInput('/legal_accept', [
    'query' => $query,
  ])
    ->toString();
  $response = new RedirectResponse($path);
  $response
    ->sendHeaders();
  exit;
}