function openid_check($ci, $callback_url, &$data)
{
if (!isset($data)) {
$data = array();
}
$ci->lang->load('openid');
$ci->config->load('openid');
$ci->openid->set_request_to($callback_url);
$response = $ci->openid->getResponse();
switch ($response->status) {
case Auth_OpenID_CANCEL:
push_message($ci->lang->line('openid_cancel'), 'error', $ci);
break;
case Auth_OpenID_FAILURE:
push_message(set_message('openid_failure', $response->message), 'error', $ci);
break;
case Auth_OpenID_SUCCESS:
$openid = $response->getDisplayIdentifier();
$esc_identity = htmlspecialchars($openid, ENT_QUOTES);
$data['openid_identifier'] = $openid;
$sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response);
$sreg = $sreg_resp->contents();
$ax_resp = new Auth_OpenID_AX_FetchResponse();
$ax = $ax_resp->fromSuccessResponse($response);
if (isset($sreg['email'])) {
$data['email'] = $sreg['email'];
}
if ($ax) {
if (isset($ax->data['http://axschema.org/contact/email'])) {
$data['email'] = $ax->getSingle('http://axschema.org/contact/email');
}
if (isset($ax->data['http://axschema.org/namePerson/first'])) {
$first_name = $ax->getSingle('http://axschema.org/namePerson/first');
} else {
$first_name = "Sample";
}
if (isset($ax->data['http://axschema.org/namePerson/last'])) {
$last_name = $ax->getSingle('http://axschema.org/namePerson/last');
} else {
$last_name = "Avatar";
}
if ($first_name != null && $last_name != null) {
$data['username'] = "******";
}
}
return true;
}
return false;
}
function run()
{
$consumer = getConsumer();
// Complete the authentication process using the server's
// response.
$return_to = getReturnTo();
$response = $consumer->complete($return_to);
// Check the response status.
if ($response->status == Auth_OpenID_CANCEL) {
// This means the authentication was cancelled.
$msg = 'Verification cancelled.';
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time() - 42000, '/');
}
session_destroy();
} else {
if ($response->status == Auth_OpenID_FAILURE) {
// Authentication failed; display the error message.
$msg = "OpenID authentication failed: " . $response->message;
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time() - 42000, '/');
}
session_destroy();
} else {
if ($response->status == Auth_OpenID_SUCCESS) {
// This means the authentication succeeded; extract the
// identity URL and Simple Registration data (if it was
// returned).
$openid = $response->getDisplayIdentifier();
$esc_identity = escape($openid);
$_SESSION = array();
$_SESSION['openid'] = $esc_identity;
if ($response->endpoint->canonicalID) {
$escaped_canonicalID = escape($response->endpoint->canonicalID);
$success .= ' (XRI CanonicalID: ' . $escaped_canonicalID . ') ';
$_SESSION['openid'] = $escaped_canonicalID;
}
// AX Process
$ax_resp = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($response);
if ($ax_resp) {
global $ax_data;
foreach ($ax_data as $ax_key => $ax_data_ns) {
if ($ax_resp->data[$ax_data_ns][0]) {
$_SESSION['ax_' . $ax_key] = $ax_resp->data[$ax_data_ns][0];
}
}
}
}
}
}
if ($_GET["popup"] == "true") {
include 'close.php';
} else {
if ($_GET["callback"] == "ax") {
header("Location: ./ax_example.php");
} else {
header("Location: ./index.php");
}
}
}
public function googledoneAction()
{
$consumer = $this->getGoogleConsumer();
$return_to = 'http://' . $_SERVER['HTTP_HOST'] . '/login/googledone';
$response = $consumer->complete($return_to);
if ($response->status == Auth_OpenID_CANCEL) {
return $this->alert('取消登入', '/');
}
if ($response->status == Auth_OpenID_FAILURE) {
return $this->alert('登入失敗: ' . $response->message, '/');
}
$ax = new Auth_OpenID_AX_FetchResponse();
$obj = $ax->fromSuccessResponse($response);
$email = $obj->data['http://axschema.org/contact/email'][0];
if (!($user = User::search(array('user_name' => 'google://' . $email))->first())) {
$user = User::insert(array('user_name' => 'google://' . $email));
}
Pix_Session::set('user_id', $user->user_id);
return $this->redirect('/');
}
public function getResponseAx()
{
$ax_resp = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($this->response);
return $ax_resp;
}
function run()
{
$consumer = getConsumer();
// Complete the authentication process using the server's
// response.
$return_to = getReturnTo();
$response = $consumer->complete($return_to);
// Check the response status.
if ($response->status == Auth_OpenID_CANCEL) {
// This means the authentication was cancelled.
$msg = 'Verification cancelled.';
} else {
if ($response->status == Auth_OpenID_FAILURE) {
// Authentication failed; display the error message.
$msg = "OpenID authentication failed: " . $response->message;
} else {
if ($response->status == Auth_OpenID_SUCCESS) {
// This means the authentication succeeded; extract the
// identity URL and Simple Registration data (if it was
// returned).
$openid = $response->getDisplayIdentifier();
$esc_identity = escape($openid);
$success = sprintf('You have successfully verified ' . '<a href="%s">%s</a> as your identity.', $esc_identity, $esc_identity);
if ($response->endpoint->canonicalID) {
$escaped_canonicalID = escape($response->endpoint->canonicalID);
$success .= ' (XRI CanonicalID: ' . $escaped_canonicalID . ') ';
}
$sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response);
$sreg = $sreg_resp->contents();
if (@$sreg['email']) {
$success .= " You also returned '" . escape($sreg['email']) . "' as your email.";
}
if (@$sreg['nickname']) {
$success .= " Your nickname is '" . escape($sreg['nickname']) . "'.";
}
if (@$sreg['fullname']) {
$success .= " Your fullname is '" . escape($sreg['fullname']) . "'.";
}
// Show all the registration data
$success .= '<h2>SReg Data</h2>';
$success .= PHP_EOL . '<pre>';
$success .= print_r(@$sreg, true);
$success .= '</pre>' . PHP_EOL;
$ax = new Auth_OpenID_AX_FetchResponse();
$obj = $ax->fromSuccessResponse($response);
$success .= '<h2>AX Data</h2>';
if ($obj) {
$success .= PHP_EOL . '<pre>';
$success .= print_r($obj->data, true);
$success .= '</pre>' . PHP_EOL;
} else {
$success .= PHP_EOL . '<pre>';
$success .= PHP_EOL . 'Type is ' . gettype($obj) . PHP_EOL;
$success .= print_r($obj, true);
$success .= '</pre>' . PHP_EOL;
}
$pape_resp = Auth_OpenID_PAPE_Response::fromSuccessResponse($response);
if ($pape_resp) {
if ($pape_resp->auth_policies) {
$success .= "<p>The following PAPE policies affected the authentication:</p><ul>";
foreach ($pape_resp->auth_policies as $uri) {
$escaped_uri = escape($uri);
$success .= "<li><tt>{$escaped_uri}</tt></li>";
}
$success .= "</ul>";
} else {
$success .= "<p>No PAPE policies affected the authentication.</p>";
}
if ($pape_resp->auth_age) {
$age = escape($pape_resp->auth_age);
$success .= "<p>The authentication age returned by the " . "server is: <tt>" . $age . "</tt></p>";
}
if ($pape_resp->nist_auth_level) {
$auth_level = escape($pape_resp->nist_auth_level);
$success .= "<p>The NIST auth level returned by the " . "server is: <tt>" . $auth_level . "</tt></p>";
}
} else {
$success .= "<p>No PAPE response was sent by the provider.</p>";
}
}
}
}
include 'index.php';
}
private function finishAuth()
{
$consumer = getConsumer();
// Complete the authentication process using the server's
// response.
$return_to = getReturnTo();
$response = $consumer->complete($return_to);
// Check the response status.
if ($response->status == Auth_OpenID_CANCEL) {
// This means the authentication was cancelled.
echo 'Verification cancelled.';
} else {
if ($response->status == Auth_OpenID_FAILURE) {
// Authentication failed; display the error message.
echo "OpenID authentication failed: " . $response->message;
} else {
if ($response->status == Auth_OpenID_SUCCESS) {
// This means the authentication succeeded; extract the
// identity URL and Simple Registration data (if it was
// returned).
