www/auth.php

   1 <?php
   2 /**
   3  * OpenID
   4  *
   5  * PHP Version 5.2.0+
   6  *
   7  * @category  Auth
   8  * @package   OpenID
   9  * @author    Bill Shupp <hostmaster@shupp.org>
  10  * @copyright 2009 Bill Shupp
  11  * @license   http://www.opensource.org/licenses/bsd-license.php FreeBSD
  12  * @link      http://github.com/shupp/openid
  13  */
  14
  15 // A tool for testing Relying Party functionality
  16 set_include_path(
  17     __DIR__ . '/../../src/'
  18     . PATH_SEPARATOR . get_include_path()
  19 );
  20
  21 require_once 'www-header.php';
  22 require_once 'openid/config.php';
  23
  24
  25 if (isset($_REQUEST['logout'])) {
  26     unset($_SESSION);
  27     session_destroy();
  28     $redirect = 'http://' . $_SERVER['HTTP_HOST'];
  29     header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
  30         exit;
  31 }
  32
  33 if (!count($_GET) && !count($_POST)) {
  34     $redirect = 'http://' . $_SERVER['HTTP_HOST'] . "/login";
  35     header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
  36     exit;
  37 }
  38
  39 // Hackaround Non-Javascript Login Page
  40 if (!count($_POST) && isset($_GET['start'])) {
  41     $_POST = $_GET;
  42 }
  43
  44 if (isset($_POST['identifier'])) {
  45     $identifier = $_POST['identifier'];
  46 } else if (isset($_SESSION['identifier'])) {
  47     $identifier = $_SESSION['identifier'];
  48 } else {
  49     $identifier = null;
  50 }
  51
  52 try {
  53     $o = new OpenID_RelyingParty($returnTo, $realm, $identifier);
  54 } catch (OpenID_Exception $e) {
  55     $contents  = "<div class='openid_results'>\n";
  56     $contents .= "<pre>" . $e->getMessage() . "</pre>\n";
  57     $contents .= "</div class='openid_results'>";
  58     include_once 'openid/wrapper.php';
  59     exit;
  60 }
  61
  62 if (!empty($_POST['disable_associations'])
  63     || !empty($_SESSION['disable_associations'])) {
  64
  65     $o->disableAssociations();
  66     $_SESSION['disable_associations'] = true;
  67 }
  68
  69 $log = new OpenID_Observer_Log;
  70 OpenID::attach($log);
  71
  72 if (isset($_POST['start'])) {
  73
  74     $_SESSION['identifier'] = $identifier;
  75     try {
  76         $authRequest = $o->prepare();
  77     } catch (OpenID_Exception $e) {
  78         $contents  = "<div class='openid_results'>\n";
  79         $contents .= "<pre>" . $e->getMessage() . "</pre>\n";
  80         $contents .= "</div class='openid_results'>";
  81         include_once 'openid/wrapper.php';
  82         exit;
  83     }
  84
  85     // checkid_immediate
  86     if (!empty($_POST['checkid_immediate'])) {
  87         $authRequest->setMode('checkid_immediate');
  88     }
  89
  90     // SREG
  91     if (!empty($_POST['sreg'])) {
  92         $sreg = new OpenID_Extension_SREG11(OpenID_Extension::REQUEST);
  93         $sreg->set('required', 'email,firstname,lastname,nickname');
  94         $sreg->set('optional', 'gender,dob');
  95         $authRequest->addExtension($sreg);
  96     }
  97
  98     // AX
  99     if (!empty($_POST['ax'])) {
 100         $ax = new OpenID_Extension_AX(OpenID_Extension::REQUEST);
 101         $ax->set('type.email', 'http://axschema.org/contact/email');
 102         $ax->set('type.firstname', 'http://axschema.org/namePerson/first');
 103         $ax->set('type.lastname', 'http://axschema.org/namePerson/last');
 104         $ax->set('mode', 'fetch_request');
 105         $ax->set('required', 'email,firstname,lastname');
 106         $authRequest->addExtension($ax);
 107     }
 108
 109     // UI
 110     if (!empty($_POST['ui'])) {
 111         $ui = new OpenID_Extension_UI(OpenID_Extension::REQUEST);
 112         $ui->set('mode', 'popup');
 113         $ui->set('language', 'en-US');
 114         $authRequest->addExtension($ui);
 115     }
 116
 117     // OAuth
 118     if (!empty($_POST['oauth'])) {
 119         $oauth = new OpenID_Extension_OAuth(OpenID_Extension::REQUEST);
 120         $oauth->set('consumer', $_POST['oauth_consumer_key']);
 121         $_SESSION['OAuth_consumer_key']    = $_POST['oauth_consumer_key'];
 122         $_SESSION['OAuth_consumer_secret'] = $_POST['oauth_consumer_secret'];
 123
 124         $oauth->set('scope', $_POST['oauth_scope']);
 125         $_SESSION['OAuth_scope'] = $_POST['oauth_scope'];
 126
 127         $_SESSION['OAuth_access_token_url']    = $_POST['oauth_access_token_url'];
 128         $_SESSION['OAuth_access_token_method'] = $_POST['oauth_access_token_method'];
 129
 130         $authRequest->addExtension($oauth);
 131     }
 132
 133     $url = $authRequest->getAuthorizeURL();
 134
 135     if (empty($_POST['debug'])) {
