Utility function, return the current url
public static getCurrentUrl ( boolean $request_uri = true ) : string | ||
$request_uri | boolean | true to get $_SERVER['REQUEST_URI'], false for $_SERVER['PHP_SELF'] |
return | string |
/** * Process OpenID realm request */ public static function processOpenidRealm() { $output = str_replace("{X_XRDS_LOCATION}", htmlentities(Hybrid_Auth::getCurrentUrl(false), ENT_QUOTES, 'UTF-8') . "?get=openid_xrds&v=" . Hybrid_Auth::$version, file_get_contents(dirname(__FILE__) . "/resources/openid_realm.html")); print $output; @session_write_close(); die; }
/** * Process OpenID realm request */ public static function processOpenidRealm() { print '<pre>'; print_r(Hybrid_Auth::$config); exit; $output = str_replace("{X_XRDS_LOCATION}", htmlentities(Hybrid_Auth::getCurrentUrl(false), ENT_QUOTES, 'UTF-8') . "?get=openid_xrds&v=" . Hybrid_Auth::$version, file_get_contents(Hybrid_Auth::$config['path_Hybrid'] . "resources/openid_realm.html")); print $output; die; }
/** * Setup an adapter for a given provider */ public static function setup($providerId, $params = NULL) { Hybrid_Logger::debug("Enter Hybrid_Auth::setup( {$providerId} )", $params); if (!$params) { $params = Hybrid_Auth::storage()->get("hauth_session.{$providerId}.id_provider_params"); Hybrid_Logger::debug("Hybrid_Auth::setup( {$providerId} ), no params given. Trying to get the sotred for this provider.", $params); } if (!$params) { $params = array(); Hybrid_Logger::info("Hybrid_Auth::setup( {$providerId} ), no stored params found for this provider. Initialize a new one for new session"); } if (!isset($params["hauth_return_to"])) { $params["hauth_return_to"] = Hybrid_Auth::getCurrentUrl(); } Hybrid_Logger::debug("Hybrid_Auth::setup( {$providerId} ). HybridAuth Callback URL set to: ", $params["hauth_return_to"]); # instantiate a new IDProvider Adapter $provider = new Hybrid_Provider_Adapter(); $provider->factory($providerId, $params); return $provider; }
// with /index.php?hauth.done={provider}?{args}... if (strrpos($_SERVER["QUERY_STRING"], '?')) { $_SERVER["QUERY_STRING"] = str_replace("?", "&", $_SERVER["QUERY_STRING"]); parse_str($_SERVER["QUERY_STRING"], $_REQUEST); } $provider_id = trim(strip_tags($_REQUEST["hauth_done"])); $hauth = Hybrid_Auth::setup($provider_id); if (!$hauth) { Hybrid_Logger::error("Endpoint: Invalide parameter on hauth_done!"); $hauth->adapter->setUserUnconnected(); header("HTTP/1.0 404 Not Found"); die("Invalide parameter! Please return to the login page and try again."); } try { Hybrid_Logger::info("Endpoint: call adapter [{$provider_id}] loginFinish() "); $hauth->adapter->loginFinish(); } catch (Exception $e) { Hybrid_Logger::error("Exception:" . $e->getMessage(), $e); Hybrid_Error::setError($e->getMessage(), $e->getCode(), $e->getTraceAsString(), $e); $hauth->adapter->setUserUnconnected(); } Hybrid_Logger::info("Endpoint: job done. retrun to callback url."); $hauth->returnToCallbackUrl(); die; } } else { # Else, # We advertise our XRDS document, something supposed to be done from the Realm URL page echo str_replace("{X_XRDS_LOCATION}", Hybrid_Auth::getCurrentUrl(false) . "?get=openid_xrds&v=" . Hybrid_Auth::$version, file_get_contents(dirname(__FILE__) . "/Hybrid/resources/openid_realm.html")); die; }
/** * Process OpenID realm request */ public static function processOpenidRealm() { $output = str_replace("{X_XRDS_LOCATION}", Hybrid_Auth::getCurrentUrl(false) . "?get=openid_xrds&v=" . Hybrid_Auth::$version, file_get_contents(dirname(__FILE__) . "/resources/openid_realm.html")); print $output; die; }
