You are here

function _securesite_user_auth in Secure Site 6

Same name and namespace in other branches
  1. 5 securesite.module \_securesite_user_auth()

Display authentication dialog and send password reset mails

2 calls to _securesite_user_auth()
securesite_boot in ./securesite.module
Implementation of hook_boot()
securesite_user in ./securesite.module
Implementation of hook_user()

File

./securesite.module, line 222
Secure Site contrib module

Code

function _securesite_user_auth() {
  global $base_url;
  module_load_include('inc', 'securesite');
  $securesite_enabled = variable_get('securesite_enabled', SECURESITE_DISABLED);
  $content = '';

  // Step #1: Check if the user attempted to submit the login form. If so,
  // getting here means they didn't enter their info correctly
  if (isset($_POST['securesite_login_form'])) {
    drupal_set_message(t('Unrecognized username and/or password.'), 'error');
  }

  // Step #2: Check if the user attempted to submit the password request form.
  // If so, check if we have information for the name/mail they entered and
  // send it if we do
  if (isset($_POST['securesite_request_form']) && isset($_POST['edit'])) {
    _securesite_password_reset($_POST['edit']);
  }

  // Get content for dialog
  if ($securesite_enabled == SECURESITE_FORM) {
    $content .= _securesite_login_form();
  }
  $content .= _securesite_request_form();

  // Step #3: If using HTTP Auth, send the appropriate headers, but only if the
  // user isn't logged in and they haven't just submitted the password reset or
  // login forms
  if ($securesite_enabled == SECURESITE_AUTH && empty($_POST['securesite_request_form']) && empty($_POST['securesite_login_form'])) {
    $realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal'));

    // If not on the home page of the site, Opera will not show the auth dialog
    // the first time after logout.  It will show the page displayed before
    // logging out.  Reloading will cause the dialog to display.  Safari
    // doesn't seem show the login/password request form when cancelling the
    // auth dialog no matter what
    $browsers = array(
      'msie',
      'opera',
      'safari',
    );
    $user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? strtolower($_SERVER['HTTP_USER_AGENT']) : '';
    foreach ($browsers as $browser) {
      if (strpos($user_agent, $browser) !== FALSE) {
        $realm .= ' - ' . mt_rand(10, 999);
        break;
      }
    }
    header('WWW-Authenticate: Basic realm="' . $realm . '"');
    header('HTTP/1.0 401 Unauthorized');
  }

  // Step #4: Show the login form and/or password request form if user cancels
  // HTTP Auth dialog
  _securesite_dialog_page($content);
  module_invoke_all('exit', request_uri());
  session_write_close();
  exit;
}