This class implements common utility functions that are used by both
Consumer and Provider. They include functions for Diffie-Hellman keys
generation and exchange, URL normalization, HTTP redirection and some others.
/**
* @return Zend_Mail
* @throws Zend_Mail_Protocol_Exception
*/
public static function getMail(Users_Model_User $user, $subject)
{
$file = CommunityID_Resources::getResourcePath('reminder_mail.txt');
$emailTemplate = file_get_contents($file);
$emailTemplate = str_replace('{userName}', $user->getFullName(), $emailTemplate);
$currentUrl = Zend_OpenId::selfURL();
preg_match('#(.*)/manageusers/sendreminder#', $currentUrl, $matches);
$emailTemplate = str_replace('{registrationURL}', $matches[1] . '/register/eula?token=' . $user->token, $emailTemplate);
// can't use $this->_config 'cause it's a static function
$configEmail = Zend_Registry::get('config')->email;
switch (strtolower($configEmail->transport)) {
case 'smtp':
Zend_Mail::setDefaultTransport(new Zend_Mail_Transport_Smtp($configEmail->host, $configEmail->toArray()));
break;
case 'mock':
Zend_Mail::setDefaultTransport(new Zend_Mail_Transport_Mock());
break;
default:
Zend_Mail::setDefaultTransport(new Zend_Mail_Transport_Sendmail());
}
$mail = new Zend_Mail('UTF-8');
$mail->setBodyText($emailTemplate);
$mail->setFrom($configEmail->supportemail);
$mail->addTo($user->email);
$mail->setSubject($subject);
return $mail;
}
public function indexAction()
{
$this->view->headTitle("User", 'PREPEND');
$openid = $this->getRequest()->getParam('openid');
if (isset($openid)) {
$this->view->openIdServer = Zend_OpenId::absoluteURL("/provider/");
} else {
$this->_redirect('/user/login');
}
}
public function save(Default_Model_User $user)
{
$data = array('username' => $user->getUsername(), 'password' => md5($user->getUsername() . $user->getPassword()), 'created' => date('Y-m-d H:i:s'), 'openid' => Zend_OpenId::absoluteURL('/openid/' . $user->getUsername()), 'user_type' => $user->getUserType());
if (null === ($id = $user->getId())) {
$id = $this->getDbTable()->insert($data);
} else {
$this->getDbTable()->update($data, array('id = ?' => $id));
}
return $id;
}
/**
* Performs login of user with given $id, $password and $username
* Returns true in case of success and false otherwise
*
* @param string $id user identity URL
* @param string $password user password
* @param string $username Tine 2.0 login name
* @return bool
*/
public function login($id, $password, $username = null)
{
if (!Zend_OpenId::normalize($id)) {
return false;
}
if (!$this->_storage->checkUser($id, $password, $username)) {
return false;
}
$this->_user->setLoggedInUser($id);
return true;
}
/**
* Returns identity URL of logged in user or false
*
* @return mixed
*/
public function getLoggedInUser()
{
// user is logged in via Tine 2.0 already
if (($user = Tinebase_Core::getUser()) instanceof Tinebase_Model_FullUser) {
return dirname(Zend_OpenId::selfUrl()) . '/users/' . (isset($user->openid) ? $user->openid : $user->accountLoginName);
}
// user has authenticated via OpenId before
if (isset($this->_sessionNameSpace->logged_in)) {
return $this->_sessionNameSpace->logged_in;
}
return false;
}
public function direct($config)
{
$currentUrl = urldecode(Zend_OpenId::selfURL());
if ($config->subdomain->enabled) {
$protocol = Monkeys_Controller_Action::getProtocol();
preg_match('#(.*)\\.' . $config->subdomain->hostname . '#', $currentUrl, $matches);
return "{$protocol}://" . ($config->subdomain->use_www ? 'www.' : '') . $config->subdomain->hostname . '/openid/provider';
} else {
preg_match('#(.*)/(identity|openid)?/#', $currentUrl, $matches);
return $matches[1] . '/openid/provider';
}
}
/**
* Normalizes OpenID identifier that can be URL or XRI name.
* Returns true on success and false of failure.
*
* Normalization is performed according to the following rules:
* 1. If the user's input starts with one of the "xri://", "xri://$ip*",
* or "xri://$dns*" prefixes, they MUST be stripped off, so that XRIs
* are used in the canonical form, and URI-authority XRIs are further
* considered URL identifiers.
* 2. If the first character of the resulting string is an XRI Global
* Context Symbol ("=", "@", "+", "$", "!"), then the input SHOULD be
* treated as an XRI.
* 3. Otherwise, the input SHOULD be treated as an http URL; if it does
* not include a "http" or "https" scheme, the Identifier MUST be
* prefixed with the string "http://".
* 4. URL identifiers MUST then be further normalized by both following
* redirects when retrieving their content and finally applying the
* rules in Section 6 of [RFC3986] to the final destination URL.
