function openid_auth_do() { if (!is_login()) { $userEmail = OpenId::getUserEmail(); $userName = $userEmail['userName']; $email = $userEmail['email']; $genPassword = hash('md5', 'XFAGAGArere' . $email); if (!is_email_accepted($email)) { die('该邮箱不能登录本系统!'); } $result = try_login($email, $genPassword); if ($result == 'succeed') { //如果用户已经被注册过,直接登录 forward('?c=dashboard'); } elseif ($result == 'failed') { //否则,先注册用户再登录 register($email, $userName, $genPassword); try_login($email, $genPassword); forward('?c=dashboard'); } die('帐号已经被管理员关闭,请联系管理员'); } }
/** * @abstract */ public function search() { $content = $this->client->agent->send(Net_HTTP::Request($this->url))->body; foreach (array(array('server' => 'openid2.provider', 'delegate' => 'openid2.local_id', 'version' => 2), array('server' => 'openid.server', 'delegate' => 'openid.delegate', 'version' => 1)) as $v) { $server = OpenId::parse_html($content, 'link', 'rel', $v['server'], 'href'); $delegate = OpenId::parse_html($content, 'link', 'rel', $v['delegate'], 'href'); if ($server) { $this->client->server = $server; if ($delegate) { $this->client->identity = $delegate; } $this->client->version = Core::make('OpenId.Version' . $v['version']); return true; } } return false; }
/** * Performs OpenID auth flow. * @param OpenId $client auth client instance. * @return Response action response. * @throws Exception on failure. * @throws HttpException on failure. */ protected function authOpenId($client) { if (!empty($_REQUEST['openid_mode'])) { switch ($_REQUEST['openid_mode']) { case 'id_res': if ($client->validate()) { return $this->authSuccess($client); } else { throw new HttpException(400, 'Unable to complete the authentication because the required data was not received.'); } break; case 'cancel': $this->redirectCancel(); break; default: throw new HttpException(400); break; } } else { $url = $client->buildAuthUrl(); return Yii::$app->getResponse()->redirect($url); } return $this->redirectCancel(); }
function handler_trust($page) { $this->load('openid.inc.php'); $server = new OpenId(); $user = S::user(); // Initializes the OpenId environment from the request. if (!$server->Initialize() || !$server->IsAuthorizationRequest()) { $page->kill("Ta requête OpenID a échoué, merci de réessayer."); } // Prepares the SREG data, if any is required. $sreg_response = $server->GetSRegDataForRequest($user); // Asks the user about her trust level of the current request, if not // done yet. if (!Post::has('trust_accept') && !Post::has('trust_cancel')) { $page->changeTpl('openid/trust.tpl'); $page->assign('openid_query', $server->GetQueryStringForRequest()); $page->assign('relying_party', $server->GetEndpoint()); $page->assign('sreg_data', $sreg_response->contents()); return; } // Interprets the form results, and updates the user whitelist. S::assert_xsrf_token(); $trusted = $server->UpdateEndpointTrust($user, Post::b('trust_accept') && !Post::b('trust_cancel'), Post::b('trust_always')); // Finally answers the request. if ($server->IsUserAuthorized($user) && $trusted) { $server->AnswerRequest(true, Post::b('trust_sreg') ? $sreg_response : null); } else { $server->AnswerRequest(false); } }
protected function isOpenidProvider($identity) { // add http prefix if its not an email if (strpos($identity, '@') === false && substr($identity, 0, 7) != 'http://' && substr($identity, 0, 8) != 'https://') { $identity = 'http://' . $identity; } // build callback $callback = $this->pageUrl . '/callback/remote'; // create an openid object $openid = new \PSX\OpenId($this->http, $this->config['psx_url'], $this->store); // check whether identity is an url if not it is an email $filter = new Filter\Url(); if ($filter->apply($identity) === false) { $pos = strpos($identity, '@'); $provider = substr($identity, $pos + 1); // check whether the provider belongs to an connected website. If // yes we also try to get an token and tokenSecret for the user $host = $this->hm->getTable('AmunService\\Core\\Host')->select(array('id', 'consumerKey', 'url', 'template'))->where('name', '=', $provider)->where('status', '=', Host\Record::NORMAL)->getRow(); if (!empty($host)) { // make webfinger request $webfinger = new Webfinger($this->http); $acct = 'acct:' . $identity; $xrd = $webfinger->getLrdd($acct, $host['template']); // check subject if (strcmp($xrd->getSubject(), $acct) !== 0) { throw new Exception('Invalid subject'); } // get profile url $profileUrl = $xrd->getLinkHref('profile'); if (empty($profileUrl)) { throw new Exception('Could not find profile'); } // get global id $globalId = $xrd->getPropertyValue('http://ns.amun-project.org/2011/meta/id'); // initalize openid $openid->initialize($profileUrl, $callback); // if the provider is connected with the website and supports // the oauth extension request an token $identity = sha1($this->config['amun_salt'] . OpenId::normalizeIdentifier($profileUrl)); $con = new Condition(array('identity', '=', $identity)); $userId = $this->hm->getTable('AmunService\\User\\Account')->getField('id', $con); $oauth = false; if (!empty($userId)) { $con = new Condition(); $con->add('hostId', '=', $host['id']); $con->add('userId', '=', $userId); $requestId = $this->hm->getTable('AmunService\\Core\\Host\\Request')->getField('id', $con); if (empty($requestId)) { $oauth = true; } } else { $oauth = true; } if ($oauth) { $oauth = new Extension\Oauth($host['consumerKey']); if ($openid->hasExtension($oauth->getNs())) { $this->session->set('openid_register_user_host_id', $host['id']); $this->session->set('openid_register_user_global_id', $globalId); $openid->add($oauth); } } return $openid; } } return false; }