$openid = $response->getDisplayIdentifier();
$esc_identity = escape($openid);
// Fetch some random information
if ($response->endpoint->canonicalID) {
$escaped_canonicalID = escape($response->endpoint->canonicalID);
$success .= ' (XRI CanonicalID: ' . $escaped_canonicalID . ') ';
}
$sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response);
$sreg = $sreg_resp->contents();
$email = isset($sreg['email']) ? $sreg['email'] : null;
$language = isset($sreg['language']) ? strtolower($sreg['language']) : null;
$country = isset($sreg['country']) ? $sreg['country'] : null;
$dob = isset($sreg['dob']) ? $sreg['dob'] : null;
$gender = isset($sreg['gender']) ? $sreg['gender'] : null;
if (!empty($dob)) {
$_SESSION['birthday'] = strtotime($dob);
}
if (!empty($gender)) {
$_SESSION['gender'] = $gender;
}
$nickname = isset($sreg['nickname']) ? $sreg['nickname'] : null;
//customMail ('*****@*****.**', 'login test', print_r ($sreg, true));
// Check if this language exists:
if (isset($language)) {
$allLanguages = Neuron_Core_Text::getLanguages();
if (in_array($language, $allLanguages)) {
if (!isset($_COOKIE['user_language'])) {
$_SESSION['language'] = $language;
}
//setcookie ('user_language', $language, time () + COOKIE_LIFE, '/');
}
}
if (isset($nickname)) {
$_SESSION['openid_nickname'] = $nickname;
}
// Fetch the AX
$notify_url = null;
$profilebox_url = null;
$openid_userstats = null;
$ax = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($response);
if ($ax) {
$ax_data = $ax->data;
$keyname = 'http://www.browser-games-hub.org/schema/openid/notify_url.xml';
$notify_url = isset($ax_data[$keyname]) ? $ax_data[$keyname] : array();
$keyname2 = 'http://www.browser-games-hub.org/schema/openid/profilebox_url.xml';
$profilebox_url = isset($ax_data[$keyname2]) ? $ax_data[$keyname2] : array();
$keyname3 = 'http://www.browser-games-hub.org/schema/openid/messagebundle_url.xml';
$messagebundle_url = isset($ax_data[$keyname3]) ? $ax_data[$keyname3] : array();
$keyname4 = 'http://www.browser-games-hub.org/schema/openid/container.xml';
$openid_container = isset($ax_data[$keyname4]) ? $ax_data[$keyname4] : array();
$keyname5 = 'http://www.browser-games-hub.org/schema/openid/fullscreen.xml';
$openid_fullscreen = isset($ax_data[$keyname5]) ? $ax_data[$keyname5] : array();
$keyname6 = 'http://www.browser-games-hub.org/schema/openid/userstats_url.xml';
$openid_userstats = isset($ax_data[$keyname6]) ? $ax_data[$keyname6] : array();
$keyname7 = 'http://www.browser-games-hub.org/schema/openid/hide_advertisement.xml';
$hide_advertisement = isset($ax_data[$keyname7]) ? $ax_data[$keyname7] : array();
$keyname8 = 'http://www.browser-games-hub.org/schema/openid/hide_advertisement.xml';
$hide_chat = isset($ax_data[$keyname8]) ? $ax_data[$keyname8] : array();
$notify_url = count($notify_url) > 0 ? $notify_url[0] : null;
$profilebox_url = count($profilebox_url) > 0 ? $profilebox_url[0] : null;
$messagebundle_url = count($messagebundle_url) > 0 ? $messagebundle_url[0] : null;
$openid_container = count($openid_container) > 0 ? $openid_container[0] : null;
$openid_fullscreen = count($openid_fullscreen) > 0 ? $openid_fullscreen[0] : null;
$openid_userstats = count($openid_userstats) > 0 ? $openid_userstats[0] : null;
$hide_advertisement = count($hide_advertisement) > 0 ? $hide_advertisement[0] : null;
$hide_chat = count($hide_chat) > 0 ? $hide_chat[0] : null;
$_SESSION['opensocial_messagebundle'] = $messagebundle_url;
$_SESSION['opensocial_container'] = $openid_container;
$_SESSION['fullscreen'] = $openid_fullscreen == 1;
$_SESSION['hide_advertisement'] = $hide_advertisement == 1;
$_SESSION['hide_chat'] = $hide_chat == 1;
$_SESSION['welcome_url'] = getAXValue($ax_data, 'http://www.browser-games-hub.org/schema/openid/welcome_url.xml');
$_SESSION['tracker_url'] = getAXValue($ax_data, 'http://www.browser-games-hub.org/schema/openid/tracker_url.xml');
// Load the tracker
if (isset($_SESSION['tracker_url'])) {
$_SESSION['tracker_html'] = @file_get_contents($_SESSION['tracker_url']);
}
if (isset($_SESSION['welcome_url'])) {
$_SESSION['welcome_html'] = @file_get_contents($_SESSION['welcome_url']);
}
}
// Fetch a fresh user ID
$db = Neuron_Core_Database::__getInstance();
$login = Neuron_Core_Login::__getInstance();
// See if there is an account available
$acc = $db->select('n_auth_openid', array('user_id'), "openid_url = '" . $db->escape($esc_identity) . "'");
$_SESSION['neuron_openid_identity'] = $esc_identity;
if (count($acc) == 1 && $acc[0]['user_id'] > 0) {
$id = $acc[0]['user_id'];
loginAndRedirect($acc[0]['user_id'], $email);
} else {
if (count($acc) == 0) {
// Create a new account
$db->insert('n_auth_openid', array('openid_url' => $esc_identity, 'user_id' => 0));
}
// Set a session key to make sure
// that the server still knows you
// when you hit submit.
$_SESSION['dolumar_openid_identity'] = $esc_identity;
$_SESSION['dolumar_openid_email'] = $email;
$url = ABSOLUTE_URL . 'dispatch.php?module=openid/register/&session_id=' . session_id();
header('Location: ' . $url);
}
// Update this ID
$db->update('n_auth_openid', array('notify_url' => $notify_url, 'profilebox_url' => $profilebox_url, 'userstats_url' => $openid_userstats), "openid_url = '" . $db->escape($esc_identity) . "'");
}
}
}
}
//connect to database
/* Set identity cookie */
if ($_REQUEST['email']) {
setcookie("user_openid", $_REQUEST['email'], time() + 3600 * 1000, '/');
} else {
setcookie("user_openid", $response->identity_url, time() + 3600 * 1000, '/');
}
//set cookie
/* Get sreg resp or defaults */
$sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response);
$sreg = $sreg_resp->contents();
$fullname = explode(' ', mysql_real_escape_string(@$sreg['fullname'], $db));
$email = @$sreg['email'] ? mysql_real_escape_string(@$sreg['email'], $db) : mysql_real_escape_string($_REQUEST['email'], $db);
$nickname = @$sreg['nickname'] ? mysql_real_escape_string(@$sreg['nickname'], $db) : false;
/* Augment with any AX response there may have been */
$ax_resp = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($response);
if (($ax_email = $ax_resp->getSingle('http://axschema.org/contact/email')) && !is_a($ax_email, 'Auth_OpenID_AX_Error')) {
$email = mysql_real_escape_string($ax_email, $db);
}
if (($ax_nickname = $ax_resp->getSingle('http://axschema.org/namePerson/friendly')) && !is_a($ax_nickname, 'Auth_OpenID_AX_Error')) {
$nickname = mysql_real_escape_string($ax_nickname, $db);
}
if (($ax_fullname = $ax_resp->getSingle('http://axschema.org/namePerson')) && !is_a($ax_fullname, 'Auth_OpenID_AX_Error')) {
$fullname = explode(' ', mysql_real_escape_string($ax_fullname, $db));
}
/* And with any hCard */
if (!$email || !$nickname || !$photo) {
$r = explode("\n", shell_exec("representative_hcard.rb '" . escapeshellcmd($response->identity_url) . "'"));
if ($r[0]) {
$nickname = mysql_real_escape_string($r[0], $db);
}
/**
* Construct a FetchResponse object from an OpenID library
* SuccessResponse object.
*
* @param success_response: A successful id_res response object
*
* @param signed: Whether non-signed args should be processsed. If
* True (the default), only signed arguments will be processsed.
