function do_id_res($req) { if (!$this->verify_return_to($req->get('return_to'))) { return new InvalidLogin(); } $user_setup_url = $req->get('user_setup_url'); if ($user_setup_url) { return new UserSetupNeeded($user_setup_url); } $server_url = $this->determine_server_url($req); $assoc = $this->assoc_mngr->get_association($server_url, $req->get('assoc_handle')); if (!$assoc) { // No matching association found. I guess we're in dumb mode... $check_args = array(); foreach ($req->args as $k => $v) { if (oidUtil::startsWith($k, 'openid.')) { $check_args[$k] = $v; } } $check_args['openid.mode'] = 'check_authentication'; $post_data = http_build_query($check_args); return new CheckAuthRequired($server_url, $req->get('return_to'), $post_data); } // Check the signature $sig = $req->get('sig'); $signed_fields = explode(',', trim($req->get('signed'))); list($_signed, $v_sig) = oidUtil::sign_reply($req->args, $assoc->secret, $signed_fields); if ($v_sig != $sig) { return new InvalidLogin(); } $vl = new ValidLogin($this, $req->get('identity')); if ($vl->verifyIdentity($req->openid)) { return $vl; } return new InvalidLogin(); }