* @param string &$id identifier to be normalized
* @return bool
*/
public static function normalize(&$id)
{
$validator = new Zend_Validate_EmailAddress();
if ($validator->isValid($id)) {
if (false !== strpos($id, 'gmail')) {
$id = 'https://www.google.com/accounts/o8/id';
return true;
}
$email = explode('@', $id);
$id = 'https://www.google.com/accounts/o8/site-xrds?ns=2&hd=' . $email[1];
return true;
} else {
return Zend_OpenId::normalize($id);
}
}
/**
* @return Zend_Mail
* @throws Zend_Mail_Protocol_Exception
*/
public static function getMail(Exception $ex, User $user, $errors)
{
$exceptionClass = get_class($ex);
$stack = $ex->getTraceAsString();
$stackDetail = print_r($errors, true);
$currentUrl = Zend_OpenId::selfURL();
if ($user->role = ROLE_GUEST) {
$userLabel = 'Anonymous';
} else {
$userLabel = $user->getFullName() . '(' . $user->username . ')';
}
$body = <<<EOD
Dear Admin,
An error has occured in your Community-ID installation.
URL requested: {$currentUrl}
By User: {$userLabel}
Exception: {$exceptionClass}
Call stack:
{$stack}
Call stack detail:
{$stackDetail}
EOD;
// can't use $this-_config 'cause it's a static function
$configEmail = Zend_Registry::get('config')->email;
switch (strtolower($configEmail->transport)) {
case 'smtp':
Zend_Mail::setDefaultTransport(new Zend_Mail_Transport_Smtp($configEmail->host, $configEmail->toArray()));
break;
case 'mock':
Zend_Mail::setDefaultTransport(new Zend_Mail_Transport_Mock());
break;
default:
Zend_Mail::setDefaultTransport(new Zend_Mail_Transport_Sendmail());
}
$mail = new Zend_Mail();
$mail->setBodyText($body);
$mail->setFrom($this->_config->email->supportemail);
$mail->addTo($configEmail->adminemail);
$mail->setSubject('Community-ID error report');
return $mail;
}
function HandleObjectCategories($objectCategoryIds)
{
global $prefs;
$perspectivelib = TikiLib::lib('perspective');
$current_object = current_object();
if (!$current_object) {
// only used on tiki objects
return;
}
$descendants = $this->get_category_descendants($prefs['areas_root']);
$objectPerspective = 0;
if (!empty($objectCategoryIds)) {
if (!isset($_SESSION['current_perspective'])) {
unset($_SESSION['current_perspective']);
}
foreach ($objectCategoryIds as $categId) {
// If category is inside $prefs['areas_root']
if (in_array($categId, $descendants)) {
$area = $this->getAreaByCategId($categId);
if ($area) {
$objectPerspective = $area['perspectives'][0];
// use 1st persp
break;
}
}
}
if ($objectPerspective && $objectPerspective != $_SESSION['current_perspective']) {
$area = $this->getAreaByPerspId($_SESSION['current_perspective']);
$objectArea = $this->getAreaByPerspId($objectPerspective);
if ($area && !$area['share_common'] || $objectArea && $objectArea['exclusive']) {
$perspectivelib->set_perspective($objectPerspective, true);
Zend_OpenId::redirect(Zend_OpenId::selfUrl());
}
}
}
if ($objectPerspective < 1 && !empty($_SESSION['current_perspective'])) {
// uncategorised objects
$area = $this->getAreaByPerspId($_SESSION['current_perspective']);
if ($area) {
if (!$area['share_common']) {
$perspectivelib->set_perspective($objectPerspective, true);
Zend_OpenId::redirect(Zend_OpenId::selfUrl());
}
}
}
}
/**
* Подготовить набор параметров для verify
*
* @return array
*/
protected function _makeVerifyParameters(array $extraParams = array())
{
$_SERVER['SCRIPT_URI'] = 'http://localhost/index.php/auth/openid/verify';
$expiresIn = TIME + 600;
$this->storage->addDiscoveryInfo(self::ID, self::REAL_ID, self::SERVER, 1.1, $expiresIn);
$this->storage->addAssociation(self::SERVER, self::HANDLE, "sha1", $secret = pack("H*", "8382aea922560ece833ba55fa53b7a975f597370"), $expiresIn);
$params = array("openid_return_to" => $_SERVER['SCRIPT_URI'], "openid_assoc_handle" => self::HANDLE, "openid_claimed_id" => self::ID, "openid_identity" => self::REAL_ID, "openid_response_nonce" => "2007-08-14T12:52:33Z46c1a59124ffe", "openid_mode" => "id_res", "openid_signed" => "assoc_handle,return_to,claimed_id,identity,response_nonce,mode,signed");
$signed = array($params["openid_signed"]);
if ($extraParams) {
$params = array_merge($params, $extraParams);
// TODO: Фуууууу
$extraParams2 = explode(',', str_replace('_', '.', implode(',', array_keys($extraParams))));
$signed = array_merge($signed, $extraParams2);
}
$params["openid_signed"] = str_replace('openid.', '', implode(',', $signed));
