/** * @return Zend_Mail * @throws Zend_Mail_Protocol_Exception */ public static function getMail(Users_Model_User $user, $subject) { $file = CommunityID_Resources::getResourcePath('reminder_mail.txt'); $emailTemplate = file_get_contents($file); $emailTemplate = str_replace('{userName}', $user->getFullName(), $emailTemplate); $currentUrl = Zend_OpenId::selfURL(); preg_match('#(.*)/manageusers/sendreminder#', $currentUrl, $matches); $emailTemplate = str_replace('{registrationURL}', $matches[1] . '/register/eula?token=' . $user->token, $emailTemplate); // can't use $this->_config 'cause it's a static function $configEmail = Zend_Registry::get('config')->email; switch (strtolower($configEmail->transport)) { case 'smtp': Zend_Mail::setDefaultTransport(new Zend_Mail_Transport_Smtp($configEmail->host, $configEmail->toArray())); break; case 'mock': Zend_Mail::setDefaultTransport(new Zend_Mail_Transport_Mock()); break; default: Zend_Mail::setDefaultTransport(new Zend_Mail_Transport_Sendmail()); } $mail = new Zend_Mail('UTF-8'); $mail->setBodyText($emailTemplate); $mail->setFrom($configEmail->supportemail); $mail->addTo($user->email); $mail->setSubject($subject); return $mail; }
public function indexAction() { $this->view->headTitle("User", 'PREPEND'); $openid = $this->getRequest()->getParam('openid'); if (isset($openid)) { $this->view->openIdServer = Zend_OpenId::absoluteURL("/provider/"); } else { $this->_redirect('/user/login'); } }
public function save(Default_Model_User $user) { $data = array('username' => $user->getUsername(), 'password' => md5($user->getUsername() . $user->getPassword()), 'created' => date('Y-m-d H:i:s'), 'openid' => Zend_OpenId::absoluteURL('/openid/' . $user->getUsername()), 'user_type' => $user->getUserType()); if (null === ($id = $user->getId())) { $id = $this->getDbTable()->insert($data); } else { $this->getDbTable()->update($data, array('id = ?' => $id)); } return $id; }
/** * Performs login of user with given $id, $password and $username * Returns true in case of success and false otherwise * * @param string $id user identity URL * @param string $password user password * @param string $username Tine 2.0 login name * @return bool */ public function login($id, $password, $username = null) { if (!Zend_OpenId::normalize($id)) { return false; } if (!$this->_storage->checkUser($id, $password, $username)) { return false; } $this->_user->setLoggedInUser($id); return true; }
/** * Returns identity URL of logged in user or false * * @return mixed */ public function getLoggedInUser() { // user is logged in via Tine 2.0 already if (($user = Tinebase_Core::getUser()) instanceof Tinebase_Model_FullUser) { return dirname(Zend_OpenId::selfUrl()) . '/users/' . (isset($user->openid) ? $user->openid : $user->accountLoginName); } // user has authenticated via OpenId before if (isset($this->_sessionNameSpace->logged_in)) { return $this->_sessionNameSpace->logged_in; } return false; }
public function direct($config) { $currentUrl = urldecode(Zend_OpenId::selfURL()); if ($config->subdomain->enabled) { $protocol = Monkeys_Controller_Action::getProtocol(); preg_match('#(.*)\\.' . $config->subdomain->hostname . '#', $currentUrl, $matches); return "{$protocol}://" . ($config->subdomain->use_www ? 'www.' : '') . $config->subdomain->hostname . '/openid/provider'; } else { preg_match('#(.*)/(identity|openid)?/#', $currentUrl, $matches); return $matches[1] . '/openid/provider'; } }
/** * Normalizes OpenID identifier that can be URL or XRI name. * Returns true on success and false of failure. * * Normalization is performed according to the following rules: * 1. If the user's input starts with one of the "xri://", "xri://$ip*", * or "xri://$dns*" prefixes, they MUST be stripped off, so that XRIs * are used in the canonical form, and URI-authority XRIs are further * considered URL identifiers. * 2. If the first character of the resulting string is an XRI Global * Context Symbol ("=", "@", "+", "$", "!"), then the input SHOULD be * treated as an XRI. * 3. Otherwise, the input SHOULD be treated as an http URL; if it does * not include a "http" or "https" scheme, the Identifier MUST be * prefixed with the string "http://". * 4. URL identifiers MUST then be further normalized by both following * redirects when retrieving their content and finally applying the * rules in Section 6 of [RFC3986] to the final destination URL. * @param string &$id identifier to be normalized * @return bool */ public static function normalize(&$id) { $validator = new Zend_Validate_EmailAddress(); if ($validator->isValid($id)) { if (false !== strpos($id, 'gmail')) { $id = 'https://www.google.com/accounts/o8/id'; return true; } $email = explode('@', $id); $id = 'https://www.google.com/accounts/o8/site-xrds?ns=2&hd=' . $email[1]; return true; } else { return Zend_OpenId::normalize($id); } }
