/**
* Write the jsConnect string for single sign on.
*
* @param array $User An array containing information about the currently signed on user. If no user is signed in then this should be an empty array.
* @param array $Request An array of the $_GET request.
* @param string $ClientID The string client ID that you set up in the jsConnect settings page.
* @param string $Secret The string secred that you set up in the jsConnect settings page.
* @param string|bool $Secure Whether or not to check for security. This is one of these values.
* - true: Check for security and sign the response with an md5 hash.
* - false: Don't check for security, but sign the response with an md5 hash.
* - string: Check for security and sign the response with the given hash algorithm. See hash_algos() for what your server can support.
* - null: Don't check for security and don't sign the response.
* @since 1.1b Added the ability to provide a hash algorithm to $Secure.
*/
function writeJsConnect($User, $Request, $ClientID, $Secret, $Secure = true)
{
$User = array_change_key_case($User);
// Error checking.
if ($Secure) {
// Check the client.
if (!isset($Request['client_id'])) {
$Error = ['error' => 'invalid_request', 'message' => 'The client_id parameter is missing.'];
} elseif ($Request['client_id'] != $ClientID) {
$Error = ['error' => 'invalid_client', 'message' => "Unknown client {$Request['client_id']}."];
} elseif (!isset($Request['timestamp']) && !isset($Request['signature'])) {
if (is_array($User) && count($User) > 0) {
// This isn't really an error, but we are just going to return public information when no signature is sent.
$Error = ['name' => $User['name'], 'photourl' => @$User['photourl']];
} else {
$Error = ['name' => '', 'photourl' => ''];
}
} elseif (!isset($Request['timestamp']) || !is_numeric($Request['timestamp'])) {
$Error = ['error' => 'invalid_request', 'message' => 'The timestamp parameter is missing or invalid.'];
} elseif (!isset($Request['signature'])) {
$Error = ['error' => 'invalid_request', 'message' => 'Missing signature parameter.'];
} elseif (($Diff = abs($Request['timestamp'] - jsTimestamp())) > JS_TIMEOUT) {
$Error = ['error' => 'invalid_request', 'message' => 'The timestamp is invalid.'];
} else {
// Make sure the timestamp hasn't timed out.
$Signature = jsHash($Request['timestamp'] . $Secret, $Secure);
if ($Signature != $Request['signature']) {
$Error = ['error' => 'access_denied', 'message' => 'Signature invalid.'];
}
}
}
if (isset($Error)) {
$Result = $Error;
} elseif (is_array($User) && count($User) > 0) {
if ($Secure === null) {
$Result = $User;
} else {
$Result = signJsConnect($User, $ClientID, $Secret, $Secure, true);
}
} else {
$Result = ['name' => '', 'photourl' => ''];
}
$Json = json_encode($Result);
if (isset($Request['callback'])) {
safeHeader('Content-Type: application/javascript');
echo "{$Request['callback']}({$Json})";
} else {
safeHeader('Content-Type: application/json');
echo $Json;
}
}
public static function connectUrl($Provider, $Secure = FALSE, $Callback = TRUE)
{
if (!is_array($Provider)) {
$Provider = self::getProvider($Provider);
}
if (!is_array($Provider)) {
return FALSE;
}
$Url = $Provider['AuthenticateUrl'];
$Query = array('client_id' => $Provider['AuthenticationKey']);
if ($Secure) {
include_once dirname(__FILE__) . '/functions.jsconnect.php';
$Query['timestamp'] = jsTimestamp();
$Query['signature'] = jsHash($Query['timestamp'] . $Provider['AssociationSecret'], GetValue('HashType', $Provider));
}
if ($Target = Gdn::Request()->Get('Target')) {
$Query['Target'] = $Target;
} else {
$Query['Target'] = '/' . ltrim(Gdn::Request()->Path(), '/');
}
if (StringBeginsWith($Query['Target'], '/entry/signin')) {
$Query['Target'] = '/';
}
$Result = $Url . (strpos($Url, '?') === FALSE ? '?' : '&') . http_build_query($Query);
if ($Callback) {
$Result .= '&callback=?';
}
return $Result;
}
