/** * Processes id_res requests. * * @param Boolean $valid True if the request has already been authenticated */ function processIdRes($valid) { if (isset($_REQUEST['openid_identity'])) { if ($_REQUEST['openid_identity'] != $_SESSION['openid']['delegate']) { openid_error('diffid', 'Identity provider validated wrong identity. Expected it to ' . 'validate ' . $_SESSION['openid']['delegate'] . ' but it ' . 'validated ' . $_REQUEST['openid_identity']); } if (!$valid) { $dumbauth = true; if (KEYMANAGER) { try { $valid = KeyManager::authenticate($_SESSION['openid']['server'], $_REQUEST); $dumbauth = false; } catch (Exception $ex) { // Ignore it - try dumb auth } } if ($dumbauth) { $valid = KeyManager::dumbAuthenticate(); } } $_SESSION['openid']['validated'] = $valid; if (!$valid) { openid_error('noauth', 'Provider didn\'t authenticate response'); } parseSRegResponse(); URLBuilder::redirect(); } else { if (isset($_REQUEST['openid_user_setup_url'])) { if (defined('OPENID_IMMEDIATE') && OPENID_IMMEDIATE) { openid_error('noimmediate', 'Couldn\'t perform immediate auth'); } $handle = getHandle($_SESSION['openid']['server']); $url = URLBuilder::buildRequest('setup', $_REQUEST['openid_user_setup_url'], $_SESSION['openid']['delegate'], $_SESSION['openid']['identity'], URLBuilder::getCurrentURL(), $handle); URLBuilder::doRedirect($url); } } }
/** * Processes a response where the provider is requesting to interact with the * user in order to confirm their identity. */ function processSetupRequest() { if (defined('OPENID_IMMEDIATE') && OPENID_IMMEDIATE) { error('noimmediate', 'Couldn\'t perform immediate auth'); } $handle = getHandle($_SESSION['openid']['endpointUrl']); $url = URLBuilder::buildRequest('setup', $_REQUEST['openid_user_setup_url'], $_SESSION['openid']['opLocalId'], $_SESSION['openid']['claimedId'], URLBuilder::getCurrentURL(), $handle); URLBuilder::doRedirect($url); }