/** * If the comment contains a valid OpenID, skip the check for requiring a name and email address. Even if * this data isn't provided in the form, we may get it through other methods, so we don't want to bail out * prematurely. After OpenID authentication has completed (and $_REQUEST['openid_skip'] is set), we don't * interfere so that this data can be required if desired. * * @param boolean $value existing value of flag, whether to require name and email * @return boolean new value of flag, whether to require name and email * @see get_user_data */ function openid_option_require_name_email($value) { $comment_page = defined('OPENID_COMMENTS_POST_PAGE') ? OPENID_COMMENTS_POST_PAGE : 'wp-comments-post.php'; if ($GLOBALS['pagenow'] != $comment_page) { return $value; } if ($_REQUEST['openid_skip']) { return get_option('openid_no_require_name') ? false : $value; } if (array_key_exists('openid_identifier', $_POST)) { if (!empty($_POST['openid_identifier'])) { return false; } } else { if (!empty($_POST['url'])) { // check if url is valid OpenID by forming an auth request $auth_request = openid_begin_consumer($_POST['url']); if (null !== $auth_request) { return false; } } } return $value; }
/** * Start the OpenID authentication process. * * @param string $claimed_url claimed OpenID URL * @param action $action OpenID action being performed * @param array $arguments array of additional arguments to be included in the 'return_to' URL * @uses apply_filters() Calls 'openid_auth_request_extensions' to gather extensions to be attached to auth request */ function openid_start_login($claimed_url, $action, $arguments = null, $return_to = null) { if (empty($claimed_url)) { return; } // do nothing. $auth_request = openid_begin_consumer($claimed_url); if (null === $auth_request) { openid_status('error'); openid_message(sprintf(__('Could not discover an OpenID identity server endpoint at the url: %s', 'openid'), htmlentities($claimed_url))); if (strpos($claimed_url, '@')) { openid_message(openid_message() . '<br />' . __('It looks like you entered an email address, but it ' . 'was not able to be transformed into a valid OpenID.', 'openid')); } return; } // build return_to URL if (empty($return_to)) { $return_to = trailingslashit(get_option('home')); } $auth_request->return_to_args['openid_consumer'] = '1'; $auth_request->return_to_args['action'] = $action; if (is_array($arguments) && !empty($arguments)) { foreach ($arguments as $k => $v) { if ($k && $v) { $auth_request->return_to_args[urlencode($k)] = urlencode($v); } } } $extensions = apply_filters('openid_auth_request_extensions', array(), $auth_request); foreach ($extensions as $e) { if (is_a($e, 'Auth_OpenID_Extension')) { $auth_request->addExtension($e); } } $trust_root = get_option('home'); if (preg_match('/^https/', $return_to)) { $trust_root = preg_replace('/^http\\:/', 'https:', $trust_root); } $_SESSION['openid_return_to'] = $return_to; openid_doRedirect($auth_request, $trust_root, $return_to); exit(0); }
/** * Start the OpenID authentication process. * * @param string $claimed_url claimed OpenID URL * @param string $action OpenID action being performed * @param string $finish_url stored in user session for later redirect * @uses apply_filters() Calls 'openid_auth_request_extensions' to gather extensions to be attached to auth request */ function openid_start_login($claimed_url, $action, $finish_url = null) { if (empty($claimed_url)) { return; } // do nothing. $auth_request = openid_begin_consumer($claimed_url); if (null === $auth_request) { openid_status('error'); openid_message(sprintf(__('Could not discover an OpenID identity server endpoint at the url: %s', 'openid'), htmlentities($claimed_url))); return; } @session_start(); $_SESSION['openid_action'] = $action; $_SESSION['openid_finish_url'] = $finish_url; $extensions = apply_filters('openid_auth_request_extensions', array(), $auth_request); foreach ($extensions as $e) { if (is_a($e, 'Auth_OpenID_Extension')) { $auth_request->addExtension($e); } } $return_to = openid_service_url('consumer', 'login_post'); $return_to = apply_filters('openid_return_to', $return_to); $trust_root = openid_trust_root($return_to); openid_redirect($auth_request, $trust_root, $return_to); exit(0); }