/** * Process OpenID realm request */ protected function processOpenidRealm() { $template = '<html> <head> <title>HybridAuth Endpoint</title> <meta name="robots" content="NOINDEX, NOFOLLOW"> <meta http-equiv="X-XRDS-Location" content="{X_XRDS_LOCATION}" /> </head> <body> <h3 style="margin-bottom: 2px;">HybridAuth</h3> Open Source Social Sign On PHP Library. <br /> <a href="http://hybridauth.sourceforge.net/" style="color:green;text-decoration:none;">hybridauth.sourceforge.net/</a> </body> </html> '; $output = str_replace("{X_XRDS_LOCATION}", htmlentities(Hybrid_Auth::getCurrentUrl(false), ENT_QUOTES, 'UTF-8') . "?get=openid_xrds&v=" . Hybrid_Auth::$version, $template); return $output; }
/** * Setup an adapter for a given provider */ public static function setup($providerId, $params = NULL) { if (!$params) { $params = Hybrid_Auth::storage()->get("hauth_session.{$providerId}.id_provider_params"); } if (!$params) { $params = array(); } if (is_array($params) && !isset($params["hauth_return_to"])) { $params["hauth_return_to"] = Hybrid_Auth::getCurrentUrl(); } # instantiate a new IDProvider Adapter $provider = new Hybrid_Provider_Adapter(); $provider->factory($providerId, $params); return $provider; }
function wsl_component_tools_do_diagnostics() { ?> <style> table td, table th { border: 1px solid #DDDDDD; } table th label { font-weight: bold; } </style> <div class="metabox-holder columns-2" id="post-body"> <div class="stuffbox"> <h3> <label><?php _wsl_e("WordPress Social Login Diagnostics", 'wordpress-social-login'); ?> </label> </h3> <div class="inside"> <br /> <table class="wp-list-table widefat"> <?php $test = version_compare(PHP_VERSION, '5.2.0', '>='); // $test = 0; ?> <tr> <th width="200"> <label>PHP Version</label> </th> <td> <p>PHP >= 5.2.0 installed.</p> <?php if (!$test) { ?> <div class="fade error" style="margin: 20px 0;"> <p><b>Error</b>: An old version of PHP is installed.</p> <p>The solution is to make a trouble ticket to your web host and request them to upgrade to newer version of PHP.</p> </div> <?php } ?> </td> <td width="60"> <?php if ($test) { echo "<b style='color:green;'>OK!</b>"; } else { echo "<b style='color:red;'>FAIL!</b>"; } ?> </td> </tr> <?php $test = isset($_SESSION["wsl::plugin"]) && $_SESSION["wsl::plugin"]; // $test = 0; ?> <tr> <th width="200"> <label>PHP Sessions</label> </th> <td> <p>PHP/Session must be enabled and working.</p> <?php if (!$test) { ?> <div class="fade error" style="margin: 20px 0;"> <p><b>Error</b>: PHP Sessions are not working as expected.</p> <p> This error may occur for many reasons: </p> <p> 1. PHP session are either disabled, renamed or there is files permissions issues. </p> <p> 2. When using a reverse proxy like Varnish or a caching engine that might strip cookies. On this case, WSL will requires these two urls to be white-listed: </p> <div style="background-color: #FFFFE0;border:1px solid #E6DB55; border-radius: 3px;padding: 10px;margin:2px;"> <?php echo '<a href="' . site_url('wp-login.php', 'login_post') . '" target="_blank">' . site_url('wp-login.php', 'login_post') . '</a>'; echo '<br />'; echo '<a href="' . WORDPRESS_SOCIAL_LOGIN_HYBRIDAUTH_ENDPOINT_URL . '" target="_blank">' . WORDPRESS_SOCIAL_LOGIN_HYBRIDAUTH_ENDPOINT_URL . '</a>'; ?> </div> </div> <?php } else { ?