Пример #1
0
 function execute()
 {
     require_once 'openid.php';
     $openid = new Dope_OpenID($_GET['openid_identity']);
     $validate_result = $openid->validateWithServer();
     if ($validate_result === TRUE) {
         $userinfo = $openid->filterUserInfo($_GET);
         LoginManager::login($_GET['openid_identity'], $userinfo['email'], $userinfo['fullname']);
     } else {
         if ($openid->isError() === TRUE) {
             LoginManager::logout();
             $error = $openid->GetError();
             $this->error = _("Login failed.") . '<br />';
             $this->error .= "Error code: " . $error['code'] . "<br/>";
             $this->error .= "Error description: " . $error['description'] . "<br/>";
         } else {
             LoginManager::logout();
             // Signature Verification Failed
             $this->error = _("Login failed.");
         }
     }
     /*
             $openid = new SimpleOpenID;
             $openid->SetIdentity($_GET['openid_identity']);
     
             $openid_validation_result = $openid->ValidateWithServer();
             if ($openid_validation_result == true){         // OK HERE KEY IS VALID
                 print_r($openid->fields['required']);
                 LoginManager::login($_GET['openid_identity']);
     
             }else if($openid->IsError() == true){            // ON THE WAY, WE GOT SOME ERROR
                 LoginManager::logout();
                 $error = $openid->GetError();
                 $this->error = _("Login failed.").'<br />';
                 $this->error .= "Error code: " . $error['code'] . "<br/>";
                 $this->error .= "Error description: " . $error['description'] . "<br/>";
             }else{
                 LoginManager::logout();// Signature Verification Failed
                 $this->error = _("Login failed.");
             }
     */
 }
Пример #2
0
            // to log in to your site. Store useful information from their
            // OpenID Provider so you can populate the necessary fields on
            // your registration page. Redirect the user there.
            $userinfo = $openid->filterUserInfo($_GET);
            echo "<p>Your OpenID Identity (" . $_GET['openid_identity'] . ") wasn't found in our records.</p>";
            echo "<p>Good news though: We just need your email and a friendly name and you'll have full access to all the site's features.</p>";
            echo "<p>DEBUG: The following information came back from your OpenID provider:</p>";
            echo "<ul>";
            echo "\t<li><b>Nickname</b>: " . $userinfo['nickname'] . "</li>";
            echo "\t<li><b>Language</b>: " . $userinfo['language'] . "</li>";
            echo "\t<li><b>Email</b>: " . $userinfo['email'] . "</li>";
            echo "</ul>";
            exit;
        }
    } else {
        if ($openid->isError() === TRUE) {
            /*
             * Else if you're here, there was some sort of error during processing.
             */
            $the_error = $openid->getError();
            $error = "Error Code: {$the_error['code']}<br />";
            $error .= "Error Description: {$the_error['description']}<br />";
        } else {
            /*
             * Else validation with the server failed for some reason.
             */
            $error = "Error: Could not validate the OpenID at {$_SESSION['openid_url']}";
        }
    }
} else {
    if (isset($_GET['openid_mode']) && $_GET['openid_mode'] == "cancel") {
Пример #3
0
/** Undocumented Function.
 * Basically performs the whole login routine
 * @todo Document it
 */
function login()
{
    $allow_login_query = "SELECT `value` FROM `" . MYSQL_DATABASE_PREFIX . "global` WHERE `attribute` = 'allow_login'";
    $allow_login_result = mysql_query($allow_login_query);
    $allow_login_result = mysql_fetch_array($allow_login_result);
    if (isset($_GET['subaction'])) {
        if ($_GET['subaction'] == "resetPasswd") {
            return resetPasswd($allow_login_result[0]);
        }
        if ($allow_login_result[0]) {
            if ($_GET['subaction'] == "register") {
                require_once "registration.lib.php";
                return register();
            }
        }
        global $openid_enabled;
        if ($openid_enabled == 'true' && $allow_login_result[0]) {
            if ($_GET['subaction'] == "openid_login") {
                if (isset($_POST['process'])) {
                    $openid_url = trim($_POST['openid_identifier']);
                    openid_endpoint($openid_url);
                }
            }
            if ($_GET['subaction'] == "openid_verify") {
                if ($_GET['openid_mode'] != "cancel") {
                    $openid_url = $_GET['openid_identity'];
                    // Get the user's OpenID Identity as returned to us from the OpenID Provider
                    $openid = new Dope_OpenID($openid_url);
                    //Create a new Dope_OpenID object.
