function execute()
 {
     if (isset($_GET['openid'])) {
         if (trim($_GET['openid'] == '')) {
             $this->error = _("Provide a valid OpenID.");
         }
         require_once 'openid.php';
         $openid = new Dope_OpenID($_GET['openid']);
         $openid->setReturnURL(RessourceManager::getExternUrl('special/login/openid_return'));
         $openid->SetTrustRoot(RessourceManager::getServerName());
         $openid->setRequiredInfo(array('email', 'fullname'));
         $endpoint_url = $openid->getOpenIDEndpoint();
         if ($endpoint_url) {
             // If we find the endpoint, you might want to store it for later use.
             $_SESSION['openid_endpoint_url'] = $endpoint_url;
             // Redirect the user to their OpenID Provider
             $openid->redirect();
         } else {
             $error = $openid->getError();
             $this->error = '';
             $this->error .= "ERROR CODE: " . $error['code'] . "<br>";
             $this->error .= "ERROR DESCRIPTION: " . $error['description'] . "<br>";
         }
     } else {
         $this->error = _("Login error.");
     }
 }
Beispiel #2
0
 function openid_auth($openid_url)
 {
     if (isset($openid_url)) {
         global $FULLPATH;
         $openid = new Dope_OpenID($openid_url);
         $openid->setReturnURL($FULLPATH);
         $openid->SetTrustRoot($FULLPATH);
         $openid->setOptionalInfo(array('nickname', 'fullname', 'email'));
         $endpoint_url = $openid->getOpenIDEndpoint();
         if ($endpoint_url) {
             // If we find the endpoint, you might want to store it for later use.
             $_SESSION['openid_endpoint_url'] = $endpoint_url;
             // Redirect the user to their OpenID Provider
             $openid->redirect();
             // Call exit so the script stops executing while we wait to redirect.
             exit;
         } else {
             //echo 'EPURL'.$endpoint_url;
             /*
              * Else we couldn't find an OpenID Provider endpoint for the user.
              * You can report this error any way you like, but just for demonstration
              * purposes we'll get the error as reported by Dope OpenID. It will be
              * displayed farther down in this file with the HTML.
              */
             $the_error = $openid->getError();
             $error = "Error Code: {$the_error['code']}<br />";
             $error .= "Error Description: {$the_error['description']}<br />";
             echo $error;
         }
     }
 }
Beispiel #3
0
 if (!isset($error)) {
     /*
      * Store the user's submitted OpenID Identity for later use.
      */
     $_SESSION['openid_url'] = $openid_url;
     /*
      * Create a new Dope_OpenID object
      */
     $openid = new Dope_OpenID($openid_url);
     /*
      * YOU MUST EDIT THIS LINE.
      * The user's OpenID provider will return them to the URL that you provide here.
      * It could be a separate verify.php script, or just pass a parameter to tell a
      * single processing script what to do (like I've done with this file you're reading).
      */
     $openid->setReturnURL("http://www.stevelove.org/projects/dope-openid/demo/login.php?action=verify");
     /*
      * YOU MUST EDIT THIS LINE
      * Set the trust root. This is the URL or set of URLs the user will be asked
      * to trust when signing in with their OpenID Provider. It could be your base
      * URL or a subdirectory thereof. Up to you.
      */
     $openid->SetTrustRoot('http://www.stevelove.org/projects/dope-openid/demo/');
     /*
      * EDIT THIS LINE (OPTIONAL)
      * When the user signs in with their OpenID Provider, these are
      * the details you would like sent back for your own use.
      * Dope OpenID attempts to get this information using both Simple Registration
      * and Attribute Exchange protocols. The type that is returned depends on the
      * user's Provider. Each provider chooses what they wish to provide and all 
      * defined attributes may not be available. To see where these two types of
Beispiel #4
0
/**
 * This function takes the OpenID given by the user and
 * try to find out the final endpoint by parsing the OpenID URL.
 * It will check if the OpenID URL supplied is a valid URL or not.
 * OpenID is stored in $_SESSION['openid_url'] for later use.
 * It Uses the Dope_OpenID class found in cms/openid/.
 * After the Endpoint URL has being found out, this function redirects
 * the user to the OpenID provider's website for authentication
 * @param $openid_url The OpenID of the user as string.