// Подписать данные
$data = '';
foreach (explode(',', $params['openid_signed']) as $key) {
$data .= $key . ':' . $params['openid_' . strtr($key, '.', '_')] . "\n";
}
$params['openid_sig'] = base64_encode(\Zend_OpenId::hashHmac('sha1', $data, $secret));
return $params;
}
/**
* Returns an absolute URL for the given one
*
* @param string $url absilute or relative URL
* @return string
*/
public static function absoluteUrl($url)
{
if (empty($url)) {
return Zend_OpenId::selfUrl();
} else {
if (!preg_match('|^([^:]+)://|', $url)) {
if (preg_match('|^([^:]+)://([^:@]*(?:[:][^@]*)?@)?([^/:@?#]*)(?:[:]([^/?#]*))?(/[^?]*)?((?:[?](?:[^#]*))?(?:#.*)?)$|', Zend_OpenId::selfUrl(), $reg)) {
$scheme = $reg[1];
$auth = $reg[2];
$host = $reg[3];
$port = $reg[4];
$path = $reg[5];
$query = $reg[6];
if ($url[0] == '/') {
return $scheme . '://' . $auth . $host . (empty($port) ? '' : ':' . $port) . $url;
} else {
$dir = dirname($path);
return $scheme . '://' . $auth . $host . (empty($port) ? '' : ':' . $port) . (strlen($dir) > 1 ? $dir : '') . '/' . $url;
}
}
}
}
return $url;
}
$dir = realpath(__DIR__ . "/../../..");
set_include_path("{$dir}/incubator/library" . PATH_SEPARATOR . "{$dir}/library" . PATH_SEPARATOR . get_include_path());
/**
* @see Zend_Auth
*/
require_once "Zend/Auth.php";
/**
* @see Zend_Auth_Adapter_OpenId
*/
require_once "Zend/Auth/Adapter/OpenId.php";
$status = "";
$auth = Zend_Auth::getInstance();
if (isset($_POST['openid_action']) && $_POST['openid_action'] == "login" && !empty($_POST['openid_identifier']) || isset($_GET['openid_mode']) || isset($_POST['openid_mode'])) {
$result = $auth->authenticate(new Zend_Auth_Adapter_OpenId(@$_POST['openid_identifier']));
if ($result->isValid()) {
Zend_OpenId::redirect(Zend_OpenId::selfURL());
} else {
$auth->clearIdentity();
foreach ($result->getMessages() as $message) {
$status .= "{$message}<br>\n";
}
}
} else {
if ($auth->hasIdentity()) {
if (isset($_POST['openid_action']) && $_POST['openid_action'] == "logout") {
$auth->clearIdentity();
} else {
$status = "You are logged-in as " . $auth->getIdentity() . "<br>\n";
}
}
}
public function getUserWithUsername($username, $generateNewIfMissing = false, Zend_View $view = null)
{
$select = $this->select()->where('username=?', $username);
$user = $this->fetchRow($select);
$ldapOptions = Zend_Registry::get('config')->ldap;
if ($ldapOptions->enabled) {
$ldap = Monkeys_Ldap::getInstance();
try {
$ldapUserData = $ldap->get("cn={$username},{$ldapOptions->baseDn}");
} catch (Exception $e) {
if ($e->getCode() == Monkeys_Ldap::EXCEPTION_SEARCH) {
return false;
}
throw $e;
}
if ($user) {
// this fields are always overridden from what comes from LDAP, because they might change
$user->overrideWithLdapData($ldapUserData);
} else {
// user is registered in LDAP, but not in CID's db
$user = $this->createRow();
$user->registration_date = date('Y-m-d');
$user->overrideWithLdapData($ldapUserData);
if ($user->role != Users_Model_User::ROLE_ADMIN) {
preg_match('#(.*)/users/login/authenticate#', Zend_OpenId::selfURL(), $matches);
$user->generateOpenId($matches[1]);
}
if ($generateNewIfMissing) {
$user->save();
$profileId = $user->createDefaultProfile($view);
$user->generatePersonalInfo($ldapUserData, $profileId);
}
}
}
return $user;
}
/**
* handle all kinds of openId requests
*
* @return void
*/
public function openId()
{
Tinebase_Core::startCoreSession();
$server = new Tinebase_OpenId_Provider(null, null, new Tinebase_OpenId_Provider_User_Tine20(), new Tinebase_OpenId_Provider_Storage());
$server->setOpEndpoint(dirname(Zend_OpenId::selfUrl()) . '/index.php?method=Tinebase.openId');
// handle openId login form
if (isset($_POST['openid_action']) && $_POST['openid_action'] === 'login') {
$server->login($_POST['openid_identifier'], $_POST['password'], $_POST['username']);
unset($_GET['openid_action']);
$this->_setJsonKeyCookie();
Zend_OpenId::redirect(dirname(Zend_OpenId::selfUrl()) . '/index.php', $_GET);
// display openId login form
} else {
if (isset($_GET['openid_action']) && $_GET['openid_action'] === 'login') {
$view = new Zend_View();
$view->setScriptPath('Tinebase/views');
$view->openIdIdentity = $_GET['openid_identity'];
$view->loginName = $_GET['openid_identity'];
header('Content-Type: text/html; charset=utf-8');
echo $view->render('openidLogin.php');
// handle openId trust form
} else {