/** * @return Zend_Mail * @throws Zend_Mail_Protocol_Exception */ public static function getMail(Exception $ex, User $user, $errors) { $exceptionClass = get_class($ex); $stack = $ex->getTraceAsString(); $stackDetail = print_r($errors, true); $currentUrl = Zend_OpenId::selfURL(); if ($user->role = ROLE_GUEST) { $userLabel = 'Anonymous'; } else { $userLabel = $user->getFullName() . '(' . $user->username . ')'; } $body = <<<EOD Dear Admin, An error has occured in your Community-ID installation. URL requested: {$currentUrl} By User: {$userLabel} Exception: {$exceptionClass} Call stack: {$stack} Call stack detail: {$stackDetail} EOD; // can't use $this-_config 'cause it's a static function $configEmail = Zend_Registry::get('config')->email; switch (strtolower($configEmail->transport)) { case 'smtp': Zend_Mail::setDefaultTransport(new Zend_Mail_Transport_Smtp($configEmail->host, $configEmail->toArray())); break; case 'mock': Zend_Mail::setDefaultTransport(new Zend_Mail_Transport_Mock()); break; default: Zend_Mail::setDefaultTransport(new Zend_Mail_Transport_Sendmail()); } $mail = new Zend_Mail(); $mail->setBodyText($body); $mail->setFrom($this->_config->email->supportemail); $mail->addTo($configEmail->adminemail); $mail->setSubject('Community-ID error report'); return $mail; }
function HandleObjectCategories($objectCategoryIds) { global $prefs; $perspectivelib = TikiLib::lib('perspective'); $current_object = current_object(); if (!$current_object) { // only used on tiki objects return; } $descendants = $this->get_category_descendants($prefs['areas_root']); $objectPerspective = 0; if (!empty($objectCategoryIds)) { if (!isset($_SESSION['current_perspective'])) { unset($_SESSION['current_perspective']); } foreach ($objectCategoryIds as $categId) { // If category is inside $prefs['areas_root'] if (in_array($categId, $descendants)) { $area = $this->getAreaByCategId($categId); if ($area) { $objectPerspective = $area['perspectives'][0]; // use 1st persp break; } } } if ($objectPerspective && $objectPerspective != $_SESSION['current_perspective']) { $area = $this->getAreaByPerspId($_SESSION['current_perspective']); $objectArea = $this->getAreaByPerspId($objectPerspective); if ($area && !$area['share_common'] || $objectArea && $objectArea['exclusive']) { $perspectivelib->set_perspective($objectPerspective, true); Zend_OpenId::redirect(Zend_OpenId::selfUrl()); } } } if ($objectPerspective < 1 && !empty($_SESSION['current_perspective'])) { // uncategorised objects $area = $this->getAreaByPerspId($_SESSION['current_perspective']); if ($area) { if (!$area['share_common']) { $perspectivelib->set_perspective($objectPerspective, true); Zend_OpenId::redirect(Zend_OpenId::selfUrl()); } } } }
/** * Подготовить набор параметров для verify * * @return array */ protected function _makeVerifyParameters(array $extraParams = array()) { $_SERVER['SCRIPT_URI'] = 'http://localhost/index.php/auth/openid/verify'; $expiresIn = TIME + 600; $this->storage->addDiscoveryInfo(self::ID, self::REAL_ID, self::SERVER, 1.1, $expiresIn); $this->storage->addAssociation(self::SERVER, self::HANDLE, "sha1", $secret = pack("H*", "8382aea922560ece833ba55fa53b7a975f597370"), $expiresIn); $params = array("openid_return_to" => $_SERVER['SCRIPT_URI'], "openid_assoc_handle" => self::HANDLE, "openid_claimed_id" => self::ID, "openid_identity" => self::REAL_ID, "openid_response_nonce" => "2007-08-14T12:52:33Z46c1a59124ffe", "openid_mode" => "id_res", "openid_signed" => "assoc_handle,return_to,claimed_id,identity,response_nonce,mode,signed"); $signed = array($params["openid_signed"]); if ($extraParams) { $params = array_merge($params, $extraParams); // TODO: Фуууууу $extraParams2 = explode(',', str_replace('_', '.', implode(',', array_keys($extraParams)))); $signed = array_merge($signed, $extraParams2); } $params["openid_signed"] = str_replace('openid.', '', implode(',', $signed)); // Подписать данные $data = ''; foreach (explode(',', $params['openid_signed']) as $key) { $data .= $key . ':' . $params['openid_' . strtr($key, '.', '_')] . "\n"; } $params['openid_sig'] = base64_encode(\Zend_OpenId::hashHmac('sha1', $data, $secret)); return $params; }
