function openid_auth_do()
{
if (!is_login()) {
$userEmail = OpenId::getUserEmail();
$userName = $userEmail['userName'];
$email = $userEmail['email'];
$genPassword = hash('md5', 'XFAGAGArere' . $email);
if (!is_email_accepted($email)) {
die('该邮箱不能登录本系统!');
}
$result = try_login($email, $genPassword);
if ($result == 'succeed') {
//如果用户已经被注册过,直接登录
forward('?c=dashboard');
} elseif ($result == 'failed') {
//否则,先注册用户再登录
register($email, $userName, $genPassword);
try_login($email, $genPassword);
forward('?c=dashboard');
}
die('帐号已经被管理员关闭,请联系管理员');
}
}
/**
* @abstract
*/
public function search()
{
$content = $this->client->agent->send(Net_HTTP::Request($this->url))->body;
foreach (array(array('server' => 'openid2.provider', 'delegate' => 'openid2.local_id', 'version' => 2), array('server' => 'openid.server', 'delegate' => 'openid.delegate', 'version' => 1)) as $v) {
$server = OpenId::parse_html($content, 'link', 'rel', $v['server'], 'href');
$delegate = OpenId::parse_html($content, 'link', 'rel', $v['delegate'], 'href');
if ($server) {
$this->client->server = $server;
if ($delegate) {
$this->client->identity = $delegate;
}
$this->client->version = Core::make('OpenId.Version' . $v['version']);
return true;
}
}
return false;
}
/**
* Performs OpenID auth flow.
* @param OpenId $client auth client instance.
* @return Response action response.
* @throws Exception on failure.
* @throws HttpException on failure.
*/
protected function authOpenId($client)
{
if (!empty($_REQUEST['openid_mode'])) {
switch ($_REQUEST['openid_mode']) {
case 'id_res':
if ($client->validate()) {
return $this->authSuccess($client);
} else {
throw new HttpException(400, 'Unable to complete the authentication because the required data was not received.');
}
break;
case 'cancel':
$this->redirectCancel();
break;
default:
throw new HttpException(400);
break;
}
} else {
$url = $client->buildAuthUrl();
return Yii::$app->getResponse()->redirect($url);
}
return $this->redirectCancel();
}
function handler_trust($page)
{
$this->load('openid.inc.php');
$server = new OpenId();
$user = S::user();
// Initializes the OpenId environment from the request.
if (!$server->Initialize() || !$server->IsAuthorizationRequest()) {
$page->kill("Ta requête OpenID a échoué, merci de réessayer.");
}
// Prepares the SREG data, if any is required.
$sreg_response = $server->GetSRegDataForRequest($user);
// Asks the user about her trust level of the current request, if not
// done yet.
if (!Post::has('trust_accept') && !Post::has('trust_cancel')) {
$page->changeTpl('openid/trust.tpl');
$page->assign('openid_query', $server->GetQueryStringForRequest());
$page->assign('relying_party', $server->GetEndpoint());
$page->assign('sreg_data', $sreg_response->contents());
return;
}
// Interprets the form results, and updates the user whitelist.
S::assert_xsrf_token();
$trusted = $server->UpdateEndpointTrust($user, Post::b('trust_accept') && !Post::b('trust_cancel'), Post::b('trust_always'));
// Finally answers the request.
if ($server->IsUserAuthorized($user) && $trusted) {
$server->AnswerRequest(true, Post::b('trust_sreg') ? $sreg_response : null);
} else {
$server->AnswerRequest(false);
}
}
protected function isOpenidProvider($identity)
{
// add http prefix if its not an email
if (strpos($identity, '@') === false && substr($identity, 0, 7) != 'http://' && substr($identity, 0, 8) != 'https://') {
$identity = 'http://' . $identity;
}
// build callback
$callback = $this->pageUrl . '/callback/remote';
// create an openid object
$openid = new \PSX\OpenId($this->http, $this->config['psx_url'], $this->store);
// check whether identity is an url if not it is an email
$filter = new Filter\Url();
if ($filter->apply($identity) === false) {
$pos = strpos($identity, '@');
$provider = substr($identity, $pos + 1);
// check whether the provider belongs to an connected website. If
// yes we also try to get an token and tokenSecret for the user
$host = $this->hm->getTable('AmunService\\Core\\Host')->select(array('id', 'consumerKey', 'url', 'template'))->where('name', '=', $provider)->where('status', '=', Host\Record::NORMAL)->getRow();
if (!empty($host)) {
// make webfinger request
$webfinger = new Webfinger($this->http);
$acct = 'acct:' . $identity;
$xrd = $webfinger->getLrdd($acct, $host['template']);
// check subject
if (strcmp($xrd->getSubject(), $acct) !== 0) {
throw new Exception('Invalid subject');
}
// get profile url
$profileUrl = $xrd->getLinkHref('profile');
if (empty($profileUrl)) {
throw new Exception('Could not find profile');
}
// get global id
$globalId = $xrd->getPropertyValue('http://ns.amun-project.org/2011/meta/id');
// initalize openid
$openid->initialize($profileUrl, $callback);
// if the provider is connected with the website and supports
// the oauth extension request an token
$identity = sha1($this->config['amun_salt'] . OpenId::normalizeIdentifier($profileUrl));
$con = new Condition(array('identity', '=', $identity));
$userId = $this->hm->getTable('AmunService\\User\\Account')->getField('id', $con);
$oauth = false;
if (!empty($userId)) {
$con = new Condition();
$con->add('hostId', '=', $host['id']);
$con->add('userId', '=', $userId);
$requestId = $this->hm->getTable('AmunService\\Core\\Host\\Request')->getField('id', $con);
if (empty($requestId)) {
$oauth = true;
}
} else {
$oauth = true;
}
if ($oauth) {
$oauth = new Extension\Oauth($host['consumerKey']);
if ($openid->hasExtension($oauth->getNs())) {
$this->session->set('openid_register_user_host_id', $host['id']);
$this->session->set('openid_register_user_global_id', $globalId);
$openid->add($oauth);
}
}
return $openid;
}
}
return false;
}