 136         header("Location: $url");
 137         exit;
 138     }
 139
 140 } else {
 141     if (isset($_SESSION['identifier'])) {
 142         $usid = $_SESSION['identifier'];
 143         unset($_SESSION['identifier']);
 144     } else {
 145         $usid = null;
 146     }
 147
 148     unset($_SESSION['disable_associations']);
 149
 150     if (!count($_POST)) {
 151         list(, $queryString) = explode('?', $_SERVER['REQUEST_URI']);
 152     } else {
 153         // I hate php sometimes
 154         $queryString = file_get_contents('php://input');
 155     }
 156
 157     $message = new OpenID_Message($queryString, OpenID_Message::FORMAT_HTTP);
 158     $id      = $message->get('openid.claimed_id');
 159     $mode    = $message->get('openid.mode');
 160
 161     try {
 162         $result = $o->verify(new Net_URL2($returnTo . '?' . $queryString),
 163                                           $message);
 164
 165         if ($result->success()) {
 166             $status  = "<tr><td>Status:</td><td><font color='green'>SUCCESS!";
 167             $status .= " ({$result->getAssertionMethod()})</font></td></tr>";
 168         } else {
 169             $status  = "<tr><td>Status:</td><td><font color='red'>FAIL!";
 170             $status .= " ({$result->getAssertionMethod()})</font></td></tr>";
 171         }
 172     } catch (OpenID_Exception $e) {
 173         $status  = "<tr><td>Status:</td><td><font color='red'>EXCEPTION!";
 174         $status .= " ({$e->getMessage()} : {$e->getCode()})</font></td></tr>";
 175     }
 176
 177     // OAuth hyprid fetching access token
 178     if (isset($_SESSION['OAuth_consumer_key'],
 179               $_SESSION['OAuth_consumer_secret'],
 180               $_SESSION['OAuth_access_token_url'],
 181               $_SESSION['OAuth_access_token_method'])) {
 182
 183         try {
 184             $oauth = new OpenID_Extension_OAuth(OpenID_Extension::RESPONSE,
 185                                                 $message);
 186
 187             // Fix line lengths.
 188             $consumerKey    = $_SESSION['OAuth_consumer_key'];
 189             $consumerSecret = $_SESSION['OAuth_consumer_key'];
 190             $tokenURL       = $_SESSION['OAuth_access_token_url'];
 191             $tokenMethod    = $_SESSION['OAuth_access_token_method'];
 192
 193             $oauthData = $oauth->getAccessToken($consumerKey,
 194                                                 $consumerSecret,
 195                                                 $tokenURL,
 196                                                 array(),
 197                                                 $tokenMethod);
 198
 199         } catch (Exception $e) {
 200         }
 201     }
 202
 203     $openid = $message->getArrayFormat();
 204     if ($GLOBALS['phorkie']['auth']['secure'] > 0 &&
 205         $GLOBALS['phorkie']['auth']['userlist']) {
 206         if (!in_array($openid['openid.identity'], $GLOBALS['phorkie']['users'])) {
 207             $redirect = 'http://' . $_SERVER['HTTP_HOST'] . "/forbidden";
 208             header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
 209             exit;
 210         }
 211     }
 212     // include_once 'openid/wrapper.php';
 213
 214         $email = (isset($openid['openid.ext1.value.email'])) ? $openid['openid.ext1.value.email'] : null;
 215     $email = (isset($openid['openid.ext2.value.email']) && !isset($email)) ? $openid['openid.ext2.value.email'] : $email;
 216     $email = (isset($openid['openid.sreg.email']) && !isset($email)) ? $openid['openid.sreg.email'] : $email;
 217     $email = (isset($openid['openid.ax.value.email']) && !isset($email)) ? $openid['openid.ax.value.email'] : $email;
 218     $_SESSION['email'] = (isset($email)) ? $email : $GLOBALS['phorkie']['auth']['anonymousEmail'];
 219
 220     $name = (isset($openid['openid.ext1.value.firstname']) && isset($openid['openid.ext1.value.lastname'])) ? $openid['openid.ext1.value.firstname']." ".$openid['openid.ext1.value.lastname'] : null;
 221     $name = (isset($openid['openid.sreg.firstname']) && isset($openid['openid.sreg.lastname']) && !isset($name)) ? $openid['openid.sreg.firstname']." ".$openid['openid.sreg.lastname'] : $name;
 222     $name = (isset($openid['openid.sreg.nickname']) && !isset($name)) ? $openid['openid.sreg.nickname'] : $name;
 223     $_SESSION['name'] = (isset($name)) ? $name : $_SERVER['REMOTE_ADDR'];
 224
 225     $_SESSION['identity'] = $openid['openid.identity'];
 226
 227     $redirect = 'http://' . $_SERVER['HTTP_HOST'] . $_SESSION['REQUEST_URI'];
 228     header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
 229     exit;
 230 }
 231
 232 ?>