if (isset($_POST['openid_action']) && $_POST['openid_action'] === 'trust') {
if (isset($_POST['allow'])) {
if (isset($_POST['forever'])) {
$server->allowSite($server->getSiteRoot($_GET));
}
$server->respondToConsumer($_GET);
} else {
if (isset($_POST['deny'])) {
if (isset($_POST['forever'])) {
$server->denySite($server->getSiteRoot($_GET));
}
Zend_OpenId::redirect($_GET['openid_return_to'], array('openid.mode' => 'cancel'));
}
}
// display openId trust form
} else {
if (isset($_GET['openid_action']) && $_GET['openid_action'] === 'trust') {
if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . " Display openId trust screen");
}
$view = new Zend_View();
$view->setScriptPath('Tinebase/views');
$view->openIdConsumer = $server->getSiteRoot($_GET);
$view->openIdIdentity = $server->getLoggedInUser();
header('Content-Type: text/html; charset=utf-8');
echo $view->render('openidTrust.php');
// handle all other openId requests
} else {
$result = $server->handle();
if (is_string($result)) {
echo $result;
} elseif ($result !== true) {
header('HTTP/1.0 403 Forbidden');
return;
}
}
}
}
}
}
/**
* testing testBtwoc
*
*/
public function testBtwoc()
{
$this->assertSame( '00', bin2hex(Zend_OpenId::btwoc(pack('H*', '00'))) );
$this->assertSame( '01', bin2hex(Zend_OpenId::btwoc(pack('H*', '01'))) );
$this->assertSame( '7e', bin2hex(Zend_OpenId::btwoc(pack('H*', '7e'))) );
$this->assertSame( '78', bin2hex(Zend_OpenId::btwoc(pack('H*', '78'))) );
$this->assertSame( '0080', bin2hex(Zend_OpenId::btwoc(pack('H*', '80'))) );
$this->assertSame( '0081', bin2hex(Zend_OpenId::btwoc(pack('H*', '81'))) );
$this->assertSame( '00fe', bin2hex(Zend_OpenId::btwoc(pack('H*', 'fe'))) );
$this->assertSame( '00ff', bin2hex(Zend_OpenId::btwoc(pack('H*', 'ff'))) );
}
if ($_POST['openid_action'] == 'trust') {
if (isset($_GET['openid_return_to'])) {
$sreg = new Zend_OpenId_Extension_Sreg();
$sreg->parseResponse($_POST);
if (isset($_POST['allow'])) {
if (isset($_POST['forever'])) {
$server->allowSite($server->getSiteRoot($_GET), $sreg);
}
unset($_GET['openid_action']);
$server->respondToConsumer($_GET, $sreg);
} else {
if (isset($_POST['deny'])) {
if (isset($_POST['forever'])) {
$server->denySite($server->getSiteRoot($_GET));
}
Zend_OpenId::redirect($_GET['openid_return_to'], array('openid.mode' => 'cancel'));
}
}
} else {
if (isset($_POST['allow'])) {
$server->allowSite($_POST['site']);
header('Location: ' . $_SERVER['PHP_SELF']);
exit;
} else {
if (isset($_POST['deny'])) {
$server->denySite($_POST['site']);
header('Location: ' . $_SERVER['PHP_SELF']);
exit;
} else {
if (isset($_POST['del'])) {
$server->delSite($_POST['site']);
public function btnLogin_Click($strFormId, $strControlId, $strParameter)
{
require_once "Zend/Auth.php";
require_once "Zend/Auth/Adapter/OpenId.php";
require_once "Zend/Auth/Storage/NonPersistent.php";
$this->txtOpenIdUrl->Text = preg_replace('/\\/$/', '', $this->txtOpenIdUrl->Text);
$status = "";
$auth = Zend_Auth::getInstance();
$result = $auth->authenticate(new Zend_Auth_Adapter_OpenId($this->txtOpenIdUrl->Text));
if ($result->isValid()) {
Zend_OpenId::redirect(Zend_OpenId::selfURL());
} else {
$auth->clearIdentity();
foreach ($result->getMessages() as $message) {
$status .= "{$message}<br>\n";
}
$this->lblMessage->ForeColor = 'red';
$this->lblMessage->Text = 'OpenId: ' . $status;
return false;
}
}
/**
* testing setSelfUrl
*
*/
public function testSetSelfUrl()
{
unset($_SERVER['SCRIPT_URI']);
unset($_SERVER['HTTPS']);
unset($_SERVER['HTTP_HOST']);
unset($_SERVER['SERVER_NAME']);
unset($_SERVER['SERVER_PORT']);
unset($_SERVER['SCRIPT_URL']);
unset($_SERVER['REDIRECT_URL']);
unset($_SERVER['PHP_SELF']);
unset($_SERVER['SCRIPT_NAME']);
unset($_SERVER['PATH_INFO']);
$_SERVER['SCRIPT_URI'] = "http://www.test.com/";
$this->assertSame('http://www.test.com/', Zend_OpenId::selfUrl());
$this->assertSame(null, Zend_OpenId::setSelfUrl("http://localhost/test"));
$this->assertSame("http://localhost/test", Zend_OpenId::selfUrl());
$this->assertSame("http://localhost/test", Zend_OpenId::setSelfUrl());
$this->assertSame('http://www.test.com/', Zend_OpenId::selfUrl());
$this->assertSame(null, Zend_OpenId::setSelfUrl());
$this->assertSame('http://www.test.com/', Zend_OpenId::selfUrl());
}
* obtain it through the world-wide-web, please send an email
* to license@zend.com so we can send you a copy immediately.
