function shib_login_authmap in Shibboleth Authentication 6.4

Same name and namespace in other branches

1. 7.4 shib_auth.module \shib_login_authmap()

Login an user based on the shib_authmap informations @uname the username got from IdP @uid drupal user id @umail_single the e-mail address @alreadyloggedin is true if the user has already logged in

2 calls to shib_login_authmap()

shib_auth_consent_update in ./shib_auth.module

This function updates the accepted consent version number of the user to the current one

shib_auth_init in ./shib_auth.module

Create a new user based on informations from the Shibboleth handler if it's necessary or log in.

File

./shib_auth.module, line 334

Drupal Shibboleth authentication module.

Code

function shib_login_authmap($uname, $umail_single, $uid, $alreadyloggedin = False) {
  global $user;

  //Return if we can't login the user because the mail is missing
  if (!shib_auth_config('enable_custom_mail') && !valid_email_address($umail_single)) {
    shib_auth_error('Can\'t fetch mail attribute and it is required by the configuration');
    return;
  }

  //Get the name of the user with the given uid
  $auth_map_un_query = db_query("SELECT name FROM {users} WHERE uid='%s'", $uid);
  $authmap_username = db_fetch_array($auth_map_un_query);

  //We load this account to make operations with
  $account = user_external_load($authmap_username['name']);
  if (isset($account->uid)) {

    //We don't login user again, if there is already one logged in (made redirect loops when linking an account)
    if ($user->uid || user_external_login($account)) {

      //set auth variable to shib_auth
      $_SESSION['shib_auth_authentication'] = 'shib_auth';

      //Shibboleth mail address override was enabled in the admin config
      if (shib_auth_config('enable_custom_mail') == 0) {

        //check if there isn't any user with this e-mail (whose name is different)
        $email_for_other_user_query = db_query("SELECT * FROM {users} WHERE mail='%s' AND uid <> '%s'", $umail_single, $user->uid);
        $email_for_other_user = db_fetch_object($username_and_email_query);
        if ($email_for_other_user) {
          shib_auth_error('[shib_login_authmap] Error saving user account. E-mail address is already used.');
        }
        else {
          $user = shib_auth_save_mail($user, $umail_single);
          if (!$user) {

            // Something really bad happened
            shib_auth_error('[shib_auth_login_authmap] Fatal error while saving mail address');
            return;
          }
        }
      }

      //forward user to login url, if set
      if (shib_auth_config('login_url') != '' && !$alreadyloggedin && $_GET['q'] != shib_auth_config('login_url')) {
        drupal_goto(shib_auth_config('login_url'));
      }
    }
    else {
      shib_auth_error('Couldn\'t login user: ' . $authmap_username['name']);
    }
  }
  else {
    shib_auth_error('Couldn\'t login user: ' . $authmap_username['name']);
  }

  //redirect user to a predefined page, or a page, she wanted to see before clicking on login
  shib_auth_submit_redirect();
}