<?php// Alter user login form to use our validator and submit function (2 fu

1. <?php
2.  
3. // Alter user login form to use our validator and submit function (2 functions cuz there are 2 forms that can login user)
4. function wowauth_form_user_login_alter(&$form, $form_state)
5. {
6. $form[&#039;#validate&#039;] = array(&#039;wowauth_login_validate&#039;);
7. $form[&#039;#submit&#039;] = array(&#039;wowauth_login_submit&#039;);
8. }
9.  
10. // Alter user login form to use our validator and submit function (2 functions cuz there are 2 forms that can login user)
11. function wowauth_form_user_login_block_alter(&$form, $form_state)
12. {
13. $form[&#039;#validate&#039;] = array(&#039;wowauth_login_validate&#039;);
14. $form[&#039;#submit&#039;] = array(&#039;wowauth_login_submit&#039;);
15. }
16.  
17. // Validate user login
18. function wowauth_login_validate(&$form, $form_state)
19. {
20. $name = $form[&#039;#post&#039;][&#039;name&#039;];
21. $pass = $form[&#039;#post&#039;][&#039;pass&#039;];
22.  
23. db_set_active(&#039;realmd&#039;);
24. if (!$name || !$pass) // No password or username entered
25. form_set_error(&#039;title&#039;, t(&#039;Fill all fields&#039;));
26. else if (!db_result(db_query("SELECT 1 FROM account WHERE username=&#039;%s&#039; AND sha_pass_hash=&#039;%s&#039; LIMIT 1", $username, sha1(strtoupper($username . &#039;:&#039; . $pass))))) // Wrong username/password
27. form_set_error(&#039;title&#039;, t(&#039;Wrong username or password&#039;));
28. db_set_active(&#039;default&#039;);
29. }
30.  
31. // Login user
32. function wowauth_login_submit(&$form, $form_state)
33. {
34. $username = $form_values[&#039;name&#039;];
35. $pass = $form_values[&#039;pass&#039;];
36.  
37. db_set_active(&#039;realm&#039;);
38. $result = db_fetch_array(db_query("SELECT username FROM account WHERE username=&#039;%s&#039; AND sha_pass_hash=&#039;%s&#039; LIMIT 1", $username, sha1(strtoupper($username . &#039;:&#039; . $pass))));
39. db_set_active(&#039;default&#039;);
40. if ($result !== false)
41. {
42. user_external_login_register($result[&#039;username&#039;], &#039;wowauth&#039;);
43. $edit = array();
44. user_authenticate_finalize($edit);
45. }
46. }
47.  
48. // Handle user hooks
49. function wowauth_user($op, &$edit, &$account, $category = NULL)
50. {
51. // Insert user in drupal database (basically it&#039;s registration)
52. if ($op == &#039;insert&#039;)
53. {
54. db_set_active(&#039;realm&#039;);
55. // Update email realmd->drupal
56. $result = db_result(db_query("SELECT email FROM account WHERE username=&#039;%s&#039; LIMIT 1", $edit[&#039;name&#039;]));
57. db_set_active(&#039;default&#039;);
58. if ($result)
59. db_query("UPDATE {users} SET mail=&#039;%s&#039;, pass=&#039;&#039; WHERE name=&#039;%s&#039; LIMIT 1", $result, $edit[&#039;name&#039;]); // Also remove drupal&#039;s hashed password cuz md5 is easy crackable
60. }
61.  
62. // Update user (any fields changed)
63. if ($op == &#039;update&#039;)
64. {
65. $password = $edit[&#039;pass&#039;];
66. db_set_active(&#039;realm&#039;);
67. // Update password in realmd
68. db_query("UPDATE account SET sha_pass_hash=&#039;%s&#039; WHERE username=&#039;%s&#039; LIMIT 1", sha1(strtoupper($username . &#039;:&#039; . $password)), $edit[&#039;name&#039;]);
69. db_set_active(&#039;default&#039;);
70. }
71. }
72.  
73. // Alter user registration to use our validator and submit function
74. function wowauth_form_user_register_alter($form, &$form_state)
75. {
76. $form[&#039;#validate&#039;] = array(&#039;wowauth_register_validate&#039;);
77. $form[&#039;#submit&#039;] = array(&#039;wowauth_register_submit&#039;);
78. }
79.  
80. // Validate user registration
81. function wowauth_register_validate($form, &$form_state)
82. {
83. $name = $form[&#039;#post&#039;][&#039;name&#039;];
84. $pass = $form[&#039;#post&#039;][&#039;pass&#039;][&#039;pass1&#039;];
85. $mail = $form[&#039;#post&#039;][&#039;mail&#039;];
86.  
87. db_set_active(&#039;realm&#039;);
88.  
89. if ($form[&#039;#post&#039;][&#039;pass&#039;][&#039;pass2&#039;] !== $pass) // Passwords doesn&#039;t match
90. form_set_error(&#039;title&#039;, t(&#039;Entered passwords does not match&#039;));
91. else if (!valid_email_address($mail)) // Not valid email address
92. form_set_error(&#039;title&#039;, t(&#039;Entered e-mail is not valid&#039;));
93. else if (db_result(db_query("SELECT 1 FROM account WHERE username = &#039;%s&#039; LIMIT 1", $name))) // Username already taken
94. form_set_error(&#039;title&#039;, t(&#039;This username is already taken&#039;));
95. else if (db_result(db_query("SELECT 1 FROM account WHERE email = &#039;%s&#039; LIMIT 1", $mail))) // Email already taken
96. form_set_error(&#039;title&#039;, t(&#039;This email is already used&#039;));
97.  
98. db_set_active(&#039;default&#039;);
99. }
100.  
101. // Register account
102. function wowauth_register_submit($form, &$form_state)
103. {
104. $name = $form[&#039;#post&#039;][&#039;name&#039;];
105. $pass = $form[&#039;#post&#039;][&#039;pass&#039;][&#039;pass1&#039;];
106. $mail = $form[&#039;#post&#039;][&#039;mail&#039;];
107.  
108. db_set_active(&#039;realm&#039;);
109. // Add data to realmd, don&#039;t add data to drupal (it will be handled on on &#039;wowauth_authenticate&#039;)
110. db_query("INSERT INTO account (username, sha_pass_hash, email, expansion) VALUES (&#039;%s&#039;, &#039;%s&#039;, &#039;%s&#039;, 2)",
111. strtoupper($name), sha1(strtoupper($name . &#039;:&#039; . $pass)), strtoupper($mail));
112. db_set_active(&#039;default&#039;);
113.  
114. wowauth_authenticate(array(&#039;name&#039; => $name, &#039;pass&#039; => $pass));
115. $form_state[&#039;redirect&#039;] = &#039;/&#039;;
116. }