> <hr /> <h4>Notes:</h4> <p> 1. If you're hosting your website on <b>WP Engine</b>, refer this topic: <a href="https://wordpress.org/support/topic/500-internal-server-error-when-redirecting" target="_blank">https://wordpress.org/support/topic/500-internal-server-error-when-redirecting</a> </p> <p>2. In case you're using a reverse proxy like Varnish or a caching engine that might strip cookies, WSL will requires these two urls to be white-listed:</p> <div style="background-color: #FFFFE0;border:1px solid #E6DB55; border-radius: 3px;padding: 10px;margin:2px;"> <?php echo '<a href="' . site_url('wp-login.php', 'login_post') . '" target="_blank">' . site_url('wp-login.php', 'login_post') . '</a>'; echo '<br />'; echo '<a href="' . WORDPRESS_SOCIAL_LOGIN_HYBRIDAUTH_ENDPOINT_URL . '" target="_blank">' . WORDPRESS_SOCIAL_LOGIN_HYBRIDAUTH_ENDPOINT_URL . '</a>'; ?> </div> <?php } ?> </td> <td> <?php if ($test) { echo "<b style='color:green;'>OK!</b>"; } else { echo "<b style='color:red;'>FAIL!</b>"; } ?> </td> </tr> <?php $test = false; if (function_exists('curl_init')) { $curl_version = curl_version(); if ($curl_version['features'] & CURL_VERSION_SSL) { $test = true; } } // $test = 0; ?> <tr> <th width="200"> <label>PHP CURL/SSL Extension</label> </th> <td> <p>PHP CURL extension with SSL must be enabled and working.</p> <?php if (!$test) { ?> <div class="fade error" style="margin: 20px 0;"> <p><b>Error</b>: CURL library is either not installed or SSL is not enabled.</p> <p>The solution is to make a trouble ticket to your web host and request them to enable the PHP CURL.</p> </div> <?php } ?> </td> <td> <?php if ($test) { echo "<b style='color:green;'>OK!</b>"; } else { echo "<b style='color:red;'>FAIL!</b>"; } ?> </td> </tr> <?php $test = !ini_get('register_globals') ? true : false; // $test = 0; ?> <tr> <th width="200"> <label>PHP Register Globals</label> </th> <td> <p>PHP Register Globals must be OFF.</p> <?php if (!$test) { ?> <div class="fade error" style="margin: 20px 0;"> <p><b>Error</b>: REGISTER_GLOBALS are On.</p> <p>This will prevent WSL from working properly and will result on an infinite loop on the authentication page.</p> <p>The solution is to make a trouble ticket with your web host to disable it, Or, if you have a dedicated server and you know what are you doing then edit php.ini file and turn it Off.</p> </div> <?php } ?> </td> <td> <?php if ($test) { echo "<b style='color:green;'>OK!</b>"; } else { echo "<b style='color:red;'>FAIL!</b>"; } ?> </td> </tr> <!-- this should keep Mika happy --> <tr> <th width="200"> <label>WSL end-points</label> </th> <td> <p>Check if WSL end-points urls are reachable.</p> <div id="end_points_warn" class="fade error" style="margin: 20px 0;display:none;"> <p><b>Error</b>: Your web server returned <span id="end_points_error"></span> when checking WSL end-points.</p> <p>This issue usually happen when :</p> <p>1. Your web host uses <code>mod_security</code> to block requests containing URLs (eg. hosts like HostGator, GoDaddy and The Planet). On this case, you should contact your provider to have WSL end-points urls white-listed.</p> <p>2. There is a <code>.htaccess</code> file that prevent direct access to the WordPress plugins directory.</p> <p>In any case, WSL requires this url to be white-listed:</p> <div style="background-color: #FFFFE0;border:1px solid #E6DB55; border-radius: 3px;padding: 10px;margin:2px;"> <?php echo '<a href="' . WORDPRESS_SOCIAL_LOGIN_HYBRIDAUTH_ENDPOINT_URL . '" target="_blank">' . WORDPRESS_SOCIAL_LOGIN_HYBRIDAUTH_ENDPOINT_URL . '</a>'; ?