/** * Initiate an OpenID request * * @param boolean $allow_sreg Default true * @param string $process_url Default empty (will use $CFG->wwwroot) * @param array $params Array of extra parameters to append to the request */ function do_request($allow_sreg = true, $process_url = '', $params = array()) { global $CFG, $USER; // Create the consumer instance $store = new Auth_OpenID_FileStore($CFG->dataroot . '/openid'); $consumer = new Auth_OpenID_Consumer($store); $openid_url = optional_param('openid_url', null); if (defined('GOOGLE_OPENID_URL') && !empty($openid_url) && (stristr($openid_url, '@google.') || stristr($openid_url, '@gmail.'))) { // BJB101206: map Google email addresses to OpenID url $tmpemail = $openid_url; $openid_url = GOOGLE_OPENID_URL; logout_guestuser(); if (empty($USER->id) && ($tmpuser = get_complete_user_data('email', $tmpemail)) && $tmpuser->auth != 'openid') { $allow_sreg = true; // would like to verify email later $process_url = $CFG->wwwroot . '/auth/openid/actions.php'; $USER = $tmpuser; $params['openid_tmp_login'] = true; // require flag in action.php $params['openid_action'] = 'change'; $params['openid_url'] = $openid_url; $params['openid_mode'] = 'switch2openid'; // arbitrary != null //error_log('/auth/openid/auth.php::do_request() - Found user email: '.$tmpemail); } } if (!empty($this->config->auth_openid_google_apps_domain)) { $openid_url = $this->config->auth_openid_google_apps_domain; new GApps_OpenID_Discovery($consumer); } $authreq = $consumer->begin($openid_url); if (!$authreq && $this->is_sso()) { $endpoint = new Auth_OpenID_ServiceEndpoint(); $endpoint->server_url = $openid_url; $endpoint->claimed_id = Auth_OpenID_IDENTIFIER_SELECT; $endpoint->type_uris = array('http://specs.openid.net/auth/2.0/signon'); $authreq = $consumer->beginWithoutDiscovery($endpoint); } if (!$authreq) { print_error('auth_openid_login_error', 'auth_openid'); } else { // Add any simple registration fields to the request if ($allow_sreg === true) { $sreg_added = false; $req = array(); $opt = array(); $privacy_url = null; // Required fields if (!empty($this->config->openid_sreg_required)) { $req = array_map('trim', explode(',', $this->config->openid_sreg_required)); $sreg_added = true; } // Optional fields if (!empty($this->config->openid_sreg_optional)) { $opt = array_map('trim', explode(',', $this->config->openid_sreg_optional)); $sreg_added = true; } // Privacy statement if ($sreg_added && !empty($this->config->openid_privacy_url)) { $privacy_url = $this->config->openid_privacy_url; } // We call the on_openid_do_request event handler function if it // exists. This is called before the simple registration (sreg) // extension is added to allow changes to be made to the sreg // data fields if required if (function_exists('on_openid_do_request')) { on_openid_do_request($authreq); } // Finally, the simple registration data is added if ($sreg_added && !(sizeof($req) < 1 && sizeof($opt) < 1)) { $sreg_request = Auth_OpenID_SRegRequest::build($req, $opt, $privacy_url); if ($sreg_request) { $authreq->addExtension($sreg_request); } } if (defined('ADD_AX_SUPPORT')) { $AXattr = array(); $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_EMAIL, 1, 1, 'email'); $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_NICKNAME, 1, 1, 'nickname'); $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_FULLNAME, 1, 1, 'fullname'); $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_FIRSTNAME, 1, 1, 'firstname'); $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_LASTNAME, 1, 1, 'lastname'); $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_COUNTRY, 1, 1, 'country'); // Create AX fetch request $ax = new Auth_OpenID_AX_FetchRequest(); // Add attributes to AX fetch request foreach ($AXattr as $attr) { $ax->add($attr); } // Add AX fetch request to authentication request $authreq->addExtension($ax); } } // Prepare the remaining components for the request if (empty($process_url)) { $process_url = $CFG->wwwroot . '/login/index.php'; } if (is_array($params) && !empty($params)) { $query = ''; foreach ($params as $key => $val) { $query .= '&' . $key . '=' . $val; } $process_url .