*
* @return $response A FetchResponse containing the data from the
* OpenID message
*/
function fromSuccessResponse($success_response, $signed = true)
{
$obj = new Auth_OpenID_AX_FetchResponse();
if ($signed) {
$ax_args = $success_response->getSignedNS($obj->ns_uri);
} else {
$ax_args = $success_response->message->getArgs($obj->ns_uri);
}
if ($ax_args === null || Auth_OpenID::isFailure($ax_args) || sizeof($ax_args) == 0) {
return null;
}
$result = $obj->parseExtensionArgs($ax_args);
if (Auth_OpenID_AX::isError($result)) {
#XXX log me
return null;
}
return $obj;
}
function index()
{
// Enable SSL?
maintain_ssl($this->config->item("ssl_enabled"));
// Get OpenID store object
$store = new Auth_OpenID_FileStore($this->config->item("openid_file_store_path"));
// Get OpenID consumer object
$consumer = new Auth_OpenID_Consumer($store);
if ($this->input->get('janrain_nonce')) {
// Complete authentication process using server response
$response = $consumer->complete(site_url('account/connect_google'));
// Check the response status
if ($response->status == Auth_OpenID_SUCCESS) {
// Check if user has connect google to a3m
if ($user = $this->account_openid_model->get_by_openid($response->getDisplayIdentifier())) {
// Check if user is not signed in on a3m
if (!$this->authentication->is_signed_in()) {
// Run sign in routine
$this->authentication->sign_in($user->account_id);
}
$user->account_id === $this->session->userdata('account_id') ? $this->session->set_flashdata('linked_error', sprintf(lang('linked_linked_with_this_account'), lang('connect_google'))) : $this->session->set_flashdata('linked_error', sprintf(lang('linked_linked_with_another_account'), lang('connect_google')));
redirect('account/account_linked');
} else {
// Check if user is signed in on a3m
if (!$this->authentication->is_signed_in()) {
$openid_google = array();
if ($ax_args = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($response)) {
$ax_args = $ax_args->data;
if (isset($ax_args['http://axschema.org/namePerson/friendly'][0])) {
$openid_google['username'] = $ax_args['http://axschema.org/namePerson/friendly'][0];
}
if (isset($ax_args['http://axschema.org/contact/email'][0])) {
$email = $ax_args['http://axschema.org/contact/email'][0];
}
if (isset($ax_args['http://axschema.org/namePerson'][0])) {
$openid_google['fullname'] = $ax_args['http://axschema.org/namePerson'][0];
}
if (isset($ax_args['http://axschema.org/birthDate'][0])) {
$openid_google['dateofbirth'] = $ax_args['http://axschema.org/birthDate'][0];
}
if (isset($ax_args['http://axschema.org/person/gender'][0])) {
$openid_google['gender'] = $ax_args['http://axschema.org/person/gender'][0];
}
if (isset($ax_args['http://axschema.org/contact/postalCode/home'][0])) {
$openid_google['postalcode'] = $ax_args['http://axschema.org/contact/postalCode/home'][0];
}
if (isset($ax_args['http://axschema.org/contact/country/home'][0])) {
$openid_google['country'] = $ax_args['http://axschema.org/contact/country/home'][0];
}
if (isset($ax_args['http://axschema.org/pref/language'][0])) {
$openid_google['language'] = $ax_args['http://axschema.org/pref/language'][0];
}
if (isset($ax_args['http://axschema.org/pref/timezone'][0])) {
$openid_google['timezone'] = $ax_args['http://axschema.org/pref/timezone'][0];
}
if (isset($ax_args['http://axschema.org/namePerson/first'][0])) {
$openid_google['firstname'] = $ax_args['http://axschema.org/namePerson/first'][0];
}
// google only
if (isset($ax_args['http://axschema.org/namePerson/last'][0])) {
$openid_google['lastname'] = $ax_args['http://axschema.org/namePerson/last'][0];
}
// google only
}
// Store user's google data in session
$this->session->set_userdata('connect_create', array(array('provider' => 'openid', 'provider_id' => $response->getDisplayIdentifier(), 'email' => isset($email) ? $email : NULL), $openid_google));
// Create a3m account
redirect('account/connect_create');
} else {
// Connect google to a3m
$this->account_openid_model->insert($response->getDisplayIdentifier(), $this->session->userdata('account_id'));
$this->session->set_flashdata('linked_info', sprintf(lang('linked_linked_with_your_account'), lang('connect_google')));
redirect('account/account_linked');
}
}
} else {
$this->authentication->is_signed_in() ? redirect('account/account_linked') : redirect('account/sign_up');
}
}
// Begin OpenID authentication process
$auth_request = $consumer->begin($this->config->item("openid_google_discovery_endpoint"));
// Create ax request (Attribute Exchange)
$ax_request = new Auth_OpenID_AX_FetchRequest();
$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/friendly', 1, TRUE, 'username'));
$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, TRUE, 'email'));
$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, TRUE, 'fullname'));
$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/birthDate', 1, TRUE, 'dateofbirth'));
$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/person/gender', 1, TRUE, 'gender'));
$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/postalCode/home', 1, TRUE, 'postalcode'));
$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/country/home', 1, TRUE, 'country'));
$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/pref/language', 1, TRUE, 'language'));
$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/pref/timezone', 1, TRUE, 'timezone'));
$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, TRUE, 'firstname'));
// google only
$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, TRUE, 'lastname'));
// google only
$auth_request->addExtension($ax_request);
// Redirect to authorizate URL
header("Location: " . $auth_request->redirectURL(base_url(), site_url('account/connect_google')));
}
/**
* Construct a FetchResponse object from an OpenID library
* SuccessResponse object.
*
* @param success_response: A successful id_res response object
*
* @param signed: Whether non-signed args should be processsed. If
* True (the default), only signed arguments will be processsed.