/** * Returns an absolute URL for the given one * * @param string $url absilute or relative URL * @return string */ public static function absoluteUrl($url) { if (empty($url)) { return Zend_OpenId::selfUrl(); } else { if (!preg_match('|^([^:]+)://|', $url)) { if (preg_match('|^([^:]+)://([^:@]*(?:[:][^@]*)?@)?([^/:@?#]*)(?:[:]([^/?#]*))?(/[^?]*)?((?:[?](?:[^#]*))?(?:#.*)?)$|', Zend_OpenId::selfUrl(), $reg)) { $scheme = $reg[1]; $auth = $reg[2]; $host = $reg[3]; $port = $reg[4]; $path = $reg[5]; $query = $reg[6]; if ($url[0] == '/') { return $scheme . '://' . $auth . $host . (empty($port) ? '' : ':' . $port) . $url; } else { $dir = dirname($path); return $scheme . '://' . $auth . $host . (empty($port) ? '' : ':' . $port) . (strlen($dir) > 1 ? $dir : '') . '/' . $url; } } } } return $url; }
$dir = realpath(__DIR__ . "/../../.."); set_include_path("{$dir}/incubator/library" . PATH_SEPARATOR . "{$dir}/library" . PATH_SEPARATOR . get_include_path()); /** * @see Zend_Auth */ require_once "Zend/Auth.php"; /** * @see Zend_Auth_Adapter_OpenId */ require_once "Zend/Auth/Adapter/OpenId.php"; $status = ""; $auth = Zend_Auth::getInstance(); if (isset($_POST['openid_action']) && $_POST['openid_action'] == "login" && !empty($_POST['openid_identifier']) || isset($_GET['openid_mode']) || isset($_POST['openid_mode'])) { $result = $auth->authenticate(new Zend_Auth_Adapter_OpenId(@$_POST['openid_identifier'])); if ($result->isValid()) { Zend_OpenId::redirect(Zend_OpenId::selfURL()); } else { $auth->clearIdentity(); foreach ($result->getMessages() as $message) { $status .= "{$message}<br>\n"; } } } else { if ($auth->hasIdentity()) { if (isset($_POST['openid_action']) && $_POST['openid_action'] == "logout") { $auth->clearIdentity(); } else { $status = "You are logged-in as " . $auth->getIdentity() . "<br>\n"; } } }
public function getUserWithUsername($username, $generateNewIfMissing = false, Zend_View $view = null) { $select = $this->select()->where('username=?', $username); $user = $this->fetchRow($select); $ldapOptions = Zend_Registry::get('config')->ldap; if ($ldapOptions->enabled) { $ldap = Monkeys_Ldap::getInstance(); try { $ldapUserData = $ldap->get("cn={$username},{$ldapOptions->baseDn}"); } catch (Exception $e) { if ($e->getCode() == Monkeys_Ldap::EXCEPTION_SEARCH) { return false; } throw $e; } if ($user) { // this fields are always overridden from what comes from LDAP, because they might change $user->overrideWithLdapData($ldapUserData); } else { // user is registered in LDAP, but not in CID's db $user = $this->createRow(); $user->registration_date = date('Y-m-d'); $user->overrideWithLdapData($ldapUserData); if ($user->role != Users_Model_User::ROLE_ADMIN) { preg_match('#(.*)/users/login/authenticate#', Zend_OpenId::selfURL(), $matches); $user->generateOpenId($matches[1]); } if ($generateNewIfMissing) { $user->save(); $profileId = $user->createDefaultProfile($view); $user->generatePersonalInfo($ldapUserData, $profileId); } } } return $user; }
/** * handle all kinds of openId requests * * @return void */ public function openId() { Tinebase_Core::startCoreSession(); $server = new Tinebase_OpenId_Provider(null, null, new Tinebase_OpenId_Provider_User_Tine20(), new Tinebase_OpenId_Provider_Storage()); $server->setOpEndpoint(dirname(Zend_OpenId::selfUrl()) . '/index.php?method=Tinebase.openId'); // handle openId login form if (isset($_POST['openid_action']) && $_POST['openid_action'] === 'login') { $server->login($_POST['openid_identifier'], $_POST['password'], $_POST['username']); unset($_GET['openid_action']); $this->_setJsonKeyCookie(); Zend_OpenId::redirect(dirname(Zend_OpenId::selfUrl()) . '/index.php', $_GET); // display openId login form } else { if (isset($_GET['openid_action']) && $_GET['openid_action'] === 'login') { $view = new Zend_View(); $view->setScriptPath('Tinebase/views'); $view->openIdIdentity = $_GET['openid_identity']; $view->loginName = $_GET['openid_identity']; header('Content-Type: text/html; charset=utf-8'); echo $view->render('openidLogin.php'); // handle openId trust form } else { if (isset($_POST['openid_action']) && $_POST['openid_action'] === 'trust') { if (isset($_POST['allow'])) { if (isset($_POST['forever'])) { $server->allowSite($server->getSiteRoot($_GET)); } $server->respondToConsumer($_GET); } else { if (isset($_POST['deny'])) { if (isset($_POST['forever'])) { $server->denySite($server->getSiteRoot($_GET)); } Zend_OpenId::redirect($_GET['openid_return_to'], array('openid.mode' => 'cancel')); } } // display openId trust form } else { if (isset($_GET['openid_action']) && $_GET['openid_action'] === 'trust') { if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . " Display openId trust screen"); } $view = new Zend_View(); $view->setScriptPath('Tinebase/views'); $view->openIdConsumer = $server->getSiteRoot($_GET); $view->openIdIdentity = $server->getLoggedInUser(); header('Content-Type: text/html; charset=utf-8'); echo $view->render('openidTrust.php'); // handle all other openId requests } else { $result = $server->handle(); if (is_string($result)) { echo $result; } elseif ($result !== true) { header('HTTP/1.0 403 Forbidden'); return; } } } } } }
/** * testing testBtwoc * */ public function testBtwoc() { $this->assertSame( '00', bin2hex(Zend_OpenId::btwoc(pack('H*', '00'))) ); $this->assertSame( '01', bin2hex(Zend_OpenId::btwoc(pack('H*', '01'))) ); $this->assertSame( '7e', bin2hex(Zend_OpenId::btwoc(pack('H*', '7e'))) ); $this->assertSame( '78', bin2hex(Zend_OpenId::btwoc(pack('H*', '78'))) ); $this->assertSame( '0080', bin2hex(Zend_OpenId::btwoc(pack('H*', '80'))) ); $this->assertSame( '0081', bin2hex(Zend_OpenId::btwoc(pack('H*', '81'))) ); $this->assertSame( '00fe', bin2hex(Zend_OpenId::btwoc(pack('H*', 'fe'))) ); $this->assertSame( '00ff', bin2hex(Zend_OpenId::btwoc(pack('H*', 'ff'))) ); }
if ($_POST['openid_action'] == 'trust') { if (isset($_GET['openid_return_to'])) { $sreg = new Zend_OpenId_Extension_Sreg(); $sreg->parseResponse($_POST); if (isset($_POST['allow'])) { if (isset($_POST['forever'])) { $server->allowSite($server->getSiteRoot($_GET), $sreg); } unset($_GET['openid_action']); $server->respondToConsumer($_GET, $sreg); } else { if (isset($_POST['deny'])) { if (isset($_POST['forever'])) { $server->denySite($server->getSiteRoot($_GET)); } Zend_OpenId::redirect($_GET['openid_return_to'], array('openid.mode' => 'cancel')); } } } else { if (isset($_POST['allow'])) { $server->allowSite($_POST['site']); header('Location: ' . $_SERVER['PHP_SELF']); exit; } else { if (isset($_POST['deny'])) { $server->denySite($_POST['site']); header('Location: ' . $_SERVER['PHP_SELF']); exit; } else { if (isset($_POST['del'])) { $server->delSite($_POST['site']);
public function btnLogin_Click($strFormId, $strControlId, $strParameter) { require_once "Zend/Auth.php"; require_once "Zend/Auth/Adapter/OpenId.php"; require_once "Zend/Auth/Storage/NonPersistent.php"; $this->txtOpenIdUrl->Text = preg_replace('/\\/$/', '', $this->txtOpenIdUrl->Text); $status = ""; $auth = Zend_Auth::getInstance(); $result = $auth->authenticate(new Zend_Auth_Adapter_OpenId($this->txtOpenIdUrl->Text)); if ($result->isValid()) { Zend_OpenId::redirect(Zend_OpenId::selfURL()); } else { $auth->clearIdentity(); foreach ($result->getMessages() as $message) { $status .= "{$message}<br>\n"; } $this->lblMessage->ForeColor = 'red'; $this->lblMessage->Text = 'OpenId: ' . $status; return false; } }
/** * testing setSelfUrl * */ public function testSetSelfUrl() { unset($_SERVER['SCRIPT_URI']); unset($_SERVER['HTTPS']); unset($_SERVER['HTTP_HOST']); unset($_SERVER['SERVER_NAME']); unset($_SERVER['SERVER_PORT']); unset($_SERVER['SCRIPT_URL']); unset($_SERVER['REDIRECT_URL']); unset($_SERVER['PHP_SELF']); unset($_SERVER['SCRIPT_NAME']); unset($_SERVER['PATH_INFO']); $_SERVER['SCRIPT_URI'] = "http://www.test.com/"; $this->assertSame('http://www.test.com/', Zend_OpenId::selfUrl()); $this->assertSame(null, Zend_OpenId::setSelfUrl("http://localhost/test")); $this->assertSame("http://localhost/test", Zend_OpenId::selfUrl()); $this->assertSame("http://localhost/test", Zend_OpenId::setSelfUrl()); $this->assertSame('http://www.test.com/', Zend_OpenId::selfUrl()); $this->assertSame(null, Zend_OpenId::setSelfUrl()); $this->assertSame('http://www.test.com/', Zend_OpenId::selfUrl()); }
* obtain it through the world-wide-web, please send an email * to license@zend.com so we can send you a copy immediately. * * @category Zend * @package Zend_OpenId * @copyright Copyright (c) 2005-2007 Zend Technologies USA Inc. (http://www.zend.com) * @license http://framework.zend.com/license/new-bsd New BSD License * @version $Id:$ */ /** * Zend_OpenId */ require_once 'Zend/OpenId.php'; Zend_OpenId::$exitOnRedirect = false; /** * @package Zend_OpenId * @subpackage UnitTests */ class Zend_OpenId_ResponseHelper extends Zend_Controller_Response_Abstract { private $_canSendHeaders; public function __construct($canSendHeaders) { $this->_canSendHeaders = $canSendHeaders; } public function canSendHeaders($throw = false)