/** * Handle OpenID profile management. */ function openid_profile_management() { global $wp_version; if (!isset($_REQUEST['action'])) { return; } switch ($_REQUEST['action']) { case 'verify': finish_openid($_REQUEST['action']); break; case 'add': check_admin_referer('openid-add_openid'); $user = wp_get_current_user(); $auth_request = openid_begin_consumer($_POST['openid_identifier']); $userid = get_user_by_openid($auth_request->endpoint->claimed_id); if ($userid) { global $error; if ($user->ID == $userid) { $error = __('You already have this OpenID!', 'openid'); } else { $error = __('This OpenID is already associated with another user.', 'openid'); } return; } $return_to = admin_url(current_user_can('edit_users') ? 'users.php' : 'profile.php'); openid_start_login($_POST['openid_identifier'], 'verify', array('page' => $_REQUEST['page']), $return_to); break; case 'delete': openid_profile_delete_openids($_REQUEST['delete']); break; } }
/** * Handle OpenID profile management. */ function openid_profile_management() { global $action; wp_reset_vars(array('action')); switch ($action) { case 'add': check_admin_referer('openid-add_openid'); $user = wp_get_current_user(); $auth_request = openid_begin_consumer($_POST['openid_identifier']); $userid = get_user_by_openid($auth_request->endpoint->claimed_id); if ($userid) { global $error; if ($user->ID == $userid) { $error = __('You already have this OpenID!', 'openid'); } else { $error = __('This OpenID is already associated with another user.', 'openid'); } return; } $finish_url = admin_url(current_user_can('edit_users') ? 'users.php' : 'profile.php'); $finish_url = add_query_arg('page', $_REQUEST['page'], $finish_url); openid_start_login($_POST['openid_identifier'], 'verify', $finish_url); break; case 'delete': openid_profile_delete_openids($_REQUEST['delete']); break; default: if (array_key_exists('message', $_REQUEST)) { $message = $_REQUEST['message']; $messages = array('', __('Unable to authenticate OpenID.', 'openid'), __('OpenID assertion successful, but this URL is already associated with another user on this blog.', 'openid'), __('Added association with OpenID.', 'openid')); if (is_numeric($message)) { $message = $messages[$message]; } else { $message = htmlentities2($message); } $message = __($message, 'openid'); if (array_key_exists('update_url', $_REQUEST) && $_REQUEST['update_url']) { $message .= '<br />' . __('<strong>Note:</strong> For security reasons, your profile URL has been updated to match your OpenID.', 'openid'); } openid_message($message); openid_status($_REQUEST['status']); } break; } }
/** * Check if the provided URL is a valid OpenID. * * @param string $url URL to check * @return boolean true if the URL is a valid OpenID */ function is_url_openid( $url ) { $auth_request = openid_begin_consumer( $url ); return ( $auth_request != null ); }
/** * If the comment contains a valid OpenID, skip the check for requiring a name and email address. Even if * this data is provided in the form, we may get it through other methods, so we don't want to bail out * prematurely. After OpenID authentication has completed (and $_REQUEST['openid_skip'] is set), we don't * interfere so that this data can be required if desired. * * @param boolean $value existing value of flag, whether to require name and email * @return boolean new value of flag, whether to require name and email * @see get_user_data */ function openid_option_require_name_email($value) { if ($_REQUEST['openid_skip']) { return $value; } if (array_key_exists('openid_identifier', $_POST)) { if (!empty($_POST['openid_identifier'])) { return false; } } else { if (!empty($_POST['url'])) { // check if url is valid OpenID by forming an auth request $auth_request = openid_begin_consumer($_POST['url']); if (null !== $auth_request) { return false; } } } return $value; }