*
* @return $response A FetchResponse containing the data from the
* OpenID message
*/
function &fromSuccessResponse($success_response, $signed = true)
{
$obj = new Auth_OpenID_AX_FetchResponse();
if ($signed) {
$ax_args = $success_response->getSignedNS($obj->ns_uri);
} else {
$ax_args = $success_response->message->getArgs($obj->ns_uri);
}
return $obj->parseExtensionArgs($ax_args);
}
function compare_useremail_response($user, $response, &$return_email = null)
{
$email = null;
if (empty($user) || empty($user->email)) {
return true;
}
// cannot compare, assume ok
$sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response);
$sreg = $sreg_resp->contents();
if (defined('ADD_AX_SUPPORT')) {
$ax_resp = new Auth_OpenID_AX_FetchResponse();
$ax = $ax_resp->fromSuccessResponse($response);
$email = get_ax_data(AX_SCHEMA_EMAIL, $ax);
}
if (empty($email) && !empty($sreg['email'])) {
$email = $sreg['email'];
}
if ($return_email !== null) {
$return_email = $email;
}
//error_log("/auth/openid/auth.php::compare_useremail_response(): $user->email ?= $email ");
return !empty($email) ? $user->email == $email : true;
}
function check()
{
$this->config->load('openid');
$this->load->helper('gfx');
$this->openid->set_request_to(site_url('auth/check'));
$response = $this->openid->getResponse();
switch ($response->status) {
case Auth_OpenID_CANCEL:
flashdata_message('auth_login_canceled', 'highlight', 'info');
header('Location: ' . base_url());
break;
case Auth_OpenID_FAILURE:
flashdata_message('auth_login_failed');
header('Location: ' . base_url());
break;
//case Auth_OpenID_SETUP_NEEDED: //Only happens in checkid_immediate mode
// flashdata_message('Auth_OpenID_SETUP_NEEDED');
// header('Location: ' . base_url());
// break;
//case Auth_OpenID_SETUP_NEEDED: //Only happens in checkid_immediate mode
// flashdata_message('Auth_OpenID_SETUP_NEEDED');
// header('Location: ' . base_url());
// break;
case Auth_OpenID_SUCCESS:
$open_id = $response->getDisplayIdentifier();
$this->load->database();
$user = $this->db->get_where('users', array('login' => $open_id));
$sreg = Auth_OpenID_SRegResponse::fromSuccessResponse($response)->contents();
$ax_response = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($response);
if ($ax_response) {
$ax = $ax_response->data;
} else {
$ax = array();
}
if ($user->num_rows() !== 0) {
/* User exists */
$data = $user->row_array();
flashdata_message('auth_login', 'highlight', 'info');
if (!$data['email']) {
if (isset($sreg['email'])) {
$data['email'] = $sreg['email'];
$this->db->update('users', array('email' => $sreg['email']), array('id' => $data['id']));
} elseif (isset($ax['http://axschema.org/contact/email'])) {
$data['email'] = $ax['http://axschema.org/contact/email'][0];
$this->db->update('users', array('email' => $ax['http://axschema.org/contact/email'][0]), array('id' => $data['id']));
}
}
} else {
$this->load->config('gfx');
if ($this->config->item('gfx_require_pre_authorization')) {
header('Location: ' . site_url('about/closetest?claimed_id=' . urlencode($open_id)));
return;
}
/* Create new user */
flashdata_message('auth_login_new', 'highlight', 'info');
$data = array('login' => $open_id, 'name' => '__temp__' . md5($open_id . time()), 'title' => '', 'admin' => 'N', 'avatar' => '', 'email' => '', 'bio' => '', 'web' => '', 'blog' => '', 'blog_rss' => '', 'forum_username' => '', 'count' => 1, 'visited' => 0);
if (isset($sreg['fullname'])) {
$data['title'] = $sreg['fullname'];
} elseif (isset($sreg['nickname'])) {
$data['title'] = $sreg['nickname'];
} elseif (isset($ax['http://axschema.org/namePerson/first'])) {
$data['title'] = $ax['http://axschema.org/namePerson/first'][0];
}
if (isset($sreg['email'])) {
$data['avatar'] = '(gravatar)';
$data['email'] = $sreg['email'];
} elseif (isset($ax['http://axschema.org/contact/email'])) {
$data['avatar'] = '(gravatar)';
$data['email'] = $ax['http://axschema.org/contact/email'][0];
}
if (preg_match('/myid\\.tw\\/$/', $data['login'])) {
$data['avatar'] = '(myidtw)';
}
$this->db->insert('users', $data);
$data['id'] = $this->db->insert_id();
$this->db->insert('u2g', array('user_id' => $data['id'], 'group_id' => '1', 'order' => '1'));
}
session_data_set(array('id' => $data['id'], 'name' => $data['name'], 'admin' => $data['admin'], 'hide_announcement' => ''), false);
header('Location: ' . site_url('editor'));
}
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', 0, '/');
}
session_destroy();
}
/**
* Retrieve user data from OpenID Attribute Exchange.
*
* @param string $identity_url OpenID to get user data about
* @param reference $data reference to user data array
* @see get_user_data
*/
function openid_get_user_data_ax($data, $identity_url) {
set_include_path( dirname(__FILE__) . PATH_SEPARATOR . get_include_path() );
require_once('Auth/OpenID/AX.php');
restore_include_path();
$response = openid_response();
$ax = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($response);
if (!$ax) return $data;
$email = $ax->getSingle('http://axschema.org/contact/email');
if ($email && !is_a($email, 'Auth_OpenID_AX_Error')) {
$data['user_email'] = $email;
}
$nickname = $ax->getSingle('http://axschema.org/namePerson/friendly');
if ($nickname && !is_a($nickname, 'Auth_OpenID_AX_Error')) {
$data['nickname'] = $ax->getSingle('http://axschema.org/namePerson/friendly');
$data['user_nicename'] = $ax->getSingle('http://axschema.org/namePerson/friendly');
$data['display_name'] = $ax->getSingle('http://axschema.org/namePerson/friendly');
}
$fullname = $ax->getSingle('http://axschema.org/namePerson');
if ($fullname && !is_a($fullname, 'Auth_OpenID_AX_Error')) {
$namechunks = explode( ' ', $fullname, 2 );
if( isset($namechunks[0]) ) $data['first_name'] = $namechunks[0];
if( isset($namechunks[1]) ) $data['last_name'] = $namechunks[1];
$data['display_name'] = $fullname;
}
return $data;
}
function openid_verify()
{
$consumer = new Auth_OpenID_Consumer(new Auth_OpenID_MySQLStore(theDb()));
// Complete the authentication process using the server's
// response.
$return_to = getReturnTo();
$response = $consumer->complete($return_to);
// Check the response status.
if ($response->status == Auth_OpenID_CANCEL) {
// This means the authentication was cancelled.
$msg = 'Verification cancelled.';
} else {
if ($response->status == Auth_OpenID_FAILURE) {
// Authentication failed; display the error message.
$msg = "OpenID authentication failed: " . $response->message;
} else {
if ($response->status == Auth_OpenID_SUCCESS) {
// This means the authentication succeeded; extract the
// identity URL and Simple Registration data (if it was
// returned).
$openid = $response->getDisplayIdentifier();
$esc_identity = htmlentities($openid);
$success = sprintf('You have successfully verified ' . '<a href="%s">%s</a> as your identity.', $esc_identity, $esc_identity);
if ($response->endpoint->canonicalID) {
$escaped_canonicalID = htmlentities($response->endpoint->canonicalID);
$success .= ' (XRI CanonicalID: ' . $escaped_canonicalID . ') ';
}
$sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response);
$sreg = $sreg_resp->contents();
$ax = new Auth_OpenID_AX_FetchResponse();
$obj = $ax->fromSuccessResponse($response);
if ($obj) {
function ax_get($obj, $url)
{
if (!$obj) {
return "";
}
$x = $obj->get($url);
if (is_array($x) && is_string($x[0])) {
return $x[0];
}
return "";
}
if ($x = ax_get($obj, 'http://axschema.org/contact/email')) {
$sreg["email"] = $x;
}
if ($x = ax_get($obj, 'http://axschema.org/namePerson/first')) {
$sreg["fullname"] = $x . " " . ax_get($obj, 'http://axschema.org/namePerson/last');
}
}
openid_user_update($openid, $sreg);
unset($_SESSION["auth_error"]);
return true;
}
}
}
$_SESSION["auth_error"] = $msg;
return false;
}
<?php
include "config.php";
include "authCommon.php";
$response = $openID->complete($baseURL . $basePath);
$identifier = $response->getDisplayIdentifier();
if ($response->status == Auth_OpenID_SUCCESS) {
$axFetcher = new Auth_OpenID_AX_FetchResponse();
$axList = $axFetcher->fromSuccessResponse($response);
$emailSplit = explode("@", $axList->data["http://axschema.org/contact/email"][0]);
if ($emailSplit[1] != $requiredEmailDomain) {
die("You must login using your " . $requiredEmailDomain . " account.<br><a href='https://www.google.com/accounts/Logout'>Logout</a> before trying again.");
}
if (intval($emailSplit[0]) != 0) {
die("Students may not access this system! <a href='https://www.google.com/accounts/Logout'>Logout</a>");
}
$_SESSION['loggedIn'] = true;
$_SESSION['email'] = $axList->data["http://axschema.org/contact/email"][0];
header("Location: index.php");
} else {
echo "OpenID auth failed!<br><br>";
print_r($response);
}
// Complete the authentication process using the server's
// response.
$return_to = getReturnTo();
$response = $consumer->complete($return_to);
// Check the response status.
if ($response->status == Auth_OpenID_CANCEL) {
// This means the authentication was cancelled.
$msg = 'Verification cancelled.';
} else {
if ($response->status == Auth_OpenID_FAILURE) {
// Authentication failed; display the error message.
$msg = "OpenID authentication failed: " . $response->message;
} else {
if ($response->status == Auth_OpenID_SUCCESS) {
// This means the authentication succeeded
$ax = new Auth_OpenID_AX_FetchResponse();
$obj = $ax->fromSuccessResponse($response);
$openid_username = $obj->data['http://axschema.org/contact/email'][0];
}
}
}
}
if (isset($_REQUEST['p1'])) {
$p1 = $_REQUEST['p1'];
} else {
$p1 = $_REQUEST['camila_1'];
}
if (isset($_REQUEST['p2'])) {
$p2 = $_REQUEST['p2'];
} else {
$p2 = $_REQUEST['camila_2'];
/**
* Process a request.
*
* This function never returns.
*
* @param Auth_OpenID_Request $request The request we are processing.
