function doAuth($info, $trusted = null, $fail_cancels = false)
{
if (!$info) {
// There is no authentication information, so bail
return authCancel(null);
}
$req_url = $info->identity;
$user = getLoggedInUser();
setRequestInfo($info);
if ($req_url != $user) {
return login_render(array(), $req_url, $req_url);
}
$sites = getSessionSites();
$trust_root = $info->trust_root;
$fail_cancels = $fail_cancels || isset($sites[$trust_root]);
$trusted = isset($trusted) ? $trusted : isTrusted($req_url, $trust_root);
if ($trusted) {
setRequestInfo();
$server =& getServer();
$response =& $info->answer(true);
$webresponse =& $server->encodeResponse($response);
$new_headers = array();
foreach ($webresponse->headers as $k => $v) {
$new_headers[] = $k . ": " . $v;
}
return array($new_headers, $webresponse->body);
} elseif ($fail_cancels) {
return authCancel($info);
} else {
return trust_render($info);
}
}
/**
* Handle a standard OpenID server request
*/
function action_default()
{
header('X-XRDS-Location: ' . buildURL('idpXrds'));
$server =& getServer();
$method = $_SERVER['REQUEST_METHOD'];
$request = null;
if ($method == 'GET') {
$request = $_GET;
} else {
$request = $_POST;
}
$request = $server->decodeRequest();
if (!$request) {
return about_render();
}
setRequestInfo($request);
if (in_array($request->mode, array('checkid_immediate', 'checkid_setup'))) {
if ($request->idSelect()) {
// Perform IDP-driven identifier selection
if ($request->mode == 'checkid_immediate') {
$response =& $request->answer(false);
} else {
return trust_render($request);
}
} else {
if (!$request->identity && !$request->idSelect()) {
// No identifier used or desired; display a page saying
// so.
return noIdentifier_render();
} else {
if ($request->immediate) {
$response =& $request->answer(false, buildURL());
} else {
/*
if (!getLoggedInUser()) {
return login_render();
}
*/
return trust_render($request);
}
}
}
} else {
$response =& $server->handleRequest($request);
}
$webresponse =& $server->encodeResponse($response);
if ($webresponse->code != AUTH_OPENID_HTTP_OK) {
header(sprintf("HTTP/1.1 %d ", $webresponse->code), true, $webresponse->code);
}
foreach ($webresponse->headers as $k => $v) {
header("{$k}: {$v}");
}
header(header_connection_close);
print $webresponse->body;
exit(0);
}
/**
* Handle a standard OpenID server request
*/
function action_default()
{
global $store;
$server =& getServer();
$method = $_SERVER['REQUEST_METHOD'];
/*$request = null;
if ($method == 'GET') {
$request = $_GET;
} else {
$request = $_POST;
} */
$request = $server->decodeRequest();
if (!$request) {
return "";
//about_render();
}
setRequestInfo($request);
if (in_array($request->mode, array('checkid_immediate', 'checkid_setup'))) {
$identity = getLoggedInUser();
if (isTrusted($identity, $request->trust_root, $request->return_to)) {
if ($request->message->isOpenID1()) {
$response =& $request->answer(true);
} else {
$response =& $request->answer(true, false, getServerURL(), $identity);
}
} else {
if ($request->immediate) {
$response =& $request->answer(false, getServerURL());
} else {
if (!getLoggedInUser()) {
$_SESSION['last_forward_from'] = current_page_url() . '?' . http_build_query(Auth_OpenID::getQuery());
system_message(elgg_echo('openid_server:not_logged_in'));
forward('login');
}
return trust_render($request);
}
}
addSregFields(&$response);
} else {
$response =& $server->handleRequest($request);
}
$webresponse =& $server->encodeResponse($response);
foreach ($webresponse->headers as $k => $v) {
header("{$k}: {$v}");
}
header(header_connection_close);
print $webresponse->body;
exit(0);
}
/**
* Handle a standard OpenID server request
*/
function action_default()
{
$server =& getServer();
$method = $_SERVER['REQUEST_METHOD'];
$request = null;
if ($method == 'GET') {
$request = $_GET;
} else {
$request = $_POST;
}
$request = Auth_OpenID::fixArgs($request);
$request = $server->decodeRequest($request);
if (!$request) {