> </div> </div> <div id="end_points_note" style="margin: 20px 0;"> <hr /> <p><b>Note</b>: In case you're using <code>mod_security</code> to block requests containing URLs or a <code>.htaccess</code> file to protect the WordPress plugins directory, WSL will requires this url to be white-listed:</p> <div style="background-color: #FFFFE0;border:1px solid #E6DB55; border-radius: 3px;padding: 10px;margin:2px;"> <?php echo '<a href="' . WORDPRESS_SOCIAL_LOGIN_HYBRIDAUTH_ENDPOINT_URL . '" target="_blank">' . WORDPRESS_SOCIAL_LOGIN_HYBRIDAUTH_ENDPOINT_URL . '</a>'; ?> </div> </div> <p>You may double-check this test manually by clicking this <a href="<?php echo WORDPRESS_SOCIAL_LOGIN_HYBRIDAUTH_ENDPOINT_URL; ?> ?test=http://example.com" target="_blank">direct link</a>.</p> </td> <td width="60"> <span id="end_points">testing..</span> <script> jQuery(document).ready(function($) { jQuery.ajax({ url: '<?php echo WORDPRESS_SOCIAL_LOGIN_HYBRIDAUTH_ENDPOINT_URL; ?> ', data: 'url=http://example.com', success: function () { jQuery('#end_points').html( '<b style="color:green;">OK!</b>' ); }, error: function (xhr, ajaxOptions, thrownError) { // console.log( xhr ); jQuery('#end_points_error').html( '"<b style="color:red;">' + xhr.status + ' ' + xhr.statusText + '</b>"' ); jQuery('#end_points').html( '<b style="color:red;">FAIL!</b>' ); jQuery('#end_points_warn').show(); jQuery('#end_points_note').hide(); } }); }); </script> </td> </tr> <?php global $wpdb; $db_check_profiles = $wpdb->get_var("SHOW TABLES LIKE '{$wpdb->prefix}wslusersprofiles'") === $wpdb->prefix . 'wslusersprofiles' ? 1 : 0; $db_check_contacts = $wpdb->get_var("SHOW TABLES LIKE '{$wpdb->prefix}wsluserscontacts'") === $wpdb->prefix . 'wsluserscontacts' ? 1 : 0; $test = $db_check_profiles && $db_check_contacts ? true : false; ?> <tr> <th width="200"> <label>WSL database tables</label> </th> <td> <p>Check if WSL database tables (<code>wslusersprofiles</code> and <code>wsluserscontacts</code>) exist.</p> <?php if (!$test) { ?> <div class="fade error" style="margin: 20px 0;"> <p><b>Error:</b> One or more of WordPress Social Login tables do not exist.</p> <p>This may prevent this plugin form working correctly. To fix this, navigate to <b>Tools</b> tab then <b><a href="options-general.php?page=wordpress-social-login&wslp=tools#repair-tables">Repair WSL tables</a></b>.</p> </div> <?php } ?> </td> <td width="60"> <?php if ($test) { echo "<b style='color:green;'>OK!</b>"; } else { echo "<b style='color:red;'>FAIL!</b>"; } ?> </td> </tr> <?php $test = class_exists('Hybrid_Auth', false) ? false : true; ?> <tr> <th width="200"> <label>Hybridauth Library</label> </th> <td> <p>Check if the Hybridauth Library is auto-loaded by another plugin.</p> <?php if (!$test) { ?> <div class="fade error" style="margin: 20px 0;"> <p>Hybridauth Library is auto-included by another plugin.</p> <p>This is not critical but it may prevent WSL from working.</p> <p>Please, inform the developer of that plugin not to auto-include the file below and to use Hybridauth Library only when required.</p> <div style="background-color: #FFFFE0;border:1px solid #E6DB55; border-radius: 3px;padding: 10px;margin:2px;"> <?php try { $reflector = new ReflectionClass('Hybrid_Auth'); echo $reflector->getFileName(); } catch (Exception $e) { } ?> </div> </div> <?php } ?> </td> <td> <?php if ($test) { echo "<b style='color:green;'>OK!</b>"; } else { echo "<b style='color:orange;'>PASS</b>"; } ?> </td> </tr> <?php $test = class_exists('OAuthConsumer', false) ? false : true; ?