Fix E_NOTICE: Only variables should be passed by reference
[phorkie.git] / www / login.php
1 <?php
2 namespace phorkie;
3 $noSecurityCheck = true;
4 require_once 'www-header.php';
5
6 if (isset($_REQUEST['logout'])) {
7     unset($_SESSION);
8     session_destroy();
9     //delete last openid cookie.
10     // if you deliberately log out, you do not want to be logged in
11     // automatically on the next page reload.
12     setcookie('lastopenid', '0', time() - 3600);
13
14     header('Location: ' . Tools::fullUrl());
15     exit();
16 }
17
18 $bAutologin = false;
19 if (isset($_GET['autologin']) && $_GET['autologin']
20     && isset($_COOKIE['lastopenid'])
21 ) {
22     $bAutologin = true;
23     // autologin=1: start openid autologin
24     // autologin=2: response from openid server
25     if ($_GET['autologin'] == 1) {
26         $_POST['openid_url'] = $_COOKIE['lastopenid'];
27     }
28 }
29
30 if (!count($_GET) && !count($_POST)) {
31     render(
32         'login',
33         array(
34             'openid' => isset($_COOKIE['lastopenid'])
35                 ? $_COOKIE['lastopenid'] : 'http://'
36         )
37     );
38     exit();
39 }
40
41 // Hackaround Non-Javascript Login Page
42 if (!count($_POST) && isset($_GET['openid_url'])) {
43     $_POST = $_GET;
44 }
45
46 if (isset($_POST['openid_url'])) {
47     $openid_url = $_POST['openid_url'];
48 } else if (isset($_SESSION['openid_url'])) {
49     $openid_url = $_SESSION['openid_url'];
50 } else {
51     $openid_url = null;
52 }
53
54 $realm    = Tools::fullUrl();
55 $returnTo = Tools::fullUrl('login');
56 if ($bAutologin) {
57     $returnTo = Tools::fullUrl('login?autologin=2');
58 }
59
60 try {
61     $o = new \OpenID_RelyingParty($returnTo, $realm, $openid_url);
62 } catch (\OpenID_Exception $e) {
63     throw new Exception($e->getMessage());
64 }
65
66 if (!empty($_POST['disable_associations']) || !empty($_SESSION['disable_associations'])) {
67     $o->disableAssociations();
68     $_SESSION['disable_associations'] = true;
69 }
70
71 if (isset($_POST['openid_url'])) {
72
73     $_SESSION['openid_url'] = $openid_url;
74     try {
75         $authRequest = $o->prepare();
76         if ($bAutologin) {
77             $authRequest->setMode(\OpenID::MODE_CHECKID_IMMEDIATE);
78         }
79     } catch (\OpenID_Exception $e) {
80         if ($bAutologin) {
81             $alres = new Login_AutologinResponse('error', $e->getMessage());
82             $alres->send();
83             exit(0);
84         }
85         throw new Exception($e->getMessage());
86     } catch (\Exception $e) {
87         if ($bAutologin) {
88             $alres = new Login_AutologinResponse('error', $e->getMessage());
89             $alres->send();
90             exit(0);
91         }
92         throw $e;
93     }
94
95     // SREG
96     $sreg = new \OpenID_Extension_SREG11(\OpenID_Extension::REQUEST);
97     $sreg->set('required', 'email,fullname');
98     $authRequest->addExtension($sreg);
99
100     // AX, http://stackoverflow.com/a/7657061/282601
101     $ax = new \OpenID_Extension_AX(\OpenID_Extension::REQUEST);
102     $ax->set('type.email', 'http://axschema.org/contact/email');
103     $ax->set('type.firstname', 'http://axschema.org/namePerson/first');
104     $ax->set('type.lastname', 'http://axschema.org/namePerson/last');
105     $ax->set('type.fullname', 'http://axschema.org/namePerson');
106     $ax->set('mode', 'fetch_request');
107     $ax->set('required', 'email,firstname,lastname,fullname');
108     $authRequest->addExtension($ax);
109
110     $url = $authRequest->getAuthorizeURL();
111
112     header("Location: $url");
113     exit;
114     
115 }
116
117 if (isset($_SESSION['openid_url'])) {
118     $usid = $_SESSION['openid_url'];
119     unset($_SESSION['openid_url']);
120 } else {
121     $usid = null;
122 }
123
124 unset($_SESSION['disable_associations']);
