function execute()
{
if (isset($_GET['openid'])) {
if (trim($_GET['openid'] == '')) {
$this->error = _("Provide a valid OpenID.");
}
require_once 'openid.php';
$openid = new Dope_OpenID($_GET['openid']);
$openid->setReturnURL(RessourceManager::getExternUrl('special/login/openid_return'));
$openid->SetTrustRoot(RessourceManager::getServerName());
$openid->setRequiredInfo(array('email', 'fullname'));
$endpoint_url = $openid->getOpenIDEndpoint();
if ($endpoint_url) {
// If we find the endpoint, you might want to store it for later use.
$_SESSION['openid_endpoint_url'] = $endpoint_url;
// Redirect the user to their OpenID Provider
$openid->redirect();
} else {
$error = $openid->getError();
$this->error = '';
$this->error .= "ERROR CODE: " . $error['code'] . "<br>";
$this->error .= "ERROR DESCRIPTION: " . $error['description'] . "<br>";
}
} else {
$this->error = _("Login error.");
}
}
function openid_auth($openid_url)
{
if (isset($openid_url)) {
global $FULLPATH;
$openid = new Dope_OpenID($openid_url);
$openid->setReturnURL($FULLPATH);
$openid->SetTrustRoot($FULLPATH);
$openid->setOptionalInfo(array('nickname', 'fullname', 'email'));
$endpoint_url = $openid->getOpenIDEndpoint();
if ($endpoint_url) {
// If we find the endpoint, you might want to store it for later use.
$_SESSION['openid_endpoint_url'] = $endpoint_url;
// Redirect the user to their OpenID Provider
$openid->redirect();
// Call exit so the script stops executing while we wait to redirect.
exit;
} else {
//echo 'EPURL'.$endpoint_url;
/*
* Else we couldn't find an OpenID Provider endpoint for the user.
* You can report this error any way you like, but just for demonstration
* purposes we'll get the error as reported by Dope OpenID. It will be
* displayed farther down in this file with the HTML.
*/
$the_error = $openid->getError();
$error = "Error Code: {$the_error['code']}<br />";
$error .= "Error Description: {$the_error['description']}<br />";
echo $error;
}
}
}
function execute()
{
require_once 'openid.php';
$openid = new Dope_OpenID($_GET['openid_identity']);
$validate_result = $openid->validateWithServer();
if ($validate_result === TRUE) {
$userinfo = $openid->filterUserInfo($_GET);
LoginManager::login($_GET['openid_identity'], $userinfo['email'], $userinfo['fullname']);
} else {
if ($openid->isError() === TRUE) {
LoginManager::logout();
$error = $openid->GetError();
$this->error = _("Login failed.") . '<br />';
$this->error .= "Error code: " . $error['code'] . "<br/>";
$this->error .= "Error description: " . $error['description'] . "<br/>";
} else {
LoginManager::logout();
// Signature Verification Failed
$this->error = _("Login failed.");
}
}
/*
$openid = new SimpleOpenID;
$openid->SetIdentity($_GET['openid_identity']);
$openid_validation_result = $openid->ValidateWithServer();
if ($openid_validation_result == true){ // OK HERE KEY IS VALID
print_r($openid->fields['required']);
LoginManager::login($_GET['openid_identity']);
}else if($openid->IsError() == true){ // ON THE WAY, WE GOT SOME ERROR
LoginManager::logout();
$error = $openid->GetError();
$this->error = _("Login failed.").'<br />';
$this->error .= "Error code: " . $error['code'] . "<br/>";
$this->error .= "Error description: " . $error['description'] . "<br/>";
}else{
LoginManager::logout();// Signature Verification Failed
$this->error = _("Login failed.");
}
*/
}
/*
* Begin the verification process.
* Note: This is the script that should execute at your return URL,
* in case you choose to put it in a separate file.
*/
if (isset($_GET['action']) && $_GET['action'] == "verify" && $_GET['openid_mode'] != "cancel") {
/*
* Include the Dope OpenID class file
*/
require_once 'class.dopeopenid.php';
// Get the user's OpenID Identity as returned to us from the OpenID Provider
$openid_url = $_GET['openid_identity'];
/*
* Create a new Dope_OpenID object.
*/
$openid = new Dope_OpenID($openid_url);
/*
* All the data we received from the OpenID Provider must now be sent back
* to validate it and verify that nothing has been tampered with in the process.
*/
$validate_result = $openid->validateWithServer();
if ($validate_result === TRUE) {
/*
* If validation is successful, your next step is to
* see if the user already exists in your database. Specifically, you
* need your own function to check for a user_id where openid_url = $openid_url
*/
$user_id = your_get_user_function($openid_url);
/*
* If you get a user ID back from your function, this user is a member of
* your website and is all set up to log in with OpenID. You should now
/** Undocumented Function.