                    $validate_result = $openid->validateWithServer();
                    //validate to see if everything was recieved properly
                    if ($validate_result === TRUE) {
                        $userinfo = $openid->filterUserInfo($_GET);
                        return openid_login($userinfo);
                    } else {
                        if ($openid->isError() === TRUE) {
                            // Else if you're here, there was some sort of error during processing.
                            $the_error = $openid->getError();
                            $error = "Error Code: {$the_error['code']}<br />";
                            $error .= "Error Description: {$the_error['description']}<br />";
                        } else {
                            //Else validation with the server failed for some reason.
                            $error = "Error: Could not validate the OpenID at {$_SESSION['openid_url']}";
                        }
                    }
                } else {
                    displayerror("User cancelled the OpenID authorization");
                }
            }
            if ($_GET['subaction'] == "openid_pass") {
                if (!isset($_SESSION['openid_url']) || !isset($_SESSION['openid_email'])) {
                    displayerror("You are trying to link an OpenID account without validating your log-in. Please <a href=\"./+login\">Login</a> with your OpenID account first.");
                    return;
                } else {
                    $openid_url = $_SESSION['openid_url'];
                    $openid_email = $_SESSION['openid_email'];
                    unset($_SESSION['openid_url']);
                    unset($_SESSION['openid_email']);
                    if (!isset($_POST['user_password'])) {
                        displayerror("Empty Passwords not allowed");
                        return;
                    }
                    $user_passwd = $_POST['user_password'];
                    $info = getUserInfo($openid_email);
                    if (!$info) {
                        displayerror("No user with Email {$openid_email}");
                    } else {
                        $check = checkLogin($info['user_loginmethod'], $info['user_name'], $openid_email, $user_passwd);
                        if ($check) {
                            //Password was correct. Link the account
                            $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "openid_users` (`openid_url`,`user_id`) VALUES ('{$openid_url}'," . $info['user_id'] . ")";
                            $result = mysql_query($query) or die(mysql_error() . " in login() subaction=openid_pass while trying to Link OpenID account");
                            if ($result) {
                                displayinfo("Account successfully Linked. Log In one more time to continue.");
                            }
                        } else {
                            displayerror("The password you specified was incorrect");
                        }
                    }
                }
            }
            if ($_GET['subaction'] == "quick_openid_reg") {
                if (!isset($_SESSION['openid_url']) || !isset($_SESSION['openid_email'])) {
                    displayerror("You are trying to register an OpenID account without validating your log-in. Please <a href=\"./+login\">Login</a> with your OpenID account first.");
                    return;
                } else {
                    $openid_url = $_SESSION['openid_url'];
                    $openid_email = $_SESSION['openid_email'];
                    unset($_SESSION['openid_url']);
                    unset($_SESSION['openid_email']);
                    if (!isset($_POST['user_name']) || $_POST['user_name'] == "") {
                        displayerror("You didn't specified your Full name. Please <a href=\"./+login\">Login</a> again.");
                        return;
                    }
                    $openid_fname = escape($_POST['user_name']);
                    //Now let's start making the dummy user
                    $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` " . "(`user_name`, `user_email`, `user_fullname`, `user_password`, `user_activated`,`user_loginmethod`) " . "VALUES ('" . $openid_email . "', '" . $openid_email . "','" . $openid_fname . "','0',1,'openid');";
                    $result = mysql_query($query) or die(mysql_error() . " in login() subaction=quick_openid_reg while trying to insert information of new account");
                    if ($result) {
                        $id = mysql_insert_id();
                        $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "openid_users` (`openid_url`,`user_id`) VALUES ('{$openid_url}'," . $id . ")";
                        $result = mysql_query($query) or die(mysql_error() . " in login() subaction=quick_openid_reg while trying to Link OpenID account");
                        if ($result) {
                            displayinfo("Account successfully registered. You can now login via OpenID. Please complete your profile information after logging in.");
                        }
                    }
                    return "";
                }
            }
        }
    }
    if (!isset($_POST['user_email'])) {
        return loginForm($allow_login_result[0]);
    } else {
        /*if it is, 
          then userLDAPVerify($user_email,$user_passwd);
          if the password is correct, update his password in DB
          else $dontloginLDAP = true;
          }
          else {
          if(userLDAPVerify($user_email,$user_passwd)) {
          create his row in DB with loginmethod = ldap and user_activated = 1
          (for this, use the createUser funciton in common.lib.php)
          }
          }*/
        global $cookieSupported;
        $login_status = false;
        if ($cookieSupported == true) {
            if ($_POST['user_email'] == "" || $_POST['user_password'] == "") {
                displayerror("Blank e-mail or password NOT allowed. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
                return loginForm($allow_login_result[0]);
            } else {
                $user_email = escape($_POST['user_email']);
                $user_passwd = escape($_POST['user_password']);
                $login_method = '';
                if (!check_email($user_email)) {
                    displayerror("Your E-Mail Provider has been blackilisted. Please contact the website administrator");
                    return loginForm($allow_login_result[0]);
                }
                if ($temp = getUserInfo($user_email)) {
                    // check if exists in DB
                    $login_status = checkLogin($temp['user_loginmethod'], $temp['user_name'], $user_email, $user_passwd);
                    // This is to make sure when user logs in through LDAP, ADS or IMAP accounts, his passwords should be changed in database also, incase its old.