> <tr> <th width="200"> <label>OAUTH Library</label> </th> <td> <p>Check if OAUTH Library is auto-loaded by another plugin.</p> <?php if (!$test) { ?> <div class="fade error" style="margin: 20px 0;"> <p>OAUTH Library is auto-included by another plugin.</p> <p>This is not critical but it may prevent Twitter, LinkedIn and few other providers from working.</p> <p>Please, inform the developer of that plugin not to auto-include the file below and to use OAUTH Library only when required.</p> <div style="background-color: #FFFFE0;border:1px solid #E6DB55; border-radius: 3px;padding: 10px;margin:2px;"> <?php try { $reflector = new ReflectionClass('OAuthConsumer'); echo $reflector->getFileName(); } catch (Exception $e) { } ?> </div> </div> <?php } ?> </td> <td> <?php if ($test) { echo "<b style='color:green;'>OK!</b>"; } else { echo "<b style='color:orange;'>PASS</b>"; } ?> </td> </tr> <?php $test = class_exists('BaseFacebook', false) ? false : true; ?> <tr> <th width="200"> <label>Facebook SDK</label> </th> <td> <p>Check if Facebook SDK is auto-loaded by another plugin.</p> <?php if (!$test) { ?> <div class="fade error" style="margin: 20px 0;"> <p><b>Error:</b> Facebook SDK is auto-included by another plugin.</p> <p>This will prevent Facebook from working.</p> <p>Please, inform the developer of that plugin not to auto-include the file below and to use Facebook SDK only when required.</p> <div style="background-color: #FFFFE0;border:1px solid #E6DB55; border-radius: 3px;padding: 10px;margin:2px;"> <?php try { $reflector = new ReflectionClass('BaseFacebook'); echo $reflector->getFileName(); } catch (Exception $e) { } ?> </div> </div> <?php } ?> </td> <td> <?php if ($test) { echo "<b style='color:green;'>OK!</b>"; } else { echo "<b style='color:red;'>FAIL!</b>"; } ?> </td> </tr> <?php $test = class_exists('LightOpenID', false) ? false : true; ?> <tr> <th width="200"> <label>Class LightOpenID</label> </th> <td> <p>Check if the LightOpenID Class is auto-loaded by another plugin.</p> <?php if (!$test) { ?> <div class="fade error" style="margin: 20px 0;"> <p>Class LightOpenID is auto-included by another plugin.</p> <p>This is not critical but it may prevent Yahoo, Steam, and few other providers from working.</p> <p>Please, inform the developer of that plugin not to auto-include the file below and to use Class LightOpenID only when required.</p> <div style="background-color: #FFFFE0;border:1px solid #E6DB55; border-radius: 3px;padding: 10px;margin:2px;"> <?php try { $reflector = new ReflectionClass('LightOpenID'); echo $reflector->getFileName(); } catch (Exception $e) { } ?> </div> </div> <?php } ?> </td> <td> <?php if ($test) { echo "<b style='color:green;'>OK!</b>"; } else { echo "<b style='color:orange;'>PASS</b>"; } ?> </td> </tr> <?php $curl = ''; $test = true; if (!class_exists('Hybrid_Auth', false)) { include_once WORDPRESS_SOCIAL_LOGIN_ABS_PATH . "/hybridauth/Hybrid/Auth.php"; $curl = Hybrid_Auth::getCurrentUrl(); } $headers = array('HTTP_VIA', 'HTTP_X_FORWARDED_FOR', 'HTTP_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_FORWARDED', 'HTTP_CLIENT_IP', 'HTTP_FORWARDED_FOR_IP', 'VIA', 'X_FORWARDED_FOR', 'FORWARDED_FOR', 'X_FORWARDED', 'FORWARDED', 'CLIENT_IP', 'FORWARDED_FOR_IP', 'HTTP_PROXY_CONNECTION'); foreach ($headers as $v) { if (isset($_SERVER[$v])) { $test = true; } } ?> <tr> <th width="200"> <label>HTTP Proxies</label> </th> <td> <p>Check for proxified urls.</p> <?php if (!$test) { ?