X-Git-Url: https://git.cweiske.de/indieauth-openid.git/blobdiff_plain/896b41b80919e300364f9dc7a1d330d2827cf132..HEAD:/www/index.php diff --git a/www/index.php b/www/index.php index c3b7848..724c97c 100644 --- a/www/index.php +++ b/www/index.php @@ -13,6 +13,13 @@ * @link http://indiewebcamp.com/auth-brainstorming * @link https://indieauth.com/developers */ +header('IndieAuth: authorization_endpoint'); +if (($_SERVER['REQUEST_METHOD'] == 'GET' || $_SERVER['REQUEST_METHOD'] == 'HEAD') + && count($_GET) == 0 +) { + include 'about.php'; + exit(); +} require_once 'Net/URL2.php'; require_once 'OpenID.php'; @@ -22,7 +29,22 @@ require_once 'OpenID/Exception.php'; function loadDb() { - $db = new PDO('sqlite:' . __DIR__ . '/../data/tokens.sq3'); + $pharFile = \Phar::running(); + if ($pharFile == '') { + $dsn = 'sqlite:' . __DIR__ . '/../data/tokens.sq3'; + $cfgFilePath = __DIR__ . '/config.php'; + } else { + //remove phar:// from the path + $dir = dirname(substr($pharFile, 7)) . '/'; + $dsn = 'sqlite:' . $dir . '/tokens.sq3'; + $cfgFilePath = substr($pharFile, 7) . '.config.php'; + } + //allow overriding DSN + if (file_exists($cfgFilePath)) { + include $cfgFilePath; + } + + $db = new PDO($dsn); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $db->exec("CREATE TABLE IF NOT EXISTS authtokens( code TEXT, @@ -59,7 +81,7 @@ function create_token($me, $redirect_uri, $client_id, $state) return $code; } -function validate_token($code, $redirect_uri, $client_id, $state) +function validate_token($code, $redirect_uri, $client_id) { $db = loadDb(); $stmt = $db->prepare( @@ -67,7 +89,6 @@ function validate_token($code, $redirect_uri, $client_id, $state) . ' code = :code' . ' AND redirect_uri = :redirect_uri' . ' AND client_id = :client_id' - . ' AND state = :state' . ' AND created >= :created' ); $stmt->execute( @@ -75,7 +96,6 @@ function validate_token($code, $redirect_uri, $client_id, $state) ':code' => $code, ':redirect_uri' => $redirect_uri, ':client_id' => $client_id, - ':state' => (string) $state, ':created' => date('c', time() - 60) ) ); @@ -125,7 +145,6 @@ function getBaseUrl() . $file; } -header('IndieAuth: authorization_endpoint'); session_start(); $returnTo = getBaseUrl(); $realm = getBaseUrl(); @@ -169,6 +188,8 @@ if (isset($_GET['openid_mode']) && $_GET['openid_mode'] != '') { } } catch (OpenID_Exception $e) { error('Error verifying OpenID login: ' . $e->getMessage()); + } catch (Exception $e) { + error(get_class($e) . ': ' . $e->getMessage()); } } @@ -195,30 +216,31 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') { try { $o = new \OpenID_RelyingParty($returnTo, $realm, $me); + //if you get timeouts (errors like + // OpenID error: Request timed out after 3 second(s) + //) then uncomment the following line which disables + // all timeouts: + //$o->setRequestOptions(array('follow_redirects' => true)); $authRequest = $o->prepare(); $url = $authRequest->getAuthorizeURL(); header("Location: $url"); exit(0); } catch (OpenID_Exception $e) { error('OpenID error: ' . $e->getMessage()); + } catch (Exception $e) { + error(get_class($e) . ': ' . $e->getMessage()); } } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { $redirect_uri = verifyUrlParameter($_POST, 'redirect_uri'); $client_id = verifyUrlParameter($_POST, 'client_id'); - $state = null; - if (isset($_POST['state'])) { - $state = $_POST['state']; - } if (!isset($_POST['code'])) { error('"code" parameter missing'); } $token = $_POST['code']; - $me = validate_token($token, $redirect_uri, $client_id, $state); + $me = validate_token($token, $redirect_uri, $client_id); if ($me === false) { - header('HTTP/1.0 400 Bad Request'); - echo "Validating token failed\n"; - exit(1); + error('Validating token failed'); } header('Content-type: application/x-www-form-urlencoded'); echo 'me=' . urlencode($me);