www/login.php

   1 <?php
   2 namespace phorkie;
   3 $noSecurityCheck = true;
   4 require_once 'www-header.php';
   5
   6 if (isset($_REQUEST['logout'])) {
   7     unset($_SESSION);
   8     session_destroy();
   9     header('Location: ' . Tools::fullUrl('/'));
  10     exit();
  11 }
  12
  13 if (!count($_GET) && !count($_POST)) {
  14     render('login');
  15     exit();
  16 }
  17
  18 // Hackaround Non-Javascript Login Page
  19 if (!count($_POST) && isset($_GET['openid_url'])) {
  20     $_POST = $_GET;
  21 }
  22
  23 if (isset($_POST['openid_url'])) {
  24     $openid_url = $_POST['openid_url'];
  25 } else if (isset($_SESSION['openid_url'])) {
  26     $openid_url = $_SESSION['openid_url'];
  27 } else {
  28     $openid_url = null;
  29 }
  30
  31 $realm    = Tools::fullUrl('/');
  32 $returnTo = Tools::fullUrl('/login');
  33
  34 try {
  35     $o = new \OpenID_RelyingParty($returnTo, $realm, $openid_url);
  36 } catch (OpenID_Exception $e) {
  37     throw new Exception($e->getMessage());
  38 }
  39
  40 if (!empty($_POST['disable_associations']) || !empty($_SESSION['disable_associations'])) {
  41     $o->disableAssociations();
  42     $_SESSION['disable_associations'] = true;
  43 }
  44
  45 if (isset($_POST['openid_url'])) {
  46
  47     $_SESSION['openid_url'] = $openid_url;
  48     try {
  49         $authRequest = $o->prepare();
  50     } catch (OpenID_Exception $e) {
  51         throw new Exception($e->getMessage());
  52     }
  53
  54     // SREG
  55     $sreg = new \OpenID_Extension_SREG11(\OpenID_Extension::REQUEST);
  56     $sreg->set('required', 'email,fullname');
  57     $authRequest->addExtension($sreg);
  58
  59     // AX, http://stackoverflow.com/a/7657061/282601
  60     $ax = new \OpenID_Extension_AX(\OpenID_Extension::REQUEST);
  61     $ax->set('type.email', 'http://axschema.org/contact/email');
  62     $ax->set('type.firstname', 'http://axschema.org/namePerson/first');
  63     $ax->set('type.lastname', 'http://axschema.org/namePerson/last');
  64     $ax->set('type.fullname', 'http://axschema.org/namePerson');
  65     $ax->set('mode', 'fetch_request');
  66     $ax->set('required', 'email,firstname,lastname,fullname');
  67     $authRequest->addExtension($ax);
  68
  69     $url = $authRequest->getAuthorizeURL();
  70
  71     header("Location: $url");
  72     exit;
  73
  74 }
  75
  76 if (isset($_SESSION['openid_url'])) {
  77     $usid = $_SESSION['openid_url'];
  78     unset($_SESSION['openid_url']);
  79 } else {
  80     $usid = null;
  81 }
  82
  83 unset($_SESSION['disable_associations']);
  84
  85 if (!count($_POST)) {
  86     list(, $queryString) = explode('?', $_SERVER['REQUEST_URI']);
  87 } else {
  88     // I hate php sometimes
  89     $queryString = file_get_contents('php://input');
  90 }
  91
  92 $message = new \OpenID_Message($queryString, \OpenID_Message::FORMAT_HTTP);
  93 $id      = $message->get('openid.claimed_id');
  94 $mode    = $message->get('openid.mode');
  95
  96 try {
  97     $result = $o->verify(new \Net_URL2($returnTo . '?' . $queryString), $message);
  98
  99     if ($result->success()) {
 100         $status  = "<tr><td>Status:</td><td><font color='green'>SUCCESS!";
 101         $status .= " ({$result->getAssertionMethod()})</font></td></tr>";
 102     } else {
 103         throw new Exception('Error logging in');
 104         $status  = "<tr><td>Status:</td><td><font color='red'>FAIL!";
 105         $status .= " ({$result->getAssertionMethod()})</font></td></tr>";
 106     }
 107 } catch (OpenID_Exception $e) {
 108     throw new Exception('Error logging in');
 109     $status  = "<tr><td>Status:</td><td><font color='red'>EXCEPTION!";
 110     $status .= " ({$e->getMessage()} : {$e->getCode()})</font></td></tr>";
 111 }
 112
 113
 114 $openid = $message->getArrayFormat();
 115
 116 $email = isset($openid['openid.ext1.value.email'])
 117     ? $openid['openid.ext1.value.email']
 118     : null;
 119 $email = isset($openid['openid.ext2.value.email']) && !isset($email)
 120     ? $openid['openid.ext2.value.email']
 121     : $email;
 122 $email = isset($openid['openid.sreg.email']) && !isset($email)
 123     ? $openid['openid.sreg.email']
 124     : $email;
 125 $email = isset($openid['openid.ax.value.email'])
 126     && isset($openid['openid.ax.type.email'])
 127     && $openid['openid.ax.type.email'] == 'http://axschema.org/contact/email'
 128     && !isset($email)
 129     ? $openid['openid.ax.value.email']
 130     : $email;
 131 $_SESSION['email'] = isset($email)
 132     ? $email
 133     : $GLOBALS['phorkie']['auth']['anonymousEmail'];
 134
 135 $name = isset($openid['openid.ext1.value.firstname'])
 136     && isset($openid['openid.ext1.value.lastname'])
 137     ? $openid['openid.ext1.value.firstname'] . ' '
 138     . $openid['openid.ext1.value.lastname']
 139     : null;
 140 $name = isset($openid['openid.sreg.fullname']) && !isset($name)
 141     ? $openid['openid.sreg.fullname']
 142     : $name;
 143 $name = isset($openid['openid.ax.value.fullname'])
 144     && isset($openid['openid.ax.type.fullname'])
 145     && $openid['openid.ax.type.fullname'] == 'http://axschema.org/namePerson'
 146     && !isset($name)
 147     ? $openid['openid.ax.value.fullname']
 148     : $name;
 149
 150 $_SESSION['name'] = isset($name) ? $name : $_SERVER['REMOTE_ADDR'];
 151 $_SESSION['identity'] = $openid['openid.identity'];
 152
 153 if (isset($_SESSION['REQUEST_URI'])) {
 154     $redirect = Tools::fullUrl($_SESSION['REQUEST_URI']);
 155 } else {
 156     $redirect = Tools::fullUrl('/');
 157 }
 158 header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
 159 exit;
 160 ?>