> <div class="fade error" style="margin: 20px 0;"> <p>WSL has detected that you are using a proxy in your website. The URL shown below should match the URL on your browser address bar.</p> <div style="background-color: #FFFFE0;border:1px solid #E6DB55; border-radius: 3px;padding: 10px;margin:2px;"> <?php echo $curl; ?> </div> </div> <?php } ?> </td> <td> <?php if ($test) { echo "<b style='color:green;'>OK!</b>"; } else { echo "<b style='color:orange;'>PASS</b>"; } ?> </td> </tr> <?php $test = !stristr(plugins_url(), site_url()) ? false : true; ?> <tr> <th width="200"> <label>WordPress functions</label> </th> <td> <p>Check for WordPress directories functions.</p> <?php if (!$test) { ?> <hr /> <p><code>plugins_url()</code> is not returning an expected result : <?php echo plugins_url(); ?> </p> <?php } ?> </td> <td> <?php if ($test) { echo "<b style='color:green;'>OK!</b>"; } else { echo "<b style='color:orange;'>PASS</b>"; } ?> </td> </tr> <?php $test = true; $used = array(); $depreciated = array('wsl_hook_process_login_alter_userdata', 'wsl_hook_process_login_before_insert_user', 'wsl_hook_process_login_after_create_wp_user', 'wsl_hook_process_login_before_set_auth_cookie', 'wsl_hook_process_login_before_redirect', 'wsl_render_login_form_start', 'wsl_alter_hook_provider_icon_markup', 'wsl_render_login_form_alter_provider_icon_markup', 'wsl_render_login_form_end'); foreach ($depreciated as $v) { if (has_filter($v) || has_action($v)) { $test = false; $used[] = $v; } } ?> <tr> <th width="200"> <label>WSL depreciated hooks</label> </th> <td> <p>Check for depreciated WSL actions and filters in use.</p> <?php if (!$test) { ?> <div class="fade error" style="margin: 20px 0;"> <p>WSL has detected that you are using depreciated WSL: <code><?php echo implode('</code>, <code>', $used); ?> </code></p> <p>Please update the WSL hooks you were using accordingly to the new developer API at <a href="http://miled.github.io/wordpress-social-login/documentation.html" target="_blank">http://miled.github.io/wordpress-social-login/documentation.html</a></p> </div> <?php } ?> <p> Note: this test is not reliable 100% as we simply match the depreciated hooks against <code>has_filter</code> and <code>has_action</code>.</p> </td> <td> <?php if ($test) { echo "<b style='color:green;'>OK!</b>"; } else { echo "<b style='color:orange;'>PASS</b>"; } ?> </td> </tr> <?php $itsec_tweaks = get_option('itsec_tweaks'); $test = $itsec_tweaks && $itsec_tweaks['long_url_strings'] ? false : true; ?> <tr> <th width="200"> <label>iThemes Security</label> </th> <td> <p>Check if 'Prevent long URL strings' option is enabled.</p> <?php if (!$test) { ?> <div class="fade error" style="margin: 20px 0;"> <p><b>Error:</b> 'Prevent long URL strings' option is in enabled.</p> <p>This may prevent Facebook and few other providers from working.</p> </div> <?php } ?> </td> <td> <?php if ($test) { echo "<b style='color:green;'>OK!</b>"; } else { echo "<b style='color:red;'>FAIL!</b>"; } ?> </td> </tr> <?php /** * Check twitter timestamp * * Thanks much Joe for the cool idea * https://wordpress.org/plugins/wp-to-twitter/ */ $test = true; $error = ''; $hint = ''; $server_time = date(DATE_COOKIE); $response = wp_remote_get("https://api.twitter.com/1.1/help/test.json", array('timeout' => 2, 'redirection' => 1)); if (is_wp_error($response)) { $test = false; $error = __("There was an error querying Twitter's servers", 'wordpress-social-login'); } else { if (time() < strtotime($response['headers']['date']) - 300 || time() > strtotime($response['headers']['date']) + 300) { $test = false; $error = _wsl__("Your web server date is set incorrectly. This may prevent Twitter and LinkedIn and few other providers from working", 'wordpress-social-login'); $hint = sprintf(_wsl__("Please check if your web server time is correct: <code>%s</code>", 'wordpress-social-login'), $server_time); } } ?