125
126 if (!count($_POST)) {
127     list(, $queryString) = explode('?', $_SERVER['REQUEST_URI']);
128 } else {
129     // I hate php sometimes
130     $queryString = file_get_contents('php://input');
131 }
132
133 $message = new \OpenID_Message($queryString, \OpenID_Message::FORMAT_HTTP);
134 $id      = $message->get('openid.claimed_id');
135 $mode    = $message->get('openid.mode');
136
137 try {
138     $sep = '?';
139     if (strpos($returnTo, '?') !== false) {
140         $sep = '&';
141     }
142     $result = $o->verify(new \Net_URL2($returnTo . $sep . $queryString), $message);
143
144     if ($result->success()) {
145         $status  = "<tr><td>Status:</td><td><font color='green'>SUCCESS!";
146         $status .= " ({$result->getAssertionMethod()})</font></td></tr>";
147     } else {
148         if ($bAutologin) {
149             $alres = new Login_AutologinResponse(
150                 'error', 'Error logging in: ' . $result->getAssertionMethod()
151             );
152             $alres->send();
153             exit(0);
154         }
155         throw new Exception('Error logging in');
156         $status  = "<tr><td>Status:</td><td><font color='red'>FAIL!";
157         $status .= " ({$result->getAssertionMethod()})</font></td></tr>";
158     }
159 } catch (\OpenID_Exception $e) {
160     if ($bAutologin) {
161         $alres = new Login_AutologinResponse('error', $e->getMessage());
162         $alres->send();
163         exit(0);
164     }
165     throw new Exception('Error logging in');
166     $status  = "<tr><td>Status:</td><td><font color='red'>EXCEPTION!";
167     $status .= " ({$e->getMessage()} : {$e->getCode()})</font></td></tr>";
168 }
169
170
171 $openid = $message->getArrayFormat();
172
173 $email = isset($openid['openid.ext1.value.email'])
174     ? $openid['openid.ext1.value.email']
175     : null;
176 $email = isset($openid['openid.ext2.value.email']) && !isset($email)
177     ? $openid['openid.ext2.value.email']
178     : $email;
179 $email = isset($openid['openid.sreg.email']) && !isset($email)
180     ? $openid['openid.sreg.email']
181     : $email;
182 $email = isset($openid['openid.ax.value.email'])
183     && isset($openid['openid.ax.type.email'])
184     && $openid['openid.ax.type.email'] == 'http://axschema.org/contact/email'
185     && !isset($email)
186     ? $openid['openid.ax.value.email']
187     : $email;
188 $_SESSION['email'] = isset($email)
189     ? $email
190     : $GLOBALS['phorkie']['auth']['anonymousEmail'];
191
192 $name = isset($openid['openid.ext1.value.firstname'])
193     && isset($openid['openid.ext1.value.lastname'])
194     ? $openid['openid.ext1.value.firstname'] . ' '
195     . $openid['openid.ext1.value.lastname']
196     : null;
197 $name = isset($openid['openid.sreg.fullname']) && !isset($name)
198     ? $openid['openid.sreg.fullname']
199     : $name;
200 $name = isset($openid['openid.ax.value.fullname'])
201     && isset($openid['openid.ax.type.fullname'])
202     && $openid['openid.ax.type.fullname'] == 'http://axschema.org/namePerson'
203     && !isset($name)
204     ? $openid['openid.ax.value.fullname']
205     : $name;
206
207 $_SESSION['name'] = isset($name) ? $name : $_SERVER['REMOTE_ADDR'];
208 $_SESSION['identity'] = $openid['openid.identity'];
209
210 setcookie('tried-autologin', '0', time() - 3600);//delete
211 setcookie('lastopenid', $_SESSION['identity'], time() + 84600 * 60);
212
213 if ($bAutologin) {
214     $alres = new Login_AutologinResponse('ok');
215     $alres->name     = $_SESSION['name'];
216     $alres->identity = $_SESSION['identity'];
217     $alres->send();
218     exit(0);
219 }
220
221
222 $url = '';
223 if (isset($_SESSION['REQUEST_URI'])) {
224     $url = substr($_SESSION['REQUEST_URI'], 1);
225 }
226 $redirect = Tools::fullUrl($url);
227 header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
228 exit;
229 ?>