By alastair on

I'm developing a Drupal 5 module for my University society's website to interface with a SOAP service I created a little while back. The SOAP service has two methods; the first accepts a University ID number/email address, password, and society name, and then checks that the ID and password are correct and that the person is a member of the supplied society. This returns one of six of codes, with two success codes: SUC_MEMBER (for a regular member) and SUC_EXEC (for a committee member). The second takes a University ID number/email address and returns the name of the person associated with that ID. I use the string 0123456 as an example University ID number.

The design of the module is as follows:

  1. Check authentication details against SOAP service, get result
  2. If not registered
    1. get information from SOAP service to register with Drupal
    2. Register with Drupal (Drupal username = firstname.surname)
    3. Password = SOAP service password
    4. Add Exec role if the person is a member of the Executive Committee
  3. Login to Drupal

The module is basically finished, apart from one snag: the auto-creation of new users. When I log in with 0123456 to test this out, Drupal is creates the user 0123456, rather than alastair.smith as specified in my code. In the watchdog, I get messages saying that accounts for both 0123456 and alastair.smith have been created, but the message for the 0123456 account comes from somewhere other than my code, and the account alastair.smith is not actually created. The exact message is "New external user: 0123456 using module mccms.". This auto-registration is driving me nuts, so any help would be greatly appreciated :)

I've included my implementation of hook_auth() in case it helps. 

function mccms_auth($username, $password, $server) {
	global $society, $user;
	
	if (!empty($server)) {
		$mc_id = $username . '@' . $server;
		if (valid_email_address($mc_id) != true) {
			return false;
		}
	} else {
		$mc_id = $username;
		if (!validate_id($mc_id)) return false;
	}
	unset($username);

	$society = variable_get('mccms_society_name');
	$result = login($mc_id, $password); //check credentials against MCCMS
	
	if ($result == SUC_MEMBER || $result == SUC_EXEC) {
		//Successfully authenticated, now get user info from the MCCMS
		$info = getMemberInfo($mc_id);
		if (is_array($info)) {
			$username = strtolower($info['forename'] . '.' . $info['surname']);
			$user = user_load(array("name" => "$username"));
		}  else {
			drupal_set_message(t("User information unobtainable from the MCCMS.  Please try again later."), 'error');
			return false;
		}
		
		//If user is not registered and auto-register is enabled, auto-register them
		if (!$user->uid && (variable_get('mccms_user_register', 1) == 1)) {
			if ($username != '' and $username != '.') {
				$roles = array(DRUPAL_AUTHENTICATED_RID => "authenticated user");
				if ($result == SUC_EXEC) {
					//add user to Exec role
					$exec_role = array_search('exec', user_roles(true));
					if ($exec_role !== false) {
						$roles[$exec_role] = 'exec';
					}
				}

				$user_default = array(
					"name" => $username, 
					"pass" => md5($password), 
					"init" => db_escape_string($username), 
					"status" => 1, 
					"roles" => $roles,
					"data" => array("MCCMS_ID" => $mc_id)
				);
				
				$user = user_save(null, $user_default);
				
				if ($user->uid) {
					watchdog("user", "new user: $username (MCCMS)", l(t("edit user"), "admin/user/$user->uid/edit"));
					drupal_goto("user/$user->uid/edit");
				}
			} else {
				//Username blank, so dump out
				drupal_set_message(t("User information unobtainable from the MCCMS.  Please try again later."), 'error');
				return false;
			}
		}
		return true;
	} else {
		return false;
	}
}
Categories: Drupal 5.x

Comments

alastair’s picture

alastair commented

Following a couple of requests enquiring whether I'd solved the problem, I decided to post my solution here.

Unfortunately, the problem involved modifying user.module slightly; the diff against Drupal 5.1 is provided below. Additionally, I turned off user registration in the Administration Control Panel.

This solution is not recommended! Because you are modifying core code, future upgrades (e.g., to version 5.2) will either not complete successfully, or will require you to re-apply this patch after each upgrade. It may also introduce security holes, and whilst I don't think that it will given the nature and scope of the changes, I cannot accept any liability for damage caused to your website as a result of applying this patch; you use this patch at your own risk!

993c993
<         $user = user_load(array('name' => $name));
---
>         //$user = user_load(array('name' => $name));
995c995,996
<       if (!$user->uid) {
---
>       //if (!$user->uid) {
>       if (!$user->uid && (variable_get('user_register', 1) == 1)) { // Register this new user if registration is turned on.