*/
public function processRequest(array $state)
{
assert('isset($state["request"])');
$request = $state['request'];
$sreg_req = Auth_OpenID_SRegRequest::fromOpenIDRequest($request);
$ax_req = Auth_OpenId_AX_FetchRequest::fromOpenIDRequest($request);
/* In resume.php there should be a way to display data requested through sreg or ax. */
if (!$this->authSource->isAuthenticated()) {
if ($request->immediate) {
/* Not logged in, and we cannot show a login form. */
$this->sendResponse($request->answer(FALSE));
}
$resumeURL = $this->getStateURL('resume.php', $state);
$this->authSource->requireAuth(array('ReturnTo' => $resumeURL));
}
$identity = $this->getIdentity();
assert('$identity !== FALSE');
/* Should always be logged in here. */
if (!$request->idSelect() && $identity !== $request->identity) {
/* The identity in the request doesn't match the one of the logged in user. */
throw new SimpleSAML_Error_Exception('Logged in as different user than the one requested.');
}
if ($this->isTrusted($identity, $request->trust_root)) {
$trusted = TRUE;
} elseif (isset($state['TrustResponse'])) {
$trusted = (bool) $state['TrustResponse'];
} else {
if ($request->immediate) {
/* Not trusted, and we cannot show a trust-form. */
$this->sendResponse($request->answer(FALSE));
}
$trustURL = $this->getStateURL('trust.php', $state);
SimpleSAML_Utilities::redirectTrustedURL($trustURL);
}
if (!$trusted) {
/* The user doesn't trust this site. */
$this->sendResponse($request->answer(FALSE));
}
$response = $request->answer(TRUE, NULL, $identity);
//Process attributes
$attributes = $this->authSource->getAttributes();
foreach ($attributes as $key => $attr) {
if (is_array($attr) && count($attr) === 1) {
$attributes[$key] = $attr[0];
}
}
$pc = new SimpleSAML_Auth_ProcessingChain($this->authProc, array(), 'idp');
$state = array('Attributes' => $attributes, 'isPassive' => TRUE);
$pc->processStatePassive(&$state);
$attributes = $state['Attributes'];
//Process SREG requests
$sreg_resp = Auth_OpenID_SRegResponse::extractResponse($sreg_req, $attributes);
$sreg_resp->toMessage($response->fields);
//Process AX requests
$ax_resp = new Auth_OpenID_AX_FetchResponse();
foreach ($ax_req->iterTypes() as $type_uri) {
if (isset($attributes[$type_uri])) {
$ax_resp->addValue($type_uri, $attributes[$type_uri]);
}
}
$ax_resp->toMessage($response->fields);
/* The user is authenticated, and trusts this site. */
$this->sendResponse($response);
}
private function getUserProfileInfo($response)
{
if (Auth_OpenID_supportsSReg($response->endpoint)) {
$sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response);
$sreg = $sreg_resp->contents();
$email = @$sreg['email'];
$full_name = @$sreg['fullname'];
} else {
//AX
// Get registration informations
$ax = new Auth_OpenID_AX_FetchResponse();
$obj = $ax->fromSuccessResponse($response);
$email = $obj->data["http://axschema.org/contact/email"][0];
if (isset($obj->data["http://axschema.org/namePerson/first"])) {
$full_name = $obj->data["http://axschema.org/namePerson/first"][0] . ' ' . $obj->data["http://axschema.org/namePerson/last"][0];
} else {
$full_name = $obj->data["http://axschema.org/namePerson"][0];
}
}
return array($email, $full_name);
}
//display pape policy return data if available
$response_pape = Auth_OpenID_PAPE_Response::fromSuccessResponse($response);
if ($response_pape) {
//pape policies affected by authentication
if ($response_pape->auth_policies) {
$response_state .= "<br />PAPE returned policies which affected the authentication:";
foreach ($response_pape->auth_policies as $uri) {
$response_state .= '- ' . htmlentities($uri);
}
}
//server authentication age
if ($response_pape->auth_age) {
$response_state .= "<br />PAPE returned server authentication age with the value: " . htmlentities($response_pape->auth_age);
}
//nist authentication level
if ($response_pape->nist_auth_level) {
$response_state .= "<br />PAPE returned server NIST auth level with the value: " . htmlentities($response_pape->nist_auth_level);
}
}
//get attribute exchange return values
$response_ax = new Auth_OpenID_AX_FetchResponse();
$ax_return = $response_ax->fromSuccessResponse($response);
echo "<h1>AX</h1>";
var_dump($ax_return);
foreach ($ax_return->data as $item => $value) {
$response_state .= "<br />AX returned <b>{$item}</b> with the value: <b>{$value[0]}</b>";
}
}
}
}
print $response_state;
/**
* Using this option, we need to redirect to user profile after login
* to update user details as we have no other way of getting this info
* @return type
*/
function openIdLogin()
{
// session_start();
require_once "Auth/OpenID/Consumer.php";
require_once "Auth/OpenID/FileStore.php";
require_once "Auth/OpenID/SReg.php";
require_once "Auth/OpenID/AX.php";
$objAltConfig = $this->getObject('altconfig', 'config');
$modPath = $objAltConfig->getModulePath();
$moduleUri = $objAltConfig->getModuleURI();
$siteRoot = $objAltConfig->getSiteRoot();
$DEFAULT_REDIRECT_ULR = $siteRoot . '?module=security&action=openidloginresult';
$OPENID_AUTH_PAGE = $siteRoot . '?module=security&action=openidlogin';
$OPENID_CALLBACK_PAGE = $siteRoot . '?module=security&action=openidlogin';
$objMkDir = $this->getObject('mkdir', 'files');
$openidPath = $this->objConfig->getcontentBasePath() . '/openid';
$objMkDir->mkdirs($openidPath);
$store = new Auth_OpenID_FileStore($openidPath);
$consumer = new Auth_OpenID_Consumer($store);
$response = $consumer->complete($OPENID_CALLBACK_PAGE);
if ($response->status == Auth_OpenID_SUCCESS) {
$ax = new Auth_OpenID_AX_FetchResponse();
$obj = $ax->fromSuccessResponse($response);
$data = $obj->data;
//this is a workaround because some openid providers, like myopenid.com,
//does not fully support attribute exchange just yet. They're working on it.
//I may update it in the future.