 * @return Nothing
 */
function openid_endpoint($openid_url)
{
    /**
     * If running PHP 5, use the built-in URL validator.
     * Else use something like the following regex to validate input.
     */
    if (function_exists('filter_input')) {
        if (!filter_input(INPUT_POST, "openid_identifier", FILTER_VALIDATE_URL)) {
            $error = "Error: OpenID Identifier is not in proper format.";
        }
    } else {
        // Found this on Google. Seems to match most valid URLs. Feel free to modify or replace.
        if (!eregi("^((https?)://)?(((www\\.)?[^ ]+\\.[com|org|net|edu|gov|us]))([^ ]+)?\$", $openid_url)) {
            $error = "Error: OpenID Identifier is not in proper format.";
        }
    }
    /// Proceed if we made it through without setting $error
    if (!isset($error)) {
        /**
         * Store the user's submitted OpenID Identity for later use.
         */
        $_SESSION['openid_url'] = $openid_url;
        /**
         * Create a new Dope_OpenID object
         */
        $openid = new Dope_OpenID($openid_url);
        /**
         * ReturnURL: The URL to which the OpenID provider should return the user to,
         * after the authentication has been done.
         * This Line might require editing:
         * The user's OpenID provider will return them to the URL that you provide here.
         */
        global $rewriteEngineEnabled;
        ///if rewriteEngine is enabled, then write explicit name index.php (direct filename are saved from being processed by rewrite engine)
        ///since rewriteEngine is poorly coded. It doesn't allow longer GET queries.
        ///if rewriteEngine is off, we can remove the index.php part to make the url look non-php
        if ($rewriteEngineEnabled == 'true') {
            $returnURL = "http://" . $_SERVER['HTTP_HOST'] . dirname(isset($_SERVER['ORIG_SCRIPT_NAME']) ? $_SERVER['ORIG_SCRIPT_NAME'] : $_SERVER['SCRIPT_NAME']) . "/index.php?action=login&subaction=openid_verify";
        } else {
            $returnURL = "http://" . $_SERVER['HTTP_HOST'] . dirname(isset($_SERVER['ORIG_SCRIPT_NAME']) ? $_SERVER['ORIG_SCRIPT_NAME'] : $_SERVER['SCRIPT_NAME']) . "/?action=login&subaction=openid_verify";
        }
        $openid->setReturnURL($returnURL);
        /**
         * TrustRoot: The URL to which your user would be asked to trust. This is
         * usually the parent directory of ReturnURL
         * Set the trust root. This is the URL or set of URLs the user will be asked
         * to trust when signing in with their OpenID Provider. It could be your base
         * URL or a subdirectory thereof. Up to you.
         */
        $openid->SetTrustRoot("http://" . $_SERVER['HTTP_HOST'] . dirname(isset($_SERVER['ORIG_SCRIPT_NAME']) ? $_SERVER['ORIG_SCRIPT_NAME'] : $_SERVER['SCRIPT_NAME']));
        /**
         * OptionalInfo: The information you  need to fetch form the Provider
         * When the user signs in with their OpenID Provider, these are
         * the details you would like sent back for your own use.
         * Dope OpenID attempts to get this information using both Simple Registration
         * and Attribute Exchange protocols. The type that is returned depends on the
         * user's Provider. Each provider chooses what they wish to provide and all 
         * defined attributes may not be available. To see where these two types of
         *  attributes intersect, see the following: http://www.axschema.org/types/
         */
        $openid->setOptionalInfo(array('nickname', 'fullname', 'email'));
        /**
         * EDIT THIS LINE (OPTIONAL)
         * PAPE Policies help protect users and you against phishing and other authentication
         * forgeries. It's an optional extension, so not all OpenID Providers will be using it.
         * Uncomment to use it.
         * More info and possible policy values here: http://openid.net/specs/openid-provider-authentication-policy-extension-1_0-01.html
         */
        //$openid->setPapePolicies('http://schemas.openid.net/pape/policies/2007/06/phishing-resistant ');
        /**
         * EDIT THIS LINE (OPTIONAL)
         * Also part of the PAPE extension, you can set a time limit for users to
         * authenticate themselves with their OpenID Provider. If it takes too long,
         * authentication will fail and the user will not be allowed access to your site.