*
* @category Zend
* @package Zend_OpenId
* @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com)
* @license http://framework.zend.com/license/new-bsd New BSD License
* @version $Id:$
*/
/**
* Zend_OpenId
*/
require_once 'Zend/OpenId.php';
Zend_OpenId::$exitOnRedirect = false;
/**
* @package Zend_OpenId
* @subpackage UnitTests
*/
class Zend_OpenId_ResponseHelper extends Zend_Controller_Response_Abstract
{
private $_canSendHeaders;
public function __construct($canSendHeaders)
{
$this->_canSendHeaders = $canSendHeaders;
}
public function canSendHeaders($throw = false)
public function idAction()
{
$this->view->headLink()->headLink(array('rel' => 'openid.server', 'href' => $this->_helper->ProviderUrl($this->_config)));
$this->view->headLink()->headLink(array('rel' => 'openid2.provider', 'href' => $this->_helper->ProviderUrl($this->_config)));
$this->view->idUrl = urldecode(Zend_OpenId::selfURL());
}
public function saveaccountinfoAction()
{
$isNewUser = is_null($this->targetUser->id) ? true : false;
if (!$isNewUser && $this->targetUser->id != $this->user->id || $this->_config->ldap->enabled && !$this->_config->ldap->keepRecordsSynced) {
throw new Monkeys_AccessDeniedException();
}
$form = new Users_Form_AccountInfo(null, $this->targetUser);
$formData = $this->_request->getPost();
$form->populate($formData);
if (!$form->isValid($formData)) {
return $this->_redirectInvalidForm($form);
}
$existingUsernameOrEmail = false;
$oldUsername = $this->targetUser->username;
$newUsername = $form->getValue('username');
if ($isNewUser && $this->_usernameAlreadyExists($newUsername) || !$isNewUser && $oldUsername != $newUsername && $this->_usernameAlreadyExists($newUsername)) {
$form->username->addError($this->view->translate('This username is already in use'));
$existingUsernameOrEmail = true;
}
$newEmail = $form->getValue('email');
if ($isNewUser && $this->_emailAlreadyExists($newEmail) || !$isNewUser && $this->targetUser->email != $newEmail && $this->_emailAlreadyExists($newEmail)) {
$form->email->addError($this->view->translate('This E-mail is already in use'));
$existingUsernameOrEmail = true;
}
if ($existingUsernameOrEmail) {
return $this->_redirectInvalidForm($form);
}
if ($this->_config->yubikey->enabled) {
$this->targetUser->auth_type = $form->getValue('authMethod');
$yubikey = trim($form->getValue('yubikey'));
if ($form->getValue('authMethod') == Users_Model_User::AUTH_YUBIKEY) {
// only store or update yubikey for new users or existing that filled in something
if ($isNewUser || $yubikey) {
if (!($publicId = $this->_getYubikeyPublicId($yubikey))) {
$form->yubikey->addError($this->view->translate('Could not validate Yubikey'));
return $this->_redirectInvalidForm($form);
}
$this->targetUser->yubikey_publicid = $publicId;
}
}
}
$this->targetUser->username = $newUsername;
$this->targetUser->firstname = $form->getValue('firstname');
$this->targetUser->lastname = $form->getValue('lastname');
$this->targetUser->email = $newEmail;
if ($isNewUser) {
$this->targetUser->accepted_eula = 1;
$this->targetUser->registration_date = date('Y-m-d');
preg_match('#(.*)/users/profile.*#', Zend_OpenId::selfURL(), $matches);
$this->targetUser->generateOpenId($matches[1]);
$this->targetUser->role = Users_Model_User::ROLE_REGISTERED;
$this->targetUser->setClearPassword($form->getValue('password1'));
}
if ($this->_config->ldap->enabled && $this->_config->ldap->keepRecordsSynced) {
$ldap = Monkeys_Ldap::getInstance();
if ($isNewUser) {
$this->targetUser->setPassword($form->getValue('password1'));
$ldap->add($this->targetUser);
} else {
if ($oldUsername != $newUsername) {
$ldap->modifyUsername($this->targetUser, $oldUsername);
}
$ldap->modify($this->targetUser);
}
// LDAP passwords must not be stored in the DB
$this->targetUser->setPassword('');
}
$this->targetUser->save();
if ($isNewUser) {
$this->targetUser->createDefaultProfile($this->view);
}
/**
* When the form is submitted through a YUI request using a file, an iframe is used,
* so the framework doesn't detected it as ajax, so we have to manually ensure the
* layout is not shown.
*/
$this->_helper->layout->disableLayout();
$this->_forward('accountinfo', null, null, array('userid' => $this->targetUser->id));
}
/**
* Performs a HTTP redirection to specified URL with additional data.
* It may generate redirected request using GET or POST HTTP method.
* The function never returns.