                    if ($login_status) {
                        updateUserPassword($user_email, $user_passwd);
                    }
                    //update passwd in db
                } else {
                    //if user is not in db
                    global $authmethods;
                    if (strpos($user_email, '@') > -1) {
                        $tmp = explode('@', $user_email);
                        $user_name = $tmp[0];
                        $user_domain = strtolower($tmp[1]);
                    } else {
                        $user_name = $user_email;
                    }
                    if (isset($user_domain) && $user_domain == $authmethods['imap']['user_domain']) {
                        if ($login_status = checkLogin('imap', $user_name, $user_email, $user_passwd)) {
                            $login_method = 'imap';
                        }
                    } elseif (isset($user_domain) && $user_domain == $authmethods['ads']['user_domain']) {
                        if ($login_status = checkLogin('ads', $user_name, $user_email, $user_passwd)) {
                            $login_method = 'ads';
                        }
                    } elseif (isset($user_domain) && $user_domain == $authmethods['ldap']['user_domain']) {
                        if ($login_status = checkLogin('ldap', $user_name, $user_email, $user_passwd)) {
                            $login_method = 'ldap';
                        }
                    }
                    if ($login_status) {
                        //create new user in db and activate the user (only if user's login is valid)
                        $user_fullname = strtoupper($user_name);
                        $user_md5passwd = md5($user_passwd);
                        $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` " . "(`user_id`, `user_name`, `user_email`, `user_fullname`, `user_password`, `user_loginmethod`, `user_activated`) " . "VALUES (DEFAULT, '{$user_name}', '{$user_email}', '{$user_fullname}', '{$user_md5passwd}', '{$login_method}', '1')";
                        mysql_query($query) or die(mysql_error() . " creating new user !");
                    } else {
                        displaywarning("Incorrect username and/or password for <b>" . (isset($user_domain) ? $user_domain . "</b> domain!" : $user_name . "</b> user"));
                    }
                }
                if ($login_status) {
                    $temp = getUserInfo($user_email);
                    if (!$temp['user_activated']) {
                        displayinfo("The e-mail has not yet been verified. Kindly check your email and click on verification link. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
                        // if user exists in db and admin has set user_activated = false delibrately
                        // then it means that the user has been denied access !!!
