/
openid.php
165 lines (132 loc) · 5.38 KB
/
openid.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
<?php
$path_extra = dirname(__FILE__)."/php-openid";
$path = ini_get('include_path');
$path = $path_extra . PATH_SEPARATOR . $path;
ini_set('include_path', $path);
require_once "Auth/OpenID/Consumer.php";
require_once "Auth/OpenID/FileStore.php";
require_once "Auth/OpenID/SReg.php";
function &getOpenIDStore() {
# FIXME: change, to SQL probably
$store_path = "/tmp/_php_consumer_test";
if (!file_exists($store_path) &&
!mkdir($store_path)) {
print "Could not create the FileStore directory '$store_path'. ".
" Please check the effective permissions.";
exit(0);
}
return new Auth_OpenID_FileStore($store_path);
}
function &getOpenIDConsumer() {
$store = getOpenIDStore();
$consumer =& new Auth_OpenID_Consumer($store);
return $consumer;
}
function getHttpScheme() {
$scheme = 'http';
if (isset($_SERVER['HTTPS']) and $_SERVER['HTTPS'] == 'on') {
$scheme .= 's';
}
return $scheme;
}
function getOpenIDReturnTo() {
# TODO: make this always the current page
return sprintf("%s://%s:%s%s",
getHttpScheme(), $_SERVER['SERVER_NAME'],
$_SERVER['SERVER_PORT'],
dirname($_SERVER['PHP_SELF'])."?openid_returning=1");
}
function getOpenIDTrustRoot() {
# TODO: make this always be the root of the app
return sprintf("%s://%s:%s%s",
getHttpScheme(), $_SERVER['SERVER_NAME'],
$_SERVER['SERVER_PORT'],
dirname($_SERVER['PHP_SELF']));
}
function checkOpenID() {
if (isset($_SESSION['openid'])) {
return;
}
if (isset($_GET['openid_returning'])) {
$consumer = getOpenIDConsumer();
$response = $consumer->complete(getOpenIDReturnTo());
// Check the response status.
if ($response->status == Auth_OpenID_CANCEL) {
$error = 'Verification cancelled.';
return null;
} else if ($response->status == Auth_OpenID_FAILURE) {
$error = "OpenID authentication failed: " . $response->message;
return null;
} else if ($response->status == Auth_OpenID_SUCCESS) {
$openid = $response->getDisplayIdentifier();
# FIXME: what to do with this?
if ($response->endpoint->canonicalID) {
$escaped_canonicalID = htmlentities($response->endpoint->canonicalID);
$success .= ' (XRI CanonicalID: '.$escaped_canonicalID.') ';
}
$sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response);
$sreg = $sreg_resp->contents();
$_SESSION['openid_sreg'] = @$sreg;
$_SESSION['openid'] = $openid;
}
# redirect to clean up the URL
header("Location: " . str_replace('?openid_returning=1','',getOpenIDReturnTo()));
die;
} else if (isset($_GET['openid_identifier'])) {
$openid = $_GET['openid_identifier'];
$consumer = getOpenIDConsumer();
// Begin the OpenID authentication process.
$auth_request = $consumer->begin($openid);
// No auth request means we can't begin OpenID.
if (!$auth_request) {
$error = "Authentication error; not a valid OpenID.";
return null;
}
$sreg_request = Auth_OpenID_SRegRequest::build(
// Required
array(),
// Optional
array('nickname', 'fullname', 'email', 'dob', 'gender', 'postcode', 'country', 'language', 'timezone'));
if ($sreg_request) {
$auth_request->addExtension($sreg_request);
}
// Redirect the user to the OpenID server for authentication.
// Store the token for this authentication so we can verify the
// response.
// For OpenID 1, send a redirect. For OpenID 2, use a Javascript
// form to send a POST request to the server.
if ($auth_request->shouldSendRedirect()) {
$redirect_url = $auth_request->redirectURL(getOpenIDTrustRoot(),
getOpenIDReturnTo());
// If the redirect URL can't be built, display an error
// message.
if (Auth_OpenID::isFailure($redirect_url)) {
$error = "Could not redirect to server: " . $redirect_url->message;
return null;
} else {
// Send redirect.
header("Location: ".$redirect_url);
}
} else {
// Generate form markup and render it.
$form_id = 'openid_message';
$form_html = $auth_request->htmlMarkup(getOpenIDTrustRoot(), getOpenIDReturnTo(),
false, array('id' => $form_id));
// Display an error if the form markup couldn't be generated;
// otherwise, render the HTML.
if (Auth_OpenID::isFailure($form_html)) {
$error = "Could not redirect to server: " . $form_html->message;
return null;
} else {
print $form_html;
exit;
}
}
} else if (isset($_GET['openid_submit'])) {
$error = "Expected an OpenID URL.";
return null;
} else {
return null;
}
}
?>