/**
* Determine if the current user trusts the the relying party of the OpenID authentication request.
*
* @uses do_action() Calls the 'openid_server_trust_form' hook action when displaying the trust form.
* @uses do_action() Calls the 'openid_server_trust_submit' hook action when processing the submitted trust form.
* @uses apply_filters() Calls 'openid_server_store_trusted_site' before storing trusted site data.
*/
function openid_server_user_trust($request)
{
$user = wp_get_current_user();
if ($_REQUEST['openid_trust']) {
$trust = null;
if ($_REQUEST['openid_trust'] == 'cancel') {
$trust = false;
} else {
check_admin_referer('openid-server_trust');
$trust = true;
}
do_action('openid_server_trust_submit', $trust, $request);
if ($trust) {
// store trusted site (unless hidden constant is set)
if (!defined('OPENID_NO_AUTO_TRUST') || !OPENID_NO_AUTO_TRUST) {
$site = array('url' => $request->trust_root, 'last_login' => time());
$site = apply_filters('openid_server_store_trusted_site', $site);
$trusted_sites = get_usermeta($user->ID, 'openid_trusted_sites');
$site_hash = md5($request->trust_root);
$trusted_sites[$site_hash] = $site;
update_usermeta($user->ID, 'openid_trusted_sites', $trusted_sites);
}
}
return $trust;
} else {
// prompt the user to make a trust decision
@session_start();
$_SESSION['openid_server_request'] = $request;
ob_start();
echo '
<style type="text/css">
#banner { margin-bottom: 4em; }
#banner #site { float: left; color: #555; }
#banner #loggedin { font-size: 0.7em; float: right; }
p.trust_form_add {
margin: 3em auto 1em; padding: 0.5em; border: 1px solid #999; background: #FFEBE8; width: 80%; font-size: 0.8em; -moz-border-radius: 3px;
}
#submit { font-size: 18px; padding: 10px 35px; margin-left: 1em; }
</style>
<div id="banner">
<div id="site">' . get_option('blogname') . '</div>';
if (is_user_logged_in()) {
$user = wp_get_current_user();
$logout_url = site_url('wp-login.php?action=logout&redirect_to=' . urlencode(site_url('?openid_server=1')), 'login');
echo '
<div id="loggedin">' . sprintf(__('Logged in as %1$s (%2$s). <a href="%3$s">Use a different account?</a>', 'openid'), $user->display_name, $user->user_login, $logout_url) . '</div>';
}
echo '
</div>
<form action="' . trailingslashit(get_option('siteurl')) . '?openid_server=1" method="post">
<h1>' . __('Verify Your Identity', 'openid') . '</h1>
<p style="margin: 1.5em 0 1em 0;">' . sprintf(__('%s has asked to verify your identity.', 'openid'), '<strong>' . $request->trust_root . '</strong>') . '</p>
<p style="margin: 1em 0;">' . __('Click <strong>Continue</strong> to verify your identity and login without creating a new password.', 'openid') . '</p>';
do_action('openid_server_trust_form');
echo '
<p class="submit" style="text-align: center; margin-top: 2.4em;">
<a href="' . trailingslashit(get_option('site_url')) . '?openid_server=1&openid_trust=cancel">' . __('Cancel and go back', 'openid') . '</a>
<input type="submit" id="submit" name="openid_trust" value="' . __('Continue', 'openid') . '" />
</p>
<p style="margin: 3em 0 1em 0; font-size: 0.8em;">' . sprintf(__('Manage or remove access on the <a href="%s" target="_blank">Trusted Sites</a> page.', 'openid'), admin_url((current_user_can('edit_users') ? 'users.php' : 'profile.php') . '?page=openid_trusted_sites')) . '</p>
<p style="margin: 1em 0; font-size: 0.8em;">' . sprintf(__('<a href="%s" target="_blank">Edit your profile</a> to change the information that gets shared with Trusted Sites.', 'openid'), admin_url('profile.php')) . '</p>
';
wp_nonce_field('openid-server_trust', '_wpnonce', true);
echo '
</form>';
$html = ob_get_contents();
ob_end_clean();
openid_page($html, __('Verify Your Identity', 'openid'));
}
}
function openid_repost_comment_anonymously($post)
{
$comment_page = defined('OPENID_COMMENTS_POST_PAGE') ? OPENID_COMMENTS_POST_PAGE : 'wp-comments-post.php';
$html = '
<h1>' . __('OpenID Authentication Error', 'openid') . '</h1>
<p id="error">' . __('We were unable to authenticate your claimed OpenID, however you ' . 'can continue to post your comment without OpenID:', 'openid') . '</p>
<form action="' . site_url("/{$comment_page}") . '" method="post">
<p>Name: <input name="author" value="' . $post['author'] . '" /></p>
<p>Email: <input name="email" value="' . $post['email'] . '" /></p>
<p>URL: <input name="url" value="' . $post['url'] . '" /></p>
<textarea name="comment" cols="80%" rows="10">' . stripslashes($post['comment']) . '</textarea>
<input type="submit" name="submit" value="' . __('Submit Comment') . '" />
<input type="hidden" name="openid_skip" value="1" />';
foreach ($post as $name => $value) {
if (!in_array($name, array('author', 'email', 'url', 'comment', 'submit'))) {
$html .= '
<input type="hidden" name="' . $name . '" value="' . $value . '" />';
}
}
$html .= '</form>';
openid_page($html, __('OpenID Authentication Error', 'openid'));
}
/**
* Send HTTP post through the user-agent. If javascript is not supported, the
* user will need to click on a "continue" button.