public function idAction() { $this->view->headLink()->headLink(array('rel' => 'openid.server', 'href' => $this->_helper->ProviderUrl($this->_config))); $this->view->headLink()->headLink(array('rel' => 'openid2.provider', 'href' => $this->_helper->ProviderUrl($this->_config))); $this->view->idUrl = urldecode(Zend_OpenId::selfURL()); }
public function saveaccountinfoAction() { $isNewUser = is_null($this->targetUser->id) ? true : false; if (!$isNewUser && $this->targetUser->id != $this->user->id || $this->_config->ldap->enabled && !$this->_config->ldap->keepRecordsSynced) { throw new Monkeys_AccessDeniedException(); } $form = new Users_Form_AccountInfo(null, $this->targetUser); $formData = $this->_request->getPost(); $form->populate($formData); if (!$form->isValid($formData)) { return $this->_redirectInvalidForm($form); } $existingUsernameOrEmail = false; $oldUsername = $this->targetUser->username; $newUsername = $form->getValue('username'); if ($isNewUser && $this->_usernameAlreadyExists($newUsername) || !$isNewUser && $oldUsername != $newUsername && $this->_usernameAlreadyExists($newUsername)) { $form->username->addError($this->view->translate('This username is already in use')); $existingUsernameOrEmail = true; } $newEmail = $form->getValue('email'); if ($isNewUser && $this->_emailAlreadyExists($newEmail) || !$isNewUser && $this->targetUser->email != $newEmail && $this->_emailAlreadyExists($newEmail)) { $form->email->addError($this->view->translate('This E-mail is already in use')); $existingUsernameOrEmail = true; } if ($existingUsernameOrEmail) { return $this->_redirectInvalidForm($form); } if ($this->_config->yubikey->enabled) { $this->targetUser->auth_type = $form->getValue('authMethod'); $yubikey = trim($form->getValue('yubikey')); if ($form->getValue('authMethod') == Users_Model_User::AUTH_YUBIKEY) { // only store or update yubikey for new users or existing that filled in something if ($isNewUser || $yubikey) { if (!($publicId = $this->_getYubikeyPublicId($yubikey))) { $form->yubikey->addError($this->view->translate('Could not validate Yubikey')); return $this->_redirectInvalidForm($form); } $this->targetUser->yubikey_publicid = $publicId; } } } $this->targetUser->username = $newUsername; $this->targetUser->firstname = $form->getValue('firstname'); $this->targetUser->lastname = $form->getValue('lastname'); $this->targetUser->email = $newEmail; if ($isNewUser) { $this->targetUser->accepted_eula = 1; $this->targetUser->registration_date = date('Y-m-d'); preg_match('#(.*)/users/profile.*#', Zend_OpenId::selfURL(), $matches); $this->targetUser->generateOpenId($matches[1]); $this->targetUser->role = Users_Model_User::ROLE_REGISTERED; $this->targetUser->setClearPassword($form->getValue('password1')); } if ($this->_config->ldap->enabled && $this->_config->ldap->keepRecordsSynced) { $ldap = Monkeys_Ldap::getInstance(); if ($isNewUser) { $this->targetUser->setPassword($form->getValue('password1')); $ldap->add($this->targetUser); } else { if ($oldUsername != $newUsername) { $ldap->modifyUsername($this->targetUser, $oldUsername); } $ldap->modify($this->targetUser); } // LDAP passwords must not be stored in the DB $this->targetUser->setPassword(''); } $this->targetUser->save(); if ($isNewUser) { $this->targetUser->createDefaultProfile($this->view); } /** * When the form is submitted through a YUI request using a file, an iframe is used, * so the framework doesn't detected it as ajax, so we have to manually ensure the * layout is not shown. */ $this->_helper->layout->disableLayout(); $this->_forward('accountinfo', null, null, array('userid' => $this->targetUser->id)); }