         * Uncomment and set a value in seconds to use.
         */
        //$openid->setPapeMaxAuthAge(120);
        /// Attempt to discover the user's OpenID provider endpoint
        $endpoint_url = $openid->getOpenIDEndpoint();
        if ($endpoint_url) {
            /// If we find the endpoint, you might want to store it for later use.
            $_SESSION['openid_endpoint_url'] = $endpoint_url;
            /// Redirect the user to their OpenID Provider
            $openid->redirect();
            /// Call exit so the script stops executing while we wait to redirect.
            exit;
        } else {
            /**
             * Else we couldn't find an OpenID Provider endpoint for the user.
             * You can report this error any way you like. but just for demonstration
             * purposes we'll get the error as reported by Dope OpenID. It will be
             * displayed farther down in this file with the HTML.
             */
            $the_error = $openid->getError();
            $error = "Error Code: {$the_error['code']}<br />";
            $error .= "Error Description: {$the_error['description']}<br />";
        }
    }
}
Beispiel #5
0
function oip()
{
    //	echo 	"<!-- this is where the openid action happens -->";
    if (!isset($_POST['openid_identity'])) {
        return;
    }
    //error_reporting(E_ALL);
    global $bb_current_user, $bbdb;
    //could use "login-page"
    if ((bb_get_location() == "register-page" || bb_get_location() == "login-page") && isset($_POST['openid_identity'])) {
        $openid_identity = trim($_POST['openid_identity']);
        if (!preg_match("/^https?:\\/\\//i", $openid_identity)) {
            $openid_identity = 'http://' . $openid_identity;
        }
        /*if(function_exists('filter_input')) 
        			{
        			if( ! filter_input(INPUT_POST, 'openid_identity', FILTER_VALIDATE_URL)) 
        				{
        				$error = "Error: OpenID Identifier is not in proper format.";
        				}
        			}
        		else 
        			{
        			if( ! eregi("^((https?)://)?(((www\.)?[^ ]+\.[com|org|net|edu|gov|us]))([^ ]+)?$",$openid_identity)) 
        				{
        				$error = "Error: OpenID Identifier is not in proper format.";
        				}
        			}
        		*/
        if (!eregi("^((https?)://)?(((www\\.)?[^ ]+\\.[com|org|net|edu|gov|us]))([^ ]+)?\$", $openid_identity)) {
            $error = "Error: OpenID Identifier is not in proper format.";
        }
        //echo $openid_identity;
        if (!isset($error)) {
            oip_session();
            $openid = new Dope_OpenID($openid_identity);
            $openid->setReturnURL(bb_get_option('uri') . "register.php?action=verify");
            $openid->SetTrustRoot(bb_get_option('uri'));
            $openid->setRequiredInfo(array('email', 'nickname', 'fullname'));
            //print_r($openid);
            //echo "sending";
            $endpoint_url = $openid->getOpenIDEndpoint();
            if ($endpoint_url) {
                // If we find the endpoint, you might want to store it for later use.
                //$_SESSION['oip_url'] = $endpoint_url;
                // Redirect the user to their OpenID Provider
                $openid->redirect();
                // Call exit so the script stops executing while we wait to redirect.
                exit;
            } else {
                $the_error = $openid->getError();
                $error = "Error Code: {$the_error['code']}<br />";
                $error .= "Error Description: {$the_error['description']}<br />";
            }
        } else {
            //echo "OpenidPlus: ".$error;
        }
        // /!isset($error)
        //}	// /isset($_POST['openid_url'])
    }
    // bb_get_location()=="register-page"
}
Beispiel #6
0
function openid_endpoint($openid_url)
{
    /*
     * If running PHP 5, use the built-in URL validator.
     * Else use something like the following regex to validate input.
     */
    echo $openid_url;
    if (function_exists('filter_input')) {
        if (!filter_input(INPUT_POST, "openid_identifier", FILTER_VALIDATE_URL)) {
            $error = "Error: OpenID Identifier is not in proper format.";
        }
    } else {
        // Found this on Google. Seems to match most valid URLs. Feel free to modify or replace.
        if (!eregi("^((https?)://)?(((www\\.)?[^ ]+\\.[com|org|net|edu|gov|us]))([^ ]+)?\$", $openid_url)) {
            $error = "Error: OpenID Identifier is not in proper format.";
        }
    }
    // Proceed if we made it through without setting $error
    if (!isset($error)) {
        /*
         * Store the user's submitted OpenID Identity for later use.