* Basically performs the whole login routine
* @todo Document it
*/
function login()
{
$allow_login_query = "SELECT `value` FROM `" . MYSQL_DATABASE_PREFIX . "global` WHERE `attribute` = 'allow_login'";
$allow_login_result = mysql_query($allow_login_query);
$allow_login_result = mysql_fetch_array($allow_login_result);
if (isset($_GET['subaction'])) {
if ($_GET['subaction'] == "resetPasswd") {
return resetPasswd($allow_login_result[0]);
}
if ($allow_login_result[0]) {
if ($_GET['subaction'] == "register") {
require_once "registration.lib.php";
return register();
}
}
global $openid_enabled;
if ($openid_enabled == 'true' && $allow_login_result[0]) {
if ($_GET['subaction'] == "openid_login") {
if (isset($_POST['process'])) {
$openid_url = trim($_POST['openid_identifier']);
openid_endpoint($openid_url);
}
}
if ($_GET['subaction'] == "openid_verify") {
if ($_GET['openid_mode'] != "cancel") {
$openid_url = $_GET['openid_identity'];
// Get the user's OpenID Identity as returned to us from the OpenID Provider
$openid = new Dope_OpenID($openid_url);
//Create a new Dope_OpenID object.
$validate_result = $openid->validateWithServer();
//validate to see if everything was recieved properly
if ($validate_result === TRUE) {
$userinfo = $openid->filterUserInfo($_GET);
return openid_login($userinfo);
} else {
if ($openid->isError() === TRUE) {
// Else if you're here, there was some sort of error during processing.
$the_error = $openid->getError();
$error = "Error Code: {$the_error['code']}<br />";
$error .= "Error Description: {$the_error['description']}<br />";
} else {
//Else validation with the server failed for some reason.
$error = "Error: Could not validate the OpenID at {$_SESSION['openid_url']}";
}
}
} else {
displayerror("User cancelled the OpenID authorization");
}
}
if ($_GET['subaction'] == "openid_pass") {
if (!isset($_SESSION['openid_url']) || !isset($_SESSION['openid_email'])) {
displayerror("You are trying to link an OpenID account without validating your log-in. Please <a href=\"./+login\">Login</a> with your OpenID account first.");
return;
} else {
$openid_url = $_SESSION['openid_url'];
$openid_email = $_SESSION['openid_email'];
unset($_SESSION['openid_url']);
unset($_SESSION['openid_email']);
if (!isset($_POST['user_password'])) {
displayerror("Empty Passwords not allowed");
return;
}
$user_passwd = $_POST['user_password'];
$info = getUserInfo($openid_email);
if (!$info) {
displayerror("No user with Email {$openid_email}");
} else {
$check = checkLogin($info['user_loginmethod'], $info['user_name'], $openid_email, $user_passwd);
if ($check) {
//Password was correct. Link the account
$query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "openid_users` (`openid_url`,`user_id`) VALUES ('{$openid_url}'," . $info['user_id'] . ")";
$result = mysql_query($query) or die(mysql_error() . " in login() subaction=openid_pass while trying to Link OpenID account");
if ($result) {
displayinfo("Account successfully Linked. Log In one more time to continue.");
}
} else {
displayerror("The password you specified was incorrect");
}
}
}
}
if ($_GET['subaction'] == "quick_openid_reg") {
if (!isset($_SESSION['openid_url']) || !isset($_SESSION['openid_email'])) {
displayerror("You are trying to register an OpenID account without validating your log-in. Please <a href=\"./+login\">Login</a> with your OpenID account first.");
return;
} else {
$openid_url = $_SESSION['openid_url'];
$openid_email = $_SESSION['openid_email'];
unset($_SESSION['openid_url']);
unset($_SESSION['openid_email']);
if (!isset($_POST['user_name']) || $_POST['user_name'] == "") {
displayerror("You didn't specified your Full name. Please <a href=\"./+login\">Login</a> again.");
return;
}
$openid_fname = escape($_POST['user_name']);
//Now let's start making the dummy user
$query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` " . "(`user_name`, `user_email`, `user_fullname`, `user_password`, `user_activated`,`user_loginmethod`) " . "VALUES ('" . $openid_email . "', '" . $openid_email . "','" . $openid_fname . "','0',1,'openid');";
