# packages/acs-subsite/www/register/hash-login.tcl
# This allows logging a user into multiple host node mapped subsites using the auth token from a current login on one of the other host node mapped subsites
# TODO make sure the host is a valid host node mapped URL
ad_page_contract {
auto-login using user_id, hash, time and token_id
@author Deds Castillo
@creation-date 2009-08-26
} {
{user_id:optional,trim ""}
{time:optional,trim ""}
{hash:optional,trim ""}
{return_url "/"}
{host ""}
} -properties {
} -validate {
} -errors {
}
if { $user_id ne "" && \
$time ne "" && \
$hash ne "" } {
set token [sec_get_user_auth_token $user_id]
set computed_hash [ns_sha1 "$user_id$time$token"]
set expiration_time 30
if { [string compare $hash $computed_hash] != 0 || \
$time < [ns_time] - $expiration_time } {
# expired or wrong credentials
} else {
ad_user_login $user_id
}
}
if { [string match "http*" $return_url] } {
set next_url $return_url
} else {
set next_url "${host}${return_url}"
}
ad_returnredirect $next_url
