function handle_webfinger_discovery()
{
$principal = $_REQUEST['resource'];
$service = $_REQUEST['rel'];
if (!$principal && !$service) {
log_error('Discovery : no principal or service');
header('HTTP/1.0 400 Bad Request');
exit;
}
if ($service && $service != 'http://openid.net/specs/connect/1.0/issuer') {
log_error('Discovery : invalid service');
header('HTTP/1.0 400 Bad Request');
exit;
}
$hosts = array(OP_SERVER_NAME, OP_PROTOCOL . OP_SERVER_NAME, OP_PROTOCOL . OP_SERVER_NAME . OP_PORT);
$providers = db_get_providers();
if ($providers) {
foreach ($providers as $provider) {
array_push($hosts, $provider['issuer']);
}
}
if ($principal && substr($principal, 0, 5) == 'acct:') {
$principal = substr($principal, 5);
}
$at = strpos($principal, '@');
if ($at !== false) {
if ($at == 0) {
// XRI
header('HTTP/1.0 400 Bad Request');
log_error('Discovery : principal is a XRI');
exit;
}
// process email address
list($principal, $domain) = explode('@', $principal);
$port_pos = strpos($domain, ':');
if ($port_pos !== false) {
$domain = substr($domain, 0, $port_pos);
}
$domain_parts = explode('.', $domain);
$server_parts = explode('.', OP_SERVER_NAME);
// check to see domain matches
$domain_start = count($domain_parts) - 1;
$server_start = count($server_parts) - 1;
for ($i = $domain_start, $j = $server_start; $i >= 0 && $j >= 0; $i--, $j--) {
if (strcasecmp($domain_parts[$i], $server_parts[$j]) != 0) {
header('HTTP/1.0 400 Bad Request');
log_error('Discovery : email domains do not match');
exit;
}
}
} else {
// process URL
$pos = strpos($principal, '#');
if ($pos !== false) {
$principal = substr($principal, 0, $pos);
}
$parts = parse_url($principal);
if (!$parts) {
log_error('Discovery : unparseable URL');
header('HTTP/1.0 400 Bad Request');
exit;
}
$host = $parts['host'];
$port = $parts['port'] ? ':' . $parts['port'] : '';
$issuer = OP_PROTOCOL . "{$host}{$port}";
if (isset($parts['path'])) {
if ($parts['path'] == '/') {
$principal = $issuer;
} else {
$principal = substr($parts['path'], 1);
log_debug("principal = %s", $principal);
}
} else {
$principal = $issuer;
}
}
if (!in_array($principal, $hosts) && !db_get_user($principal)) {
log_error("Discovery : no such user or host\nprincipal = %s hosts = %s", $principal, print_r($hosts, true));
header('HTTP/1.0 400 Bad Request');
exit;
}
send_webfinger_discovery($_REQUEST['resource']);
}
<img src="<?php
echo RP_PATH;
?>
/openid_connect.png" style="width:100%">
<div style="background-color:#dddddd;">
OpenID Connect Core Draft 17
<form name='op_form' method='post' action='<?php
echo RP_INDEX_PAGE;
?>
/start'>
Select your OP :
<select size="1" name='provider'>
<option selected value=''>Select OP</option>\n";
<?php
$providers = db_get_providers();
foreach ($providers as $provider) {
if ($_SESSION['provider_name'] == $provider['name']) {
$selected = 'selected';
} else {
$selected = '';
}
echo "<option {$selected}>" . $provider['name'] . "</option>\n";
}
?>
</select> <br/>
or Enter OP URL : <input type='text' name='identifier' value=''>
<?php
echo generate_tab_html();
?>