/** * Determine if the current user trusts the the relying party of the OpenID authentication request. * * @uses do_action() Calls the 'openid_server_trust_form' hook action when displaying the trust form. * @uses do_action() Calls the 'openid_server_trust_submit' hook action when processing the submitted trust form. * @uses apply_filters() Calls 'openid_server_store_trusted_site' before storing trusted site data. */ function openid_server_user_trust($request) { $user = wp_get_current_user(); if ($_REQUEST['openid_trust']) { $trust = null; if ($_REQUEST['openid_trust'] == 'cancel') { $trust = false; } else { check_admin_referer('openid-server_trust'); $trust = true; } do_action('openid_server_trust_submit', $trust, $request); if ($trust) { // store trusted site (unless hidden constant is set) if (!defined('OPENID_NO_AUTO_TRUST') || !OPENID_NO_AUTO_TRUST) { $site = array('url' => $request->trust_root, 'last_login' => time()); $site = apply_filters('openid_server_store_trusted_site', $site); $trusted_sites = get_usermeta($user->ID, 'openid_trusted_sites'); $site_hash = md5($request->trust_root); $trusted_sites[$site_hash] = $site; update_usermeta($user->ID, 'openid_trusted_sites', $trusted_sites); } } return $trust; } else { // prompt the user to make a trust decision @session_start(); $_SESSION['openid_server_request'] = $request; ob_start(); echo ' <style type="text/css"> #banner { margin-bottom: 4em; } #banner #site { float: left; color: #555; } #banner #loggedin { font-size: 0.7em; float: right; } p.trust_form_add { margin: 3em auto 1em; padding: 0.5em; border: 1px solid #999; background: #FFEBE8; width: 80%; font-size: 0.8em; -moz-border-radius: 3px; } #submit { font-size: 18px; padding: 10px 35px; margin-left: 1em; } </style> <div id="banner"> <div id="site">' . get_option('blogname') . '</div>'; if (is_user_logged_in()) { $user = wp_get_current_user(); $logout_url = site_url('wp-login.php?action=logout&redirect_to=' . urlencode(site_url('?openid_server=1')), 'login'); echo ' <div id="loggedin">' . sprintf(__('Logged in as %1$s (%2$s). <a href="%3$s">Use a different account?</a>', 'openid'), $user->display_name, $user->user_login, $logout_url) . '</div>'; } echo ' </div> <form action="' . trailingslashit(get_option('siteurl')) . '?openid_server=1" method="post"> <h1>' . __('Verify Your Identity', 'openid') . '</h1> <p style="margin: 1.5em 0 1em 0;">' . sprintf(__('%s has asked to verify your identity.', 'openid'), '<strong>' . $request->trust_root . '</strong>') . '</p> <p style="margin: 1em 0;">' . __('Click <strong>Continue</strong> to verify your identity and login without creating a new password.', 'openid') . '</p>'; do_action('openid_server_trust_form'); echo ' <p class="submit" style="text-align: center; margin-top: 2.4em;"> <a href="' . trailingslashit(get_option('site_url')) . '?openid_server=1&openid_trust=cancel">' . __('Cancel and go back', 'openid') . '</a> <input type="submit" id="submit" name="openid_trust" value="' . __('Continue', 'openid') . '" /> </p> <p style="margin: 3em 0 1em 0; font-size: 0.8em;">' . sprintf(__('Manage or remove access on the <a href="%s" target="_blank">Trusted Sites</a> page.', 'openid'), admin_url((current_user_can('edit_users') ? 'users.php' : 'profile.php') . '?page=openid_trusted_sites')) . '</p> <p style="margin: 1em 0; font-size: 0.8em;">' . sprintf(__('<a href="%s" target="_blank">Edit your profile</a> to change the information that gets shared with Trusted Sites.', 'openid'), admin_url('profile.php')) . '</p> '; wp_nonce_field('openid-server_trust', '_wpnonce', true); echo ' </form>'; $html = ob_get_contents(); ob_end_clean(); openid_page($html, __('Verify Your Identity', 'openid')); } }
