/** * Perform first pass through login handler routine * * @access private * @return mixed Boolean on failure else output/redirect */ private function _doFirstPass() { //----------------------------------------- // Do the same cleaning we do when storing url //----------------------------------------- $url = trim($this->request['openid_url']); $url = rtrim($url, "/"); if (!strpos($url, 'http://') === 0 and !strpos($url, 'https://') === 0) { $url = 'http://' . $url; } if (!IPSText::xssCheckUrl($url)) { $this->auth_errors[] = 'bad_url'; $this->return_code = 'WRONG_AUTH'; return false; } $consumer = $this->_getConsumer(); if (!is_object($consumer)) { return false; } //----------------------------------------- // Store some of the input data.. //----------------------------------------- $id = md5(uniqid(mt_rand(), true)); $this->DB->delete('openid_temp', "fullurl='" . $url . "'"); $this->DB->insert('openid_temp', array('id' => $id, 'referrer' => $this->request['referer'], 'cookiedate' => intval($this->request['rememberMe']), 'privacy' => intval($this->request['anonymous']), 'fullurl' => $url)); //----------------------------------------- // Set the URLs //----------------------------------------- $openid = $url; if ($this->is_admin_auth) { $process_url = $this->settings['base_url'] . 'app=core&module=login&do=login-complete&firstpass=1&myopenid=' . $id; } else { $process_url = $this->settings['base_url'] . 'app=core&module=global§ion=login&do=process&firstpass=1&myopenid=' . $id; } $trust_root = strpos($this->settings['base_url'], '.php') !== false ? substr($this->settings['base_url'], 0, strpos($this->settings['base_url'], '.php') + 4) : $this->settings['base_url']; $policy_url = $this->openid_config['openid_policy']; //----------------------------------------- // Begin OpenID Auth //----------------------------------------- $auth_request = $consumer->begin($openid); if (!$auth_request) { $this->return_code = 'WRONG_OPENID'; $this->auth_errors[] = 'bad_request'; return false; } //----------------------------------------- // Set required, optional, policy attribs //----------------------------------------- $sreg_request = Auth_OpenID_SRegRequest::build(explode(',', $this->openid_config['args_req']), explode(',', $this->openid_config['args_opt']), $policy_url); if ($sreg_request) { $auth_request->addExtension($sreg_request); } //----------------------------------------- // Redirect user //----------------------------------------- $redirect_url = $auth_request->redirectURL($trust_root, $process_url); if ($this->request['module'] == 'ajax') { require_once IPS_KERNEL_PATH . 'classAjax.php'; $ajax = new classAjax(); $ajax->returnJsonArray(array('url' => $redirect_url)); } // If the redirect URL can't be built, try HTML inline if (!Auth_OpenID::isFailure($redirect_url)) { header("Location: " . $redirect_url); exit; } else { $form_id = 'openid_message'; $form_html = $auth_request->formMarkup($trust_root, $process_url, false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; if (Auth_OpenID::isFailure($form_html)) { $this->return_code = 'WRONG_AUTH'; $this->auth_errors[] = 'bad_request'; return false; } else { $page_contents = array("<html><head><title>", "OpenID transaction in progress", "</title></head>", "<body onload='document.getElementById(\"" . $form_id . "\").submit()'>", $form_html, "</body></html>"); print implode("\n", $page_contents); exit; } } }