if ($_SESSION['openid_user']) {
$email = $_SESSION['openid_user'];
$_SESSION['openid_user'] = null;
} else {
$email = $data['http://axschema.org/contact/email']['0'];
}
$_SESSION['user'] = $email;
$_SESSION['AUTH'] = true;
$me = array();
$updateDetailsPhrase = $this->objLanguage->languageText("mod_security_updateprofile", 'security');
$me['username'] = $email;
$me['email'] = $email;
$me['first_name'] = $updateDetailsPhrase;
$me['last_name'] = '';
$me['gender'] = 'male';
$me['id'] = mt_rand(1000, 9999) . date('ymd');
return $this->openIdAuth($me);
} else {
$_SESSION['AUTH'] = false;
header('Location: ' . $siteRoot . '?module=security&action=error&message=no_openidconnect&msg=mod_security_problemlogginginwith');
}
}
/**
* Get attributes from OpenID response and populate 'user'-like structure
* If matching user exists then return matching user
*
* @param string $resp - the OpenID response
* @return user object - false on multiple matches, or the matching user object
* _or_ new user object with members:
* username, email, firstname, lastname, country
*/
function openid_resp_to_user(&$resp)
{
$tmp_users = array();
$user = new stdClass();
$sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($resp);
$sreg = $sreg_resp->contents();
if (defined('ADD_AX_SUPPORT')) {
$ax_resp = new Auth_OpenID_AX_FetchResponse();
$ax = $ax_resp->fromSuccessResponse($resp);
}
// We'll attempt to use the user's nickname to set their username
if (isset($sreg['nickname']) && !empty($sreg['nickname']) && !($tmp_users['username'] = get_records('user', 'username', addslashes($sreg['nickname']))) || defined('USE_EMAIL_FOR_USERNAME') && isset($sreg['email']) && !empty($sreg['email']) && !($tmp_users['username_email'] = get_records('user', 'username', $sreg['email']))) {
$user->username = addslashes(isset($sreg['nickname']) && !empty($sreg['nickname']) ? $sreg['nickname'] : $sreg['email']);
} else {
if (defined('ADD_AX_SUPPORT') && (($nickname = get_ax_data(AX_SCHEMA_NICKNAME, $ax)) && !($tmp_users['username'] = get_records('user', 'username', addslashes($nickname))) || defined('USE_EMAIL_FOR_USERNAME') && ($useremail = get_ax_data(AX_SCHEMA_EMAIL, $ax)) && !($tmp_users['username_email'] = get_records('user', 'username', $useremail)))) {
// better to fall-back to email? may show-up in various display blocks
$user->username = addslashes($nickname ? $nickname : $useremail);
} else {
$user->username = openid_normalize_url_as_username($resp->identity_url);
}
}
// SREG fullname
if (isset($sreg['fullname']) && !empty($sreg['fullname'])) {
$name = openid_parse_full_name($sreg['fullname']);
$user->firstname = addslashes($name['first']);
$user->lastname = addslashes($name['last']);
} else {
if (defined('ADD_AX_SUPPORT') && (get_ax_data(AX_SCHEMA_FULLNAME, $ax) || get_ax_data(AX_SCHEMA_LASTNAME, $ax))) {
if (get_ax_data(AX_SCHEMA_LASTNAME, $ax)) {
$user->firstname = addslashes(get_ax_data(AX_SCHEMA_FIRSTNAME, $ax));
$user->lastname = addslashes(get_ax_data(AX_SCHEMA_LASTNAME, $ax));
} else {
// fullname
$name = openid_parse_full_name(get_ax_data(AX_SCHEMA_FULLNAME, $ax));
$user->firstname = addslashes($name['first']);
$user->lastname = addslashes($name['last']);
}
}
}
if (!empty($user->lastname)) {
$tmp_users['fullname'] = get_records_select('user', "firstname = '" . $user->firstname . "' AND lastname = '" . $user->lastname . "'");
}
// SREG email
if (!empty($sreg['email']) && !($tmp_users['email'] = get_records('user', 'email', $sreg['email']))) {
$user->email = addslashes($sreg['email']);
} else {
if (defined('ADD_AX_SUPPORT') && ($useremail = get_ax_data(AX_SCHEMA_EMAIL, $ax)) && !($tmp_users['email'] = get_records('user', 'email', $useremail))) {
$user->email = addslashes($useremail);
}
}
// SREG country
$country = '';
if (isset($sreg['country']) && !empty($sreg['country'])) {
$country = $sreg['country'];
} else {
if (defined('ADD_AX_SUPPORT') && get_ax_data(AX_SCHEMA_COUNTRY, $ax)) {
$country = get_ax_data(AX_SCHEMA_COUNTRY, $ax);
}
}
if (!empty($country)) {
$country_code = strtoupper($country);
$countries = get_list_of_countries();
if (strlen($country) != 2 || !isset($countries[$country_code])) {
$countries_keys = array_keys($countries);
$countries_vals = array_values($countries);
$country_code = array_search($country, $countries_vals);
if ($country_code > 0) {
$country_code = $countries_keys[$country_code];
} else {
$country_code = '';
}
}
if (!empty($country_code)) {
$user->country = $country_code;
}
}
/* We're currently not attempting to get language and timezone values
// SREG language
if (isset($sreg['language']) && !empty($sreg['language'])) {
}
// SREG timezone
if (isset($sreg['timezone']) && !empty($sreg['timezone'])) {
}
*/
$config = get_config('auth/openid');
//error_log("/auth/openid/locallib.php::auth/openid::config=...");
//err_dump($config);
//error_log("/auth/openid/locallib.php::openid_resp_to_user() - check for user matching ...");
//err_dump($user);
// Map OpenID fields to whether field MUST be unique
// TBD: make unique fields configurable im OpenID: auth_config_users.html
// Keys must match keys in tmp_users[] array - set above.
$openid_fields = array('email' => 1, 'fullname' => 0, 'username' => 0, 'username_email' => 1);
foreach ($openid_fields as $openid_field => $field_unique) {
$match_array = str_word_count($config->auth_openid_match_fields, 1, '_');
$num = !empty($match_array) ? 1 : 0;
if ($field_unique && !empty($tmp_users[$openid_field]) && count($tmp_users[$openid_field]) > $num) {
//error_log("/auth/openid/locallib.php::openid_resp_to_user() - multiple matches on count(tmp_users[{$openid_field}])=".count($tmp_users[$openid_field])." ...");
//err_dump($tmp_users[$openid_field]);
//error_log("> match_array=...");
//err_dump($match_array);
return false;
}
}
$matching_user = null;
// check tmp_users[] matches for valid existing user,
// return false if conflicts between matching fields
if (!empty($config->auth_openid_match_fields)) {
$openid_match_fields = explode(',', $config->auth_openid_match_fields);
foreach ($openid_match_fields as $match_field) {
$match_field = trim($match_field);
if (!empty($tmp_users[$match_field]) && count($tmp_users[$match_field]) == 1) {
if (!$matching_user) {
$matching_user = reset($tmp_users[$match_field]);
} else {
if ($openid_fields[$match_field] && $matching_user->id != reset($tmp_users[$match_field])->id) {
// unique field matches different user!
return false;
}
}
}
}
}
if (!empty($matching_user)) {
merge_user_fields($matching_user, $user);
//error_log( "openid_resp_to_user() - merged matching user: ");
//err_dump($matching_user);
return $matching_user;
}
return $user;
}
function run()
{
$consumer = getConsumer();
// Complete the authentication process using the server's
// response.
$return_to = getReturnTo();
$response = $consumer->complete($return_to);
// Check the response status.
if ($response->status == Auth_OpenID_CANCEL) {
// This means the authentication was cancelled.
$msg = gettext('Verification cancelled.');
} else {
if ($response->status == Auth_OpenID_FAILURE) {
// Authentication failed; display the error message.
$msg = sprintf(gettext("OpenID authentication failed: %s"), $response->message);
} else {
if ($response->status == Auth_OpenID_SUCCESS) {
// This means the authentication succeeded; extract the
// identity URL and Simple Registration data (if it was
// returned).
$openid = $response->getDisplayIdentifier();
$esc_identity = escape($openid);
$success = sprintf(gettext('You have successfully verified <a href="%s">%s</a> as your identity.'), $esc_identity, $esc_identity);
if ($response->endpoint->canonicalID) {
$escaped_canonicalID = escape($response->endpoint->canonicalID);
$success .= ' (XRI CanonicalID: ' . $escaped_canonicalID . ') ';
}
$email = $name = NULL;
$sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response);
$sreg = $sreg_resp->contents();
if ($sreg) {
if (@$sreg['email']) {
$email = trim($sreg['email']);
}
if (@$sreg['nickname']) {
$name = $sreg['nickname'];
}
if (@$sreg['fullname']) {
$name = $sreg['fullname'];
}
}
$ax_resp = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($response);
if ($ax_resp) {
$arr_ax_resp = get_object_vars($ax_resp);
$arr_ax_data = $arr_ax_resp['data'];
if (empty($email) && isset($arr_ax_data["http://axschema.org/contact/email"]) && count($arr_ax_data["http://axschema.org/contact/email"]) > 0) {
$email = $arr_ax_data["http://axschema.org/contact/email"][0];
}
if (empty($name) && isset($arr_ax_data["http://axschema.org/namePerson"]) && count($arr_ax_data["http://axschema.org/namePerson"]) > 0) {
$name = $arr_ax_data["http://axschema.org/namePerson"][0];
}
if (empty($name)) {
$name_first = '';
$name_middle = '';
$name_last = '';
if (isset($arr_ax_data["http://axschema.org/namePerson/first"]) && count($arr_ax_data["http://axschema.org/namePerson/first"]) > 0) {
$name_first = $arr_ax_data["http://axschema.org/namePerson/first"][0];
}
if (isset($arr_ax_data["http://axschema.org/namePerson/middle"]) && count($arr_ax_data["http://axschema.org/namePerson/middle"]) > 0) {
$name_middle = $arr_ax_data["http://axschema.org/namePerson/middle"][0];
}
if (isset($arr_ax_data["http://axschema.org/namePerson/last"]) && count($arr_ax_data["http://axschema.org/namePerson/last"]) > 0) {
$name_last = $arr_ax_data["http://axschema.org/namePerson/last"][0];
}
$fullname = trim(trim(trim($name_first) . ' ' . $name_middle) . ' ' . $name_last);
if (!empty($fullname)) {
$name = $fullname;
}
}
if (empty($name) && isset($arr_ax_data["http://axschema.org/namePerson/friendly"]) && count($arr_ax_data["http://axschema.org/namePerson/friendly"]) > 0) {
$name = $arr_ax_data["http://axschema.org/namePerson/friendly"][0];
}
}
$userid = trim(str_replace(array('http://', 'https://'), '', $openid), '/');
// always remove the protocol
$pattern = @$_SESSION['OpenID_cleaner_pattern'];
if ($pattern) {
if (preg_match($pattern, $userid, $matches)) {
$userid = $matches[1];
}
}
$provider = @$_SESSION['provider'];
if (strlen($userid) + strlen($provider) > 63) {
$userid = sha1($userid);
}
if ($provider) {
$userid = $provider . ':' . $userid;
}
$redirect = @$_SESSION['OpenID_redirect'];
$success .= logonFederatedCredentials($userid, $email, $name, $redirect);
}
}
}
return $success;
}
/**
* Finish up authentication.
