function execute()
{
if (isset($_GET['openid'])) {
if (trim($_GET['openid'] == '')) {
$this->error = _("Provide a valid OpenID.");
}
require_once 'openid.php';
$openid = new Dope_OpenID($_GET['openid']);
$openid->setReturnURL(RessourceManager::getExternUrl('special/login/openid_return'));
$openid->SetTrustRoot(RessourceManager::getServerName());
$openid->setRequiredInfo(array('email', 'fullname'));
$endpoint_url = $openid->getOpenIDEndpoint();
if ($endpoint_url) {
// If we find the endpoint, you might want to store it for later use.
$_SESSION['openid_endpoint_url'] = $endpoint_url;
// Redirect the user to their OpenID Provider
$openid->redirect();
} else {
$error = $openid->getError();
$this->error = '';
$this->error .= "ERROR CODE: " . $error['code'] . "<br>";
$this->error .= "ERROR DESCRIPTION: " . $error['description'] . "<br>";
}
} else {
$this->error = _("Login error.");
}
}
function openid_auth($openid_url)
{
if (isset($openid_url)) {
global $FULLPATH;
$openid = new Dope_OpenID($openid_url);
$openid->setReturnURL($FULLPATH);
$openid->SetTrustRoot($FULLPATH);
$openid->setOptionalInfo(array('nickname', 'fullname', 'email'));
$endpoint_url = $openid->getOpenIDEndpoint();
if ($endpoint_url) {
// If we find the endpoint, you might want to store it for later use.
$_SESSION['openid_endpoint_url'] = $endpoint_url;
// Redirect the user to their OpenID Provider
$openid->redirect();
// Call exit so the script stops executing while we wait to redirect.
exit;
} else {
//echo 'EPURL'.$endpoint_url;
/*
* Else we couldn't find an OpenID Provider endpoint for the user.
* You can report this error any way you like, but just for demonstration
* purposes we'll get the error as reported by Dope OpenID. It will be
* displayed farther down in this file with the HTML.
*/
$the_error = $openid->getError();
$error = "Error Code: {$the_error['code']}<br />";
$error .= "Error Description: {$the_error['description']}<br />";
echo $error;
}
}
}
*/
$openid = new Dope_OpenID($openid_url);
/*
* YOU MUST EDIT THIS LINE.
* The user's OpenID provider will return them to the URL that you provide here.
* It could be a separate verify.php script, or just pass a parameter to tell a
* single processing script what to do (like I've done with this file you're reading).
*/
$openid->setReturnURL("http://www.stevelove.org/projects/dope-openid/demo/login.php?action=verify");
/*
* YOU MUST EDIT THIS LINE
* Set the trust root. This is the URL or set of URLs the user will be asked
* to trust when signing in with their OpenID Provider. It could be your base
* URL or a subdirectory thereof. Up to you.
*/
$openid->SetTrustRoot('http://www.stevelove.org/projects/dope-openid/demo/');
/*
* EDIT THIS LINE (OPTIONAL)
* When the user signs in with their OpenID Provider, these are
* the details you would like sent back for your own use.
* Dope OpenID attempts to get this information using both Simple Registration
* and Attribute Exchange protocols. The type that is returned depends on the
* user's Provider. Each provider chooses what they wish to provide and all
* defined attributes may not be available. To see where these two types of
* attributes intersect, see the following: http://www.axschema.org/types/
*/
$openid->setOptionalInfo(array('dob', 'nickname', 'country', 'language', 'email'));
/*
* EDIT THIS LINE (OPTIONAL)
* This is the same as above, except much stricter. By using this method, you
* are telling the OpenID Provider you *must* have this information. If the Provider
/**
* This function takes the OpenID given by the user and
* try to find out the final endpoint by parsing the OpenID URL.
* It will check if the OpenID URL supplied is a valid URL or not.
* OpenID is stored in $_SESSION['openid_url'] for later use.
* It Uses the Dope_OpenID class found in cms/openid/.
* After the Endpoint URL has being found out, this function redirects
* the user to the OpenID provider's website for authentication
* @param $openid_url The OpenID of the user as string.
