git.cweiske.de / phorkie.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
show url and HTTP method in exception
[phorkie.git] / www / login.php
1 <?php
2 namespace phorkie;
3 $noSecurityCheck = true;
4 require_once 'www-header.php';
5
6 if (isset($_REQUEST['logout'])) {
7     unset($_SESSION);
8     session_destroy();
9     header('Location: ' . Tools::fullUrl());
10     exit();
11 }
12
13 if (!count($_GET) && !count($_POST)) {
14     render(
15         'login',
16         array(
17             'openid' => isset($_COOKIE['lastopenid'])
18                 ? $_COOKIE['lastopenid'] : 'http://'
19         )
20     );
21     exit();
22 }
23
24 // Hackaround Non-Javascript Login Page
25 if (!count($_POST) && isset($_GET['openid_url'])) {
26     $_POST = $_GET;
27 }
28
29 if (isset($_POST['openid_url'])) {
30     $openid_url = $_POST['openid_url'];
31 } else if (isset($_SESSION['openid_url'])) {
32     $openid_url = $_SESSION['openid_url'];
33 } else {
34     $openid_url = null;
35 }
36
37 $realm    = Tools::fullUrl();
38 $returnTo = Tools::fullUrl('login');
39
40 try {
41     $o = new \OpenID_RelyingParty($returnTo, $realm, $openid_url);
42 } catch (OpenID_Exception $e) {
43     throw new Exception($e->getMessage());
44 }
45
46 if (!empty($_POST['disable_associations']) || !empty($_SESSION['disable_associations'])) {
47     $o->disableAssociations();
48     $_SESSION['disable_associations'] = true;
49 }
50
51 if (isset($_POST['openid_url'])) {
52
53     $_SESSION['openid_url'] = $openid_url;
54     try {
55         $authRequest = $o->prepare();
56     } catch (OpenID_Exception $e) {
57         throw new Exception($e->getMessage());
58     }
59
60     // SREG
61     $sreg = new \OpenID_Extension_SREG11(\OpenID_Extension::REQUEST);
62     $sreg->set('required', 'email,fullname');
63     $authRequest->addExtension($sreg);
64
65     // AX, http://stackoverflow.com/a/7657061/282601
66     $ax = new \OpenID_Extension_AX(\OpenID_Extension::REQUEST);
67     $ax->set('type.email', 'http://axschema.org/contact/email');
68     $ax->set('type.firstname', 'http://axschema.org/namePerson/first');
69     $ax->set('type.lastname', 'http://axschema.org/namePerson/last');
70     $ax->set('type.fullname', 'http://axschema.org/namePerson');
71     $ax->set('mode', 'fetch_request');
72     $ax->set('required', 'email,firstname,lastname,fullname');
73     $authRequest->addExtension($ax);
74
75     $url = $authRequest->getAuthorizeURL();
76
77     header("Location: $url");
78     exit;
79     
80 }
81
82 if (isset($_SESSION['openid_url'])) {
83     $usid = $_SESSION['openid_url'];
84     unset($_SESSION['openid_url']);
85 } else {
86     $usid = null;
87 }
88
89 unset($_SESSION['disable_associations']);
90
91 if (!count($_POST)) {
92     list(, $queryString) = explode('?', $_SERVER['REQUEST_URI']);
93 } else {
94     // I hate php sometimes
95     $queryString = file_get_contents('php://input');
96 }
97
98 $message = new \OpenID_Message($queryString, \OpenID_Message::FORMAT_HTTP);
99 $id      = $message->get('openid.claimed_id');
100 $mode    = $message->get('openid.mode');
101
102 try {
103     $result = $o->verify(new \Net_URL2($returnTo . '?' . $queryString), $message);
104
105     if ($result->success()) {
106         $status  = "<tr><td>Status:</td><td><font color='green'>SUCCESS!";
107         $status .= " ({$result->getAssertionMethod()})</font></td></tr>";
108     } else {
109         throw new Exception('Error logging in');
110         $status  = "<tr><td>Status:</td><td><font color='red'>FAIL!";
111         $status .= " ({$result->getAssertionMethod()})</font></td></tr>";
112     }
113 } catch (OpenID_Exception $e) {
114     throw new Exception('Error logging in');
115     $status  = "<tr><td>Status:</td><td><font color='red'>EXCEPTION!";
116     $status .= " ({$e->getMessage()} : {$e->getCode()})</font></td></tr>";
117 }
118
119
120 $openid = $message->getArrayFormat();
121
122 $email = isset($openid['openid.ext1.value.email'])
123     ? $openid['openid.ext1.value.email']
124     : null;
125 $email = isset($openid['openid.ext2.value.email']) && !isset($email)
126     ? $openid['openid.ext2.value.email']
127     : $email;
128 $email = isset($openid['openid.sreg.email']) && !isset($email)
129     ? $openid['openid.sreg.email']
130     : $email;
131 $email = isset($openid['openid.ax.value.email'])
132     && isset($openid['openid.ax.type.email'])
133     && $openid['openid.ax.type.email'] == 'http://axschema.org/contact/email'
134     && !isset($email)
135     ? $openid['openid.ax.value.email']
136     : $email;
137 $_SESSION['email'] = isset($email)
138     ? $email
139     : $GLOBALS['phorkie']['auth']['anonymousEmail'];
140
141 $name = isset($openid['openid.ext1.value.firstname'])
142     && isset($openid['openid.ext1.value.lastname'])
143     ? $openid['openid.ext1.value.firstname'] . ' '
144     . $openid['openid.ext1.value.lastname']
145     : null;
146 $name = isset($openid['openid.sreg.fullname']) && !isset($name)
147     ? $openid['openid.sreg.fullname']
148     : $name;
149 $name = isset($openid['openid.ax.value.fullname'])
150     && isset($openid['openid.ax.type.fullname'])
151     && $openid['openid.ax.type.fullname'] == 'http://axschema.org/namePerson'
152     && !isset($name)
153     ? $openid['openid.ax.value.fullname']
154     : $name;
155
156 $_SESSION['name'] = isset($name) ? $name : $_SERVER['REMOTE_ADDR'];
157 $_SESSION['identity'] = $openid['openid.identity'];
158
159 setcookie('lastopenid', $_SESSION['identity'], time() + 84600 * 60, '/login');
160
161 $url = '';
162 if (isset($_SESSION['REQUEST_URI'])) {
163     $url = substr($_SESSION['REQUEST_URI'], 1);
164 }
165 $redirect = Tools::fullUrl($url);
166 header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
167 exit;
168 ?>
Self-hosted pastebin software written in PHP. Pastes are editable, may have multiple files and are stored in git repositories.