/** * Performs a HTTP redirection to specified URL with additional data. * It may generate redirected request using GET or POST HTTP method. * The function never returns. * * @param string $url URL to redirect to * @param array $params additional variable/value pairs to send * @param Zend_Controller_Response_Abstract $response * @param string $method redirection method ('GET' or 'POST') */ public static function redirect($url, $params = null, Zend_Controller_Response_Abstract $response = null, $method = 'GET') { $url = Zend_OpenId::absoluteUrl($url); $body = ""; if (null === $response) { require_once "Zend/Controller/Response/Http.php"; $response = new Zend_Controller_Response_Http(); } if ($method == 'POST') { $body = "<html><body onLoad=\"document.forms[0].submit();\">\n"; $body .= "<form method=\"POST\" action=\"{$url}\">\n"; if (is_array($params) && count($params) > 0) { foreach ($params as $key => $value) { $body .= '<input type="hidden" name="' . $key . '" value="' . $value . "\">\n"; } } $body .= "<input type=\"submit\" value=\"Continue OpenID transaction\">\n"; $body .= "</form></body></html>\n"; } else { if (is_array($params) && count($params) > 0) { if (strpos($url, '?') === false) { $url .= '?' . self::paramsToQuery($params); } else { $url .= '&' . self::paramsToQuery($params); } } } if (!empty($body)) { $response->setBody($body); } else { if (!$response->canSendHeaders()) { $response->setBody("<script language=\"JavaScript\"" . " type=\"text/javascript\">window.location='{$url}';" . "</script>"); } else { $response->setRedirect($url); } } $response->sendResponse(); if (self::$exitOnRedirect) { exit; } }
/** * Performs the first step of a Diffie-Hellman key exchange by generating * private and public DH values based on given prime number $p and * generator $g. Both sides of key exchange MUST have the same prime number * and generator. In this case they will able to create a random shared * secret that is never send from one to the other. * * @param string $p prime number in binary representation * @param string $g generator in binary representation * @param string $priv_key private key in binary representation * @return mixed */ public static function createDhKey($p, $g, $priv_key = null) { if (function_exists('openssl_dh_compute_key')) { $dh_details = array('p' => $p, 'g' => $g); if ($priv_key !== null) { $dh_details['priv_key'] = $priv_key; } return openssl_pkey_new(array('dh' => $dh_details)); } else { $bn_p = self::binToBigNum($p); $bn_g = self::binToBigNum($g); if ($priv_key === null) { $priv_key = self::randomBytes(Zend_OpenId::strlen($p)); } $bn_priv_key = self::binToBigNum($priv_key); if (extension_loaded('gmp')) { $bn_pub_key = gmp_powm($bn_g, $bn_priv_key, $bn_p); } else { if (extension_loaded('bcmath')) { $bn_pub_key = bcpowmod($bn_g, $bn_priv_key, $bn_p); } } $pub_key = self::bigNumToBin($bn_pub_key); return array('p' => $bn_p, 'g' => $bn_g, 'priv_key' => $bn_priv_key, 'pub_key' => $bn_pub_key, 'details' => array('p' => $p, 'g' => $g, 'priv_key' => $priv_key, 'pub_key' => $pub_key)); } }
/** * Performs check of OpenID identity. * * This is the first step of OpenID authentication process. * On success the function does not return (it does HTTP redirection to * server and exits). On failure it returns false. * * @param bool $immediate enables or disables interaction with user * @param string $id OpenID identity * @param string $returnTo HTTP URL to redirect response from server to * @param string $root HTTP URL to identify consumer on server * @param mixed $extensions extension object or array of extensions objects * @param Zend_Controller_Response_Abstract $response an optional response * object to perform HTTP or HTML form redirection * @return bool */ protected function _checkId($immediate, $id, $returnTo = null, $root = null, $extensions = null, Zend_Controller_Response_Abstract $response = null) { if (!Zend_OpenId::normalize($id)) { return false; } $claimedId = $id; if (!$this->_discovery($id, $server, $version)) { return false; } if (!$this->_associate($server, $version)) { return false; } if (!$this->_getAssociation($server, $handle, $macFunc, $secret, $expires)) { /* Use dumb mode */ unset($handle); unset($macFunc); unset($secret); unset($expires); } $params = array(); if ($version >= 2.0) { $params['openid.ns'] = Zend_OpenId::NS_2_0; } $params['openid.mode'] = $immediate ? 'checkid_immediate' : 'checkid_setup'; $params['openid.identity'] = $id; $params['openid.claimed_id'] = $claimedId; if (isset($handle)) { $params['openid.assoc_handle'] = $handle; } $params['openid.return_to'] = Zend_OpenId::absoluteUrl($returnTo); if (empty($root)) { $root = dirname(Zend_OpenId::selfUrl()); } if ($version >= 2.0) { $params['openid.realm'] = $root; } else { $params['openid.trust_root'] = $root; } if (!Zend_OpenId_Extension::forAll($extensions, 'prepareRequest', $params)) { return false; } Zend_OpenId::redirect($server, $params, $response); return true; }
