www/login.php

   1 <?php
   2 namespace phorkie;
   3 $noSecurityCheck = true;
   4 require_once 'www-header.php';
   5
   6 if (isset($_REQUEST['logout'])) {
   7     unset($_SESSION);
   8     session_destroy();
   9     //delete last openid cookie.
  10     // if you deliberately log out, you do not want to be logged in
  11     // automatically on the next page reload.
  12     setcookie('lastopenid', '0', time() - 3600);
  13
  14     header('Location: ' . Tools::fullUrl());
  15     exit();
  16 }
  17
  18 $bAutologin = false;
  19 if (isset($_GET['autologin']) && $_GET['autologin']
  20     && isset($_COOKIE['lastopenid'])
  21 ) {
  22     $bAutologin = true;
  23     // autologin=1: start openid autologin
  24     // autologin=2: response from openid server
  25     if ($_GET['autologin'] == 1) {
  26         $_POST['openid_url'] = $_COOKIE['lastopenid'];
  27     }
  28 }
  29
  30 if (!count($_GET) && !count($_POST)) {
  31     render(
  32         'login',
  33         array(
  34             'openid' => isset($_COOKIE['lastopenid'])
  35                 ? $_COOKIE['lastopenid'] : 'http://'
  36         )
  37     );
  38     exit();
  39 }
  40
  41 // Hackaround Non-Javascript Login Page
  42 if (!count($_POST) && isset($_GET['openid_url'])) {
  43     $_POST = $_GET;
  44 }
  45
  46 if (isset($_POST['openid_url'])) {
  47     $openid_url = $_POST['openid_url'];
  48 } else if (isset($_SESSION['openid_url'])) {
  49     $openid_url = $_SESSION['openid_url'];
  50 } else {
  51     $openid_url = null;
  52 }
  53
  54 $realm    = Tools::fullUrl();
  55 $returnTo = Tools::fullUrl('login');
  56 if ($bAutologin) {
  57     $returnTo = Tools::fullUrl('login?autologin=2');
  58 }
  59
  60 try {
  61     $o = new \OpenID_RelyingParty($returnTo, $realm, $openid_url);
  62 } catch (\OpenID_Exception $e) {
  63     throw new Exception($e->getMessage());
  64 }
  65
  66 if (!empty($_POST['disable_associations']) || !empty($_SESSION['disable_associations'])) {
  67     $o->disableAssociations();
  68     $_SESSION['disable_associations'] = true;
  69 }
  70
  71 if (isset($_POST['openid_url'])) {
  72
  73     $_SESSION['openid_url'] = $openid_url;
  74     try {
  75         $authRequest = $o->prepare();
  76         if ($bAutologin) {
  77             $authRequest->setMode(\OpenID::MODE_CHECKID_IMMEDIATE);
  78         }
  79     } catch (\OpenID_Exception $e) {
  80         if ($bAutologin) {
  81             $alres = new Login_AutologinResponse('error', $e->getMessage());
  82             $alres->send();
  83             exit(0);
  84         }
  85         throw new Exception($e->getMessage());
  86     } catch (\Exception $e) {
  87         if ($bAutologin) {
  88             $alres = new Login_AutologinResponse('error', $e->getMessage());
  89             $alres->send();
  90             exit(0);
  91         }
  92         throw $e;
  93     }
  94
  95     // SREG
  96     $sreg = new \OpenID_Extension_SREG11(\OpenID_Extension::REQUEST);
  97     $sreg->set('required', 'email,fullname');
  98     $authRequest->addExtension($sreg);
  99
 100     // AX, http://stackoverflow.com/a/7657061/282601
 101     $ax = new \OpenID_Extension_AX(\OpenID_Extension::REQUEST);
 102     $ax->set('type.email', 'http://axschema.org/contact/email');
 103     $ax->set('type.firstname', 'http://axschema.org/namePerson/first');
 104     $ax->set('type.lastname', 'http://axschema.org/namePerson/last');
 105     $ax->set('type.fullname', 'http://axschema.org/namePerson');
 106     $ax->set('mode', 'fetch_request');
 107     $ax->set('required', 'email,firstname,lastname,fullname');
 108     $authRequest->addExtension($ax);
 109
 110     $url = $authRequest->getAuthorizeURL();
 111
 112     header("Location: $url");
 113     exit;
 114
 115 }
 116
 117 if (isset($_SESSION['openid_url'])) {
 118     $usid = $_SESSION['openid_url'];
 119     unset($_SESSION['openid_url']);
 120 } else {
 121     $usid = null;
 122 }
 123
