コード例 #1
0
ファイル: security.php プロジェクト: Br3nda/openmicroblogger
function openid_continue(&$vars)
{
    extract($vars);
    $valid = false;
    if (class_exists('MySQL') && environment('openid_version') > 1 && !isset($_SESSION['openid_degrade'])) {
        global $openid;
        wp_plugin_include(array('wp-openid'));
        $logic = new WordPressOpenID_Logic(null);
        $logic->activate_plugin();
        $consumer = WordPressOpenID_Logic::getConsumer();
        $openid->response = $consumer->complete($_SESSION['oid_return_to']);
        switch ($openid->response->status) {
            case Auth_OpenID_CANCEL:
                trigger_error('The OpenID assertion was cancelled.', E_USER_ERROR);
                break;
            case Auth_OpenID_FAILURE:
                // if we fail OpenID v2 here, we retry once with OpenID v1
                $_SESSION['openid_degrade'] = true;
                $request->set_param('return_url', $request->url_for('openid_continue') . '/');
                $request->set_param('protected_url', $request->base);
                $request->set_param('openid_url', $_SESSION['openid_url']);
                authenticate_with_openid();
                break;
            case Auth_OpenID_SUCCESS:
                $_SESSION['openid_complete'] = true;
                $valid = true;
                break;
        }
    }
    if (!$valid) {
        include $GLOBALS['PATH']['library'] . 'openid.php';
        $openid = new SimpleOpenID();
        $openid->SetIdentity($_SESSION['openid_url']);
        $openid->SetApprovedURL($request->url_for('openid_continue') . '/');
        $openid->SetTrustRoot($request->base);
        $server_url = $_SESSION['openid_server_url'];
        $openid->SetOpenIDServer($server_url);
        $valid = $openid->ValidateWithServer();
    }
    if ($valid) {
        $_SESSION['openid_complete'] = true;
    } else {
        trigger_error("Sorry, the openid server {$server_url} did not validate your identity.", E_USER_ERROR);
    }
    complete_openid_authentication($request);
    if (!empty($_SESSION['requested_url'])) {
        redirect_to($_SESSION['requested_url']);
    } else {
        redirect_to($request->base);
    }
}