/** * Provides a form for user consent of an OpenID relying party, where the * {@link simpleid_checkid_identity()} function returns a CHECKID_APPROVAL_REQUIRED * or CHECKID_RETURN_TO_SUSPECT. * * Alternatively, provide a form for the user to rectify the situation where * {@link simpleid_checkid_identity()} function returns a CHECKID_IDENTITIES_NOT_MATCHING * or CHECKID_IDENTITY_NOT_EXIST * * @param array $request the original OpenID request * @param array $response the proposed OpenID response, subject to user * verification * @param int $reason either CHECKID_APPROVAL_REQUIRED, CHECKID_RETURN_TO_SUSPECT, * CHECKID_IDENTITIES_NOT_MATCHING or CHECKID_IDENTITY_NOT_EXIST */ function simpleid_openid_consent_form($request, $response, $reason = CHECKID_APPROVAL_REQUIRED) { global $user; global $xtpl; global $version; $request_state = pickle($request); user_header($request_state); $realm = openid_get_realm($request, $version); $xtpl->assign('token', get_form_token('rp')); $xtpl->assign('state', pickle($response)); $xtpl->assign('realm', htmlspecialchars($realm, ENT_QUOTES, 'UTF-8')); if ($response['openid.mode'] == 'cancel') { $xtpl->assign('switch_user_url', htmlspecialchars(simpleid_url('logout', 'destination=continue&s=' . rawurlencode($request_state), true))); $xtpl->assign('return_to', htmlspecialchars($request['openid.return_to'], ENT_QUOTES, 'UTF-8')); $xtpl->assign('identity', htmlspecialchars($request['openid.identity'], ENT_QUOTES, 'UTF-8')); $xtpl->parse('main.openid_consent.cancel'); } else { $xtpl->assign('javascript', '<script src="' . get_base_path() . 'html/openid-consent.js" type="text/javascript"></script>'); $rp = isset($user['rp'][$realm]) ? $user['rp'][$realm] : NULL; $extensions = extension_invoke_all('consent_form', $request, $response, $rp); $xtpl->assign('extensions', implode($extensions)); if ($reason == CHECKID_RETURN_TO_SUSPECT) { $xtpl->parse('main.openid_consent.setup.suspect'); $xtpl->assign('realm_class', 'return-to-suspect'); } $xtpl->parse('main.openid_consent.setup'); } $xtpl->parse('main.openid_consent'); $xtpl->parse('main.framekiller'); header('X-Frame-Options: DENY'); $xtpl->assign('title', 'OpenID Login'); $xtpl->assign('page_class', 'dialog-page'); $xtpl->parse('main'); $xtpl->out('main'); }
/** * Detects the current installed version of SimpleID, selects the individual upgrade * functions applicable to this upgrade and displays the upgrade * selection page. */ function upgrade_selection() { global $xtpl, $upgrade_access_check; cache_gc(0, 'upgrade'); if (!validate_form_token($_POST['tk'], 'upgrade_info')) { set_message('SimpleID detected a potential security attack. Please try again.'); upgrade_info(); return; } $functions = upgrade_get_functions(); if (count($functions) == 0) { if (!$upgrade_access_check) { $xtpl->parse('main.selection.selection_complete.upgrade_access_check'); } $xtpl->parse('main.upgrade_selection.selection_complete'); } else { $handle = random_id(); cache_set('upgrade', $handle, $functions); $xtpl->assign('handle', $handle); $xtpl->assign('token', get_form_token('upgrade_selection')); $xtpl->parse('main.upgrade_selection.selection_continue'); } $xtpl->assign('original_version', upgrade_get_version()); $xtpl->assign('this_version', SIMPLEID_VERSION); $xtpl->parse('main.upgrade_selection'); $xtpl->assign('title', 'Upgrade'); $xtpl->parse('main'); $xtpl->out('main'); }