                    } else {
                        $query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "users` SET `user_lastlogin`=NOW() WHERE `" . MYSQL_DATABASE_PREFIX . "users`.`user_id` ='{$temp['user_id']}'";
                        mysql_query($query) or die(mysql_error() . " in login.lib.L:111");
                        $_SESSION['last_to_last_login_datetime'] = $temp['user_lastlogin'];
                        setAuth($temp['user_id']);
                        //exit();
                        //displayinfo("Welcome " . $temp['user_name'] . "!");
                        return $temp['user_id'];
                    }
                } else {
                    displaywarning("Wrong E-mail or password. <a href='./+login&subaction=resetPasswd'>Lost Password?</a><br />");
                    return loginForm($allow_login_result[0]);
                }
            }
            return 0;
        } else {
            showCookieWarning();
            return 0;
        }
    }
}
Пример #4
0
function oip_return()
{
    //add_action('oip_just_registered_pre_head','oip_reg_notice');
    //echo 	"<!-- this is where the return action happens -->";
    if (isset($_GET['openid_mode']) && $_GET['openid_mode'] == "cancel") {
        $error = "OpenID authorization canceled by user.";
        return;
    }
    if (isset($_GET['action']) && $_GET['action'] == "verify" && $_GET['openid_mode'] != "cancel") {
        //echo "returned from the server";
        //exit();
        $openid_url = $_GET['openid_identity'];
        $openid = new Dope_OpenID($openid_url);
        $validate_result = $openid->validateWithServer();
        if ($validate_result === TRUE) {
            $oip_user = oip_get_user($openid_url);
            //check if user exists
            if ($oip_user > 0) {
                //do the login
                //wp_set_auth_cookie( (int) $oip_user, 0 );	// 0 = don't remember, short login, todo: use form value
                echo "User with that OpenID found successfully and is now logged in";
                oip_login_success($oip_user);
            } else {
                //detect the user by other means
                $userinfo = $openid->filterUserInfo($_GET);
                $oip_email = $userinfo['email'];
                $oip_nick = $userinfo['nickname'];
                $oip_name = $userinfo['fullname'];
                $oip_username = '';
                $oip_useremail = !empty($oip_email) ? $oip_email : "";
                //try to load/login the user if email is available else register
                if (!empty($oip_useremail)) {
                    global $wp_users_object;
                    if ($oip_user = $wp_users_object->get_user($oip_useremail, array('by' => 'email'))) {
                        //log the user in
                        oip_login_success($oip_user);
                    } else {
                        //register the user
                        //try to force using one of the fields as username for the purpose of registration
                        $oip_username = !empty($oip_nick) ? $oip_nick : (!empty($oip_name) ? $oip_name : $oip_useremail);
                        //(		((!empty($oip_name))?$oip_name:		(((!empty($oip_email))?$oip_email:"")		)
                        if (!empty($oip_username)) {
                            //check if you can get user by nicename or login because those throw "... already exists" errors
                            //and you want to work around that possibility
                            $oip_login_exists = $wp_users_object->get_user($oip_username, array('by' => 'login'));
                            $oip_nicename_exists = $wp_users_object->get_user($oip_username, array('by' => 'nicename'));
                            //we're already finished doing the existing email check, so email is definitely unique
                            if ($oip_login_exists || $oip_nicename_exists) {
                                //we got an existing UserID
                                $oip_username = $oip_useremail;
                                //just use the OpenID email as the username.
                            }
                            $oip_user = bb_new_user($oip_username, $oip_useremail, "", 0);
                            //success returns a user id, user receives password in email.
                            if (!is_wp_error($oip_user)) {
                                //$oid_user_openid_url = bb_update_usermeta( $oip_user, "openid_url", $openid_url );
                                do_action('register_user', $oip_user->ID);
                                //for other plugins which hook here? Will they break us?
                                //login directly without troubling the new user
                                // 0 = don't remember, short login, todo: use form value
                                $oip_reg_success = "Welcome to " . bb_get_option('name') . ". You are now successfully logged in. Additionally, your registration details and password has been emailed to your email address provided in your OpenID profile.";
                                oip_register_success($oip_user);
                            }
                        } else {
                            $oip_error = "No profile info returned.";
                            //unlikely... only if openid server returned nothing at all.
                        }
                    }
                } else {
                    $oip_error = "Email missing.";
                }
                fme($oip_error);
                fme($oip_user);
                echo "<p>Your OpenID Identity is (" . $_GET['openid_identity'] . "). You are a new user to this site.</p>";
                echo "<p>The following information came back from your OpenID provider:</p>";
                print_r($userinfo);
                echo "<ul>";
                foreach ($userinfo as $ufield => $uvalue) {
                    echo "<li><b>" . $ufield . "</b>: " . $uvalue . "</li>";
                    //print_r($uvalue);
                    //echo  "</li>";
                }
                //echo "\t<li><b>Nickname</b>: " . $userinfo['nickname'] . "</li>";
                //echo "\t<li><b>Language</b>: " . $userinfo['language'] . "</li>";
                //echo "\t<li><b>Email</b>: " . $userinfo['email'] . "</li>";
                echo "</ul><p>DEBUG: </p>";
                echo "<p>GET</p>";
                print_r($_GET);
                echo "<p>POST</p>";
                print_r($_POST);
                echo '<script type="text/javascript">alert("hi")</script>';
                exit;
            }
            // /registration
        } else {
            if ($openid->isError() === TRUE) {
                $the_error = $openid->getError();
                $error = "Error Code: {$the_error['code']}<br />";
                $error .= "Error Description: {$the_error['description']}<br />";
            } else {
                $error = "Error: Could not validate the OpenID at {$_SESSION['openid_url']}";
            }
            //echo $error;
        }
    }
}