X-Git-Url: https://git.cweiske.de/indieauth-openid.git/blobdiff_plain/6a2ffe2c4bbf557cff75894e1b09ae2aea7a1f2b..HEAD:/www/index.php diff --git a/www/index.php b/www/index.php index b74453a..724c97c 100644 --- a/www/index.php +++ b/www/index.php @@ -13,15 +13,38 @@ * @link http://indiewebcamp.com/auth-brainstorming * @link https://indieauth.com/developers */ +header('IndieAuth: authorization_endpoint'); +if (($_SERVER['REQUEST_METHOD'] == 'GET' || $_SERVER['REQUEST_METHOD'] == 'HEAD') + && count($_GET) == 0 +) { + include 'about.php'; + exit(); +} require_once 'Net/URL2.php'; +require_once 'OpenID.php'; require_once 'OpenID/RelyingParty.php'; require_once 'OpenID/Message.php'; require_once 'OpenID/Exception.php'; function loadDb() { - $db = new PDO('sqlite:' . __DIR__ . '/../data/tokens.sq3'); + $pharFile = \Phar::running(); + if ($pharFile == '') { + $dsn = 'sqlite:' . __DIR__ . '/../data/tokens.sq3'; + $cfgFilePath = __DIR__ . '/config.php'; + } else { + //remove phar:// from the path + $dir = dirname(substr($pharFile, 7)) . '/'; + $dsn = 'sqlite:' . $dir . '/tokens.sq3'; + $cfgFilePath = substr($pharFile, 7) . '.config.php'; + } + //allow overriding DSN + if (file_exists($cfgFilePath)) { + include $cfgFilePath; + } + + $db = new PDO($dsn); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $db->exec("CREATE TABLE IF NOT EXISTS authtokens( code TEXT, @@ -58,7 +81,7 @@ function create_token($me, $redirect_uri, $client_id, $state) return $code; } -function validate_token($code, $redirect_uri, $client_id, $state) +function validate_token($code, $redirect_uri, $client_id) { $db = loadDb(); $stmt = $db->prepare( @@ -66,7 +89,6 @@ function validate_token($code, $redirect_uri, $client_id, $state) . ' code = :code' . ' AND redirect_uri = :redirect_uri' . ' AND client_id = :client_id' - . ' AND state = :state' . ' AND created >= :created' ); $stmt->execute( @@ -74,7 +96,6 @@ function validate_token($code, $redirect_uri, $client_id, $state) ':code' => $code, ':redirect_uri' => $redirect_uri, ':client_id' => $client_id, - ':state' => (string) $state, ':created' => date('c', time() - 60) ) ); @@ -138,7 +159,7 @@ if (isset($_GET['openid_mode']) && $_GET['openid_mode'] != '') { $message = new \OpenID_Message($queryString, \OpenID_Message::FORMAT_HTTP); $id = $message->get('openid.claimed_id'); - if ($id != $_SESSION['me']) { + if (OpenID::normalizeIdentifier($id) != OpenID::normalizeIdentifier($_SESSION['me'])) { error( sprintf( 'Given identity URL "%s" and claimed OpenID "%s" do not match', @@ -167,6 +188,8 @@ if (isset($_GET['openid_mode']) && $_GET['openid_mode'] != '') { } } catch (OpenID_Exception $e) { error('Error verifying OpenID login: ' . $e->getMessage()); + } catch (Exception $e) { + error(get_class($e) . ': ' . $e->getMessage()); } } @@ -193,30 +216,31 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') { try { $o = new \OpenID_RelyingParty($returnTo, $realm, $me); + //if you get timeouts (errors like + // OpenID error: Request timed out after 3 second(s) + //) then uncomment the following line which disables + // all timeouts: + //$o->setRequestOptions(array('follow_redirects' => true)); $authRequest = $o->prepare(); $url = $authRequest->getAuthorizeURL(); header("Location: $url"); exit(0); } catch (OpenID_Exception $e) { error('OpenID error: ' . $e->getMessage()); + } catch (Exception $e) { + error(get_class($e) . ': ' . $e->getMessage()); } } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { $redirect_uri = verifyUrlParameter($_POST, 'redirect_uri'); $client_id = verifyUrlParameter($_POST, 'client_id'); - $state = null; - if (isset($_GET['state'])) { - $state = $_GET['state']; - } if (!isset($_POST['code'])) { error('"code" parameter missing'); } $token = $_POST['code']; - $me = validate_token($token, $redirect_uri, $client_id, $state); + $me = validate_token($token, $redirect_uri, $client_id); if ($me === false) { - header('HTTP/1.0 400 Bad Request'); - echo "Validating token failed\n"; - exit(1); + error('Validating token failed'); } header('Content-type: application/x-www-form-urlencoded'); echo 'me=' . urlencode($me);