/**
* Perform first pass through login handler routine
*
* @access private
* @return mixed Boolean on failure else output/redirect
*/
private function _doFirstPass()
{
//-----------------------------------------
// Do the same cleaning we do when storing url
//-----------------------------------------
$url = trim($this->request['openid_url']);
$url = rtrim($url, "/");
if (!strpos($url, 'http://') === 0 and !strpos($url, 'https://') === 0) {
$url = 'http://' . $url;
}
if (!IPSText::xssCheckUrl($url)) {
$this->auth_errors[] = 'bad_url';
$this->return_code = 'WRONG_AUTH';
return false;
}
$consumer = $this->_getConsumer();
if (!is_object($consumer)) {
return false;
}
//-----------------------------------------
// Store some of the input data..
//-----------------------------------------
$id = md5(uniqid(mt_rand(), true));
$this->DB->delete('openid_temp', "fullurl='" . $url . "'");
$this->DB->insert('openid_temp', array('id' => $id, 'referrer' => $this->request['referer'], 'cookiedate' => intval($this->request['rememberMe']), 'privacy' => intval($this->request['anonymous']), 'fullurl' => $url));
//-----------------------------------------
// Set the URLs
//-----------------------------------------
$openid = $url;
if ($this->is_admin_auth) {
$process_url = $this->settings['base_url'] . 'app=core&module=login&do=login-complete&firstpass=1&myopenid=' . $id;
} else {
$process_url = $this->settings['base_url'] . 'app=core&module=global§ion=login&do=process&firstpass=1&myopenid=' . $id;
}
$trust_root = strpos($this->settings['base_url'], '.php') !== false ? substr($this->settings['base_url'], 0, strpos($this->settings['base_url'], '.php') + 4) : $this->settings['base_url'];
$policy_url = $this->openid_config['openid_policy'];
//-----------------------------------------
// Begin OpenID Auth
//-----------------------------------------
$auth_request = $consumer->begin($openid);
if (!$auth_request) {
$this->return_code = 'WRONG_OPENID';
$this->auth_errors[] = 'bad_request';
return false;
}
//-----------------------------------------
// Set required, optional, policy attribs
//-----------------------------------------
$sreg_request = Auth_OpenID_SRegRequest::build(explode(',', $this->openid_config['args_req']), explode(',', $this->openid_config['args_opt']), $policy_url);
if ($sreg_request) {
$auth_request->addExtension($sreg_request);
}
//-----------------------------------------
// Redirect user
//-----------------------------------------
$redirect_url = $auth_request->redirectURL($trust_root, $process_url);
if ($this->request['module'] == 'ajax') {
require_once IPS_KERNEL_PATH . 'classAjax.php';
$ajax = new classAjax();
$ajax->returnJsonArray(array('url' => $redirect_url));
}
// If the redirect URL can't be built, try HTML inline
if (!Auth_OpenID::isFailure($redirect_url)) {
header("Location: " . $redirect_url);
exit;
} else {
$form_id = 'openid_message';
$form_html = $auth_request->formMarkup($trust_root, $process_url, false, array('id' => $form_id));
// Display an error if the form markup couldn't be generated;
if (Auth_OpenID::isFailure($form_html)) {
$this->return_code = 'WRONG_AUTH';
$this->auth_errors[] = 'bad_request';
return false;
} else {
$page_contents = array("<html><head><title>", "OpenID transaction in progress", "</title></head>", "<body onload='document.getElementById(\"" . $form_id . "\").submit()'>", $form_html, "</body></html>");
print implode("\n", $page_contents);
exit;
}
}
}