= '?' . substr($query, 1); } $trust_root = $CFG->wwwroot . '/'; $_SESSION['openid_process_url'] = $process_url; // Finally, redirect to the OpenID provider // Check if the server is allowed ... if (!openid_server_allowed($authreq->endpoint->server_url, $this->config)) { print_error('auth_openid_server_blacklisted', 'auth_openid', '', $authreq->endpoint->server_url); } elseif ($authreq->shouldSendRedirect()) { $redirect_url = $authreq->redirectURL($trust_root, $process_url); // If the redirect URL can't be built, display an error message. if (Auth_OpenID::isFailure($redirect_url)) { error($redirect_url->message); } else { redirect($redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $message = $authreq->getMessage($trust_root, $process_url, false); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($message)) { error($message); } else { $form_html = $message->toFormMarkup($authreq->endpoint->server_url, array('id' => $form_id), get_string('continue')); echo '<html><head><title>OpenID request</title></head><body onload="document.getElementById(\'', $form_id, '\').submit();" style="text-align: center;"><div style="background: lightyellow; border: 1px solid black; margin: 30px 20%; padding: 5px 15px;"><p>', get_string('openid_redirecting', 'auth_openid'), '</p></div>', $form_html, '</body></html>'; exit; } } } }
/** * Initiate an OpenID request * * @param boolean $allow_sreg Default true * @param string $process_url Default empty (will use $CFG->wwwroot) * @param array $params Array of extra parameters to append to the request */ function do_request($allow_sreg = true, $process_url = '', $params = array()) { global $CFG; // Create the consumer instance $store = new Auth_OpenID_FileStore($CFG->dataroot . '/openid'); $consumer = new Auth_OpenID_Consumer($store); // Create our own endpoint and skip the discovery step. $endpoint = new Auth_OpenID_ServiceEndpoint(); $endpoint->server_url = $this->config->openid_sso_url; $endpoint->claimed_id = Auth_OpenID_IDENTIFIER_SELECT; $endpoint->type_uris = array(Auth_OpenID_OPENID1_NS); $authreq = $consumer->beginWithoutDiscovery($endpoint); if (!$authreq) { error(get_string('auth_openid_login_error', 'auth_openid')); } else { // Add any simple registration fields to the request if ($allow_sreg === true) { $sreg_added = false; $req = array(); $opt = array(); $privacy_url = null; // Required fields if (!empty($this->config->openid_sreg_required)) { $req = explode(',', $this->config->openid_sreg_required); $sreg_added = true; } // Optional fields if (!empty($this->config->openid_sreg_optional)) { $opt = explode(',', $this->config->openid_sreg_optional); $sreg_added = true; } // Privacy statement if ($sreg_added && !empty($this->config->openid_privacy_url)) { $privacy_url = $this->config->openid_privacy_url; } // We call the on_openid_do_request event handler function if it // exists. This is called before the simple registration (sreg) // extension is added to allow changes to be made to the sreg // data fields if required if (function_exists('on_openid_do_request')) { on_openid_do_request($authreq); } // Finally, the simple registration data is added if ($sreg_added && !(sizeof($req) < 1 && sizeof($opt) < 1)) { $sreg_request = Auth_OpenID_SRegRequest::build($req, $opt, $privacy_url); if ($sreg_request) { $authreq->addExtension($sreg_request); } } } // Prepare the remaining components for the request if (empty($process_url)) { $process_url = $CFG->wwwroot . '/login/index.php'; } if (is_array($params) && !empty($params)) { $query = ''; foreach ($params as $key => $val) { $query .= '&' . $key . '=' . $val; } $process_url .= '?' . substr($query, 1); } $trust_root = $CFG->wwwroot . '/'; $_SESSION['openid_process_url'] = $process_url; // Finally, redirect to the OpenID provider if ($authreq->shouldSendRedirect()) { $redirect_url = $authreq->redirectURL($trust_root, $process_url); if (Auth_OpenID::isFailure($redirect_url)) { error($redirect_url->message); } else { redirect($redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $message = $authreq->getMessage($trust_root, $process_url, false); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($message)) { error($message); } else { $form_html = $message->toFormMarkup($authreq->endpoint->server_url, array('id' => $form_id), get_string('continue')); echo '<html><head><title>OpenID request</title></head><body onload="document.getElementById(\'', $form_id, '\').submit();" style="text-align: center;"><div style="background: lightyellow; border: 1px solid black; margin: 30px 20%; padding: 5px 15px;"><p>', get_string('openid_redirecting', 'auth_openid'), '</p></div>', $form_html, '</body></html>'; exit; } } } }