function validate_identities_url($value) { if ($value == 'http://') { return true; } if (environment('authentication') == 'password') { return true; } if (!(environment('openid_version') > 1)) { return true; } global $db; wp_plugin_include(array('wp-openid')); $logic = new WordPressOpenID_Logic(null); $logic->activate_plugin(); if (!WordPressOpenID_Logic::late_bind()) { trigger_error('Sorry, there was an error in the OpenID plugin.', E_USER_ERROR); } $consumer = WordPressOpenID_Logic::getConsumer(); $auth_request = $consumer->begin($value); if (null === $auth_request) { trigger_error('Sorry, an OpenID server could not be located from: ' . htmlentities($value), E_USER_ERROR); } return true; }
function openid_continue(&$vars) { extract($vars); $valid = false; if (class_exists('MySQL') && environment('openid_version') > 1 && !isset($_SESSION['openid_degrade'])) { global $openid; wp_plugin_include(array('wp-openid')); $logic = new WordPressOpenID_Logic(null); $logic->activate_plugin(); $consumer = WordPressOpenID_Logic::getConsumer(); $openid->response = $consumer->complete($_SESSION['oid_return_to']); switch ($openid->response->status) { case Auth_OpenID_CANCEL: trigger_error('The OpenID assertion was cancelled.', E_USER_ERROR); break; case Auth_OpenID_FAILURE: // if we fail OpenID v2 here, we retry once with OpenID v1 $_SESSION['openid_degrade'] = true; $request->set_param('return_url', $request->url_for('openid_continue') . '/'); $request->set_param('protected_url', $request->base); $request->set_param('openid_url', $_SESSION['openid_url']); authenticate_with_openid(); break; case Auth_OpenID_SUCCESS: $_SESSION['openid_complete'] = true; $valid = true; break; } } if (!$valid) { include $GLOBALS['PATH']['library'] . 'openid.php'; $openid = new SimpleOpenID(); $openid->SetIdentity($_SESSION['openid_url']); $openid->SetApprovedURL($request->url_for('openid_continue') . '/'); $openid->SetTrustRoot($request->base); $server_url = $_SESSION['openid_server_url']; $openid->SetOpenIDServer($server_url); $valid = $openid->ValidateWithServer(); } if ($valid) { $_SESSION['openid_complete'] = true; } else { trigger_error("Sorry, the openid server {$server_url} did not validate your identity.", E_USER_ERROR); } complete_openid_authentication($request); if (!empty($_SESSION['requested_url'])) { redirect_to($_SESSION['requested_url']); } else { redirect_to($request->base); } }