$result = mysql_query($query) or die(mysql_error() . " in login() subaction=quick_openid_reg while trying to insert information of new account");
if ($result) {
$id = mysql_insert_id();
$query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "openid_users` (`openid_url`,`user_id`) VALUES ('{$openid_url}'," . $id . ")";
$result = mysql_query($query) or die(mysql_error() . " in login() subaction=quick_openid_reg while trying to Link OpenID account");
if ($result) {
displayinfo("Account successfully registered. You can now login via OpenID. Please complete your profile information after logging in.");
}
}
return "";
}
}
}
}
if (!isset($_POST['user_email'])) {
return loginForm($allow_login_result[0]);
} else {
/*if it is,
then userLDAPVerify($user_email,$user_passwd);
if the password is correct, update his password in DB
else $dontloginLDAP = true;
}
else {
if(userLDAPVerify($user_email,$user_passwd)) {
create his row in DB with loginmethod = ldap and user_activated = 1
(for this, use the createUser funciton in common.lib.php)
}
}*/
global $cookieSupported;
$login_status = false;
if ($cookieSupported == true) {
if ($_POST['user_email'] == "" || $_POST['user_password'] == "") {
displayerror("Blank e-mail or password NOT allowed. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
return loginForm($allow_login_result[0]);
} else {
$user_email = escape($_POST['user_email']);
$user_passwd = escape($_POST['user_password']);
$login_method = '';
if (!check_email($user_email)) {
displayerror("Your E-Mail Provider has been blackilisted. Please contact the website administrator");
return loginForm($allow_login_result[0]);
}
if ($temp = getUserInfo($user_email)) {
// check if exists in DB
$login_status = checkLogin($temp['user_loginmethod'], $temp['user_name'], $user_email, $user_passwd);
// This is to make sure when user logs in through LDAP, ADS or IMAP accounts, his passwords should be changed in database also, incase its old.
if ($login_status) {
updateUserPassword($user_email, $user_passwd);
}
//update passwd in db
} else {
//if user is not in db
global $authmethods;
if (strpos($user_email, '@') > -1) {
$tmp = explode('@', $user_email);
$user_name = $tmp[0];
$user_domain = strtolower($tmp[1]);
} else {
$user_name = $user_email;
}
if (isset($user_domain) && $user_domain == $authmethods['imap']['user_domain']) {
if ($login_status = checkLogin('imap', $user_name, $user_email, $user_passwd)) {
$login_method = 'imap';
}
} elseif (isset($user_domain) && $user_domain == $authmethods['ads']['user_domain']) {
if ($login_status = checkLogin('ads', $user_name, $user_email, $user_passwd)) {
$login_method = 'ads';
}
} elseif (isset($user_domain) && $user_domain == $authmethods['ldap']['user_domain']) {
if ($login_status = checkLogin('ldap', $user_name, $user_email, $user_passwd)) {
$login_method = 'ldap';
}
}
if ($login_status) {
//create new user in db and activate the user (only if user's login is valid)
$user_fullname = strtoupper($user_name);
$user_md5passwd = md5($user_passwd);
$query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` " . "(`user_id`, `user_name`, `user_email`, `user_fullname`, `user_password`, `user_loginmethod`, `user_activated`) " . "VALUES (DEFAULT, '{$user_name}', '{$user_email}', '{$user_fullname}', '{$user_md5passwd}', '{$login_method}', '1')";
mysql_query($query) or die(mysql_error() . " creating new user !");
} else {
displaywarning("Incorrect username and/or password for <b>" . (isset($user_domain) ? $user_domain . "</b> domain!" : $user_name . "</b> user"));
}
}
if ($login_status) {
$temp = getUserInfo($user_email);
if (!$temp['user_activated']) {
displayinfo("The e-mail has not yet been verified. Kindly check your email and click on verification link. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
// if user exists in db and admin has set user_activated = false delibrately
// then it means that the user has been denied access !!!
