function get_all($server_url)
{
// Subclasses should return a list of ConsumerAssociation
// objects whose server_url attribute is equal to server_url."""
$result = array();
$query = sprintf($this->qstrs[1], $server_url);
$this->connection->beginTransaction();
$cur = $this->connection->query($query);
foreach ($cur as $row) {
$result[] = new ConsumerAssociation($row['url'], $row['handle'], oidUtil::from_b64($row['secret']), $row['issued'], $row['lifetime']);
}
$this->connection->commit();
return result;
}
function associate($server_url)
{
list($p, $g) = $this->get_mod_gen();
$dh = new DiffieHellman($p, $g, $this->srand);
$cpub = $dh->createKeyExchange();
$args = array('openid.mode' => 'associate', 'openid.assoc_type' => 'HMAC-SHA1', 'openid.session_type' => 'DH-SHA1', 'openid.dh_modulus' => oidUtil::to_b64(oidUtil::long2a($dh->p)), 'openid.dh_gen' => oidUtil::to_b64(oidUtil::long2a($dh->g)), 'openid.dh_consumer_public' => oidUtil::to_b64(oidUtil::long2a($cpub)));
$body = http_build_query($args);
list($url, $data) = $this->http_client->post($server_url, $body);
$results = oidUtil::parsekv($data);
$assoc_type = $this->getResult($results, 'assoc_type');
if ($assoc_type != 'HMAC-SHA1') {
trigger_error(sprintf('runtime error : Unknown association type %s', $assoc_type), E_USER_WARNING);
}
$assoc_handle = $this->getResult($results, 'assoc_handle');
$expires_in = isset($results['expires_in']) ? $results['expires_in'] : 0;
$session_type = isset($results['session_type']) ? $results['session_type'] : 0;
if (!$session_type) {
$secret = oidUtil::from_b64($this->getResult($results, 'mac_key'));
} else {
if ($session_type != 'DH-SHA1') {
trigger_error(sprintf('runtime error : Unknown Session Type: %s', $session_type), E_USER_WARNING);
}
$spub = oidUtil::a2long(oidUtil::from_b64($this->getResult($results, 'dh_server_public')));
$dh_shared = $dh->decryptKeyExchange($spub);
$enc_mac_key = $this->getResult($results, 'enc_mac_key');
// print "enc_mac_key: " . $enc_mac_key;
$secret = oidUtil::strxor(oidUtil::from_b64($enc_mac_key), oidUtil::sha1(oidUtil::long2a($dh_shared)));
}
return ConsumerAssociation::from_expires_in($expires_in, $server_url, $assoc_handle, $secret);
}
function fromBase64($p = null, $g = null, $srand = null)
{
if ($p) {
$p = oidUtil::a2long(oidUtil::from_b64($p));
}
if ($g) {
$g = oidUtil::a2long(oidUtil::from_b64($g));
}
return new DiffieHellman($p, $g, $srand);
}
$handler = new SimpleActionHandler($query, $consumer);
if (isset($query['identity_url']) && $query['identity_url'] != 'http://') {
$identity_url = $query['identity_url'];
$ret = $consumer->find_identity_info($identity_url);
if (!$ret) {
COM_updateSpeedlimit('login');
$property = sprintf('%x', crc32($query['identity_url']));
COM_updateSpeedlimit('openid', $property);
COM_errorLog('Unable to find an OpenID server for the identity URL ' . $identity_url);
echo COM_refresh($_CONF['site_url'] . '/users.php?msg=89');
} else {
// Found identity server info.
list($identity_url, $server_id, $server_url) = $ret;
// Redirect the user-agent to the OpenID server
// which we are requesting information from.
header('Location: ' . $consumer->handle_request($server_id, $server_url, oidUtil::append_args($_CONF['site_url'] . '/users.php', array('openid_login' => '1', 'open_id' => $identity_url)), $_CONF['site_url'], null, "email,nickname,fullname"));
// Required fields.
exit;
}
} elseif (isset($query['openid.mode']) || isset($query['openid_mode'])) {
$openid_mode = '';
if (isset($query['openid.mode'])) {
$openid_mode = $query['openid.mode'];
} else {
if (isset($query['openid_mode'])) {
$openid_mode = $query['openid_mode'];
}
}
if ($openid_mode == 'cancel') {
COM_updateSpeedlimit('login');
echo COM_refresh($_CONF['site_url'] . '/users.php?msg=90');
function _error_page($error)
{
$edict = array('openid.mode' => 'error', 'openid.error' => $error);
return error_page(oidUtil::kvform($edict));
}
function get_setup_response($req)
{
$args = array('identity' => $req->get('identity'), 'trust_root' => $req->get('trust_root'), 'fail_to' => oidUtil::append_args($req->get('return_to'), array('openid.mode' => 'cancel')), 'success_to' => oidUtil::append_args(addr, $req->args), 'action' => 'allow');
return redirect(oidUtil::append_args(addr, $args));
}
function do_id_res($req)
{
if (!$this->verify_return_to($req->get('return_to'))) {
return new InvalidLogin();
}
$user_setup_url = $req->get('user_setup_url');
if ($user_setup_url) {
return new UserSetupNeeded($user_setup_url);
}
$server_url = $this->determine_server_url($req);
$assoc = $this->assoc_mngr->get_association($server_url, $req->get('assoc_handle'));
if (!$assoc) {
// No matching association found. I guess we're in dumb mode...
$check_args = array();
foreach ($req->args as $k => $v) {
if (oidUtil::startsWith($k, 'openid.')) {
$check_args[$k] = $v;
}
}
$check_args['openid.mode'] = 'check_authentication';
$post_data = http_build_query($check_args);
return new CheckAuthRequired($server_url, $req->get('return_to'), $post_data);
}
// Check the signature
$sig = $req->get('sig');
$signed_fields = explode(',', trim($req->get('signed')));
list($_signed, $v_sig) = oidUtil::sign_reply($req->args, $assoc->secret, $signed_fields);
if ($v_sig != $sig) {
return new InvalidLogin();
}
$vl = new ValidLogin($this, $req->get('identity'));
if ($vl->verifyIdentity($req->openid)) {
return $vl;
}
return new InvalidLogin();
}
function createReturnTo($base_url, $identity_url, $args = null)
{
if (!is_array($args)) {
$args = array();
}
$args['open_id'] = $identity_url;
return oidUtil::append_args($base_url, $args);
}
function create_return_to($base, $identity)
{
$args = array('id' => $identity, 'time' => (string) time());
$args['v'] = oidUtil::to_b64(oidUtil::hmacsha1($this->secret, $args['id'] . $args['time']));
return oidUtil::append_args($base, $args);
}