function openid_repost_comment_anonymously($post) { $comment_page = defined('OPENID_COMMENTS_POST_PAGE') ? OPENID_COMMENTS_POST_PAGE : 'wp-comments-post.php'; $html = ' <h1>' . __('OpenID Authentication Error', 'openid') . '</h1> <p id="error">' . __('We were unable to authenticate your claimed OpenID, however you ' . 'can continue to post your comment without OpenID:', 'openid') . '</p> <form action="' . site_url("/{$comment_page}") . '" method="post"> <p>Name: <input name="author" value="' . $post['author'] . '" /></p> <p>Email: <input name="email" value="' . $post['email'] . '" /></p> <p>URL: <input name="url" value="' . $post['url'] . '" /></p> <textarea name="comment" cols="80%" rows="10">' . stripslashes($post['comment']) . '</textarea> <input type="submit" name="submit" value="' . __('Submit Comment') . '" /> <input type="hidden" name="openid_skip" value="1" />'; foreach ($post as $name => $value) { if (!in_array($name, array('author', 'email', 'url', 'comment', 'submit'))) { $html .= ' <input type="hidden" name="' . $name . '" value="' . $value . '" />'; } } $html .= '</form>'; openid_page($html, __('OpenID Authentication Error', 'openid')); }
/** * Send HTTP post through the user-agent. If javascript is not supported, the * user will need to click on a "continue" button. * * @param string $action form action (URL to POST form to) * @param array $parameters key-value pairs of parameters to include in the form * @uses do_action() Calls 'openid_page_head' hook action */ function openid_repost($action, $parameters) { $html = ' <noscript><p>' . __('Since your browser does not support JavaScript, you must press the Continue button once to proceed.', 'openid') . '</p></noscript> <form action="' . $action . '" method="post">'; foreach ($parameters as $k => $v) { if ($k == 'submit') { continue; } $html .= "\n" . '<input type="hidden" name="' . $k . '" value="' . htmlspecialchars(stripslashes($v), ENT_COMPAT, get_option('blog_charset')) . '" />'; } $html .= ' <noscript><div><input type="submit" value="' . __('Continue') . '" /></div></noscript> </form> <script type="text/javascript"> document.write("<h2>' . __('Please Wait...', 'openid') . '</h2>"); document.forms[0].submit() </script>'; openid_page($html, __('OpenID Authentication Redirect', 'openid')); }
/** * Remove identity URL from current user account. * * @param int $id id of identity URL to remove */ function openid_profile_delete_openids($delete) { if (empty($delete) || $_REQUEST['cancel']) { return; } check_admin_referer('openid-delete_openids'); $user = wp_get_current_user(); $urls = get_user_openids($user->ID); if (sizeof($urls) == sizeof($delete) && !$_REQUEST['confirm']) { $html = ' <h1>' . __('OpenID Warning', 'openid') . '</h1> <form action=' . sprintf('%s?page=%s', $_SERVER['PHP_SELF'], $_REQUEST['page']) . ' method="post"> <p>' . __('Are you sure you want to delete all of your OpenID associations? Doing so may prevent you from logging in.', 'openid') . '</p> <div class="submit"> <input type="submit" name="confirm" value="' . __("Yes I'm sure. Delete.", 'openid') . '" /> <input type="submit" name="cancel" value="' . __("No, don't delete.", 'openid') . '" /> </div>'; foreach ($delete as $d) { $html .= '<input type="hidden" name="delete[]" value="' . $d . '" />'; } $html .= wp_nonce_field('openid-delete_openids', '_wpnonce', true, false) . ' <input type="hidden" name="action" value="delete" /> </form>'; openid_page($html, __('OpenID Warning', 'openid')); return; } $count = 0; foreach ($urls as $url) { if (in_array(md5($url), $_REQUEST['delete'])) { if (openid_drop_identity($user->ID, $url)) { $count++; } } } if ($count) { openid_message(sprintf(__('Deleted %1$s OpenID association%2$s.', 'openid'), $count, $count > 1 ? 's' : '')); openid_status('success'); // ensure that profile URL is still a verified OpenID set_include_path(dirname(__FILE__) . PATH_SEPARATOR . get_include_path()); require_once 'Auth/OpenID.php'; @(include_once ABSPATH . WPINC . '/registration.php'); // WP < 2.3 @(include_once ABSPATH . 'wp-admin/includes/admin.php'); // WP >= 2.3 if (!openid_ensure_url_match($user)) { $identities = get_user_openids($user->ID); wp_update_user(array('ID' => $user->ID, 'user_url' => $identities[0])); openid_message(openid_message() . '<br />' . __('<strong>Note:</strong> For security reasons, your profile URL has been updated to match your OpenID.', 'openid')); } return; } openid_message(__('OpenID association delete failed: Unknown reason.', 'openid')); openid_status('error'); }