function simple_ldap_sso_init in Simple LDAP 7
Same name and namespace in other branches
- 7.2 simple_ldap_sso/simple_ldap_sso.module \simple_ldap_sso_init()
Implements hook_init().
File
- simple_ldap_sso/
simple_ldap_sso.module, line 37
Code
function simple_ldap_sso_init() {
// Check for the presence of an SSO cookie, and check it's contents against
// LDAP. If it doesn't validate, destroy the session by logging the user out.
global $user;
// Do nothing for anonymous users.
if (!user_is_logged_in() || $user->uid == 1 || !simple_ldap_sso_configured() || !simple_ldap_sso_does_session_need_validation()) {
return;
}
// If we don't have a valid SSO cookie, destroy the session and return.
if (!simple_ldap_sso_get_cookie_data()) {
simple_ldap_sso_abort();
return;
}
// Do not allow any user from the current user's IP if the flood limit has
// been reached. Default is 3 failed attempts allowed in one hour.
$limit = variable_get('simple_ldap_sso_flood_limit', 3);
$window = variable_get('simple_ldap_sso_flood_window', 3600);
// Now check the flood table.
if ($limit != 0 && !flood_is_allowed(SIMPLE_LDAP_SSO_FLOOD, $limit, $window)) {
// If the flood limit has been reached, log the user out and return.
simple_ldap_sso_abort();
return;
}
// If we passed the flood check, then check LDAP.
if (!simple_ldap_sso_validate_ldap()) {
// If the LDAP check failed, log the user out and return.
simple_ldap_sso_abort();
return;
}
// If we got this far, the session is valid in LDAP. Mark it so.
simple_ldap_sso_session_is_valid();
// If the user needs syncing, do it now.
if (simple_ldap_sso_user_needs_sync() && simple_ldap_user_variable_get('simple_ldap_user_source') == 'ldap') {
// Load up the full user object so that fields are present.
$account = user_load($user->uid);
simple_ldap_user_sync_user($account);
}
}