*
* @param string $url URL to redirect to
* @param array $params additional variable/value pairs to send
* @param Zend_Controller_Response_Abstract $response
* @param string $method redirection method ('GET' or 'POST')
*/
public static function redirect($url, $params = null, Zend_Controller_Response_Abstract $response = null, $method = 'GET')
{
$url = Zend_OpenId::absoluteUrl($url);
$body = "";
if (null === $response) {
require_once "Zend/Controller/Response/Http.php";
$response = new Zend_Controller_Response_Http();
}
if ($method == 'POST') {
$body = "<html><body onLoad=\"document.forms[0].submit();\">\n";
$body .= "<form method=\"POST\" action=\"{$url}\">\n";
if (is_array($params) && count($params) > 0) {
foreach ($params as $key => $value) {
$body .= '<input type="hidden" name="' . $key . '" value="' . $value . "\">\n";
}
}
$body .= "<input type=\"submit\" value=\"Continue OpenID transaction\">\n";
$body .= "</form></body></html>\n";
} else {
if (is_array($params) && count($params) > 0) {
if (strpos($url, '?') === false) {
$url .= '?' . self::paramsToQuery($params);
} else {
$url .= '&' . self::paramsToQuery($params);
}
}
}
if (!empty($body)) {
$response->setBody($body);
} else {
if (!$response->canSendHeaders()) {
$response->setBody("<script language=\"JavaScript\"" . " type=\"text/javascript\">window.location='{$url}';" . "</script>");
} else {
$response->setRedirect($url);
}
}
$response->sendResponse();
if (self::$exitOnRedirect) {
exit;
}
}
/**
* Performs the first step of a Diffie-Hellman key exchange by generating
* private and public DH values based on given prime number $p and
* generator $g. Both sides of key exchange MUST have the same prime number
* and generator. In this case they will able to create a random shared
* secret that is never send from one to the other.
*
* @param string $p prime number in binary representation
* @param string $g generator in binary representation
* @param string $priv_key private key in binary representation
* @return mixed
*/
public static function createDhKey($p, $g, $priv_key = null)
{
if (function_exists('openssl_dh_compute_key')) {
$dh_details = array('p' => $p, 'g' => $g);
if ($priv_key !== null) {
$dh_details['priv_key'] = $priv_key;
}
return openssl_pkey_new(array('dh' => $dh_details));
} else {
$bn_p = self::binToBigNum($p);
$bn_g = self::binToBigNum($g);
if ($priv_key === null) {
$priv_key = self::randomBytes(Zend_OpenId::strlen($p));
}
$bn_priv_key = self::binToBigNum($priv_key);
if (extension_loaded('gmp')) {
$bn_pub_key = gmp_powm($bn_g, $bn_priv_key, $bn_p);
} else {
if (extension_loaded('bcmath')) {
$bn_pub_key = bcpowmod($bn_g, $bn_priv_key, $bn_p);
}
}
$pub_key = self::bigNumToBin($bn_pub_key);
return array('p' => $bn_p, 'g' => $bn_g, 'priv_key' => $bn_priv_key, 'pub_key' => $bn_pub_key, 'details' => array('p' => $p, 'g' => $g, 'priv_key' => $priv_key, 'pub_key' => $pub_key));
}
}
/**
* Performs check of OpenID identity.
*
* This is the first step of OpenID authentication process.
* On success the function does not return (it does HTTP redirection to
* server and exits). On failure it returns false.
*
* @param bool $immediate enables or disables interaction with user
* @param string $id OpenID identity
* @param string $returnTo HTTP URL to redirect response from server to
* @param string $root HTTP URL to identify consumer on server
* @param mixed $extensions extension object or array of extensions objects
* @param Zend_Controller_Response_Abstract $response an optional response
* object to perform HTTP or HTML form redirection
* @return bool
*/
protected function _checkId($immediate, $id, $returnTo = null, $root = null, $extensions = null, Zend_Controller_Response_Abstract $response = null)
{
if (!Zend_OpenId::normalize($id)) {
return false;
}
$claimedId = $id;
if (!$this->_discovery($id, $server, $version)) {
return false;
}
if (!$this->_associate($server, $version)) {
return false;
}
if (!$this->_getAssociation($server, $handle, $macFunc, $secret, $expires)) {
/* Use dumb mode */
unset($handle);
unset($macFunc);
unset($secret);
unset($expires);
}
$params = array();
if ($version >= 2.0) {
$params['openid.ns'] = Zend_OpenId::NS_2_0;
}
$params['openid.mode'] = $immediate ? 'checkid_immediate' : 'checkid_setup';
$params['openid.identity'] = $id;
$params['openid.claimed_id'] = $claimedId;
if (isset($handle)) {
$params['openid.assoc_handle'] = $handle;
}
$params['openid.return_to'] = Zend_OpenId::absoluteUrl($returnTo);