color: #000; padding-left: 18px; width: 220px; margin-right: 10px; } </style> </head> <body> <?php echo "$status<br>\n";?> <div> <form action="<?php echo Zend_OpenId::selfUrl(); ?>" method="post" onsubmit="this.login.disabled=true;"> <fieldset id="openid"> <legend>OpenID Login</legend> <input type="hidden" name="openid_action" value="login"> <div> <input type="text" name="openid_identifier" class="openid_login" value="<?php echo $id;?>"> <input type="submit" name="login" value="login"> <table border="0" cellpadding="2" cellspacing="2"> <tr><td> </td><td>requird</td><td>optional</td><td>none</td><td> </td></tr> <?php echo "$sreg_html<br>\n";?> </table> <br> <a href="<?php echo dirname(Zend_OpenId::selfUrl()); ?>/test_server.php?openid.action=register">register</a> </div> </fieldset> </form> </div> </body> </html>
function wikiplugin_subscribegroup($data, $params) { global $tiki_p_subscribe_groups, $userlib, $user, $smarty; static $iSubscribeGroup = 0; ++$iSubscribeGroup; if (empty($user)) { return ''; } if ($tiki_p_subscribe_groups != 'y') { return tra('Permission denied'); } extract($params, EXTR_SKIP); if (empty($group)) { if (!empty($_REQUEST['group'])) { $group = $_REQUEST['group']; } else { return tra('Missing parameter'); } } if ($group == 'Anonymous' || $group == 'Registered') { return tra('Incorrect param'); } if (!($info = $userlib->get_group_info($group)) || $info['groupName'] != $group) { // must have the right case return tra('Incorrect param'); } if ($info['userChoice'] != 'y') { return tra('Permission denied'); } $groups = $userlib->get_user_groups_inclusion($user); $current_defgroup = $userlib->get_user_default_group($user); if (!empty($_REQUEST['subscribeGroup']) && !empty($_REQUEST['iSubscribeGroup']) && $_REQUEST['iSubscribeGroup'] == $iSubscribeGroup && $_REQUEST['group'] == $group) { if (isset($defgroup) || isset($defgroup_action) || isset($undefgroup) || isset($undefgroup_action)) { if ($current_defgroup == $group) { $new_group = !empty($undefgroup_group) ? $undefgroup_group : 'Registered'; $userlib->set_default_group($user, $new_group); } else { if (!isset($groups[$group])) { $userlib->assign_user_to_group($user, $group); } $userlib->set_default_group($user, $group); } if (!empty($params['defgroup_url']) && $params['defgroup_url'] === 'n') { Zend_OpenId::redirect(Zend_OpenId::selfUrl()); } else { global $tikiroot; Zend_OpenId::redirect($tikiroot); } die; } else { if (isset($groups[$group])) { $userlib->remove_user_from_group($user, $group); unset($groups[$group]); if (!empty($postunsubscribe_url)) { header("Location: {$postunsubscribe_url}"); die; } } else { $userlib->assign_user_to_group($user, $group); $groups[$group] = 'real'; if (!empty($postsubscribe_url)) { header("Location: {$postsubscribe_url}"); die; } } } } if (isset($undefgroup) || isset($undefgroup_action)) { if ($current_defgroup == $group) { $text = isset($undefgroup) ? $undefgroup : ''; if (!isset($undefgroup_action)) { $undefgroup_action = tra('OK'); } $smarty->assign('action', $undefgroup_action); } else { $text = isset($defgroup) ? $defgroup : ''; if (!isset($defgroup_action)) { $defgroup_action = tra('OK'); } $smarty->assign('action', $defgroup_action); } } else { if (isset($groups[$group])) { //user already in the group-> if ($groups[$group] == 'included') { return tra('Incorrect param'); } $text = isset($unsubscribe) ? $unsubscribe : tra('Unsubscribe') . '%s'; if (!isset($unsubscribe_action)) { $unsubscribe_action = tra('OK'); } $smarty->assign('action', $unsubscribe_action); } else { $text = isset($subscribe) ? $subscribe : tra('Subscribe') . '%s'; if (!isset($subscribe_action)) { $subscribe_action = tra('OK'); } $smarty->assign('action', $subscribe_action); } } $smarty->assign('text', sprintf(tra($text), $group)); $smarty->assign('subscribeGroup', $group); $smarty->assign('iSubscribeGroup', $iSubscribeGroup); $data = $data . $smarty->fetch('wiki-plugins/wikiplugin_subscribegroup.tpl'); return $data; }
/** * Performs authentication validation for dumb consumers * Returns array of variables to push back to consumer. * It MUST contain 'is_valid' variable with value 'true' or 'false'. * * @param float $version OpenID version * @param array $params GET or POST request variables * @return array */ protected function _checkAuthentication($version, $params) { $ret = array(); if ($version >= 2.0) { $ret['ns'] = Zend_OpenId::NS_2_0; } $ret['openid.mode'] = 'id_res'; if (empty($params['openid_assoc_handle']) || empty($params['openid_signed']) || empty($params['openid_sig']) || !$this->_storage->getAssociation($params['openid_assoc_handle'], $macFunc, $secret, $expires)) { $ret['is_valid'] = 'false'; return $ret; } $signed = explode(',', $params['openid_signed']); $data = ''; foreach ($signed as $key) { $data .= $key . ':'; if ($key == 'mode') { $data .= "id_res\n"; } else { $data .= $params['openid_' . strtr($key, '.', '_')] . "\n"; } } if ($this->_secureStringCompare(base64_decode($params['openid_sig']), Zend_OpenId::hashHmac($macFunc, $data, $secret))) { $ret['is_valid'] = 'true'; } else { $ret['is_valid'] = 'false'; } return $ret; }
