/**
* Processes a positive authentication response.
*
* @param Boolean $valid True if the request has already been authenticated
*/
function processPositiveResponse($valid)
{
Logger::log('Positive response: identity = %s, expected = %s', $_REQUEST['openid_identity'], $_SESSION['openid']['claimedId']);
if (!URLBuilder::isValidReturnToURL($_REQUEST['openid_return_to'])) {
Logger::log('Return_to check failed: %s, URL: %s', $_REQUEST['openid_return_to'], URLBuilder::getCurrentURL(true));
error('diffreturnto', 'The identity provider stated return URL was ' . $_REQUEST['openid_return_to'] . ' but it actually seems to be ' . URLBuilder::getCurrentURL());
}
$id = $_REQUEST[isset($_REQUEST['openid_claimed_id']) ? 'openid_claimed_id' : 'openid_identity'];
if (!URLBuilder::isSameURL($id, $_SESSION['openid']['claimedId']) && !URLBuilder::isSameURL($id, $_SESSION['openid']['opLocalId'])) {
if ($_SESSION['openid']['claimedId'] == 'http://specs.openid.net/auth/2.0/identifier_select') {
$disc = new Discoverer($_REQUEST['openid_claimed_id'], false);
if ($disc->hasServer($_SESSION['openid']['endpointUrl'])) {
$_SESSION['openid']['identity'] = $_REQUEST['openid_identity'];
$_SESSION['openid']['opLocalId'] = $_REQUEST['openid_claimed_id'];
} else {
error('diffid', 'The OP at ' . $_SESSION['openid']['endpointUrl'] . ' is attmpting to claim ' . $_REQUEST['openid_claimed_id'] . ' but ' . ($disc->getEndpointUrl() == null ? 'that isn\'t a valid identifier' : 'that identifier only authorises ' . $disc->getEndpointUrl()));
}
} else {
error('diffid', 'Identity provider validated wrong identity. Expected it to ' . 'validate ' . $_SESSION['openid']['claimedId'] . ' but it ' . 'validated ' . $id);
}
}
resetRequests(true);
if (!$valid) {
$dumbauth = true;
if (KEYMANAGER) {
try {
Logger::log('Attempting to authenticate using association...');
$valid = KeyManager::authenticate($_SESSION['openid']['endpointUrl'], $_REQUEST);
$dumbauth = false;
} catch (Exception $ex) {
// Ignore it - try dumb auth
}
}
if ($dumbauth) {
Logger::log('Attempting to authenticate using dumb auth...');
$valid = KeyManager::dumbAuthenticate();
}
}
$_SESSION['openid']['validated'] = $valid;
if (!$valid) {
Logger::log('Validation failed!');
error('noauth', 'Provider didn\'t authenticate response');
}
Processor::callHandlers();
URLBuilder::redirect();
}
/**
* Processes id_res requests.
*
* @param Boolean $valid True if the request has already been authenticated
*/
function processIdRes($valid)
{
if (isset($_REQUEST['openid_identity'])) {
if ($_REQUEST['openid_identity'] != $_SESSION['openid']['delegate']) {
openid_error('diffid', 'Identity provider validated wrong identity. Expected it to ' . 'validate ' . $_SESSION['openid']['delegate'] . ' but it ' . 'validated ' . $_REQUEST['openid_identity']);
}
if (!$valid) {
$dumbauth = true;
if (KEYMANAGER) {
try {
$valid = KeyManager::authenticate($_SESSION['openid']['server'], $_REQUEST);
$dumbauth = false;
} catch (Exception $ex) {
// Ignore it - try dumb auth
}
}
if ($dumbauth) {
$valid = KeyManager::dumbAuthenticate();
}
}
$_SESSION['openid']['validated'] = $valid;
if (!$valid) {
openid_error('noauth', 'Provider didn\'t authenticate response');
}
parseSRegResponse();
URLBuilder::redirect();
} else {
if (isset($_REQUEST['openid_user_setup_url'])) {
if (defined('OPENID_IMMEDIATE') && OPENID_IMMEDIATE) {
openid_error('noimmediate', 'Couldn\'t perform immediate auth');
}
$handle = getHandle($_SESSION['openid']['server']);
$url = URLBuilder::buildRequest('setup', $_REQUEST['openid_user_setup_url'], $_SESSION['openid']['delegate'], $_SESSION['openid']['identity'], URLBuilder::getCurrentURL(), $handle);
URLBuilder::doRedirect($url);
}
}
}
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
session_start();
require '../../urlbuilder.inc.php';
if (isset($_GET['cs'])) {
unset($_SESSION['openid']);
header('Location: ' . $_SERVER['SCRIPT_NAME']);
exit;
}
$_SESSION['trustroot'] = URLBuilder::getCurrentURL();
if (isset($_POST['openid_url']) || isset($_REQUEST['openid_mode'])) {
// Proxy for non-JS users
require '../../processor.php';
} else {
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>OpenID consumer demonstration</title>
<style type="text/css">
input#openid_url {
background: url('../../openid.gif') no-repeat; padding-left: 20px;
}
div { margin: 20px; padding: 5px; }