if (empty($root)) {
$root = dirname(Zend_OpenId::selfUrl());
}
if ($version >= 2.0) {
$params['openid.realm'] = $root;
} else {
$params['openid.trust_root'] = $root;
}
if (!Zend_OpenId_Extension::forAll($extensions, 'prepareRequest', $params)) {
return false;
}
Zend_OpenId::redirect($server, $params, $response);
return true;
}
color: #000;
padding-left: 18px;
width: 220px;
margin-right: 10px;
}
</style>
</head>
<body>
<?php echo "$status<br>\n";?>
<div>
<form action="<?php echo Zend_OpenId::selfUrl(); ?>"
method="post" onsubmit="this.login.disabled=true;">
<fieldset id="openid">
<legend>OpenID Login</legend>
<input type="hidden" name="openid_action" value="login">
<div>
<input type="text" name="openid_identifier" class="openid_login" value="<?php echo $id;?>">
<input type="submit" name="login" value="login">
<table border="0" cellpadding="2" cellspacing="2">
<tr><td> </td><td>requird</td><td>optional</td><td>none</td><td> </td></tr>
<?php echo "$sreg_html<br>\n";?>
</table>
<br>
<a href="<?php echo dirname(Zend_OpenId::selfUrl()); ?>/test_server.php?openid.action=register">register</a>
</div>
</fieldset>
</form>
</div>
</body>
</html>
function wikiplugin_subscribegroup($data, $params)
{
global $tiki_p_subscribe_groups, $userlib, $user, $smarty;
static $iSubscribeGroup = 0;
++$iSubscribeGroup;
if (empty($user)) {
return '';
}
if ($tiki_p_subscribe_groups != 'y') {
return tra('Permission denied');
}
extract($params, EXTR_SKIP);
if (empty($group)) {
if (!empty($_REQUEST['group'])) {
$group = $_REQUEST['group'];
} else {
return tra('Missing parameter');
}
}
if ($group == 'Anonymous' || $group == 'Registered') {
return tra('Incorrect param');
}
if (!($info = $userlib->get_group_info($group)) || $info['groupName'] != $group) {
// must have the right case
return tra('Incorrect param');
}
if ($info['userChoice'] != 'y') {
return tra('Permission denied');
}
$groups = $userlib->get_user_groups_inclusion($user);
$current_defgroup = $userlib->get_user_default_group($user);
if (!empty($_REQUEST['subscribeGroup']) && !empty($_REQUEST['iSubscribeGroup']) && $_REQUEST['iSubscribeGroup'] == $iSubscribeGroup && $_REQUEST['group'] == $group) {
if (isset($defgroup) || isset($defgroup_action) || isset($undefgroup) || isset($undefgroup_action)) {
if ($current_defgroup == $group) {
$new_group = !empty($undefgroup_group) ? $undefgroup_group : 'Registered';
$userlib->set_default_group($user, $new_group);
} else {
if (!isset($groups[$group])) {
$userlib->assign_user_to_group($user, $group);
}
$userlib->set_default_group($user, $group);
}
if (!empty($params['defgroup_url']) && $params['defgroup_url'] === 'n') {
Zend_OpenId::redirect(Zend_OpenId::selfUrl());
} else {
global $tikiroot;
Zend_OpenId::redirect($tikiroot);
}
die;
} else {
if (isset($groups[$group])) {
$userlib->remove_user_from_group($user, $group);
unset($groups[$group]);
if (!empty($postunsubscribe_url)) {
header("Location: {$postunsubscribe_url}");
die;
}
} else {
$userlib->assign_user_to_group($user, $group);
$groups[$group] = 'real';
if (!empty($postsubscribe_url)) {
header("Location: {$postsubscribe_url}");
die;
}
}
}
}
if (isset($undefgroup) || isset($undefgroup_action)) {
if ($current_defgroup == $group) {
$text = isset($undefgroup) ? $undefgroup : '';
if (!isset($undefgroup_action)) {
$undefgroup_action = tra('OK');
}
$smarty->assign('action', $undefgroup_action);
} else {
$text = isset($defgroup) ? $defgroup : '';
if (!isset($defgroup_action)) {
$defgroup_action = tra('OK');
}
$smarty->assign('action', $defgroup_action);
}
} else {
if (isset($groups[$group])) {
//user already in the group->
if ($groups[$group] == 'included') {
return tra('Incorrect param');
}
$text = isset($unsubscribe) ? $unsubscribe : tra('Unsubscribe') . '%s';
if (!isset($unsubscribe_action)) {
$unsubscribe_action = tra('OK');
}
$smarty->assign('action', $unsubscribe_action);
} else {
$text = isset($subscribe) ? $subscribe : tra('Subscribe') . '%s';
if (!isset($subscribe_action)) {
$subscribe_action = tra('OK');
}
$smarty->assign('action', $subscribe_action);
}
}
$smarty->assign('text', sprintf(tra($text), $group));
$smarty->assign('subscribeGroup', $group);
$smarty->assign('iSubscribeGroup', $iSubscribeGroup);
$data = $data . $smarty->fetch('wiki-plugins/wikiplugin_subscribegroup.tpl');
return $data;
}
/**
* Performs authentication validation for dumb consumers
* Returns array of variables to push back to consumer.
* It MUST contain 'is_valid' variable with value 'true' or 'false'.
