function shib_login_authmap in Shibboleth Authentication 7.4
Same name and namespace in other branches
- 6.4 shib_auth.module \shib_login_authmap()
Login a user based on the shib_authmap information.
Parameters
string $uname: The username got from IdP.
string $umail_single: The first email address of the user from the IdP.
int $uid: Drupal user id.
bool $alreadyloggedin: TRUE if the user has already logged in and FALSE if not.
2 calls to shib_login_authmap()
- shib_auth_consent_update in ./
shib_auth.module - Updates the accepted consent version number of the user to the current one.
- shib_auth_init in ./
shib_auth.module - Creates a new user, if necessary, based on information from the handler.
File
- ./
shib_auth.module, line 385 - Drupal Shibboleth authentication module.
Code
function shib_login_authmap($uname, $umail_single, $uid, $alreadyloggedin = FALSE) {
global $user;
if (!shib_auth_config('enable_custom_mail') && !valid_email_address($umail_single)) {
shib_auth_error('Can\'t fetch mail attribute and it is required by the configuration');
return;
}
// First, we want to get the name of the user with the given uid.
$authmap_username = db_select('users', 'c')
->fields('c')
->condition('uid', $uid, '=')
->execute()
->fetchAssoc();
// We load this account to make operations with.
$account = user_external_load($authmap_username['name']);
if (isset($account->uid)) {
// We don't login user again, if there is already one logged in
// (made redirect loops when linking an account).
if (!user_is_blocked($account->name)) {
user_external_login_register($account->name, 'shib_auth');
if (user_is_logged_in()) {
// Set auth variable to shib_auth.
$_SESSION['shib_auth_authentication'] = 'shib_auth';
// Shibboleth mail address override was enabled in the admin config.
if (shib_auth_config('enable_custom_mail') == 0) {
// Check if there isn't any user with this email (whose name is
// different).
$email_for_other_user = db_select('users', 'c')
->fields('c')
->condition('mail', $umail_single, '=')
->condition('uid', $user->uid, '<>')
->execute()
->fetchObject();
if ($email_for_other_user) {
shib_auth_error('[shib_login_authmap] Error saving user account. Email address is already used.');
}
else {
$user = shib_auth_save_mail($user, $umail_single);
if (!$user) {
// Something really bad happened.
shib_auth_error('[shib_login_authmap] Fatal error while saving mail address');
return;
}
}
}
// Forward user to login url, if set.
if (shib_auth_config('login_url') != '' && !$alreadyloggedin && $_GET['q'] != shib_auth_config('login_url')) {
drupal_goto(shib_auth_config('login_url'));
}
}
else {
shib_auth_error('Couldn\'t login user: ' . $authmap_username['name']);
}
}
else {
shib_auth_error('Couldn\'t login user: ' . $authmap_username['name'] . ' has not been activated, or is blocked');
}
}
else {
shib_auth_error('Couldn\'t login user: ' . $authmap_username['name']);
watchdog('shib_auth', 'Username "@name" could not be found in authmap table', array(
'@name' => $authmap_username['name'],
), WATCHDOG_NOTICE);
}
// Redirect user to a predefined page, or a page, she wanted to see before
// clicking on login.
shib_auth_submit_redirect();
}