store invite code in session so openidfinish can find it

1 files changed, 28 insertions, 5 deletions

diff --git a/actions/finishopenidlogin.php b/actions/finishopenidlogin.php
index 952185742..b08b96df6 100644
--- a/actions/finishopenidlogin.php
+++ b/actions/finishopenidlogin.php
@@ -191,11 +191,28 @@ class FinishopenidloginAction extends Action
     {
         # FIXME: save invite code before redirect, and check here
 
-        if (common_config('site', 'closed') || common_config('site', 'inviteonly')) {
+        if (common_config('site', 'closed')) {
             $this->clientError(_('Registration not allowed.'));
             return;
         }
 
+        $invite = null;
+
+        if (common_config('site', 'inviteonly')) {
+            $code = $_SESSION['invitecode'];
+            if (empty($code)) {
+                $this->clientError(_('Registration not allowed.'));
+                return;
+            }
+
+            $invite = Invitation::staticGet($code);
+
+            if (empty($invite)) {
+                $this->clientError(_('Not a valid invitation code.'));
+                return;
+            }
+        }
+
         $nickname = $this->trimmed('newname');
 
         if (!Validate::string($nickname, array('min_length' => 1,
@@ -257,10 +274,16 @@ class FinishopenidloginAction extends Action
         # XXX: add language
         # XXX: add timezone
 
-        $user = User::register(array('nickname' => $nickname,
-                                     'email' => $email,
-                                     'fullname' => $fullname,
-                                     'location' => $location));
+        $args = array('nickname' => $nickname,
+                      'email' => $email,
+                      'fullname' => $fullname,
+                      'location' => $location);
+
+        if (!empty($invite)) {
+            $args['code'] = $invite->code;
+        }
+
+        $user = User::register($args);
 
         $result = oid_link_user($user->id, $canonical, $display);