*
* @param float $version OpenID version
* @param array $params GET or POST request variables
* @return array
*/
protected function _checkAuthentication($version, $params)
{
$ret = array();
if ($version >= 2.0) {
$ret['ns'] = Zend_OpenId::NS_2_0;
}
$ret['openid.mode'] = 'id_res';
if (empty($params['openid_assoc_handle']) || empty($params['openid_signed']) || empty($params['openid_sig']) || !$this->_storage->getAssociation($params['openid_assoc_handle'], $macFunc, $secret, $expires)) {
$ret['is_valid'] = 'false';
return $ret;
}
$signed = explode(',', $params['openid_signed']);
$data = '';
foreach ($signed as $key) {
$data .= $key . ':';
if ($key == 'mode') {
$data .= "id_res\n";
} else {
$data .= $params['openid_' . strtr($key, '.', '_')] . "\n";
}
}
if ($this->_secureStringCompare(base64_decode($params['openid_sig']), Zend_OpenId::hashHmac($macFunc, $data, $secret))) {
$ret['is_valid'] = 'true';
} else {
$ret['is_valid'] = 'false';
}
return $ret;
}
/**
* Map a specific OpenID url to its equivalent, valid OpenID url.
* Example: flickr.com doesn't actually provide OpenID support, so we redirect to me.yahoo.com.
*
* @param string $url
* @return null|string
*/
protected function mapOpenIDUrl($url)
{
$urlmap = array('http://flickr.com/' => 'http://me.yahoo.com/');
$normalizedUrl = $url;
if (Zend_OpenId::normalizeUrl($normalizedUrl)) {
foreach ($urlmap as $key => $val) {
Zend_OpenId::normalizeUrl($key);
if ($normalizedUrl == $key) {
$normalizedUrl = $val;
Zend_OpenId::normalizeUrl($normalizedUrl);
break;
}
}
return $normalizedUrl;
}
return null;
}
/**
* Performs check of OpenID identity.
*
* This is the first step of OpenID authentication process.
* On success the function does not return (it does HTTP redirection to
* server and exits). On failure it returns false.
*
* @param bool $immediate enables or disables interaction with user
* @param string $id OpenID identity
* @param string $returnTo HTTP URL to redirect response from server to
* @param string $root HTTP URL to identify consumer on server
* @param mixed $extensions extension object or array of extensions objects
* @param Zend_Controller_Response_Abstract $response an optional response
* object to perform HTTP or HTML form redirection
* @return bool
*/
protected function _checkId($immediate, $id, $returnTo = null, $root = null, $extensions = null, Zend_Controller_Response_Abstract $response = null)
{
$this->_setError('');
if (!Zend_OpenId::normalize($id)) {
$this->_setError("Normalisation failed");
return false;
}
$claimedId = $id;
if (!$this->_discovery($id, $server, $version)) {
$this->_setError("Discovery failed: " . $this->getError());
return false;
}
if (!$this->_associate($server, $version)) {
$this->_setError("Association failed: " . $this->getError());
return false;
}
if (!$this->_getAssociation($server, $handle, $macFunc, $secret, $expires)) {
/* Use dumb mode */
unset($handle);
unset($macFunc);
unset($secret);
unset($expires);
}
$params = array();
if ($version >= 2.0) {
$params['openid.ns'] = Zend_OpenId::NS_2_0;
}
$params['openid.mode'] = $immediate ? 'checkid_immediate' : 'checkid_setup';
$params['openid.identity'] = $id;
$params['openid.claimed_id'] = $claimedId;
if ($version <= 2.0) {
if ($this->_session !== null) {
$this->_session->identity = $id;
$this->_session->claimed_id = $claimedId;
} else {
if (defined('SID')) {
$_SESSION["zend_openid"] = array("identity" => $id, "claimed_id" => $claimedId);
} else {
require_once "Zend/Session/Namespace.php";
$this->_session = new Zend_Session_Namespace("zend_openid");
$this->_session->identity = $id;
$this->_session->claimed_id = $claimedId;
}
}
}
if (isset($handle)) {
$params['openid.assoc_handle'] = $handle;
}
$params['openid.return_to'] = Zend_OpenId::absoluteUrl($returnTo);
if (empty($root)) {
$root = Zend_OpenId::selfUrl();
if ($root[strlen($root) - 1] != '/') {
$root = dirname($root);
}
}
if ($version >= 2.0) {
$params['openid.realm'] = $root;
} else {
$params['openid.trust_root'] = $root;
}
if (!Zend_OpenId_Extension::forAll($extensions, 'prepareRequest', $params)) {
$this->_setError("Extension::prepareRequest failure");
return false;
}
Zend_OpenId::redirect($server, $params, $response);
return true;
}
echo Zend_OpenId::selfUrl();
?>
"
method="post" onsubmit="this.login.disabled=true;">
<fieldset id="openid">
<legend>OpenID Login</legend>
<input type="hidden" name="openid_action" value="login">
<div>
<input type="text" name="openid_identifier" class="openid_login" value="<?php
echo $id;
?>
">
<input type="submit" name="login" value="login">
<table border="0" cellpadding="2" cellspacing="2">
<tr><td> </td><td>requird</td><td>optional</td><td>none</td><td> </td></tr>
<?php
echo "{$sreg_html}<br>\n";
?>
</table>
<br>
<a href="<?php
echo dirname(Zend_OpenId::selfUrl());
?>
/test_server.php?openid.action=register">register</a>
</div>
</fieldset>
</form>
</div>
</body>
</html>