*
* @param string $action form action (URL to POST form to)
* @param array $parameters key-value pairs of parameters to include in the form
* @uses do_action() Calls 'openid_page_head' hook action
*/
function openid_repost($action, $parameters)
{
$html = '
<noscript><p>' . __('Since your browser does not support JavaScript, you must press the Continue button once to proceed.', 'openid') . '</p></noscript>
<form action="' . $action . '" method="post">';
foreach ($parameters as $k => $v) {
if ($k == 'submit') {
continue;
}
$html .= "\n" . '<input type="hidden" name="' . $k . '" value="' . htmlspecialchars(stripslashes($v), ENT_COMPAT, get_option('blog_charset')) . '" />';
}
$html .= '
<noscript><div><input type="submit" value="' . __('Continue') . '" /></div></noscript>
</form>
<script type="text/javascript">
document.write("<h2>' . __('Please Wait...', 'openid') . '</h2>");
document.forms[0].submit()
</script>';
openid_page($html, __('OpenID Authentication Redirect', 'openid'));
}
/**
* Remove identity URL from current user account.
*
* @param int $id id of identity URL to remove
*/
function openid_profile_delete_openids($delete)
{
if (empty($delete) || $_REQUEST['cancel']) {
return;
}
check_admin_referer('openid-delete_openids');
$user = wp_get_current_user();
$urls = get_user_openids($user->ID);
if (sizeof($urls) == sizeof($delete) && !$_REQUEST['confirm']) {
$html = '
<h1>' . __('OpenID Warning', 'openid') . '</h1>
<form action=' . sprintf('%s?page=%s', $_SERVER['PHP_SELF'], $_REQUEST['page']) . ' method="post">
<p>' . __('Are you sure you want to delete all of your OpenID associations? Doing so may prevent you from logging in.', 'openid') . '</p>
<div class="submit">
<input type="submit" name="confirm" value="' . __("Yes I'm sure. Delete.", 'openid') . '" />
<input type="submit" name="cancel" value="' . __("No, don't delete.", 'openid') . '" />
</div>';
foreach ($delete as $d) {
$html .= '<input type="hidden" name="delete[]" value="' . $d . '" />';
}
$html .= wp_nonce_field('openid-delete_openids', '_wpnonce', true, false) . '
<input type="hidden" name="action" value="delete" />
</form>';
openid_page($html, __('OpenID Warning', 'openid'));
return;
}
$count = 0;
foreach ($urls as $url) {
if (in_array(md5($url), $_REQUEST['delete'])) {
if (openid_drop_identity($user->ID, $url)) {
$count++;
}
}
}
if ($count) {
openid_message(sprintf(__('Deleted %1$s OpenID association%2$s.', 'openid'), $count, $count > 1 ? 's' : ''));
openid_status('success');
// ensure that profile URL is still a verified OpenID
set_include_path(dirname(__FILE__) . PATH_SEPARATOR . get_include_path());
require_once 'Auth/OpenID.php';
@(include_once ABSPATH . WPINC . '/registration.php');
// WP < 2.3
@(include_once ABSPATH . 'wp-admin/includes/admin.php');
// WP >= 2.3
if (!openid_ensure_url_match($user)) {
$identities = get_user_openids($user->ID);
wp_update_user(array('ID' => $user->ID, 'user_url' => $identities[0]));
openid_message(openid_message() . '<br />' . __('<strong>Note:</strong> For security reasons, your profile URL has been updated to match your OpenID.', 'openid'));
}
return;
}
openid_message(__('OpenID association delete failed: Unknown reason.', 'openid'));
openid_status('error');
}