 124 unset($_SESSION['disable_associations']);
 125
 126 if (!count($_POST)) {
 127     list(, $queryString) = explode('?', $_SERVER['REQUEST_URI']);
 128 } else {
 129     // I hate php sometimes
 130     $queryString = file_get_contents('php://input');
 131 }
 132
 133 $message = new \OpenID_Message($queryString, \OpenID_Message::FORMAT_HTTP);
 134 $id      = $message->get('openid.claimed_id');
 135 $mode    = $message->get('openid.mode');
 136
 137 try {
 138     $sep = '?';
 139     if (strpos($returnTo, '?') !== false) {
 140         $sep = '&';
 141     }
 142     $result = $o->verify(new \Net_URL2($returnTo . $sep . $queryString), $message);
 143
 144     if ($result->success()) {
 145         $status  = "<tr><td>Status:</td><td><font color='green'>SUCCESS!";
 146         $status .= " ({$result->getAssertionMethod()})</font></td></tr>";
 147     } else {
 148         if ($bAutologin) {
 149             $alres = new Login_AutologinResponse(
 150                 'error', 'Error logging in: ' . $result->getAssertionMethod()
 151             );
 152             $alres->send();
 153             exit(0);
 154         }
 155         throw new Exception('Error logging in');
 156         $status  = "<tr><td>Status:</td><td><font color='red'>FAIL!";
 157         $status .= " ({$result->getAssertionMethod()})</font></td></tr>";
 158     }
 159 } catch (\OpenID_Exception $e) {
 160     if ($bAutologin) {
 161         $alres = new Login_AutologinResponse('error', $e->getMessage());
 162         $alres->send();
 163         exit(0);
 164     }
 165     throw new Exception('Error logging in');
 166     $status  = "<tr><td>Status:</td><td><font color='red'>EXCEPTION!";
 167     $status .= " ({$e->getMessage()} : {$e->getCode()})</font></td></tr>";
 168 }
 169
 170
 171 $openid = $message->getArrayFormat();
 172
 173 $email = isset($openid['openid.ext1.value.email'])
 174     ? $openid['openid.ext1.value.email']
 175     : null;
 176 $email = isset($openid['openid.ext2.value.email']) && !isset($email)
 177     ? $openid['openid.ext2.value.email']
 178     : $email;
 179 $email = isset($openid['openid.sreg.email']) && !isset($email)
 180     ? $openid['openid.sreg.email']
 181     : $email;
 182 $email = isset($openid['openid.ax.value.email'])
 183     && isset($openid['openid.ax.type.email'])
 184     && $openid['openid.ax.type.email'] == 'http://axschema.org/contact/email'
 185     && !isset($email)
 186     ? $openid['openid.ax.value.email']
 187     : $email;
 188 $_SESSION['email'] = isset($email)
 189     ? $email
 190     : $GLOBALS['phorkie']['auth']['anonymousEmail'];
 191
 192 $name = isset($openid['openid.ext1.value.firstname'])
 193     && isset($openid['openid.ext1.value.lastname'])
 194     ? $openid['openid.ext1.value.firstname'] . ' '
 195     . $openid['openid.ext1.value.lastname']
 196     : null;
 197 $name = isset($openid['openid.sreg.fullname']) && !isset($name)
 198     ? $openid['openid.sreg.fullname']
 199     : $name;
 200 $name = isset($openid['openid.ax.value.fullname'])
 201     && isset($openid['openid.ax.type.fullname'])
 202     && $openid['openid.ax.type.fullname'] == 'http://axschema.org/namePerson'
 203     && !isset($name)
 204     ? $openid['openid.ax.value.fullname']
 205     : $name;
 206
 207 $_SESSION['name'] = isset($name) ? $name : $_SERVER['REMOTE_ADDR'];
 208 $_SESSION['identity'] = $openid['openid.identity'];
 209
 210 setcookie('tried-autologin', '0', time() - 3600);//delete
 211 setcookie('lastopenid', $_SESSION['identity'], time() + 84600 * 60);
 212
 213 if ($bAutologin) {
 214     $alres = new Login_AutologinResponse('ok');
 215     $alres->name     = $_SESSION['name'];
 216     $alres->identity = $_SESSION['identity'];
 217     $alres->send();
 218     exit(0);
 219 }
 220
 221
 222 $url = '';
 223 if (isset($_SESSION['REQUEST_URI'])) {
 224     $url = substr($_SESSION['REQUEST_URI'], 1);
 225 }
 226 $redirect = Tools::fullUrl($url);
 227 header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
 228 exit;
 229 ?>