* @return Nothing
*/
function openid_endpoint($openid_url)
{
/**
* If running PHP 5, use the built-in URL validator.
* Else use something like the following regex to validate input.
*/
if (function_exists('filter_input')) {
if (!filter_input(INPUT_POST, "openid_identifier", FILTER_VALIDATE_URL)) {
$error = "Error: OpenID Identifier is not in proper format.";
}
} else {
// Found this on Google. Seems to match most valid URLs. Feel free to modify or replace.
if (!eregi("^((https?)://)?(((www\\.)?[^ ]+\\.[com|org|net|edu|gov|us]))([^ ]+)?\$", $openid_url)) {
$error = "Error: OpenID Identifier is not in proper format.";
}
}
/// Proceed if we made it through without setting $error
if (!isset($error)) {
/**
* Store the user's submitted OpenID Identity for later use.
*/
$_SESSION['openid_url'] = $openid_url;
/**
* Create a new Dope_OpenID object
*/
$openid = new Dope_OpenID($openid_url);
/**
* ReturnURL: The URL to which the OpenID provider should return the user to,
* after the authentication has been done.
* This Line might require editing:
* The user's OpenID provider will return them to the URL that you provide here.
*/
global $rewriteEngineEnabled;
///if rewriteEngine is enabled, then write explicit name index.php (direct filename are saved from being processed by rewrite engine)
///since rewriteEngine is poorly coded. It doesn't allow longer GET queries.
///if rewriteEngine is off, we can remove the index.php part to make the url look non-php
if ($rewriteEngineEnabled == 'true') {
$returnURL = "http://" . $_SERVER['HTTP_HOST'] . dirname(isset($_SERVER['ORIG_SCRIPT_NAME']) ? $_SERVER['ORIG_SCRIPT_NAME'] : $_SERVER['SCRIPT_NAME']) . "/index.php?action=login&subaction=openid_verify";
} else {
$returnURL = "http://" . $_SERVER['HTTP_HOST'] . dirname(isset($_SERVER['ORIG_SCRIPT_NAME']) ? $_SERVER['ORIG_SCRIPT_NAME'] : $_SERVER['SCRIPT_NAME']) . "/?action=login&subaction=openid_verify";
}
$openid->setReturnURL($returnURL);
/**
* TrustRoot: The URL to which your user would be asked to trust. This is
* usually the parent directory of ReturnURL
* Set the trust root. This is the URL or set of URLs the user will be asked
* to trust when signing in with their OpenID Provider. It could be your base
* URL or a subdirectory thereof. Up to you.
*/
$openid->SetTrustRoot("http://" . $_SERVER['HTTP_HOST'] . dirname(isset($_SERVER['ORIG_SCRIPT_NAME']) ? $_SERVER['ORIG_SCRIPT_NAME'] : $_SERVER['SCRIPT_NAME']));
/**
* OptionalInfo: The information you need to fetch form the Provider
* When the user signs in with their OpenID Provider, these are
* the details you would like sent back for your own use.
* Dope OpenID attempts to get this information using both Simple Registration
* and Attribute Exchange protocols. The type that is returned depends on the
* user's Provider. Each provider chooses what they wish to provide and all
* defined attributes may not be available. To see where these two types of
* attributes intersect, see the following: http://www.axschema.org/types/
*/
$openid->setOptionalInfo(array('nickname', 'fullname', 'email'));
/**
* EDIT THIS LINE (OPTIONAL)
* PAPE Policies help protect users and you against phishing and other authentication
* forgeries. It's an optional extension, so not all OpenID Providers will be using it.
* Uncomment to use it.
* More info and possible policy values here: http://openid.net/specs/openid-provider-authentication-policy-extension-1_0-01.html
*/
//$openid->setPapePolicies('http://schemas.openid.net/pape/policies/2007/06/phishing-resistant ');
/**
* EDIT THIS LINE (OPTIONAL)
* Also part of the PAPE extension, you can set a time limit for users to
* authenticate themselves with their OpenID Provider. If it takes too long,
* authentication will fail and the user will not be allowed access to your site.
