/**
* Authenticate user to WordPress using OpenID.
*
* @param mixed $user authenticated user object, or WP_Error or null
*/
function openid_authenticate($user)
{
if (array_key_exists('openid_identifier', $_POST) && $_POST['openid_identifier']) {
$redirect_to = array_key_exists('redirect_to', $_REQUEST) ? $_REQUEST['redirect_to'] : null;
openid_start_login($_POST['openid_identifier'], 'login', $redirect_to);
// if we got this far, something is wrong
global $error;
$error = openid_message();
$user = new WP_Error('openid_login_error', $error);
} else {
if (array_key_exists('finish_openid', $_REQUEST)) {
$identity_url = $_REQUEST['identity_url'];
if (!wp_verify_nonce($_REQUEST['_wpnonce'], 'openid_login_' . md5($identity_url))) {
$user = new WP_Error('openid_login_error', __('Error during OpenID authentication. Please try again. (invalid nonce)', 'openid'));
}
if ($identity_url) {
$user_id = get_user_by_openid($identity_url);
if ($user_id) {
$user = new WP_User($user_id);
} else {
$user = new WP_Error('openid_registration_closed', __('Your have entered a valid OpenID, but this site is not currently accepting new accounts.', 'openid'));
}
} else {
if (array_key_exists('openid_error', $_REQUEST)) {
$user = new WP_Error('openid_login_error', htmlentities2($_REQUEST['openid_error']));
}
}
}
}
return $user;
}
/**
* Intercept comment submission and check if it includes a valid OpenID. If it does, save the entire POST
* array and begin the OpenID authentication process.
*
* regarding comment_type: http://trac.nxtclass.org/ticket/2659
*
* @param array $comment comment data
* @return array comment data
*/
function openid_process_comment($comment)
{
if (array_key_exists('openid_skip', $_REQUEST) && $_REQUEST['openid_skip']) {
return $comment;
}
if ($comment['comment_type'] != '') {
return $comment;
}
if (array_key_exists('openid_identifier', $_POST)) {
$openid_url = $_POST['openid_identifier'];
} elseif ($_REQUEST['login_with_openid']) {
$openid_url = $_POST['url'];
}
@session_start();
unset($_SESSION['openid_posted_comment']);
if (!empty($openid_url)) {
// Comment form's OpenID url is filled in.
$_SESSION['openid_comment_post'] = $_POST;
$_SESSION['openid_comment_post']['comment_author_openid'] = $openid_url;
$_SESSION['openid_comment_post']['openid_skip'] = 1;
openid_start_login($openid_url, 'comment');
// Failure to redirect at all, the URL is malformed or unreachable.
// Display an error message only if an explicit OpenID field was used. Otherwise,
// just ignore the error... it just means the user entered a normal URL.
if (array_key_exists('openid_identifier', $_POST)) {
openid_repost_comment_anonymously($_SESSION['openid_comment_post']);
}
}
// duplicate name and email check from nxt-comments-post.php
if ($comment['comment_type'] == '') {
openid_require_name_email();
}
return $comment;
}
/**
* If we're doing openid authentication ($_POST['openid_identifier'] is set), start the consumer & redirect
* Otherwise, return and let WordPress handle the login and/or draw the form.
*
* @param string $credentials username and password provided in login form
*/
function openid_wp_authenticate(&$credentials)
{
if (array_key_exists('openid_consumer', $_REQUEST)) {
finish_openid('login');
} else {
if (!empty($_POST['openid_identifier'])) {
openid_start_login($_POST['openid_identifier'], 'login', array('redirect_to' => $_REQUEST['redirect_to']), site_url('/wp-login.php', 'login_post'));
}
}
}
/**
* Intercept comment submission and check if it includes a valid OpenID. If it does, save the entire POST
* array and begin the OpenID authentication process.
*
* regarding comment_type: http://trac.wordpress.org/ticket/2659
*
* @param array $comment comment data
* @return array comment data
*/
function openid_process_comment($comment)
{
@session_start();
if ($_REQUEST['openid_skip']) {
return $comment;
}
$openid_url = array_key_exists('openid_identifier', $_POST) ? $_POST['openid_identifier'] : $_POST['url'];
if (!empty($openid_url)) {
// Comment form's OpenID url is filled in.
$_SESSION['openid_comment_post'] = $_POST;
$_SESSION['openid_comment_post']['comment_author_openid'] = $openid_url;
$_SESSION['openid_comment_post']['openid_skip'] = 1;
openid_start_login($openid_url, 'comment');
// Failure to redirect at all, the URL is malformed or unreachable.
// Display an error message only if an explicit OpenID field was used. Otherwise,
// just ignore the error... it just means the user entered a normal URL.
if (array_key_exists('openid_identifier', $_POST)) {
openid_repost_comment_anonymously($_SESSION['openid_comment_post']);
}
}
return $comment;
}
/**
* Handle OpenID profile management.
*/
function openid_profile_management()
{
global $wp_version;
if (!isset($_REQUEST['action'])) {
return;
}
switch ($_REQUEST['action']) {
case 'verify':
finish_openid($_REQUEST['action']);
break;
case 'add':
check_admin_referer('openid-add_openid');
$user = wp_get_current_user();
$auth_request = openid_begin_consumer($_POST['openid_identifier']);
$userid = get_user_by_openid($auth_request->endpoint->claimed_id);
if ($userid) {
global $error;
if ($user->ID == $userid) {
$error = __('You already have this OpenID!', 'openid');
} else {
$error = __('This OpenID is already associated with another user.', 'openid');
}
return;
}
$return_to = admin_url(current_user_can('edit_users') ? 'users.php' : 'profile.php');
openid_start_login($_POST['openid_identifier'], 'verify', array('page' => $_REQUEST['page']), $return_to);
break;
case 'delete':
openid_profile_delete_openids($_REQUEST['delete']);
break;
}
}
/**
* Handle OpenID profile management.
*/
function openid_profile_management()
{
global $action;
wp_reset_vars(array('action'));
switch ($action) {
case 'add':
check_admin_referer('openid-add_openid');
$user = wp_get_current_user();
$auth_request = openid_begin_consumer($_POST['openid_identifier']);
$userid = get_user_by_openid($auth_request->endpoint->claimed_id);
if ($userid) {
global $error;
if ($user->ID == $userid) {
$error = __('You already have this OpenID!', 'openid');
} else {
$error = __('This OpenID is already associated with another user.', 'openid');
}
return;
}
$finish_url = admin_url(current_user_can('edit_users') ? 'users.php' : 'profile.php');
$finish_url = add_query_arg('page', $_REQUEST['page'], $finish_url);
openid_start_login($_POST['openid_identifier'], 'verify', $finish_url);
break;
case 'delete':
openid_profile_delete_openids($_REQUEST['delete']);
break;
default:
if (array_key_exists('message', $_REQUEST)) {
$message = $_REQUEST['message'];
$messages = array('', __('Unable to authenticate OpenID.', 'openid'), __('OpenID assertion successful, but this URL is already associated with another user on this blog.', 'openid'), __('Added association with OpenID.', 'openid'));
if (is_numeric($message)) {
$message = $messages[$message];
} else {
$message = htmlentities2($message);
}
$message = __($message, 'openid');
if (array_key_exists('update_url', $_REQUEST) && $_REQUEST['update_url']) {
$message .= '<br />' . __('<strong>Note:</strong> For security reasons, your profile URL has been updated to match your OpenID.', 'openid');
}
openid_message($message);
openid_status($_REQUEST['status']);
}
break;
}
}
