/**
* Openid_uri is the URI given by the user
* Validates the URI and changes it to a fully canonical URL
* Determines the IDP server and delegation
* Optional array of fields to restore when validation complete.
* Redirects the user to the IDP for validation
*
* @param string $openid_uri
* @param bool $return = false
* @param mixed[]|null $save_fields = array()
* @param string|null $return_action = null
* @return string
*/
public function validate($openid_uri, $return = false, $save_fields = array(), $return_action = null)
{
global $scripturl, $modSettings;
$openid_url = $this->canonize($openid_uri);
$response_data = $this->getServerInfo($openid_url);
// We can't do anything without the proper response data.
if ($response_data === false || empty($response_data['provider'])) {
return 'no_data';
}
// Is there an existing association?
if (($assoc = $this->getAssociation($response_data['provider'])) == null) {
$assoc = $this->makeAssociation($response_data['provider']);
}
// Include file for member existence
require_once SUBSDIR . '/Members.subs.php';
// Before we go wherever it is we are going, store the GET and POST data, because it might be useful when we get back.
$request_time = time();
// Just in case they are doing something else at this time.
while (isset($_SESSION['openid']['saved_data'][$request_time])) {
$request_time = md5($request_time);
}
$_SESSION['openid']['saved_data'][$request_time] = array('get' => $_GET, 'post' => $_POST, 'openid_uri' => $openid_url, 'cookieTime' => $modSettings['cookieTime']);
// Set identity and claimed id to match the specs.
$openid_identity = 'http://specs.openid.net/auth/2.0/identifier_select';
$openid_claimedid = $openid_identity;
// OpenID url an server response equal?
if ($openid_url != $response_data['server']) {
$openid_identity = urlencode(empty($response_data['delegate']) ? $openid_url : $response_data['delegate']);
if (strpos($openid_identity, 'https') === 0) {
$openid_claimedid = str_replace('http://', 'https://', $openid_url);
} else {
$openid_claimedid = $openid_url;
}
}
// Prepare parameters for the OpenID setup.
$parameters = array('openid.mode=checkid_setup', 'openid.realm=' . $scripturl, 'openid.ns=http://specs.openid.net/auth/2.0', 'openid.identity=' . $openid_identity, 'openid.claimed_id=' . $openid_claimedid, 'openid.assoc_handle=' . urlencode($assoc['handle']), 'openid.return_to=' . urlencode($scripturl . '?action=openidreturn&sa=' . (!empty($return_action) ? $return_action : $_REQUEST['action']) . '&t=' . $request_time . (!empty($save_fields) ? '&sf=' . base64_encode(serialize($save_fields)) : '')), 'openid.sreg.required=email');
// If they are logging in but don't yet have an account or they are registering, let's request some additional information
if ($_REQUEST['action'] == 'login2' && !memberExists($openid_url) || ($_REQUEST['action'] == 'register' || $_REQUEST['action'] == 'register2')) {
$parameters[] = 'openid.sreg.optional=nickname,dob,gender';
}
$redir_url = $response_data['server'] . '?' . implode('&', $parameters);
if ($return) {
return $redir_url;
} else {
redirectexit($redir_url);
}
}
/**
* Changing authentication method?
* Only appropriate for people using OpenID.
*
* @param bool $saving = false
*/
public function action_authentication($saving = false)
{
global $context, $cur_profile, $post_errors, $modSettings;
$memID = currentMemberID();
loadLanguage('Login');
loadTemplate('ProfileOptions');
// We are saving?
if ($saving) {
// Moving to password passed authentication?
if ($_POST['authenticate'] == 'passwd') {
// Didn't enter anything?
if ($_POST['passwrd1'] == '') {
$post_errors[] = 'no_password';
} elseif (!isset($_POST['passwrd2']) || $_POST['passwrd1'] != $_POST['passwrd2']) {
$post_errors[] = 'bad_new_password';
} else {
require_once SUBSDIR . '/Auth.subs.php';
$passwordErrors = validatePassword($_POST['passwrd1'], $cur_profile['member_name'], array($cur_profile['real_name'], $cur_profile['email_address']));
// Were there errors?
if ($passwordErrors != null) {
$post_errors[] = 'password_' . $passwordErrors;
}
}
if (empty($post_errors)) {
// Integration?
call_integration_hook('integrate_reset_pass', array($cur_profile['member_name'], $cur_profile['member_name'], $_POST['passwrd1']));
// Go then.
require_once SUBSDIR . '/Auth.subs.php';
$new_pass = $_POST['passwrd1'];
$passwd = validateLoginPassword($new_pass, '', $cur_profile['member_name'], true);
// Do the important bits.
updateMemberData($memID, array('openid_uri' => '', 'passwd' => $passwd));
if ($context['user']['is_owner']) {
setLoginCookie(60 * $modSettings['cookieTime'], $memID, hash('sha256', $new_pass . $cur_profile['password_salt']));
redirectexit('action=profile;area=authentication;updated');
} else {
redirectexit('action=profile;u=' . $memID);
}
}
return true;
} elseif ($_POST['authenticate'] == 'openid' && !empty($_POST['openid_identifier'])) {
require_once SUBSDIR . '/OpenID.subs.php';
require_once SUBSDIR . '/Members.subs.php';
$openID = new OpenID();
$_POST['openid_identifier'] = $openID->canonize($_POST['openid_identifier']);
if (memberExists($_POST['openid_identifier'])) {
$post_errors[] = 'openid_in_use';
} elseif (empty($post_errors)) {
// Authenticate using the new OpenID URI first to make sure they didn't make a mistake.
if ($context['user']['is_owner']) {
$_SESSION['new_openid_uri'] = $_POST['openid_identifier'];
$openID->validate($_POST['openid_identifier'], false, null, 'change_uri');
} else {
updateMemberData($memID, array('openid_uri' => $_POST['openid_identifier']));
}
}
}
}
// Some stuff.
$context['member']['openid_uri'] = $cur_profile['openid_uri'];
$context['auth_method'] = empty($cur_profile['openid_uri']) ? 'password' : 'openid';
$context['sub_template'] = 'authentication_method';
loadJavascriptFile('register.js');
}
