function check_auth($server_url, $return_to, $post_data, $openid)
{
// This method is called to perform the openid.mode =
// check_authentication call. The identity argument should be
// the identity url you are confirming (from the consumer's
// viewpoint, ie. not a delegated identity). The return_to and
// post_data arguments should be as contained in the
// CheckAuthRequired object returned by a previous call to
// handle_response.
if (!$this->verify_return_to($return_to)) {
return new InvalidLogin();
}
// This is *required* because of PHP changing "." to "_" in URL
// argument attributes, but not in values. And here some items
// of the signed field argument value should exactly match the
// name of some attributes given in the same URL. Understood?!
// (Choplair)
$post_data = str_replace('sreg_', 'sreg.', $post_data);
$ret = $this->http_client->post($server_url, $post_data);
if (!$ret) {
return new InvalidLogin();
}
$data = $ret[1];
$results = oidUtil::parsekv($data);
$is_valid = isset($results['is_valid']) ? $results['is_valid'] : 'false';
if ($is_valid == 'true') {
$invalidate_handle = isset($results['invalidate_handle']) ? $results['invalidate_handle'] : null;
if ($invalidate_handle) {
$this->assoc_mngr->invalidate($server_url, $invalidate_handle);
}
parse_str($post_data, $vars);
error_log("post_data: {$post_data} ");
error_log(serialize($vars) . " ");
$key = 'openid_identity';
// php replaces . with _
$identity = isset($vars[$key]) ? $vars[$key] : null;
$vl = new ValidLogin($this, $identity);
if ($vl->verifyIdentity($openid)) {
return $vl;
}
} else {
$error = isset($results['openid.error']) ? $results['openid.error'] : null;
if ($error) {
$str = sprintf('Server Response: %s', $error);
return new ErrorFromServer($str);
}
}
return new InvalidLogin();
}
function associate($server_url)
{
list($p, $g) = $this->get_mod_gen();
$dh = new DiffieHellman($p, $g, $this->srand);
$cpub = $dh->createKeyExchange();
$args = array('openid.mode' => 'associate', 'openid.assoc_type' => 'HMAC-SHA1', 'openid.session_type' => 'DH-SHA1', 'openid.dh_modulus' => oidUtil::to_b64(oidUtil::long2a($dh->p)), 'openid.dh_gen' => oidUtil::to_b64(oidUtil::long2a($dh->g)), 'openid.dh_consumer_public' => oidUtil::to_b64(oidUtil::long2a($cpub)));
$body = http_build_query($args);
list($url, $data) = $this->http_client->post($server_url, $body);
$results = oidUtil::parsekv($data);
$assoc_type = $this->getResult($results, 'assoc_type');
if ($assoc_type != 'HMAC-SHA1') {
trigger_error(sprintf('runtime error : Unknown association type %s', $assoc_type), E_USER_WARNING);
}
$assoc_handle = $this->getResult($results, 'assoc_handle');
$expires_in = isset($results['expires_in']) ? $results['expires_in'] : 0;
$session_type = isset($results['session_type']) ? $results['session_type'] : 0;
if (!$session_type) {
$secret = oidUtil::from_b64($this->getResult($results, 'mac_key'));
} else {
if ($session_type != 'DH-SHA1') {
trigger_error(sprintf('runtime error : Unknown Session Type: %s', $session_type), E_USER_WARNING);
}
$spub = oidUtil::a2long(oidUtil::from_b64($this->getResult($results, 'dh_server_public')));
$dh_shared = $dh->decryptKeyExchange($spub);
$enc_mac_key = $this->getResult($results, 'enc_mac_key');
// print "enc_mac_key: " . $enc_mac_key;
$secret = oidUtil::strxor(oidUtil::from_b64($enc_mac_key), oidUtil::sha1(oidUtil::long2a($dh_shared)));
}
return ConsumerAssociation::from_expires_in($expires_in, $server_url, $assoc_handle, $secret);
}
function check_auth($server_url, $return_to, $post_data, $openid)
{
// This method is called to perform the openid.mode =
// check_authentication call. The identity argument should be
// the identity url you are confirming (from the consumer's
// viewpoint, ie. not a delegated identity). The return_to and
// post_data arguments should be as contained in the
// CheckAuthRequired object returned by a previous call to
// handle_response.
if (!$this->verify_return_to($return_to)) {
return new InvalidLogin();
}
$ret = $this->http_client->post($server_url, $post_data);
if (!$ret) {
return new InvalidLogin();
}
$data = $ret[1];
$results = oidUtil::parsekv($data);
$is_valid = isset($results['is_valid']) ? $results['is_valid'] : 'false';
if ($is_valid == 'true') {
$invalidate_handle = isset($results['invalidate_handle']) ? $results['invalidate_handle'] : null;
if ($invalidate_handle) {
$this->assoc_mngr->invalidate($server_url, $invalidate_handle);
}
parse_str($post_data, $vars);
error_log("post_data: {$post_data} ");
error_log(serialize($vars) . " ");
$key = 'openid_identity';
// php replaces . with _
$identity = isset($vars[$key]) ? $vars[$key] : null;
$vl = new ValidLogin($this, $identity);
if ($vl->verifyIdentity($openid)) {
return $vl;
}
} else {
$error = isset($results['openid.error']) ? $results['openid.error'] : null;
if ($error) {
$str = sprintf('Server Response: %s', $error);
return new ErrorFromServer($str);
}
}
return new InvalidLogin();
}