return about_render();
}
setRequestInfo($request);
if (in_array($request->mode, array('checkid_immediate', 'checkid_setup'))) {
if (isTrusted($request->identity, $request->trust_root)) {
$response =& $request->answer(true);
$sreg = getSreg($request->identity);
if (is_array($sreg)) {
foreach ($sreg as $k => $v) {
$response->addField('sreg', $k, $v);
}
}
} else {
if ($request->immediate) {
$response =& $request->answer(false, getServerURL());
} else {
if (!getLoggedInUser()) {
return login_render();
}
return trust_render($request);
}
}
} else {
$response =& $server->handleRequest($request);
}
$webresponse =& $server->encodeResponse($response);
foreach ($webresponse->headers as $k => $v) {
header("{$k}: {$v}");
}
header(header_connection_close);
print $webresponse->body;
exit(0);
}
function doAuth($info, $trusted = null, $fail_cancels = false, $idpSelect = null)
{
if (!$info) {
// There is no authentication information, so bail
return authCancel(null);
}
if ($info->idSelect()) {
if ($idpSelect) {
$req_url = idURL($idpSelect);
} else {
$trusted = false;
}
} else {
$req_url = $info->identity;
}
$user = getLoggedInUser();
setRequestInfo($info);
if (!$info->idSelect() && $req_url != idURL($user)) {
return login_render(array(), $req_url, $req_url);
}
$trust_root = $info->trust_root;
if ($trusted) {
setRequestInfo();
$server =& getServer();
$response =& $info->answer(true, null, $req_url);
// Answer with some sample Simple Registration data.
$sreg_data = array('fullname' => 'Example User', 'nickname' => 'example', 'dob' => '1970-01-01', 'email' => '*****@*****.**', 'gender' => 'F', 'postcode' => '12345', 'country' => 'ES', 'language' => 'eu', 'timezone' => 'America/New_York');
// Add the simple registration response values to the OpenID
// response message.
$sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($info);
$sreg_response = Auth_OpenID_SRegResponse::extractResponse($sreg_request, $sreg_data);
$sreg_response->toMessage($response->fields);
// Generate a response to send to the user agent.
$webresponse =& $server->encodeResponse($response);
$new_headers = array();
foreach ($webresponse->headers as $k => $v) {
$new_headers[] = $k . ": " . $v;
}
return array($new_headers, $webresponse->body);
} elseif ($fail_cancels) {
return authCancel($info);
} else {
return trust_render($info);
}
}
function doAuth($info, $trusted = null, $fail_cancels = false, $idpSelect = null)
{
if (!$info) {
// There is no authentication information, so bail
return authCancel(null);
}
$auth = getAuth();
$cert_webid_23 = str_replace('#', '%23', $auth['agent']['webid']);
$cert_webid = str_replace('http://', '', $cert_webid_23);
// $cert_webid = urlencode($auth['agent']['webid']);
if ($_SERVER['HTTPS']) {
$host = "https://openid4.me/";
} else {
$host = "http://openid4.me/";
}
$normalized_webid = $host . $cert_webid;
if ($info->idSelect()) {
// if ($idpSelect) {
// $req_url = idURL($idpSelect);
if ($auth[isAuthenticated]) {
$req_url = $normalized_webid;
} else {
$trusted = false;
}
// } else {
// $trusted = false;
// }
} else {
$req_url = $info->identity;
if ($req_url != $normalized_webid) {
//Get link header
$link_webid = fetch_foaf_profile($req_url);
if ($cert_webid == $link_webid) {
$trusted = true;
} else {
$agent = get_agent(urldecode($link_webid));
/*
print "<pre>";
print_r($agent);
print "</pre>";
*/
$link_webid = isset($agent['agent']['webid']) ? str_replace('#', '%23', $agent['agent']['webid']) : '';
if ($cert_webid_23 == $link_webid) {
$trusted = true;
} else {
$trusted = false;
}
}
} else {
$trusted = true;
}
}
$user = getLoggedInUser();
setRequestInfo($info);
/*
if ((!$info->idSelect()) && ($req_url != idURL($user))) {
return login_render(array(), $req_url, $req_url);
}
*/
$trust_root = $info->trust_root;
if ($trusted) {
setRequestInfo();
$server =& getServer();
$response =& $info->answer(true, null, $req_url);
// Answer with some sample Simple Registration data.
