You are here

function simple_ldap_sso_init in Simple LDAP 7.2

Same name and namespace in other branches
  1. 7 simple_ldap_sso/simple_ldap_sso.module \simple_ldap_sso_init()

Implements hook_init().

File

simple_ldap_sso/simple_ldap_sso.module, line 37

Code

function simple_ldap_sso_init() {

  // Check for the presence of an SSO cookie, and check it's contents against
  // LDAP. If it doesn't validate, destroy the session by logging the user out.
  global $user;

  // Do nothing for anonymous users.
  if (!user_is_logged_in() || $user->uid == 1 || !simple_ldap_sso_configured() || !simple_ldap_sso_does_session_need_validation()) {
    return;
  }

  // If we don't have a valid SSO cookie, destroy the session and return.
  if (!simple_ldap_sso_get_cookie_data()) {
    simple_ldap_sso_abort();
    return;
  }

  // Do not allow any user from the current user's IP if the flood limit has
  // been reached. Default is 3 failed attempts allowed in one hour.
  $limit = variable_get('simple_ldap_sso_flood_limit', 3);
  $window = variable_get('simple_ldap_sso_flood_window', 3600);

  // Now check the flood table.
  if ($limit != 0 && !flood_is_allowed(SIMPLE_LDAP_SSO_FLOOD, $limit, $window)) {

    // If the flood limit has been reached, log the user out and return.
    simple_ldap_sso_abort();
    return;
  }

  // If we passed the flood check, then check LDAP.
  if (!simple_ldap_sso_validate_ldap()) {

    // If the LDAP check failed, log the user out and return.
    simple_ldap_sso_abort();
    return;
  }

  // If we got this far, the session is valid in LDAP. Mark it so.
  simple_ldap_sso_session_is_valid();

  // If the user needs syncing, do it now.
  if (simple_ldap_sso_user_needs_sync() && simple_ldap_user_variable_get('simple_ldap_user_source') == 'ldap') {

    // Load up the full user object so that fields are present.
    $account = user_load($user->uid);
    simple_ldap_user_sync_user($account);
  }
}