/** * Openid_uri is the URI given by the user * Validates the URI and changes it to a fully canonical URL * Determines the IDP server and delegation * Optional array of fields to restore when validation complete. * Redirects the user to the IDP for validation * * @param string $openid_uri * @param bool $return = false * @param mixed[]|null $save_fields = array() * @param string|null $return_action = null * @return string */ public function validate($openid_uri, $return = false, $save_fields = array(), $return_action = null) { global $scripturl, $modSettings; $openid_url = $this->canonize($openid_uri); $response_data = $this->getServerInfo($openid_url); // We can't do anything without the proper response data. if ($response_data === false || empty($response_data['provider'])) { return 'no_data'; } // Is there an existing association? if (($assoc = $this->getAssociation($response_data['provider'])) == null) { $assoc = $this->makeAssociation($response_data['provider']); } // Include file for member existence require_once SUBSDIR . '/Members.subs.php'; // Before we go wherever it is we are going, store the GET and POST data, because it might be useful when we get back. $request_time = time(); // Just in case they are doing something else at this time. while (isset($_SESSION['openid']['saved_data'][$request_time])) { $request_time = md5($request_time); } $_SESSION['openid']['saved_data'][$request_time] = array('get' => $_GET, 'post' => $_POST, 'openid_uri' => $openid_url, 'cookieTime' => $modSettings['cookieTime']); // Set identity and claimed id to match the specs. $openid_identity = 'http://specs.openid.net/auth/2.0/identifier_select'; $openid_claimedid = $openid_identity; // OpenID url an server response equal? if ($openid_url != $response_data['server']) { $openid_identity = urlencode(empty($response_data['delegate']) ? $openid_url : $response_data['delegate']); if (strpos($openid_identity, 'https') === 0) { $openid_claimedid = str_replace('http://', 'https://', $openid_url); } else { $openid_claimedid = $openid_url; } } // Prepare parameters for the OpenID setup. $parameters = array('openid.mode=checkid_setup', 'openid.realm=' . $scripturl, 'openid.ns=http://specs.openid.net/auth/2.0', 'openid.identity=' . $openid_identity, 'openid.claimed_id=' . $openid_claimedid, 'openid.assoc_handle=' . urlencode($assoc['handle']), 'openid.return_to=' . urlencode($scripturl . '?action=openidreturn&sa=' . (!empty($return_action) ? $return_action : $_REQUEST['action']) . '&t=' . $request_time . (!empty($save_fields) ? '&sf=' . base64_encode(serialize($save_fields)) : '')), 'openid.sreg.required=email'); // If they are logging in but don't yet have an account or they are registering, let's request some additional information if ($_REQUEST['action'] == 'login2' && !memberExists($openid_url) || ($_REQUEST['action'] == 'register' || $_REQUEST['action'] == 'register2')) { $parameters[] = 'openid.sreg.optional=nickname,dob,gender'; } $redir_url = $response_data['server'] . '?' . implode('&', $parameters); if ($return) { return $redir_url; } else { redirectexit($redir_url); } }
/** * Changing authentication method? * Only appropriate for people using OpenID. * * @param bool $saving = false */ public function action_authentication($saving = false) { global $context, $cur_profile, $post_errors, $modSettings; $memID = currentMemberID(); loadLanguage('Login'); loadTemplate('ProfileOptions'); // We are saving? if ($saving) { // Moving to password passed authentication? if ($_POST['authenticate'] == 'passwd') { // Didn't enter anything? if ($_POST['passwrd1'] == '') { $post_errors[] = 'no_password'; } elseif (!isset($_POST['passwrd2']) || $_POST['passwrd1'] != $_POST['passwrd2']) { $post_errors[] = 'bad_new_password'; } else { require_once SUBSDIR . '/Auth.subs.php'; $passwordErrors = validatePassword($_POST['passwrd1'], $cur_profile['member_name'], array($cur_profile['real_name'], $cur_profile['email_address'])); // Were there errors? if ($passwordErrors != null) { $post_errors[] = 'password_' . $passwordErrors; } } if (empty($post_errors)) { // Integration? call_integration_hook('integrate_reset_pass', array($cur_profile['member_name'], $cur_profile['member_name'], $_POST['passwrd1'])); // Go then. require_once SUBSDIR . '/Auth.subs.php'; $new_pass = $_POST['passwrd1']; $passwd = validateLoginPassword($new_pass, '', $cur_profile['member_name'], true); // Do the important bits. updateMemberData($memID, array('openid_uri' => '', 'passwd' => $passwd)); if ($context['user']['is_owner']) { setLoginCookie(60 * $modSettings['cookieTime'], $memID, hash('sha256', $new_pass . $cur_profile['password_salt'])); redirectexit('action=profile;area=authentication;updated'); } else { redirectexit('action=profile;u=' . $memID); } } return true; } elseif ($_POST['authenticate'] == 'openid' && !empty($_POST['openid_identifier'])) { require_once SUBSDIR . '/OpenID.subs.php'; require_once SUBSDIR . '/Members.subs.php'; $openID = new OpenID(); $_POST['openid_identifier'] = $openID->canonize($_POST['openid_identifier']); if (memberExists($_POST['openid_identifier'])) { $post_errors[] = 'openid_in_use'; } elseif (empty($post_errors)) { // Authenticate using the new OpenID URI first to make sure they didn't make a mistake. if ($context['user']['is_owner']) { $_SESSION['new_openid_uri'] = $_POST['openid_identifier']; $openID->validate($_POST['openid_identifier'], false, null, 'change_uri'); } else { updateMemberData($memID, array('openid_uri' => $_POST['openid_identifier'])); } } } } // Some stuff. $context['member']['openid_uri'] = $cur_profile['openid_uri']; $context['auth_method'] = empty($cur_profile['openid_uri']) ? 'password' : 'openid'; $context['sub_template'] = 'authentication_method'; loadJavascriptFile('register.js'); }