/** * Write the jsConnect string for single sign on. * * @param array $User An array containing information about the currently signed on user. If no user is signed in then this should be an empty array. * @param array $Request An array of the $_GET request. * @param string $ClientID The string client ID that you set up in the jsConnect settings page. * @param string $Secret The string secred that you set up in the jsConnect settings page. * @param string|bool $Secure Whether or not to check for security. This is one of these values. * - true: Check for security and sign the response with an md5 hash. * - false: Don't check for security, but sign the response with an md5 hash. * - string: Check for security and sign the response with the given hash algorithm. See hash_algos() for what your server can support. * - null: Don't check for security and don't sign the response. * @since 1.1b Added the ability to provide a hash algorithm to $Secure. */ function writeJsConnect($User, $Request, $ClientID, $Secret, $Secure = true) { $User = array_change_key_case($User); // Error checking. if ($Secure) { // Check the client. if (!isset($Request['client_id'])) { $Error = ['error' => 'invalid_request', 'message' => 'The client_id parameter is missing.']; } elseif ($Request['client_id'] != $ClientID) { $Error = ['error' => 'invalid_client', 'message' => "Unknown client {$Request['client_id']}."]; } elseif (!isset($Request['timestamp']) && !isset($Request['signature'])) { if (is_array($User) && count($User) > 0) { // This isn't really an error, but we are just going to return public information when no signature is sent. $Error = ['name' => $User['name'], 'photourl' => @$User['photourl']]; } else { $Error = ['name' => '', 'photourl' => '']; } } elseif (!isset($Request['timestamp']) || !is_numeric($Request['timestamp'])) { $Error = ['error' => 'invalid_request', 'message' => 'The timestamp parameter is missing or invalid.']; } elseif (!isset($Request['signature'])) { $Error = ['error' => 'invalid_request', 'message' => 'Missing signature parameter.']; } elseif (($Diff = abs($Request['timestamp'] - jsTimestamp())) > JS_TIMEOUT) { $Error = ['error' => 'invalid_request', 'message' => 'The timestamp is invalid.']; } else { // Make sure the timestamp hasn't timed out. $Signature = jsHash($Request['timestamp'] . $Secret, $Secure); if ($Signature != $Request['signature']) { $Error = ['error' => 'access_denied', 'message' => 'Signature invalid.']; } } } if (isset($Error)) { $Result = $Error; } elseif (is_array($User) && count($User) > 0) { if ($Secure === null) { $Result = $User; } else { $Result = signJsConnect($User, $ClientID, $Secret, $Secure, true); } } else { $Result = ['name' => '', 'photourl' => '']; } $Json = json_encode($Result); if (isset($Request['callback'])) { safeHeader('Content-Type: application/javascript'); echo "{$Request['callback']}({$Json})"; } else { safeHeader('Content-Type: application/json'); echo $Json; } }
public static function connectUrl($Provider, $Secure = FALSE, $Callback = TRUE) { if (!is_array($Provider)) { $Provider = self::getProvider($Provider); } if (!is_array($Provider)) { return FALSE; } $Url = $Provider['AuthenticateUrl']; $Query = array('client_id' => $Provider['AuthenticationKey']); if ($Secure) { include_once dirname(__FILE__) . '/functions.jsconnect.php'; $Query['timestamp'] = jsTimestamp(); $Query['signature'] = jsHash($Query['timestamp'] . $Provider['AssociationSecret'], GetValue('HashType', $Provider)); } if ($Target = Gdn::Request()->Get('Target')) { $Query['Target'] = $Target; } else { $Query['Target'] = '/' . ltrim(Gdn::Request()->Path(), '/'); } if (StringBeginsWith($Query['Target'], '/entry/signin')) { $Query['Target'] = '/'; } $Result = $Url . (strpos($Url, '?') === FALSE ? '?' : '&') . http_build_query($Query); if ($Callback) { $Result .= '&callback=?'; } return $Result; }