} else {
$query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "users` SET `user_lastlogin`=NOW() WHERE `" . MYSQL_DATABASE_PREFIX . "users`.`user_id` ='{$temp['user_id']}'";
mysql_query($query) or die(mysql_error() . " in login.lib.L:111");
$_SESSION['last_to_last_login_datetime'] = $temp['user_lastlogin'];
setAuth($temp['user_id']);
//exit();
//displayinfo("Welcome " . $temp['user_name'] . "!");
return $temp['user_id'];
}
} else {
displaywarning("Wrong E-mail or password. <a href='./+login&subaction=resetPasswd'>Lost Password?</a><br />");
return loginForm($allow_login_result[0]);
}
}
return 0;
} else {
showCookieWarning();
return 0;
}
}
}
function oip_return()
{
//add_action('oip_just_registered_pre_head','oip_reg_notice');
//echo "<!-- this is where the return action happens -->";
if (isset($_GET['openid_mode']) && $_GET['openid_mode'] == "cancel") {
$error = "OpenID authorization canceled by user.";
return;
}
if (isset($_GET['action']) && $_GET['action'] == "verify" && $_GET['openid_mode'] != "cancel") {
//echo "returned from the server";
//exit();
$openid_url = $_GET['openid_identity'];
$openid = new Dope_OpenID($openid_url);
$validate_result = $openid->validateWithServer();
if ($validate_result === TRUE) {
$oip_user = oip_get_user($openid_url);
//check if user exists
if ($oip_user > 0) {
//do the login
//wp_set_auth_cookie( (int) $oip_user, 0 ); // 0 = don't remember, short login, todo: use form value
echo "User with that OpenID found successfully and is now logged in";
oip_login_success($oip_user);
} else {
//detect the user by other means
$userinfo = $openid->filterUserInfo($_GET);
$oip_email = $userinfo['email'];
$oip_nick = $userinfo['nickname'];
$oip_name = $userinfo['fullname'];
$oip_username = '';
$oip_useremail = !empty($oip_email) ? $oip_email : "";
//try to load/login the user if email is available else register
if (!empty($oip_useremail)) {
global $wp_users_object;
if ($oip_user = $wp_users_object->get_user($oip_useremail, array('by' => 'email'))) {
//log the user in
oip_login_success($oip_user);
} else {
//register the user
//try to force using one of the fields as username for the purpose of registration
$oip_username = !empty($oip_nick) ? $oip_nick : (!empty($oip_name) ? $oip_name : $oip_useremail);
//( ((!empty($oip_name))?$oip_name: (((!empty($oip_email))?$oip_email:"") )
if (!empty($oip_username)) {
//check if you can get user by nicename or login because those throw "... already exists" errors
//and you want to work around that possibility
$oip_login_exists = $wp_users_object->get_user($oip_username, array('by' => 'login'));
$oip_nicename_exists = $wp_users_object->get_user($oip_username, array('by' => 'nicename'));
//we're already finished doing the existing email check, so email is definitely unique
if ($oip_login_exists || $oip_nicename_exists) {
//we got an existing UserID
$oip_username = $oip_useremail;
//just use the OpenID email as the username.
}
$oip_user = bb_new_user($oip_username, $oip_useremail, "", 0);
//success returns a user id, user receives password in email.
if (!is_wp_error($oip_user)) {
//$oid_user_openid_url = bb_update_usermeta( $oip_user, "openid_url", $openid_url );
do_action('register_user', $oip_user->ID);
//for other plugins which hook here? Will they break us?
//login directly without troubling the new user
// 0 = don't remember, short login, todo: use form value
$oip_reg_success = "Welcome to " . bb_get_option('name') . ". You are now successfully logged in. Additionally, your registration details and password has been emailed to your email address provided in your OpenID profile.";
oip_register_success($oip_user);
}
} else {
$oip_error = "No profile info returned.";
//unlikely... only if openid server returned nothing at all.
}
}
} else {
$oip_error = "Email missing.";
}
fme($oip_error);
fme($oip_user);
echo "<p>Your OpenID Identity is (" . $_GET['openid_identity'] . "). You are a new user to this site.</p>";
echo "<p>The following information came back from your OpenID provider:</p>";
print_r($userinfo);
echo "<ul>";
foreach ($userinfo as $ufield => $uvalue) {
echo "<li><b>" . $ufield . "</b>: " . $uvalue . "</li>";
//print_r($uvalue);
//echo "</li>";
}
//echo "\t<li><b>Nickname</b>: " . $userinfo['nickname'] . "</li>";
//echo "\t<li><b>Language</b>: " . $userinfo['language'] . "</li>";
//echo "\t<li><b>Email</b>: " . $userinfo['email'] . "</li>";
echo "</ul><p>DEBUG: </p>";
echo "<p>GET</p>";
print_r($_GET);
echo "<p>POST</p>";
print_r($_POST);
echo '<script type="text/javascript">alert("hi")</script>';
exit;
}
// /registration
} else {
if ($openid->isError() === TRUE) {
$the_error = $openid->getError();
$error = "Error Code: {$the_error['code']}<br />";
$error .= "Error Description: {$the_error['description']}<br />";
} else {
$error = "Error: Could not validate the OpenID at {$_SESSION['openid_url']}";
}
//echo $error;
}
}
}
function openid_endpoint($openid_url)
{
/*
* If running PHP 5, use the built-in URL validator.
* Else use something like the following regex to validate input.
