root/elgg/trunk/auth/sso/lib.php

<?php
ini_set('display_errors','1');
ini_set('display_startup_errors','1');
error_reporting (E_ALL);

/**
 * SSO authentication for elgg. 
 *
 * sso/
 *    lib.php   <- file with authentication callback functions used by elgg
 *    sso_config.php   <- sso configuration
 *    sso.php      <- sso library
 *
 * To use sso authentication in elgg in your 
 * config.php file add the two lines below 
 *   $CFG->auth = 'sso';            // tells elgg to use sso
 *   $CFG->sso_user_create = true;  // tells elgg to create a user for sso authenticated visitors
 *
 */

// sso library
require_once('sso.php');

// sso configuration
require_once('sso_config.php');


/**
 * This method is a callback function used by elgg.
 * This function is called by  authenticate_account 
 * in lib/elgglib.php.
 */
function sso_authenticate_user_login() 
{
    global $CFG;
    $redirect = "/social/index.php";

    sso_authenticate(true, true, array('bounce'=>$redirect));
    $data = sso_session_userinfo(); 

    if (array_key_exists('userinfo', $data) && array_key_exists('username', $data['userinfo']) && $data['userinfo']['username'] != '') {
        // Onid login successful
        $username = $data['userinfo']['username'];

        if ($CFG->sso_user_create == true) {
            // create elgg user automatically
            sso_create_elgg_user($username, $data['userinfo']);
        }
        // Return the user object
        return get_record_select('users', "username = ? AND active = ? AND user_type = ? ", array($username,'yes','person'));
    }
    return false;
}

/**
 * creates an entry in the elgg database for the given onid username.
 */
function sso_create_elgg_user($username, $user_info) {
    if(!validate_username($username)) {
        $messages[] = __gettext("Error! ONID Username does not meet Elgg requirements");
    } else {
        // Does the user already exist?
        $username = strtolower($username);

        if (record_exists('users','username',$username)) {
            // onid usernames are unique, so if it's already in the db, we're good to go
            return true;
        } else {
            // Everythink OK, create user
            $user = new StdClass;
            $user->email = $user_info["email"];
            $user->name  = $user_info["firstname"];
            $user->name  = $user->name . " " . $user_info["lastname"];
            $user->username = $username;
            $user->password = md5($password);
            $user->user_type = 'person';
            $user->owner = -1;

            $user_id = insert_record('users',$user);

            if (!empty($user_id)) {
                $rssresult = run("weblogs:rss:publish", array($user_id, false));
                $rssresult = run("files:rss:publish", array($user_id, false));
                $rssresult = run("profile:rss:publish", array($user_id, false));
            } else {
                // User creation failed
                $messages[] = sprintf(__gettext("User addition %d failed: Unknown reason, please contact you system administrator."), $username);
            }
        }
    }
}

/** 
 * This function logs the user out of sso.
 * It is is called by login/logout.php
 */
function sso_authenticate_user_logout() 
{
    sso_logout(); 
    unset($_SESSION['sso']); 
    unset($_SESSION['ldap']);

}

/**
 * This function checks whether or not we have 
 * sso information in session. If we do have sso 
 * information we proceed to authenticate user. 
 *
 * This function is called by isloggedin() in
 * lib/elgglib.php
 */
function check_sso_session ()
{
    global $USER;
    $data = sso_session_userinfo(); 
    if ($data != null) {
        authenticate_account(null, null);
    }
}
?>