/**
* If the comment contains a valid OpenID, skip the check for requiring a name and email address. Even if
* this data isn't provided in the form, we may get it through other methods, so we don't want to bail out
* prematurely. After OpenID authentication has completed (and $_REQUEST['openid_skip'] is set), we don't
* interfere so that this data can be required if desired.
*
* @param boolean $value existing value of flag, whether to require name and email
* @return boolean new value of flag, whether to require name and email
* @see get_user_data
*/
function openid_option_require_name_email($value)
{
$comment_page = defined('OPENID_COMMENTS_POST_PAGE') ? OPENID_COMMENTS_POST_PAGE : 'wp-comments-post.php';
if ($GLOBALS['pagenow'] != $comment_page) {
return $value;
}
if ($_REQUEST['openid_skip']) {
return get_option('openid_no_require_name') ? false : $value;
}
if (array_key_exists('openid_identifier', $_POST)) {
if (!empty($_POST['openid_identifier'])) {
return false;
}
} else {
if (!empty($_POST['url'])) {
// check if url is valid OpenID by forming an auth request
$auth_request = openid_begin_consumer($_POST['url']);
if (null !== $auth_request) {
return false;
}
}
}
return $value;
}
/**
* Start the OpenID authentication process.
*
* @param string $claimed_url claimed OpenID URL
* @param action $action OpenID action being performed
* @param array $arguments array of additional arguments to be included in the 'return_to' URL
* @uses apply_filters() Calls 'openid_auth_request_extensions' to gather extensions to be attached to auth request
*/
function openid_start_login($claimed_url, $action, $arguments = null, $return_to = null)
{
if (empty($claimed_url)) {
return;
}
// do nothing.
$auth_request = openid_begin_consumer($claimed_url);
if (null === $auth_request) {
openid_status('error');
openid_message(sprintf(__('Could not discover an OpenID identity server endpoint at the url: %s', 'openid'), htmlentities($claimed_url)));
if (strpos($claimed_url, '@')) {
openid_message(openid_message() . '<br />' . __('It looks like you entered an email address, but it ' . 'was not able to be transformed into a valid OpenID.', 'openid'));
}
return;
}
// build return_to URL
if (empty($return_to)) {
$return_to = trailingslashit(get_option('home'));
}
$auth_request->return_to_args['openid_consumer'] = '1';
$auth_request->return_to_args['action'] = $action;
if (is_array($arguments) && !empty($arguments)) {
foreach ($arguments as $k => $v) {
if ($k && $v) {
$auth_request->return_to_args[urlencode($k)] = urlencode($v);
}
}
}
$extensions = apply_filters('openid_auth_request_extensions', array(), $auth_request);
foreach ($extensions as $e) {
if (is_a($e, 'Auth_OpenID_Extension')) {
$auth_request->addExtension($e);
}
}
$trust_root = get_option('home');
if (preg_match('/^https/', $return_to)) {
$trust_root = preg_replace('/^http\\:/', 'https:', $trust_root);
}
$_SESSION['openid_return_to'] = $return_to;
openid_doRedirect($auth_request, $trust_root, $return_to);
exit(0);
}
/**
* Start the OpenID authentication process.
*
* @param string $claimed_url claimed OpenID URL
* @param string $action OpenID action being performed
* @param string $finish_url stored in user session for later redirect
* @uses apply_filters() Calls 'openid_auth_request_extensions' to gather extensions to be attached to auth request
*/
function openid_start_login($claimed_url, $action, $finish_url = null)
{
if (empty($claimed_url)) {
return;
}
// do nothing.
$auth_request = openid_begin_consumer($claimed_url);
if (null === $auth_request) {
openid_status('error');
openid_message(sprintf(__('Could not discover an OpenID identity server endpoint at the url: %s', 'openid'), htmlentities($claimed_url)));
return;
}
@session_start();
$_SESSION['openid_action'] = $action;
$_SESSION['openid_finish_url'] = $finish_url;
$extensions = apply_filters('openid_auth_request_extensions', array(), $auth_request);
foreach ($extensions as $e) {
if (is_a($e, 'Auth_OpenID_Extension')) {
$auth_request->addExtension($e);
}
}
$return_to = openid_service_url('consumer', 'login_post');
$return_to = apply_filters('openid_return_to', $return_to);
$trust_root = openid_trust_root($return_to);
openid_redirect($auth_request, $trust_root, $return_to);
exit(0);
}
/**
* Handle OpenID profile management.