*/
echo $openid_url;
if (function_exists('filter_input')) {
if (!filter_input(INPUT_POST, "openid_identifier", FILTER_VALIDATE_URL)) {
$error = "Error: OpenID Identifier is not in proper format.";
}
} else {
// Found this on Google. Seems to match most valid URLs. Feel free to modify or replace.
if (!eregi("^((https?)://)?(((www\\.)?[^ ]+\\.[com|org|net|edu|gov|us]))([^ ]+)?\$", $openid_url)) {
$error = "Error: OpenID Identifier is not in proper format.";
}
}
// Proceed if we made it through without setting $error
if (!isset($error)) {
/*
* Store the user's submitted OpenID Identity for later use.
*/
$_SESSION['openid_url'] = $openid_url;
/*
* Create a new Dope_OpenID object
*/
$openid = new Dope_OpenID($openid_url);
/*
* YOU MUST EDIT THIS LINE.
* The user's OpenID provider will return them to the URL that you provide here.
* It could be a separate verify.php script, or just pass a parameter to tell a
* single processing script what to do (like I've done with this file you're reading).
*/
$openid->setReturnURL("http://" . $_SERVER['HTTP_HOST'] . dirname(isset($_SERVER['ORIG_SCRIPT_NAME']) ? $_SERVER['ORIG_SCRIPT_NAME'] : $_SERVER['SCRIPT_NAME']) . "../../../index.php?action=login&subaction=openid_verify");
/*
* YOU MUST EDIT THIS LINE
* Set the trust root. This is the URL or set of URLs the user will be asked
* to trust when signing in with their OpenID Provider. It could be your base
* URL or a subdirectory thereof. Up to you.
*/
$openid->SetTrustRoot("http://" . $_SERVER['HTTP_HOST'] . dirname(isset($_SERVER['ORIG_SCRIPT_NAME']) ? $_SERVER['ORIG_SCRIPT_NAME'] : $_SERVER['SCRIPT_NAME']) . "../../../");
// echo "http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."../../";
// exit;
/*
* EDIT THIS LINE (OPTIONAL)
* When the user signs in with their OpenID Provider, these are
* the details you would like sent back for your own use.
* Dope OpenID attempts to get this information using both Simple Registration
* and Attribute Exchange protocols. The type that is returned depends on the
* user's Provider. Each provider chooses what they wish to provide and all
* defined attributes may not be available. To see where these two types of
* attributes intersect, see the following: http://www.axschema.org/types/
*/
$openid->setOptionalInfo(array('nickname', 'fullname', 'email'));
/*
* EDIT THIS LINE (OPTIONAL)
* This is the same as above, except much stricter. By using this method, you
* are telling the OpenID Provider you *must* have this information. If the Provider
* will not give you the information the transaction should logically fail, either
* at the Provider's end or yours. No info, no sign in. Uncomment to use it.
*/
//$openid->setRequiredInfo(array('email','http://axschema.org/contact/email','contact/email'));
/*
* EDIT THIS LINE (OPTIONAL)
* PAPE Policies help protect users and you against phishing and other authentication
* forgeries. It's an optional extension, so not all OpenID Providers will be using it.
* Uncomment to use it.
* More info and possible policy values here: http://openid.net/specs/openid-provider-authentication-policy-extension-1_0-01.html
*/
//$openid->setPapePolicies('http://schemas.openid.net/pape/policies/2007/06/phishing-resistant ');
/*
* EDIT THIS LINE (OPTIONAL)
* Also part of the PAPE extension, you can set a time limit for users to
* authenticate themselves with their OpenID Provider. If it takes too long,
* authentication will fail and the user will not be allowed access to your site.
* Uncomment and set a value in seconds to use.
*/
//$openid->setPapeMaxAuthAge(120);
/*
* Attempt to discover the user's OpenID provider endpoint
*/
$endpoint_url = $openid->getOpenIDEndpoint();
if ($endpoint_url) {
// If we find the endpoint, you might want to store it for later use.
$_SESSION['openid_endpoint_url'] = $endpoint_url;
// Redirect the user to their OpenID Provider
$openid->redirect();
// Call exit so the script stops executing while we wait to redirect.
exit;
} else {
/*
* Else we couldn't find an OpenID Provider endpoint for the user.
* You can report this error any way you like, but just for demonstration
* purposes we'll get the error as reported by Dope OpenID. It will be
* displayed farther down in this file with the HTML.
*/
$the_error = $openid->getError();
$error = "Error Code: {$the_error['code']}<br />";
$error .= "Error Description: {$the_error['description']}<br />";
}
}
}
