Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // Alter user login form to use our validator and submit function (2 functions cuz there are 2 forms that can login user)
- function wowauth_form_user_login_alter(&$form, $form_state)
- {
- $form['#validate'] = array('wowauth_login_validate');
- $form['#submit'] = array('wowauth_login_submit');
- }
- // Alter user login form to use our validator and submit function (2 functions cuz there are 2 forms that can login user)
- function wowauth_form_user_login_block_alter(&$form, $form_state)
- {
- $form['#validate'] = array('wowauth_login_validate');
- $form['#submit'] = array('wowauth_login_submit');
- }
- // Validate user login
- function wowauth_login_validate(&$form, $form_state)
- {
- $name = $form['#post']['name'];
- $pass = $form['#post']['pass'];
- db_set_active('realmd');
- if (!$name || !$pass) // No password or username entered
- form_set_error('title', t('Fill all fields'));
- else if (!db_result(db_query("SELECT 1 FROM account WHERE username='%s' AND sha_pass_hash='%s' LIMIT 1", $username, sha1(strtoupper($username . ':' . $pass))))) // Wrong username/password
- form_set_error('title', t('Wrong username or password'));
- db_set_active('default');
- }
- // Login user
- function wowauth_login_submit(&$form, $form_state)
- {
- $username = $form_values['name'];
- $pass = $form_values['pass'];
- db_set_active('realm');
- $result = db_fetch_array(db_query("SELECT username FROM account WHERE username='%s' AND sha_pass_hash='%s' LIMIT 1", $username, sha1(strtoupper($username . ':' . $pass))));
- db_set_active('default');
- if ($result !== false)
- {
- user_external_login_register($result['username'], 'wowauth');
- $edit = array();
- user_authenticate_finalize($edit);
- }
- }
- // Handle user hooks
- function wowauth_user($op, &$edit, &$account, $category = NULL)
- {
- // Insert user in drupal database (basically it's registration)
- if ($op == 'insert')
- {
- db_set_active('realm');
- // Update email realmd->drupal
- $result = db_result(db_query("SELECT email FROM account WHERE username='%s' LIMIT 1", $edit['name']));
- db_set_active('default');
- if ($result)
- db_query("UPDATE {users} SET mail='%s', pass='' WHERE name='%s' LIMIT 1", $result, $edit['name']); // Also remove drupal's hashed password cuz md5 is easy crackable
- }
- // Update user (any fields changed)
- if ($op == 'update')
- {
- $password = $edit['pass'];
- db_set_active('realm');
- // Update password in realmd
- db_query("UPDATE account SET sha_pass_hash='%s' WHERE username='%s' LIMIT 1", sha1(strtoupper($username . ':' . $password)), $edit['name']);
- db_set_active('default');
- }
- }
- // Alter user registration to use our validator and submit function
- function wowauth_form_user_register_alter($form, &$form_state)
- {
- $form['#validate'] = array('wowauth_register_validate');
- $form['#submit'] = array('wowauth_register_submit');
- }
- // Validate user registration
- function wowauth_register_validate($form, &$form_state)
- {
- $name = $form['#post']['name'];
- $pass = $form['#post']['pass']['pass1'];
- $mail = $form['#post']['mail'];
- db_set_active('realm');
- if ($form['#post']['pass']['pass2'] !== $pass) // Passwords doesn't match
- form_set_error('title', t('Entered passwords does not match'));
- else if (!valid_email_address($mail)) // Not valid email address
- form_set_error('title', t('Entered e-mail is not valid'));
- else if (db_result(db_query("SELECT 1 FROM account WHERE username = '%s' LIMIT 1", $name))) // Username already taken
- form_set_error('title', t('This username is already taken'));
- else if (db_result(db_query("SELECT 1 FROM account WHERE email = '%s' LIMIT 1", $mail))) // Email already taken
- form_set_error('title', t('This email is already used'));
- db_set_active('default');
- }
- // Register account
- function wowauth_register_submit($form, &$form_state)
- {
- $name = $form['#post']['name'];
- $pass = $form['#post']['pass']['pass1'];
- $mail = $form['#post']['mail'];
- db_set_active('realm');
- // Add data to realmd, don't add data to drupal (it will be handled on on 'wowauth_authenticate')
- db_query("INSERT INTO account (username, sha_pass_hash, email, expansion) VALUES ('%s', '%s', '%s', 2)",
- strtoupper($name), sha1(strtoupper($name . ':' . $pass)), strtoupper($mail));
- db_set_active('default');
- wowauth_authenticate(array('name' => $name, 'pass' => $pass));
- $form_state['redirect'] = '/';
- }
Add Comment
Please, Sign In to add comment