function invalid($request) { if ($request->isVariable($this->serverVarName)) { $openid = new OpenIDAuth($request->getVariable($this->serverVarName)); $openid->request(); $endPointURL = $openid->getEndPointURL(); if (empty($endPointURL)) { return false; } $openid->addParameter('openid.sreg.required', Rhaco::constant('openid.sreg.required', 'nickname')); $openid->addParameter('openid.sreg.optional', Rhaco::constant('openid.sreg.optional', 'email')); $openid->addParameter('openid.identity', Rhaco::constant('openid.identity', 'http://specs.openid.net/auth/2.0/identifier_select')); $openid->addParameter('openid.claimed_id', Rhaco::constant('openid.claimed_id', 'http://specs.openid.net/auth/2.0/identifier_select')); if (Rhaco::isVariable('openid.extraParameter')) { $params = Rhaco::getVariable('openid.extraParameter'); foreach ($params as $name => $value) { $openid->addParameter($name, $value); } } $this->_redirectForm($endPointURL, $openid->getEndPointHeaders($this->url, $this->endPointURL)); } }
public function do_login() { $ip = Loader::helper('validation/ip'); $vs = Loader::helper('validation/strings'); $loginData['success'] = 0; try { if (!$ip->check()) { throw new Exception($ip->getErrorMessage()); } if (OpenIDAuth::isEnabled() && $vs->notempty($this->post('uOpenID'))) { $oa = new OpenIDAuth(); $oa->setReturnURL($this->openIDReturnTo); $return = $oa->request($this->post('uOpenID')); $resp = $oa->getResponse(); if ($resp->code == OpenIDAuth::E_INVALID_OPENID) { throw new Exception(t('Invalid OpenID.')); } } if (!$vs->notempty($this->post('uName')) || !$vs->notempty($this->post('uPassword'))) { if (USER_REGISTRATION_WITH_EMAIL_ADDRESS) { throw new Exception(t('An email address and password are required.')); } else { throw new Exception(t('A username and password are required.')); } } $u = new User($this->post('uName'), $this->post('uPassword')); if ($u->isError()) { switch ($u->getError()) { case USER_NON_VALIDATED: throw new Exception(t('This account has not yet been validated. Please check the email associated with this account and follow the link it contains.')); break; case USER_INVALID: if (USER_REGISTRATION_WITH_EMAIL_ADDRESS) { throw new Exception(t('Invalid email address or password.')); } else { throw new Exception(t('Invalid username or password.')); } break; case USER_INACTIVE: throw new Exception(t('This user is inactive. Please contact us regarding this account.')); break; } } else { if (OpenIDAuth::isEnabled() && $_SESSION['uOpenIDExistingUser'] > 0) { $oa = new OpenIDAuth(); if ($_SESSION['uOpenIDExistingUser'] == $u->getUserID()) { // the account we logged in with is the same as the existing user from the open id. that means // we link the account to open id and keep the user logged in. $oa->linkUser($_SESSION['uOpenIDRequested'], $u); } else { // The user HAS logged in. But the account they logged into is NOT the same as the one // that links to their OpenID. So we log them out and tell them so. $u->logout(); throw new Exception(t('This account does not match the email address provided.')); } } $loginData['success'] = 1; $loginData['msg'] = t('Login Successful'); $loginData['uID'] = intval($u->getUserID()); } $loginData = $this->finishLogin($loginData); } catch (Exception $e) { $ip->logSignupRequest(); if ($ip->signupRequestThreshholdReached()) { $ip->createIPBan(); } $this->error->add($e); $loginData['error'] = $e->getMessage(); } if ($_REQUEST['format'] == 'JSON') { $jsonHelper = Loader::helper('json'); echo $jsonHelper->encode($loginData); die; } }