$agent = get_agent($auth['agent']['webid']);
$sreg_data = array();
if ($fullname = $agent['agent']['name']) {
$sreg_data = array_merge($sreg_data, array('fullname' => $fullname));
}
if ($nickname = $agent['agent']['nick'][0]) {
$sreg_data = array_merge($sreg_data, array('nickname' => $nickname));
}
if ($mbox = $agent['agent']['mbox'][0]) {
$mbox = str_replace('mailto:', '', $mbox);
$sreg_data = array_merge($sreg_data, array('email' => $mbox));
}
// Add the simple registration response values to the OpenID
// response message.
$sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($info);
$sreg_response = Auth_OpenID_SRegResponse::extractResponse($sreg_request, $sreg_data);
$sreg_response->toMessage($response->fields);
// Generate a response to send to the user agent.
$webresponse =& $server->encodeResponse($response);
$new_headers = array();
foreach ($webresponse->headers as $k => $v) {
$new_headers[] = $k . ": " . $v;
}
return array($new_headers, $webresponse->body);
} elseif ($fail_cancels) {
return authCancel($info);
} else {
return trust_render($info);
}
}
/**
* Handle a standard OpenID server request
*/
function action_default()
{
header('X-XRDS-Location: ' . buildURL('idpXrds'));
$server =& getServer();
$method = $_SERVER['REQUEST_METHOD'];
$request = null;
if ($method == 'GET') {
$request = $_GET;
} else {
$request = $_POST;
}
$request = $server->decodeRequest();
if (!$request) {
return about_render();
}
setRequestInfo($request);
if (in_array($request->mode, array('checkid_immediate', 'checkid_setup'))) {
// Redirect to indirect server here with a 307 code to redirect
// the POST to the new location. Normal redirect (without 307)
// causes a GET instead of a POST
global $indirect_server_url;
$new_location = $indirect_server_url;
if ($method == 'GET') {
// If the request comes in via get, we want to redirect
// to a URL that includes the full query string. Otherwise
// all that juicy data gets lost. This was a problem for GIMI,
// which uses a ruby openid client.
$new_location .= '?' . $_SERVER['QUERY_STRING'];
} else {
if ($method == 'POST') {
$query = Auth_OpenID::getQuery();
$new_location .= '?' . http_build_query($query);
}
}
header('Location: ' . $new_location, true, 307);
exit;
if ($request->idSelect()) {
// Perform IDP-driven identifier selection
if ($request->mode == 'checkid_immediate') {
$response =& $request->answer(false);
} else {
return trust_render($request);
}
} else {
if (!$request->identity && !$request->idSelect()) {
// No identifier used or desired; display a page saying
// so.
return noIdentifier_render();
} else {
if ($request->immediate) {
$response =& $request->answer(false, buildURL());
} else {
if (!getLoggedInUser()) {
return login_render();
}
return trust_render($request);
}
}
}
} else {
$response =& $server->handleRequest($request);
}
$webresponse =& $server->encodeResponse($response);
if ($webresponse->code != AUTH_OPENID_HTTP_OK) {
header(sprintf("HTTP/1.1 %d ", $webresponse->code), true, $webresponse->code);
}
foreach ($webresponse->headers as $k => $v) {
header("{$k}: {$v}");
}
header(header_connection_close);
print $webresponse->body;
exit(0);
}
$user_path = substr($user, strpos($user, ":"));
if ($info->message->isOpenID1() && $req_url_path != $user_path) {
register_error(sprintf(elgg_echo("openid_server:loggedin_as_wrong_user"), $req_url, $user));
forward();
} else {
$trust_root = $info->trust_root;
$trusted = isset($trusted) ? $trusted : isTrusted($identity, $trust_root);
if ($trusted) {
setRequestInfo();
$server =& getServer();
if ($info->message->isOpenID1()) {
$response =& $info->answer(true, null, $req_url);
} else {
$response =& $info->answer(true, null, getServerURL(), $identity);
}
addSregFields($response, $info, $identity);
$webresponse =& $server->encodeResponse($response);
$new_headers = array();
foreach ($webresponse->headers as $k => $v) {
$new_headers[] = $k . ": " . $v;
}
writeResponse(array($new_headers, $webresponse->body));
exit(0);
} elseif ($fail_cancels) {
setRequestInfo();
forward($info->getCancelURL());
} else {
writeResponse(trust_render($info));
}
}
}