> <tr> <th width="200"> <label>Server Timestamp</label> </th> <td> <p>Check if your web server clock is in sync.</p> <?php if (!$test) { ?> <div class="fade error" style="margin: 20px 0;"> <p><b>Error:</b> <?php echo $error; ?> .</p> <?php if ($hint) { echo '<p>' . $hint . '.</p>'; } ?> </div> <?php } ?> </td> <td> <?php if ($test) { echo "<b style='color:green;'>OK!</b>"; } else { echo "<b style='color:orange;'>PASS</b>"; } ?> </td> </tr> </table> <br /> <hr /> <a class="button-secondary" href="options-general.php?page=wordpress-social-login&wslp=tools">← <?php _wsl_e("Back to Tools", 'wordpress-social-login'); ?> </a> </div> </div> </div> <?php }
/** * Hybrid_Provider_Adapter::login(), prepare the user session and the authentication request * for index.php */ function login() { if (!$this->adapter) { throw new Exception("Hybrid_Provider_Adapter::login() should not directly used."); } // clear all unneeded params foreach (Hybrid_Auth::$config["providers"] as $idpid => $params) { Hybrid_Auth::storage()->delete("hauth_session.{$idpid}.hauth_return_to"); Hybrid_Auth::storage()->delete("hauth_session.{$idpid}.hauth_endpoint"); Hybrid_Auth::storage()->delete("hauth_session.{$idpid}.id_provider_params"); } // make a fresh start $this->logout(); # get hybridauth base url if (empty(Hybrid_Auth::$config["base_url"])) { $HYBRID_AUTH_URL_BASE = Hybrid_Auth::getCurrentUrl(true); } else { $HYBRID_AUTH_URL_BASE = Hybrid_Auth::$config["base_url"]; } // make sure params is array if (!is_array($this->params)) { $this->params = array(); } # we make use of session_id() as storage hash to identify the current user # using session_regenerate_id() will be a problem, but .. $this->params["hauth_token"] = session_id(); # set request timestamp $this->params["hauth_time"] = time(); # for default HybridAuth endpoint url hauth_login_start_url # auth.start required the IDp ID # auth.time optional login request timestamp $this->params["login_start"] = $HYBRID_AUTH_URL_BASE . (strpos($HYBRID_AUTH_URL_BASE, '?') ? '&' : '?') . "hauth.start={$this->id}&hauth.time={$this->params["hauth_time"]}"; # for default HybridAuth endpoint url hauth_login_done_url # auth.done required the IDp ID $this->params["login_done"] = $HYBRID_AUTH_URL_BASE . (strpos($HYBRID_AUTH_URL_BASE, '?') ? '&' : '?') . "hauth.done={$this->id}"; if (isset($this->config["endpoint"])) { $this->params["login_start"] = $this->config["endpoint"] . (strpos($HYBRID_AUTH_URL_BASE, '?') ? '&' : '?') . "hauth.start={$this->id}&hauth.time={$this->params["hauth_time"]}"; $this->params["login_done"] = $this->config["endpoint"]; } if (isset($this->params["hauth_return_to"])) { Hybrid_Auth::storage()->set("hauth_session.{$this->id}.hauth_return_to", $this->params["hauth_return_to"]); } if (isset($this->params["login_done"])) { Hybrid_Auth::storage()->set("hauth_session.{$this->id}.hauth_endpoint", $this->params["login_done"]); } Hybrid_Auth::storage()->set("hauth_session.{$this->id}.id_provider_params", $this->params); // store config to be used by the end point Hybrid_Auth::storage()->config("CONFIG", Hybrid_Auth::$config); Hybrid_Auth::redirect($this->params["login_start"]); }