         */
        $_SESSION['openid_url'] = $openid_url;
        /*
         * Create a new Dope_OpenID object
         */
        $openid = new Dope_OpenID($openid_url);
        /*
         * YOU MUST EDIT THIS LINE.
         * The user's OpenID provider will return them to the URL that you provide here.
         * It could be a separate verify.php script, or just pass a parameter to tell a
         * single processing script what to do (like I've done with this file you're reading).
         */
        $openid->setReturnURL("http://" . $_SERVER['HTTP_HOST'] . dirname(isset($_SERVER['ORIG_SCRIPT_NAME']) ? $_SERVER['ORIG_SCRIPT_NAME'] : $_SERVER['SCRIPT_NAME']) . "../../../index.php?action=login&subaction=openid_verify");
        /*
         * YOU MUST EDIT THIS LINE
         * Set the trust root. This is the URL or set of URLs the user will be asked
         * to trust when signing in with their OpenID Provider. It could be your base
         * URL or a subdirectory thereof. Up to you.
         */
        $openid->SetTrustRoot("http://" . $_SERVER['HTTP_HOST'] . dirname(isset($_SERVER['ORIG_SCRIPT_NAME']) ? $_SERVER['ORIG_SCRIPT_NAME'] : $_SERVER['SCRIPT_NAME']) . "../../../");
        //            echo "http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."../../";
        //    exit;
        /*
         * EDIT THIS LINE (OPTIONAL)
         * When the user signs in with their OpenID Provider, these are
         * the details you would like sent back for your own use.
         * Dope OpenID attempts to get this information using both Simple Registration
         * and Attribute Exchange protocols. The type that is returned depends on the
         * user's Provider. Each provider chooses what they wish to provide and all 
         * defined attributes may not be available. To see where these two types of
         *  attributes intersect, see the following: http://www.axschema.org/types/
         */
        $openid->setOptionalInfo(array('nickname', 'fullname', 'email'));
        /*
         * EDIT THIS LINE (OPTIONAL)
         * This is the same as above, except much stricter. By using this method, you
         * are telling the OpenID Provider you *must* have this information. If the Provider
         * will not give you the information the transaction should logically fail, either 
         * at the Provider's end or yours. No info, no sign in. Uncomment to use it.
         */
        //$openid->setRequiredInfo(array('email','http://axschema.org/contact/email','contact/email'));
        /*
         * EDIT THIS LINE (OPTIONAL)
         * PAPE Policies help protect users and you against phishing and other authentication
         * forgeries. It's an optional extension, so not all OpenID Providers will be using it.
         * Uncomment to use it.
         * More info and possible policy values here: http://openid.net/specs/openid-provider-authentication-policy-extension-1_0-01.html
         */
        //$openid->setPapePolicies('http://schemas.openid.net/pape/policies/2007/06/phishing-resistant ');
        /*
         * EDIT THIS LINE (OPTIONAL)
         * Also part of the PAPE extension, you can set a time limit for users to
         * authenticate themselves with their OpenID Provider. If it takes too long,
         * authentication will fail and the user will not be allowed access to your site.
         * Uncomment and set a value in seconds to use.
         */
        //$openid->setPapeMaxAuthAge(120);
        /*
         * Attempt to discover the user's OpenID provider endpoint
         */
        $endpoint_url = $openid->getOpenIDEndpoint();
        if ($endpoint_url) {
            // If we find the endpoint, you might want to store it for later use.
            $_SESSION['openid_endpoint_url'] = $endpoint_url;
            // Redirect the user to their OpenID Provider
            $openid->redirect();
            // Call exit so the script stops executing while we wait to redirect.
            exit;
        } else {
            /*
             * Else we couldn't find an OpenID Provider endpoint for the user.
             * You can report this error any way you like, but just for demonstration
             * purposes we'll get the error as reported by Dope OpenID. It will be
             * displayed farther down in this file with the HTML.
             */
            $the_error = $openid->getError();
            $error = "Error Code: {$the_error['code']}<br />";
            $error .= "Error Description: {$the_error['description']}<br />";
        }
    }
}