1 files changed, 19 insertions, 15 deletions

diff --git a/inc/user.inc.php b/inc/user.inc.php
index c09e936..28a1fd5 100644
--- a/inc/user.inc.php
+++ b/inc/user.inc.php
@@ -43,7 +43,7 @@ class User
 	{
 		if (!isset(self::$user['userid']))
 			return false;
-		return (int) self::$user['userid'];
+		return self::$user['userid'];
 	}
 
 	public static function getMail()
@@ -152,10 +152,16 @@ class User
 			return true;
 		$hasSession = Session::load();
 		if (empty($_SERVER['persistent-id'])) {
-			if (Session::getUid() === false)
+			if (Session::getUid() === false) {
+				if (!empty($_SERVER['Shib-Session-ID'])) {
+					Message::addError('Sie haben sich erfolgreich mittels bwIDM authentifiziert,'
+						. ' aber der IdP Ihrer Einrichtung scheint die benötigten Metadaten nicht'
+						. ' an den bwLehrpool-SP zu übermitteln. Bitte wenden Sie sich an den Support.');
+				}
 				return false;
+			}
 			// Try user from local DB
-			self::$user = Database::queryFirst('SELECT userid, shibid, login, organizationid AS organization, firstname, lastname, email FROM user WHERE userid = :uid LIMIT 1', array('uid' => Session::getUid()));
+			self::$user = Database::queryFirst('SELECT userid, shibid, organizationid AS organization, firstname, lastname, email FROM user WHERE userid = :uid LIMIT 1', array('uid' => Session::getUid()));
 			self::$isInDb = self::$user !== false;
 			return self::$isInDb;
 		}
@@ -174,9 +180,8 @@ class User
 			$_SERVER['mail'] = '';
 		$shibId = md5($_SERVER['persistent-id']);
 		self::$user = array(
-			'userid' => 0,
+			'userid' => NULL,
 			'shibid' => $shibId,
-			'login' => NULL,
 			'firstname' => $_SERVER['givenName'],
 			'lastname' => $_SERVER['sn'],
 			'email' => $_SERVER['mail'],
@@ -190,7 +195,7 @@ class User
 		if (isset($_SERVER['affiliation']) && preg_match('/@([a-zA-Z\-\._]+)(;|$)/', $_SERVER['affiliation'], $out))
 			self::$user['organization'] = $out[1];
 		// Get matching db entry if any
-		$user = Database::queryFirst('SELECT userid, login, firstname, lastname, email, fixedname FROM user WHERE shibid = :shibid LIMIT 1', array('shibid' => $shibId));
+		$user = Database::queryFirst('SELECT userid, firstname, lastname, email, fixedname FROM user WHERE shibid = :shibid LIMIT 1', array('shibid' => $shibId));
 		if ($user === false) {
 			// No match in database, user is not signed up
 			return true;
@@ -201,7 +206,6 @@ class User
 			Session::save();
 		}
 		// Already signed up, see if we can fetch missing fields from DB
-		self::$user['login'] = $user['login'];
 		self::$isInDb = true;
 		self::$isAnonymous = (empty($user['firstname']) && empty($user['lastname']));
 		foreach (array('firstname', 'lastname', 'email') as $key) {
@@ -220,15 +224,15 @@ class User
 		if (!empty($existingLogin)) {
 			if ($anonymous) {
 				$ret = Database::exec("UPDATE user SET shibid = :shibid, firstname = '', lastname = '', email = '', password = '' "
-					. " WHERE login = :login LIMIT 1", array(
+					. " WHERE userid = :userid LIMIT 1", array(
 						'shibid' => self::$user['shibid'],
-						'login' => $existingLogin
+						'userid' => $existingLogin
 					));
 			} else {
 				$ret = Database::exec("UPDATE user SET shibid = :shibid, password = '', firstname = :firstname, lastname = :lastname, email = :email "
-					. " WHERE login = :login LIMIT 1", array(
+					. " WHERE userid = :userid LIMIT 1", array(
 						'shibid' => self::$user['shibid'],
-						'login' => $existingLogin,
+						'userid' => $existingLogin,
 						'firstname' => self::$user['firstname'],
 						'lastname' => self::$user['lastname'],
 						'email' => self::$user['email']
@@ -239,14 +243,14 @@ class User
 		
 		// New account
 		if ($anonymous) {
-			Database::exec("INSERT INTO user (shibid, login, organizationid, firstname, lastname, email) "
+			Database::exec("INSERT INTO user (shibid, userid, organizationid, firstname, lastname, email) "
 				. " VALUES (:shibid, :shibid, :org, '', '', '') "
 				. " ON DUPLICATE KEY UPDATE firstname = '', lastname = '', email = '', password = ''", array(
 				'shibid' => self::$user['shibid'],
 				'org' => self::getOrganizationId()
 			));
 		} else {
-			Database::exec("INSERT INTO user (shibid, login, organizationid, firstname, lastname, email) "
+			Database::exec("INSERT INTO user (shibid, userid, organizationid, firstname, lastname, email) "
 				. " VALUES (:shibid, :shibid, :org, :firstname, :lastname, :email) "
 				. " ON DUPLICATE KEY UPDATE firstname = VALUES(firstname), lastname = VALUES(lastname), email = VALUES(email), password = ''", array(
 				'shibid' => self::$user['shibid'],
@@ -284,7 +288,7 @@ class User
 
 	public static function login($user, $pass)
 	{
-		$ret = Database::queryFirst('SELECT userid, password FROM user WHERE login = :user LIMIT 1', array(':user' => $user));
+		$ret = Database::queryFirst('SELECT userid, password FROM user WHERE userid = :user LIMIT 1', array(':user' => $user));
 		if ($ret === false)
 			return false;
 		if (!Crypto::verify($pass, $ret['password']))
@@ -305,7 +309,7 @@ class User
 		}
 		Session::delete();
 		if (self::$isShib) {
-			Header('Location: ' . CONFIG_PREFIX . '?do=Logout&noredirect=yes');
+			Header('Location: /Shibboleth.sso/Logout');
 		} else {
 			Header('Location: ?do=Main');
 		}