/**
* Parse a URL into its trust_root parts.
*
* @static
*
* @access private
*
* @param string $trust_root The url to parse
*
* @return mixed $parsed Either an associative array of trust root
* parts or false if parsing failed.
*/
function _parse($trust_root)
{
$trust_root = Auth_OpenID_urinorm($trust_root);
if ($trust_root === null) {
return false;
}
if (preg_match("/:\\/\\/[^:]+(:\\d+){2,}(\\/|\$)/", $trust_root)) {
return false;
}
$parts = @parse_url($trust_root);
if ($parts === false) {
return false;
}
$required_parts = array('scheme', 'host');
$forbidden_parts = array('user', 'pass', 'fragment');
$keys = array_keys($parts);
if (array_intersect($keys, $required_parts) != $required_parts) {
return false;
}
if (array_intersect($keys, $forbidden_parts) != array()) {
return false;
}
if (!preg_match(Auth_OpenID___HostSegmentRe, $parts['host'])) {
return false;
}
$scheme = strtolower($parts['scheme']);
$allowed_schemes = array('http', 'https');
if (!in_array($scheme, $allowed_schemes)) {
return false;
}
$parts['scheme'] = $scheme;
$host = strtolower($parts['host']);
$hostparts = explode('*', $host);
switch (count($hostparts)) {
case 1:
$parts['wildcard'] = false;
break;
case 2:
if ($hostparts[0] || $hostparts[1] && substr($hostparts[1], 0, 1) != '.') {
return false;
}
$host = $hostparts[1];
$parts['wildcard'] = true;
break;
default:
return false;
}
if (strpos($host, ':') !== false) {
return false;
}
$parts['host'] = $host;
if (isset($parts['path'])) {
$path = strtolower($parts['path']);
if (substr($path, 0, 1) != '/') {
return false;
}
} else {
$path = '/';
}
$parts['path'] = $path;
if (!isset($parts['port'])) {
$parts['port'] = false;
}
$parts['unparsed'] = $trust_root;
return $parts;
}
/**
* @access private
*/
function _checkReturnTo($message, $return_to)
{
// Check an OpenID message and its openid.return_to value
// against a return_to URL from an application. Return True
// on success, False on failure.
// Check the openid.return_to args against args in the
// original message.
$result = Auth_OpenID_GenericConsumer::_verifyReturnToArgs($message->toPostArgs());
if (Auth_OpenID::isFailure($result)) {
return false;
}
// Check the return_to base URL against the one in the
// message.
$msg_return_to = $message->getArg(Auth_OpenID_OPENID_NS, 'return_to');
if (Auth_OpenID::isFailure($return_to)) {
// XXX log me
return false;
}
$return_to_parts = parse_url(Auth_OpenID_urinorm($return_to));
$msg_return_to_parts = parse_url(Auth_OpenID_urinorm($msg_return_to));
// If port is absent from both, add it so it's equal in the
// check below.
if (!array_key_exists('port', $return_to_parts) && !array_key_exists('port', $msg_return_to_parts)) {
$return_to_parts['port'] = null;
$msg_return_to_parts['port'] = null;
}
// If path is absent from both, add it so it's equal in the
// check below.
if (!array_key_exists('path', $return_to_parts) && !array_key_exists('path', $msg_return_to_parts)) {
$return_to_parts['path'] = null;
$msg_return_to_parts['path'] = null;
}
// The URL scheme, authority, and path MUST be the same
// between the two URLs.
foreach (array('scheme', 'host', 'port', 'path') as $component) {
// If the url component is absent in either URL, fail.
// There should always be a scheme, host, port, and path.
if (!array_key_exists($component, $return_to_parts)) {
return false;
}
if (!array_key_exists($component, $msg_return_to_parts)) {
return false;
}
if (Auth_OpenID::arrayGet($return_to_parts, $component) !== Auth_OpenID::arrayGet($msg_return_to_parts, $component)) {
return false;
}
}
return true;
}
function runTest()
{
$actual = Auth_OpenID_urinorm($this->uri);
$this->assertEquals($this->expected, $actual);
}
/**
* Given a URL, this "normalizes" it by adding a trailing slash
* and / or a leading http:// scheme where necessary. Returns
* null if the original URL is malformed and cannot be normalized.
*
* @access private
* @param string $url The URL to be normalized.
* @return mixed $new_url The URL after normalization, or null if
* $url was malformed.
*/
static function normalizeUrl($url)
{
@($parsed = parse_url($url));
if (!$parsed) {
return null;
}
if (isset($parsed['scheme']) && isset($parsed['host'])) {
$scheme = strtolower($parsed['scheme']);
if (!in_array($scheme, array('http', 'https'))) {
return null;
}
} else {
$url = 'http://' . $url;
}
$normalized = Auth_OpenID_urinorm($url);
if ($normalized === null) {
return null;
}
list($defragged, $frag) = Auth_OpenID::urldefrag($normalized);
return $defragged;
}
function doOpenIDValidate($openid)
{
// use the JanRain php-openid library
require_once $this->module_path . 'php-openid-1.2.3/Auth/OpenID/URINorm.php';
$oModuleModel =& getModel('module');
$config = $oModuleModel->getModuleConfig('member');
if ($config->enable_openid != 'Y') {
$this->stop('msg_invalid_request');
}
ob_start();
require $this->module_path . 'openid_lib/class.openid.php';
require_once $this->module_path . 'openid_lib/libcurlemu.inc.php';
$openid_ctx = new SimpleOpenID();
$openid_ctx->SetIdentity(Auth_OpenID_urinorm($openid));
$openid_ctx->validation_result = $openid_ctx->ValidateWithServer();
ob_clean();
return $openid_ctx;
}
function normalizeUrl($url)
{
return Auth_OpenID_urinorm($url);
}
