Aw: Re: Aw: Re: Aw: Re: SSO with TYPO3 [message #166263 is a reply to message #166259] |
Wed, 19 October 2011 03:42 |
kaystrobach
Messages: 28 Registered: May 2006 Location: Bannewitz
Karma:
|
Junior Member |
|
|
would be nice, if you would point me to the right usage of the fudapi (know how to bypass it - but that should'nt be the goal).
Below is the complete adapter throwing the error:
The function sso is called twice in my use case:
1. create user
2. login user
The Problem occurs during login, if i add the groups, so i assume, that i misuse some of the api functions, but i didn't found anyway to close the buffered query cursors in your queries (except closing the connection ...)
<?php
/*
* Signature-Based Single Sign-On Framework
* TPA Adapter for
* fudforum (http://www.fudforum.org )
*
* Version : 3.0.3
* Last update : 13.10.2011
*
* (c) Kay Strobach, Bannewitz, Germany
* http://www.kay-strobach.de
* http://www.single-signon.com
*/
/**
* function which is called after including this file in the SSO-Agent.
*
* @param
* User_Name string Username the Session will be created for
* remote_addr string Remoteaddress of the users system
* agent string Browser
* sso_url string Url where the user will be redirected after establishing a session for him
* sso_version string the protocol version of the calling agent
* sso_action string the action to perform. Right now this is either 'logon' or 'create_modify'
* sso_userdata string the userdata submitted by the agent
*
* @return string return the session data
*
* Leave stubs if you dont need all four params.
*/
/*
* return the protocol version
*/
//include libs
require_once('GLOBALS.php');
require_once($INCLUDE.'../scripts/forum_login.php');
require_once($INCLUDE.'../scripts/fudapi.inc.php');
function get_version(){
return "2.0";
}
function sso($User_Name,$ip,$agent,$sso_url,$sso_version="",$sso_action="",$sso_userdata="") {
// alternative: return error
if ($sso_version == "") return array("Error"=>"sso version out of date");
//process sso data
$sso_userdata = process_userdata($sso_userdata);
$User_ID = sso_get_userByUsername($User_Name);
$err = null;
switch($sso_action){
// action: create user / update userdata
case 'create_modify':
$vals = array(
'login' =>$User_Name,
'passwd'=>md5(microtime(true)),
'email' =>$sso_userdata['email'],
'name' =>$sso_userdata['name']
);
__fud_login_common(1);
if(!$User_ID) {
$User_ID = fud_add_user(
$vals,
$err
);
} else {
fud_update_user(
$User_ID,
$vals,
$err
);
}
if(array_key_exists('usergroup', $sso_userdata)) {
sso_syncGroups($User_ID, explode(',', $sso_userdata['usergroup']));
}
break;
// perform logon for given $User_Name
case 'logon':
if (external_fud_login($User_ID)) {
$return_val = array();
$return_val[0] = array();
$return_val += array( "redirecturl" => $sso_url);
return $return_val;
}
return array("Error"=>"no account for this user");
break;
}
}
/*
* process the userdata string and return an associative array
* @param string $sso_userdata: the data from fe_users (pipe-separated)
* @return array $data: the userdata
*/
function process_userdata($sso_userdata){
$sso_userdata = split("\|",$sso_userdata);
for ($i=0;$i<count($sso_userdata);$i++) {
$sso_userdata[$i]=split("=",$sso_userdata[$i]);
$data[$sso_userdata[$i][0]]=$sso_userdata[$i][1];
}
unset ($sso_userdata);
return $data;
}
function sso_get_userByUsername($login) {
__fud_login_common(1);
$r = db_sab('SELECT id FROM '. $GLOBALS['DBHOST_TBL_PREFIX'] .'users WHERE login='. _esc($login));
if($r) {
return $r->id;
}
}
function sso_syncGroups($userID, $groupNames) {
// iterate
foreach($groupNames as $groupName) {
// Use special name
$groupName = 'SSO: ' . $groupName;
// Check wether group exists
$r = db_sab('SELECT id FROM '. $GLOBALS['DBHOST_TBL_PREFIX'] .'groups WHERE name='. _esc($groupName));
if($r) {
$groupId = $r->id;
} else {
$groupId = ins_m(
$GLOBALS['DBHOST_TBL_PREFIX'] .'groups',
'name',
_esc($groupName)
);
}
// Check wether user is in group and add it
$r = db_sab('SELECT id FROM '. $GLOBALS['DBHOST_TBL_PREFIX'] .'group_members WHERE group_id='. _esc($groupId) . ' AND user_id=' . _esc($userID));
if(!$r) {
ins_m(
$GLOBALS['DBHOST_TBL_PREFIX'] .'group_members',
'group_id, user_id',
array(
_esc($groupId),
_esc($userID)
)
);
}
}
// remove groups which are removed in external adapter
$list = '';
foreach($groupNames as $groupName) {
if($list !== '') {
$list.= ', ';
}
$list.= _esc($groupName);
}
$q = '
SELECT *
FROM '. $GLOBALS['DBHOST_TBL_PREFIX'] .'group_members
LEFT JOIN '. $GLOBALS['DBHOST_TBL_PREFIX'] .'groups ON '. $GLOBALS['DBHOST_TBL_PREFIX'] .'group_members.group_id = fud_groups.id
WHERE '. $GLOBALS['DBHOST_TBL_PREFIX'] .'group_members.user_id = ' . _esc($userID) . '
AND '. $GLOBALS['DBHOST_TBL_PREFIX'] .'groups.name NOT IN (' . $list . ')
AND '. $GLOBALS['DBHOST_TBL_PREFIX'] .'groups.name LIKE "SSO:%"
';
$groupsToRemove = uq($q);
if(method_exists($groupsToRemove, 'fetchAll')) {
$groupsToRemove = $groupsToRemove->fetchAll(PDO::FETCH_COLUMN);
foreach($groupsToRemove as $group) {
echo $group;
uq('DELETE FROM '. $GLOBALS['DBHOST_TBL_PREFIX'] .'group_members WHERE id = ' . _esc($group->id));
}
}
}
|
|
|