Beispiel #1
0
 function do_id_res($req)
 {
     if (!$this->verify_return_to($req->get('return_to'))) {
         return new InvalidLogin();
     }
     $user_setup_url = $req->get('user_setup_url');
     if ($user_setup_url) {
         return new UserSetupNeeded($user_setup_url);
     }
     $server_url = $this->determine_server_url($req);
     $assoc = $this->assoc_mngr->get_association($server_url, $req->get('assoc_handle'));
     if (!$assoc) {
         // No matching association found. I guess we're in dumb mode...
         $check_args = array();
         foreach ($req->args as $k => $v) {
             if (oidUtil::startsWith($k, 'openid.')) {
                 $check_args[$k] = $v;
             }
         }
         $check_args['openid.mode'] = 'check_authentication';
         $post_data = http_build_query($check_args);
         return new CheckAuthRequired($server_url, $req->get('return_to'), $post_data);
     }
     // Check the signature
     $sig = $req->get('sig');
     $signed_fields = explode(',', trim($req->get('signed')));
     list($_signed, $v_sig) = oidUtil::sign_reply($req->args, $assoc->secret, $signed_fields);
     if ($v_sig != $sig) {
         return new InvalidLogin();
     }
     $vl = new ValidLogin($this, $req->get('identity'));
     if ($vl->verifyIdentity($req->openid)) {
         return $vl;
     }
     return new InvalidLogin();
 }