* Uncomment and set a value in seconds to use.
*/
//$openid->setPapeMaxAuthAge(120);
/// Attempt to discover the user's OpenID provider endpoint
$endpoint_url = $openid->getOpenIDEndpoint();
if ($endpoint_url) {
/// If we find the endpoint, you might want to store it for later use.
$_SESSION['openid_endpoint_url'] = $endpoint_url;
/// Redirect the user to their OpenID Provider
$openid->redirect();
/// Call exit so the script stops executing while we wait to redirect.
exit;
} else {
/**
* Else we couldn't find an OpenID Provider endpoint for the user.
* You can report this error any way you like. but just for demonstration
* purposes we'll get the error as reported by Dope OpenID. It will be
* displayed farther down in this file with the HTML.
*/
$the_error = $openid->getError();
$error = "Error Code: {$the_error['code']}<br />";
$error .= "Error Description: {$the_error['description']}<br />";
}
}
}
function oip()
{
// echo "<!-- this is where the openid action happens -->";
if (!isset($_POST['openid_identity'])) {
return;
}
//error_reporting(E_ALL);
global $bb_current_user, $bbdb;
//could use "login-page"
if ((bb_get_location() == "register-page" || bb_get_location() == "login-page") && isset($_POST['openid_identity'])) {
$openid_identity = trim($_POST['openid_identity']);
if (!preg_match("/^https?:\\/\\//i", $openid_identity)) {
$openid_identity = 'http://' . $openid_identity;
}
/*if(function_exists('filter_input'))
{
if( ! filter_input(INPUT_POST, 'openid_identity', FILTER_VALIDATE_URL))
{
$error = "Error: OpenID Identifier is not in proper format.";
}
}
else
{
if( ! eregi("^((https?)://)?(((www\.)?[^ ]+\.[com|org|net|edu|gov|us]))([^ ]+)?$",$openid_identity))
{
$error = "Error: OpenID Identifier is not in proper format.";
}
}
*/
if (!eregi("^((https?)://)?(((www\\.)?[^ ]+\\.[com|org|net|edu|gov|us]))([^ ]+)?\$", $openid_identity)) {
$error = "Error: OpenID Identifier is not in proper format.";
}
//echo $openid_identity;
if (!isset($error)) {
oip_session();
$openid = new Dope_OpenID($openid_identity);
$openid->setReturnURL(bb_get_option('uri') . "register.php?action=verify");
$openid->SetTrustRoot(bb_get_option('uri'));
$openid->setRequiredInfo(array('email', 'nickname', 'fullname'));
//print_r($openid);
//echo "sending";
$endpoint_url = $openid->getOpenIDEndpoint();
if ($endpoint_url) {
// If we find the endpoint, you might want to store it for later use.
//$_SESSION['oip_url'] = $endpoint_url;
// Redirect the user to their OpenID Provider
$openid->redirect();
// Call exit so the script stops executing while we wait to redirect.
exit;
} else {
$the_error = $openid->getError();
$error = "Error Code: {$the_error['code']}<br />";
$error .= "Error Description: {$the_error['description']}<br />";
}
} else {
//echo "OpenidPlus: ".$error;
}
// /!isset($error)
//} // /isset($_POST['openid_url'])
}
// bb_get_location()=="register-page"
}
function openid_endpoint($openid_url)
{
/*
* If running PHP 5, use the built-in URL validator.
* Else use something like the following regex to validate input.
*/
echo $openid_url;
if (function_exists('filter_input')) {
if (!filter_input(INPUT_POST, "openid_identifier", FILTER_VALIDATE_URL)) {
$error = "Error: OpenID Identifier is not in proper format.";
}
} else {
// Found this on Google. Seems to match most valid URLs. Feel free to modify or replace.
if (!eregi("^((https?)://)?(((www\\.)?[^ ]+\\.[com|org|net|edu|gov|us]))([^ ]+)?\$", $openid_url)) {
$error = "Error: OpenID Identifier is not in proper format.";
}
}
// Proceed if we made it through without setting $error
if (!isset($error)) {
/*
* Store the user's submitted OpenID Identity for later use.