*/
function openid_profile_management()
{
global $wp_version;
if (!isset($_REQUEST['action'])) {
return;
}
switch ($_REQUEST['action']) {
case 'verify':
finish_openid($_REQUEST['action']);
break;
case 'add':
check_admin_referer('openid-add_openid');
$user = wp_get_current_user();
$auth_request = openid_begin_consumer($_POST['openid_identifier']);
$userid = get_user_by_openid($auth_request->endpoint->claimed_id);
if ($userid) {
global $error;
if ($user->ID == $userid) {
$error = __('You already have this OpenID!', 'openid');
} else {
$error = __('This OpenID is already associated with another user.', 'openid');
}
return;
}
$return_to = admin_url(current_user_can('edit_users') ? 'users.php' : 'profile.php');
openid_start_login($_POST['openid_identifier'], 'verify', array('page' => $_REQUEST['page']), $return_to);
break;
case 'delete':
openid_profile_delete_openids($_REQUEST['delete']);
break;
}
}
/**
* Handle OpenID profile management.
*/
function openid_profile_management()
{
global $action;
wp_reset_vars(array('action'));
switch ($action) {
case 'add':
check_admin_referer('openid-add_openid');
$user = wp_get_current_user();
$auth_request = openid_begin_consumer($_POST['openid_identifier']);
$userid = get_user_by_openid($auth_request->endpoint->claimed_id);
if ($userid) {
global $error;
if ($user->ID == $userid) {
$error = __('You already have this OpenID!', 'openid');
} else {
$error = __('This OpenID is already associated with another user.', 'openid');
}
return;
}
$finish_url = admin_url(current_user_can('edit_users') ? 'users.php' : 'profile.php');
$finish_url = add_query_arg('page', $_REQUEST['page'], $finish_url);
openid_start_login($_POST['openid_identifier'], 'verify', $finish_url);
break;
case 'delete':
openid_profile_delete_openids($_REQUEST['delete']);
break;
default:
if (array_key_exists('message', $_REQUEST)) {
$message = $_REQUEST['message'];
$messages = array('', __('Unable to authenticate OpenID.', 'openid'), __('OpenID assertion successful, but this URL is already associated with another user on this blog.', 'openid'), __('Added association with OpenID.', 'openid'));
if (is_numeric($message)) {
$message = $messages[$message];
} else {
$message = htmlentities2($message);
}
$message = __($message, 'openid');
if (array_key_exists('update_url', $_REQUEST) && $_REQUEST['update_url']) {
$message .= '<br />' . __('<strong>Note:</strong> For security reasons, your profile URL has been updated to match your OpenID.', 'openid');
}
openid_message($message);
openid_status($_REQUEST['status']);
}
break;
}
}
/**
* Check if the provided URL is a valid OpenID.
*
* @param string $url URL to check
* @return boolean true if the URL is a valid OpenID
*/
function is_url_openid( $url ) {
$auth_request = openid_begin_consumer( $url );
return ( $auth_request != null );
}
/**
* If the comment contains a valid OpenID, skip the check for requiring a name and email address. Even if
* this data is provided in the form, we may get it through other methods, so we don't want to bail out
* prematurely. After OpenID authentication has completed (and $_REQUEST['openid_skip'] is set), we don't
* interfere so that this data can be required if desired.
*
* @param boolean $value existing value of flag, whether to require name and email
* @return boolean new value of flag, whether to require name and email
* @see get_user_data
*/
function openid_option_require_name_email($value)
{
if ($_REQUEST['openid_skip']) {
return $value;
}
if (array_key_exists('openid_identifier', $_POST)) {
if (!empty($_POST['openid_identifier'])) {
return false;
}
} else {
if (!empty($_POST['url'])) {
// check if url is valid OpenID by forming an auth request
$auth_request = openid_begin_consumer($_POST['url']);
if (null !== $auth_request) {
return false;
}
}
}
return $value;
}
