/** * Check if an OpenID server is allowed * * @param string $server * @param optional object $config - the OpenID auth plugin config settings * @return boolean */ function openid_server_allowed($server, $config = null) { if ($config == null) { $config = get_config('auth/openid'); } switch ($config->openid_non_whitelisted_status) { case OPENID_NONWHITELISTED_ALLOW: case OPENID_NONWHITELISTED_CONFIRM: return !openid_server_is_blacklisted($server) || openid_server_is_whitelisted($server) || openid_server_is_greylisted($server); case OPENID_NONWHITELISTED_DENY: return openid_server_is_whitelisted($server) || openid_server_is_greylisted($server); default: error_log("/auth/openid/lib.php::openid_server_allowed() - illegal setting for config->openid_non_whitelisted_status ({$config->openid_non_whitelisted_status})"); } return false; }
/** * Initiate an OpenID request * * @param boolean $allow_sreg Default true * @param string $process_url Default empty (will use $CFG->wwwroot) * @param array $params Array of extra parameters to append to the request */ function do_request($allow_sreg = true, $process_url = '', $params = array()) { global $CFG; // Create the consumer instance $store = new Auth_OpenID_FileStore($CFG->dataroot . '/openid'); $consumer = new Auth_OpenID_Consumer($store); $openid_url = optional_param('openid_url', null); //$openid_url = "http://hotdog.ccnmtl.columbia.edu:4444/" . $openid_url . "/"; $authreq = $consumer->begin($openid_url); if (!$authreq) { error(get_string('auth_openid_login_error', 'auth_openid')); } else { // Add any simple registration fields to the request if ($allow_sreg === true) { $sreg_added = false; $req = array(); $opt = array(); $privacy_url = null; // Required fields if (!empty($this->config->openid_sreg_required)) { $req = explode(',', $this->config->openid_sreg_required); $sreg_added = true; } // Optional fields if (!empty($this->config->openid_sreg_optional)) { $opt = explode(',', $this->config->openid_sreg_optional); $sreg_added = true; } // Privacy statement if ($sreg_added && !empty($this->config->openid_privacy_url)) { $privacy_url = $this->config->openid_privacy_url; } // We call the on_openid_do_request event handler function if it // exists. This is called before the simple registration (sreg) // extension is added to allow changes to be made to the sreg // data fields if required if (function_exists('on_openid_do_request')) { on_openid_do_request($authreq); } // Finally, the simple registration data is added if ($sreg_added && !(sizeof($req) < 1 && sizeof($opt) < 1)) { $sreg_request = Auth_OpenID_SRegRequest::build($req, $opt, $privacy_url); if ($sreg_request) { $authreq->addExtension($sreg_request); } } } // Prepare the remaining components for the request if (empty($process_url)) { $process_url = $CFG->wwwroot . '/login/index.php'; } if (is_array($params) && !empty($params)) { $query = ''; foreach ($params as $key => $val) { $query .= '&' . $key . '=' . $val; } $process_url .= '?' . substr($query, 1); } $trust_root = $CFG->wwwroot . '/'; $_SESSION['openid_process_url'] = $process_url; // Finally, redirect to the OpenID provider // If the server is blacklisted if (openid_server_is_blacklisted($authreq->endpoint->server_url)) { error(get_string('auth_openid_server_blacklisted', 'auth_openid', $authreq->endpoint->server_url)); } elseif ($authreq->shouldSendRedirect()) { $redirect_url = $authreq->redirectURL($trust_root, $process_url); // If the redirect URL can't be built, display an error message. if (Auth_OpenID::isFailure($redirect_url)) { error($redirect_url->message); } else { redirect($redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $message = $authreq->getMessage($trust_root, $process_url, false); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($message)) { error($message); } else { $form_html = $message->toFormMarkup($authreq->endpoint->server_url, array('id' => $form_id), get_string('continue')); echo '<html><head><title>OpenID request</title></head><body onload="document.getElementById(\'', $form_id, '\').submit();" style="text-align: center;"><div style="background: lightyellow; border: 1px solid black; margin: 30px 20%; padding: 5px 15px;"><p>', get_string('openid_redirecting', 'auth_openid'), '</p></div>', $form_html, '</body></html>'; exit; } } } }