*
* @access public
* @return string
*/
public function finish_auth()
{
$msg = $error = $success = '';
$consumer = $this->_get_consumer();
// Complete the authentication process using the server's response.
$response = $consumer->complete($this->_get_self());
// Check the response status.
if ($response->status == Auth_OpenID_CANCEL) {
$data = $this->_throw_error(OPENID_RETURN_CANCEL);
} else {
if ($response->status == Auth_OpenID_FAILURE) {
$data = $this->_throw_error(OPENID_RETURN_FAILURE, $response->message);
} else {
if ($response->status == Auth_OpenID_SUCCESS) {
// if AX
$ax_resp = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($response);
if ($response->endpoint->used_yadis && $ax_resp) {
$data = $ax_resp->data;
$new_data = array();
foreach ($data as $i => $item) {
if (array_key_exists($i, $this->ax_aliases)) {
$new_data[$this->ax_aliases[$i]] = $item;
} else {
$new_data[$i] = $item;
}
}
$data = $new_data;
} else {
$sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response);
$data = $sreg_resp->contents();
}
}
}
}
// if handling a popup request
if ($this->ci->session->userdata('_openid_popup')) {
$this->ci->session->unset_userdata('_openid_popup');
// store the data in a session
$this->ci->session->set_userdata('_openid_data', $data);
// close the popup
include OPENID_DIRECTORY . 'EasyOpenID_close.php';
die;
} else {
return $data;
}
}
public function executeTrust(sfWebRequest $request)
{
opApplicationConfiguration::registerJanRainOpenID();
require_once 'Auth/OpenID/Server.php';
require_once 'Auth/OpenID/FileStore.php';
require_once 'Auth/OpenID/SReg.php';
require_once 'Auth/OpenID/AX.php';
$info = unserialize($_SESSION['request']);
$this->forward404Unless($info);
$trusted = $request->hasParameter('trust') || $request->hasParameter('permanent');
if (!$trusted) {
unset($_SESSION['request']);
$url = $info->getCancelURL();
$this->redirect($url);
}
$reqUrl = $this->getController()->genUrl('OpenID/member?id=' . $this->getUser()->getMemberId(), true);
if (!$info->idSelect()) {
$this->forward404Unless($reqUrl === $info->identity, 'request:' . $reqUrl . '/identity:' . $info->identity);
}
unset($_SESSION['request']);
$server = new Auth_OpenID_Server(new Auth_OpenID_FileStore(sfConfig::get('sf_cache_dir')), $info->identity);
$response = $info->answer(true, null, $reqUrl);
$sregRequest = Auth_OpenID_SRegRequest::fromOpenIDRequest($info);
$axRequest = Auth_OpenID_AX_FetchRequest::fromOpenIDRequest($info);
$allowedProfiles = $request->getParameter('profiles', array());
$requiredProfiles = $this->createListOfRequestedProfiles($sregRequest, $axRequest);
$rejectedProfiles = array_diff_key($requiredProfiles, array_flip($allowedProfiles));
if (in_array(true, $rejectedProfiles)) {
$url = $info->getCancelURL();
$this->redirect($url);
}
if ($sregRequest) {
$sregExchange = new opOpenIDProfileExchange('sreg', $this->getUser()->getMember());
$sregResp = Auth_OpenID_SRegResponse::extractResponse($sregRequest, $sregExchange->getData($allowedProfiles));
$response->addExtension($sregResp);
}
if ($axRequest && !$axRequest instanceof Auth_OpenID_AX_Error) {
$axResp = new Auth_OpenID_AX_FetchResponse();
$axExchange = new opOpenIDProfileExchange('ax', $this->getUser()->getMember());
$userData = $axExchange->getData($allowedProfiles);
foreach ($axRequest->requested_attributes as $k => $v) {
if (!empty($userData[$k])) {
$axResp->addValue($k, $userData[$k]);
}
}
$response->addExtension($axResp);
}
$log = Doctrine::getTable('OpenIDTrustLog')->log($info->trust_root, $this->getUser()->getMemberId());
if ($request->hasParameter('permanent')) {
$log->is_permanent = true;
$log->save();
}
$response = $server->encodeResponse($response);
return $this->writeResponse($response);
}
/**
* Process an authentication response.
*
* @param array &$state The state array.
*/
public function postAuth(array &$state)
{
$consumer = $this->getConsumer($state);
$return_to = SimpleSAML_Utilities::selfURL();
// Complete the authentication process using the server's
// response.
$response = $consumer->complete($return_to);
// Check the response status.
if ($response->status == Auth_OpenID_CANCEL) {
// This means the authentication was cancelled.
throw new SimpleSAML_Error_UserAborted();
} else {
if ($response->status == Auth_OpenID_FAILURE) {
// Authentication failed; display the error message.
throw new SimpleSAML_Error_AuthSource($this->authId, 'Authentication failed: ' . var_export($response->message, TRUE));
} else {
if ($response->status != Auth_OpenID_SUCCESS) {
throw new SimpleSAML_Error_AuthSource($this->authId, 'General error. Try again.');
}
}
}
// This means the authentication succeeded; extract the
// identity URL and Simple Registration data (if it was
// returned).
$openid = $response->identity_url;
$attributes = array('openid' => array($openid));
$attributes['openid.server_url'] = array($response->endpoint->server_url);
if ($response->endpoint->canonicalID) {
$attributes['openid.canonicalID'] = array($response->endpoint->canonicalID);
}
if ($response->endpoint->local_id) {
$attributes['openid.local_id'] = array($response->endpoint->local_id);
}
$sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response, $this->validateSReg);
$sregresponse = $sreg_resp->contents();
if (is_array($sregresponse) && count($sregresponse) > 0) {
$attributes['openid.sregkeys'] = array_keys($sregresponse);
foreach ($sregresponse as $sregkey => $sregvalue) {
$attributes['openid.sreg.' . $sregkey] = array($sregvalue);
}
}
// Get AX response information
$ax = new Auth_OpenID_AX_FetchResponse();
$ax_resp = $ax->fromSuccessResponse($response);
if ($ax_resp instanceof Auth_OpenID_AX_FetchResponse && !empty($ax_resp->data)) {
$axresponse = $ax_resp->data;
$attributes['openid.axkeys'] = array_keys($axresponse);
foreach ($axresponse as $axkey => $axvalue) {
if (preg_match("/^\\w+:/", $axkey)) {
$attributes[$axkey] = is_array($axvalue) ? $axvalue : array($axvalue);
} else {
SimpleSAML_Logger::warning('Invalid attribute name in AX response: ' . var_export($axkey, TRUE));
}
}
}
SimpleSAML_Logger::debug('OpenID Returned Attributes: ' . implode(", ", array_keys($attributes)));
$state['Attributes'] = $attributes;
SimpleSAML_Auth_Source::completeAuth($state);
}
/**
* Returns null and sets a flash message on all errors.
