9 * @author Bill Shupp <hostmaster@shupp.org>
10 * @copyright 2009 Bill Shupp
11 * @license http://www.opensource.org/licenses/bsd-license.php FreeBSD
12 * @link http://github.com/shupp/openid
15 // A tool for testing Relying Party functionality
17 __DIR__ . '/../../src/'
18 . PATH_SEPARATOR . get_include_path()
21 $pageRequiresLogin = false;
22 require_once 'www-header.php';
23 require_once 'openid/config.php';
26 if (isset($_REQUEST['logout'])) {
29 $redirect = 'http://' . $_SERVER['HTTP_HOST'];
30 header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
34 if (!count($_GET) && !count($_POST)) {
42 // Hackaround Non-Javascript Login Page
43 if (!count($_POST) && isset($_GET['start'])) {
47 if (isset($_POST['openid_url'])) {
48 $openid_url = $_POST['openid_url'];
49 } else if (isset($_SESSION['openid_url'])) {
50 $openid_url = $_SESSION['openid_url'];
56 $o = new \OpenID_RelyingParty($returnTo, $realm, $openid_url);
57 } catch (OpenID_Exception $e) {
58 $contents = "<div class='openid_results'>\n";
59 $contents .= "<pre>" . $e->getMessage() . "</pre>\n";
60 $contents .= "</div class='openid_results'>";
61 include_once 'openid/wrapper.php';
65 if (!empty($_POST['disable_associations']) || !empty($_SESSION['disable_associations'])) {
66 $o->disableAssociations();
67 $_SESSION['disable_associations'] = true;
70 $log = new \OpenID_Observer_Log;
71 \OpenID::attach($log);
73 if (isset($_POST['start'])) {
75 $_SESSION['openid_url'] = $openid_url;
77 $authRequest = $o->prepare();
78 } catch (OpenID_Exception $e) {
79 $contents = "<div class='openid_results'>\n";
80 $contents .= "<pre>" . $e->getMessage() . "</pre>\n";
81 $contents .= "</div class='openid_results'>";
82 include_once 'openid/wrapper.php';
87 $sreg = new \OpenID_Extension_SREG11(\OpenID_Extension::REQUEST);
88 $sreg->set('required', 'email,fullname');
89 $authRequest->addExtension($sreg);
92 $ax = new \OpenID_Extension_AX(\OpenID_Extension::REQUEST);
93 $ax->set('type.email', 'http://axschema.org/contact/email');
94 $ax->set('type.firstname', 'http://axschema.org/namePerson/first');
95 $ax->set('type.lastname', 'http://axschema.org/namePerson/last');
96 $ax->set('mode', 'fetch_request');
97 $ax->set('required', 'email,firstname,lastname');
98 $authRequest->addExtension($ax);
100 $url = $authRequest->getAuthorizeURL();
102 header("Location: $url");
106 if (isset($_SESSION['openid_url'])) {
107 $usid = $_SESSION['openid_url'];
108 unset($_SESSION['openid_url']);
113 unset($_SESSION['disable_associations']);
115 if (!count($_POST)) {
116 list(, $queryString) = explode('?', $_SERVER['REQUEST_URI']);
118 // I hate php sometimes
119 $queryString = file_get_contents('php://input');
122 $message = new \OpenID_Message($queryString, \OpenID_Message::FORMAT_HTTP);
123 $id = $message->get('openid.claimed_id');
124 $mode = $message->get('openid.mode');
127 $result = $o->verify(new \Net_URL2($returnTo . '?' . $queryString), $message);
129 if ($result->success()) {
130 $status = "<tr><td>Status:</td><td><font color='green'>SUCCESS!";
131 $status .= " ({$result->getAssertionMethod()})</font></td></tr>";
133 $status = "<tr><td>Status:</td><td><font color='red'>FAIL!";
134 $status .= " ({$result->getAssertionMethod()})</font></td></tr>";
136 } catch (OpenID_Exception $e) {
137 $status = "<tr><td>Status:</td><td><font color='red'>EXCEPTION!";
138 $status .= " ({$e->getMessage()} : {$e->getCode()})</font></td></tr>";
141 // OAuth hyprid fetching access token
142 if (isset($_SESSION['OAuth_consumer_key'],
143 $_SESSION['OAuth_consumer_secret'],
144 $_SESSION['OAuth_access_token_url'],
145 $_SESSION['OAuth_access_token_method'])) {
148 $oauth = new \OpenID_Extension_OAuth(\OpenID_Extension::RESPONSE,
152 $consumerKey = $_SESSION['OAuth_consumer_key'];
153 $consumerSecret = $_SESSION['OAuth_consumer_key'];
154 $tokenURL = $_SESSION['OAuth_access_token_url'];
155 $tokenMethod = $_SESSION['OAuth_access_token_method'];
157 $oauthData = $oauth->getAccessToken($consumerKey,
163 } catch (Exception $e) {
167 $openid = $message->getArrayFormat();
169 $email = isset($openid['openid.ext1.value.email'])
170 ? $openid['openid.ext1.value.email']
172 $email = isset($openid['openid.ext2.value.email']) && !isset($email)
173 ? $openid['openid.ext2.value.email']
175 $email = isset($openid['openid.sreg.email']) && !isset($email)
176 ? $openid['openid.sreg.email']
178 $email = isset($openid['openid.ax.value.email']) && !isset($email)
179 ? $openid['openid.ax.value.email']
181 $_SESSION['email'] = isset($email)
183 : $GLOBALS['phorkie']['auth']['anonymousEmail'];
185 $name = isset($openid['openid.ext1.value.firstname'])
186 && isset($openid['openid.ext1.value.lastname'])
187 ? $openid['openid.ext1.value.firstname'] . ' '
188 . $openid['openid.ext1.value.lastname']
190 $name = isset($openid['openid.sreg.fullname']) && !isset($name)
191 ? $openid['openid.sreg.fullname']
194 $_SESSION['name'] = isset($name) ? $name : $_SERVER['REMOTE_ADDR'];
195 $_SESSION['identity'] = $openid['openid.identity'];
197 $redirect = 'http://' . $_SERVER['HTTP_HOST'] . $_SESSION['REQUEST_URI'];
198 header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));