/** * Map a specific OpenID url to its equivalent, valid OpenID url. * Example: flickr.com doesn't actually provide OpenID support, so we redirect to me.yahoo.com. * * @param string $url * @return null|string */ protected function mapOpenIDUrl($url) { $urlmap = array('http://flickr.com/' => 'http://me.yahoo.com/'); $normalizedUrl = $url; if (Zend_OpenId::normalizeUrl($normalizedUrl)) { foreach ($urlmap as $key => $val) { Zend_OpenId::normalizeUrl($key); if ($normalizedUrl == $key) { $normalizedUrl = $val; Zend_OpenId::normalizeUrl($normalizedUrl); break; } } return $normalizedUrl; } return null; }
/** * Performs check of OpenID identity. * * This is the first step of OpenID authentication process. * On success the function does not return (it does HTTP redirection to * server and exits). On failure it returns false. * * @param bool $immediate enables or disables interaction with user * @param string $id OpenID identity * @param string $returnTo HTTP URL to redirect response from server to * @param string $root HTTP URL to identify consumer on server * @param mixed $extensions extension object or array of extensions objects * @param Zend_Controller_Response_Abstract $response an optional response * object to perform HTTP or HTML form redirection * @return bool */ protected function _checkId($immediate, $id, $returnTo = null, $root = null, $extensions = null, Zend_Controller_Response_Abstract $response = null) { $this->_setError(''); if (!Zend_OpenId::normalize($id)) { $this->_setError("Normalisation failed"); return false; } $claimedId = $id; if (!$this->_discovery($id, $server, $version)) { $this->_setError("Discovery failed: " . $this->getError()); return false; } if (!$this->_associate($server, $version)) { $this->_setError("Association failed: " . $this->getError()); return false; } if (!$this->_getAssociation($server, $handle, $macFunc, $secret, $expires)) { /* Use dumb mode */ unset($handle); unset($macFunc); unset($secret); unset($expires); } $params = array(); if ($version >= 2.0) { $params['openid.ns'] = Zend_OpenId::NS_2_0; } $params['openid.mode'] = $immediate ? 'checkid_immediate' : 'checkid_setup'; $params['openid.identity'] = $id; $params['openid.claimed_id'] = $claimedId; if ($version <= 2.0) { if ($this->_session !== null) { $this->_session->identity = $id; $this->_session->claimed_id = $claimedId; } else { if (defined('SID')) { $_SESSION["zend_openid"] = array("identity" => $id, "claimed_id" => $claimedId); } else { require_once "Zend/Session/Namespace.php"; $this->_session = new Zend_Session_Namespace("zend_openid"); $this->_session->identity = $id; $this->_session->claimed_id = $claimedId; } } } if (isset($handle)) { $params['openid.assoc_handle'] = $handle; } $params['openid.return_to'] = Zend_OpenId::absoluteUrl($returnTo); if (empty($root)) { $root = Zend_OpenId::selfUrl(); if ($root[strlen($root) - 1] != '/') { $root = dirname($root); } } if ($version >= 2.0) { $params['openid.realm'] = $root; } else { $params['openid.trust_root'] = $root; } if (!Zend_OpenId_Extension::forAll($extensions, 'prepareRequest', $params)) { $this->_setError("Extension::prepareRequest failure"); return false; } Zend_OpenId::redirect($server, $params, $response); return true; }
echo Zend_OpenId::selfUrl(); ?> " method="post" onsubmit="this.login.disabled=true;"> <fieldset id="openid"> <legend>OpenID Login</legend> <input type="hidden" name="openid_action" value="login"> <div> <input type="text" name="openid_identifier" class="openid_login" value="<?php echo $id; ?> "> <input type="submit" name="login" value="login"> <table border="0" cellpadding="2" cellspacing="2"> <tr><td> </td><td>requird</td><td>optional</td><td>none</td><td> </td></tr> <?php echo "{$sreg_html}<br>\n"; ?> </table> <br> <a href="<?php echo dirname(Zend_OpenId::selfUrl()); ?> /test_server.php?openid.action=register">register</a> </div> </fieldset> </form> </div> </body> </html>