**/
static function finishAuth()
{
$consumer = self::getConsumer();
$return_to = self::getReturnTo();
$response = $consumer->complete($return_to);
if ($response->status == Auth_OpenID_CANCEL) {
FlashMessage::add('Verificare anulată.');
return null;
} else {
if ($response->status == Auth_OpenID_FAILURE) {
FlashMessage::add('Verificarea a eșuat: ' . $response->message);
return null;
} else {
if ($response->status == Auth_OpenID_SUCCESS) {
$result = array();
$result['identity'] = htmlentities($response->getDisplayIdentifier());
if ($response->endpoint->canonicalID) {
$escaped_canonicalID = htmlentities($response->endpoint->canonicalID);
// Ignored for now
}
$sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response);
if ($sreg_resp) {
$sreg = $sreg_resp->contents();
if (isset($sreg['email'])) {
$result['email'] = $sreg['email'];
}
if (isset($sreg['nickname'])) {
$result['nickname'] = $sreg['nickname'];
}
if (isset($sreg['fullname'])) {
$result['fullname'] = $sreg['fullname'];
}
}
$ax_resp = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($response);
if ($ax_resp) {
$data = $ax_resp->data;
if (isset($data['http://axschema.org/contact/email']) && count($data['http://axschema.org/contact/email'])) {
$result['email'] = $data['http://axschema.org/contact/email'][0];
// Take this over sreg
}
if (isset($data['http://axschema.org/namePerson']) && count($data['http://axschema.org/namePerson'])) {
$result['fullname'] = $data['http://axschema.org/namePerson'][0];
}
$names = array();
if (isset($data['http://axschema.org/namePerson/first']) && count($data['http://axschema.org/namePerson/first'])) {
$names[] = $data['http://axschema.org/namePerson/first'][0];
}
if (isset($data['http://axschema.org/namePerson/last']) && count($data['http://axschema.org/namePerson/last'])) {
$names[] = $data['http://axschema.org/namePerson/last'][0];
}
if (count($names)) {
$result['fullname'] = implode(' ', $names);
}
}
return $result;
}
}
}
}
/**
* Iff user was authenticated (at URL returned by getLoginUrl),
* returns associative array that WILL contain user's Harvard email
* address (mail) and that MAY contain user's name (displayName).
*
* @param return_to URL to which CS50 ID returned user
*
* @return user as associative array
*/
public static function getUser($return_to)
{
// ignore Janrain's use of deprecated functions
$error_reporting = error_reporting();
error_reporting($error_reporting & ~E_DEPRECATED);
// load Janrain's libary
set_include_path(get_include_path() . PATH_SEPARATOR . dirname(__FILE__) . DIRECTORY_SEPARATOR . "share" . DIRECTORY_SEPARATOR . "php-openid-2.3.0");
require_once "Auth/OpenID/AX.php";
require_once "Auth/OpenID/Consumer.php";
require_once "Auth/OpenID/FileStore.php";
require_once "Auth/OpenID/SReg.php";
// ensure $_SESSION exists for Yadis
@session_start();
// prepare filesystem-based store
$path = sys_get_temp_dir() . DIRECTORY_SEPARATOR . md5($return_to);
@mkdir($path, 0700);
if (!is_dir($path)) {
trigger_error("Could not create {$path}", E_USER_ERROR);
}
if (!is_readable($path)) {
trigger_error("Could not read from {$path}", E_USER_ERROR);
}
if (!is_writable($path)) {
trigger_error("Could not write to {$path}", E_USER_ERROR);
}
$store = new Auth_OpenID_FileStore($path);
// get response
$consumer = new Auth_OpenID_Consumer($store);
$response = $consumer->complete($return_to);
if ($response->status == Auth_OpenID_SUCCESS) {
// get user's identity
$user = ["identity" => $response->identity_url];
// get Simple Registration fields, if any
if ($sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response)) {
$user = array_merge($user, $sreg_resp->contents());
}
// get Attribute Exchange attributes, if any
if ($ax_resp = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($response)) {
$user = array_merge($user, $ax_resp->data);
}
}
// restore error_reporting
error_reporting($error_reporting);
// return user unless error
return isset($user) ? $user : false;
}
/**
* Called when returning from the authentication server
* Find the user with the given openid, if any or displays the "Choose name"
* form
*/
function finish() {
global $wgOut, $wgUser, $wgOpenIDUseEmailAsNickname;
wfSuppressWarnings();
$consumer = $this->getConsumer();
$response = $consumer->complete( $this->scriptUrl( 'Finish' ) );
wfRestoreWarnings();
if ( is_null( $response ) ) {
wfDebug( "OpenID: aborting in auth because no response was recieved\n" );
$wgOut->showErrorPage( 'openiderror', 'openiderrortext' );
return;
}
switch ( $response->status ) {
case Auth_OpenID_CANCEL:
// This means the authentication was cancelled.
$wgOut->showErrorPage( 'openidcancel', 'openidcanceltext' );
break;
case Auth_OpenID_FAILURE:
wfDebug( "OpenID: error message '" . $response->message . "'\n" );
$wgOut->showErrorPage( 'openidfailure', 'openidfailuretext',
array( ( $response->message ) ? $response->message : '' ) );
break;
case Auth_OpenID_SUCCESS:
// This means the authentication succeeded.
wfSuppressWarnings();
$openid = $response->identity_url;
if ( !$this->canLogin( $openid ) ) {
$wgOut->showErrorPage( 'openidpermission', 'openidpermissiontext' );
return;
}
$sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse( $response );
$sreg = $sreg_resp->contents();
$ax_resp = Auth_OpenID_AX_FetchResponse::fromSuccessResponse( $response );
$ax = $ax_resp->data;
wfRestoreWarnings();
if ( is_null( $openid ) ) {
wfDebug( "OpenID: aborting in auth success because identity URL is missing\n" );
$wgOut->showErrorPage( 'openiderror', 'openiderrortext' );
return;
}
$user = self::getUserFromUrl( $openid );
if ( $user instanceof User ) {
$this->updateUser( $user, $sreg, $ax ); # update from server
$wgUser = $user;
$this->displaySuccessLogin( $openid );
} else {
// if we are hardcoding nickname, and a valid e-mail address was returned, create a user with this name
if ( $wgOpenIDUseEmailAsNickname ) {
$name = $this->getNameFromEmail( $openid, $sreg, $ax );
if ( !empty( $name ) && $this->userNameOk( $name ) ) {
$wgUser = $this->createUser( $openid, $sreg, $ax, $name );
$this->displaySuccessLogin( $openid );
return;
}
}
$this->saveValues( $openid, $sreg, $ax );
$this->chooseNameForm( $openid, $sreg, $ax );
return;
}
}
}
function test_fromSuccessResponse()
{
$name = "ziggy";
$value = "stardust";
$uri = "http://david.bowie.name/";
$args = array('mode' => 'id_res', 'ns' => Auth_OpenID_OPENID2_NS, 'ns.ax' => Auth_OpenID_AX_NS_URI, 'ax.mode' => 'fetch_response', 'ax.update_url' => 'http://example.com/realm/update_path', 'ax.type.' . $name => $uri, 'ax.count.' . $name => '1', 'ax.value.' . $name . '.1' => $value);
$sf = array();
foreach (array_keys($args) as $k) {
array_push($sf, $k);
}
$msg = Auth_OpenID_Message::fromOpenIDArgs($args);
$e = new FauxEndpoint();
$resp = new Auth_OpenID_SuccessResponse($e, $msg, $sf);
$ax_resp = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($resp, false);
$this->assertFalse($ax_resp === null);
$this->assertTrue(is_a($ax_resp, 'Auth_OpenID_AX_FetchResponse'));
$values = $ax_resp->get($uri);
$this->assertEquals(array($value), $values);
}
/**
* Verifies a given signed assertion.
* @param &Attribute_Verifier &$attributeVerifier - An instance of the class
passed for the verification.
* @param Auth_OpenID_Response - Response object for extraction.
* @return boolean - true if successful, false if verification fails.
*/
function verifyAssertion(&$attributeVerifier, $response)
{
$ax_resp = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($response);
if ($ax_resp instanceof Auth_OpenID_AX_FetchResponse) {
$ax_args = $ax_resp->getExtensionArgs();
if ($ax_args) {
$value = base64_decode($ax_args['value.ext1.1']);
if ($attributeVerifier->verify($value)) {
return base64_decode($ax_args['value.ext0.1']);
} else {
return null;
}
} else {
return null;
}
} else {
return null;
}
}