*/
$_SESSION['openid_url'] = $openid_url;
/*
* Create a new Dope_OpenID object
*/
$openid = new Dope_OpenID($openid_url);
/*
* YOU MUST EDIT THIS LINE.
* The user's OpenID provider will return them to the URL that you provide here.
* It could be a separate verify.php script, or just pass a parameter to tell a
* single processing script what to do (like I've done with this file you're reading).
*/
$openid->setReturnURL("http://" . $_SERVER['HTTP_HOST'] . dirname(isset($_SERVER['ORIG_SCRIPT_NAME']) ? $_SERVER['ORIG_SCRIPT_NAME'] : $_SERVER['SCRIPT_NAME']) . "../../../index.php?action=login&subaction=openid_verify");
/*
* YOU MUST EDIT THIS LINE
* Set the trust root. This is the URL or set of URLs the user will be asked
* to trust when signing in with their OpenID Provider. It could be your base
* URL or a subdirectory thereof. Up to you.
*/
$openid->SetTrustRoot("http://" . $_SERVER['HTTP_HOST'] . dirname(isset($_SERVER['ORIG_SCRIPT_NAME']) ? $_SERVER['ORIG_SCRIPT_NAME'] : $_SERVER['SCRIPT_NAME']) . "../../../");
// echo "http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."../../";
// exit;
/*
* EDIT THIS LINE (OPTIONAL)
* When the user signs in with their OpenID Provider, these are
* the details you would like sent back for your own use.
* Dope OpenID attempts to get this information using both Simple Registration
* and Attribute Exchange protocols. The type that is returned depends on the
* user's Provider. Each provider chooses what they wish to provide and all
* defined attributes may not be available. To see where these two types of
* attributes intersect, see the following: http://www.axschema.org/types/
*/
$openid->setOptionalInfo(array('nickname', 'fullname', 'email'));
/*
* EDIT THIS LINE (OPTIONAL)
* This is the same as above, except much stricter. By using this method, you
* are telling the OpenID Provider you *must* have this information. If the Provider
* will not give you the information the transaction should logically fail, either
* at the Provider's end or yours. No info, no sign in. Uncomment to use it.
*/
//$openid->setRequiredInfo(array('email','http://axschema.org/contact/email','contact/email'));
/*
* EDIT THIS LINE (OPTIONAL)
* PAPE Policies help protect users and you against phishing and other authentication
* forgeries. It's an optional extension, so not all OpenID Providers will be using it.
* Uncomment to use it.
* More info and possible policy values here: http://openid.net/specs/openid-provider-authentication-policy-extension-1_0-01.html
*/
//$openid->setPapePolicies('http://schemas.openid.net/pape/policies/2007/06/phishing-resistant ');
/*
* EDIT THIS LINE (OPTIONAL)
* Also part of the PAPE extension, you can set a time limit for users to
* authenticate themselves with their OpenID Provider. If it takes too long,
* authentication will fail and the user will not be allowed access to your site.
* Uncomment and set a value in seconds to use.
*/
//$openid->setPapeMaxAuthAge(120);
/*
* Attempt to discover the user's OpenID provider endpoint
*/
$endpoint_url = $openid->getOpenIDEndpoint();
if ($endpoint_url) {
// If we find the endpoint, you might want to store it for later use.
$_SESSION['openid_endpoint_url'] = $endpoint_url;
// Redirect the user to their OpenID Provider
$openid->redirect();
// Call exit so the script stops executing while we wait to redirect.
exit;
} else {
/*
* Else we couldn't find an OpenID Provider endpoint for the user.
* You can report this error any way you like, but just for demonstration
* purposes we'll get the error as reported by Dope OpenID. It will be
* displayed farther down in this file with the HTML.
*/
$the_error = $openid->getError();
$error = "Error Code: {$the_error['code']}<br />";
$error .= "Error Description: {$the_error['description']}<br />";
}
}
}
