X-Git-Url: https://git.cweiske.de/phorkie.git/blobdiff_plain/972d5d8a7e5450d9c3784feda363eee56f3ad269..ba406cb340bcbfc88f465a3cefd416cdda95fd43:/www/login.php
diff --git a/www/login.php b/www/login.php
index b8cb512..2762b4b 100644
--- a/www/login.php
+++ b/www/login.php
@@ -1,46 +1,45 @@
- * @copyright 2009 Bill Shupp
- * @license http://www.opensource.org/licenses/bsd-license.php FreeBSD
- * @link http://github.com/shupp/openid
- */
namespace phorkie;
-// A tool for testing Relying Party functionality
-set_include_path(
- __DIR__ . '/../../src/'
- . PATH_SEPARATOR . get_include_path()
-);
-
-$pageRequiresLogin = false;
+$noSecurityCheck = true;
require_once 'www-header.php';
-require_once 'openid/config.php';
-
if (isset($_REQUEST['logout'])) {
unset($_SESSION);
session_destroy();
- $redirect = 'http://' . $_SERVER['HTTP_HOST'];
- header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
- exit;
+ //delete last openid cookie.
+ // if you deliberately log out, you do not want to be logged in
+ // automatically on the next page reload.
+ setcookie('lastopenid', '0', time() - 3600);
+
+ header('Location: ' . Tools::fullUrl());
+ exit();
+}
+
+$bAutologin = false;
+if (isset($_GET['autologin']) && $_GET['autologin']
+ && isset($_COOKIE['lastopenid'])
+) {
+ $bAutologin = true;
+ // autologin=1: start openid autologin
+ // autologin=2: response from openid server
+ if ($_GET['autologin'] == 1) {
+ $_POST['openid_url'] = $_COOKIE['lastopenid'];
+ }
}
if (!count($_GET) && !count($_POST)) {
render(
'login',
- null
+ array(
+ 'openid' => isset($_COOKIE['lastopenid'])
+ ? $_COOKIE['lastopenid'] : 'http://'
+ )
);
- exit;
+ exit();
}
// Hackaround Non-Javascript Login Page
-if (!count($_POST) && isset($_GET['start'])) {
+if (!count($_POST) && isset($_GET['openid_url'])) {
$_POST = $_GET;
}
@@ -52,14 +51,16 @@ if (isset($_POST['openid_url'])) {
$openid_url = null;
}
+$realm = Tools::fullUrl();
+$returnTo = Tools::fullUrl('login');
+if ($bAutologin) {
+ $returnTo = Tools::fullUrl('login?autologin=2');
+}
+
try {
$o = new \OpenID_RelyingParty($returnTo, $realm, $openid_url);
-} catch (OpenID_Exception $e) {
- $contents = "
\n";
- $contents .= "
" . $e->getMessage() . "
\n";
- $contents .= "
";
- include_once 'openid/wrapper.php';
- exit;
+} catch (\OpenID_Exception $e) {
+ throw new Exception($e->getMessage());
}
if (!empty($_POST['disable_associations']) || !empty($_SESSION['disable_associations'])) {
@@ -67,153 +68,162 @@ if (!empty($_POST['disable_associations']) || !empty($_SESSION['disable_associat
$_SESSION['disable_associations'] = true;
}
-$log = new \OpenID_Observer_Log;
-\OpenID::attach($log);
-
-if (isset($_POST['start'])) {
+if (isset($_POST['openid_url'])) {
$_SESSION['openid_url'] = $openid_url;
try {
$authRequest = $o->prepare();
- } catch (OpenID_Exception $e) {
- $contents = "\n";
- $contents .= "
" . $e->getMessage() . "
\n";
- $contents .= "
";
- include_once 'openid/wrapper.php';
- exit;
- }
-
- // checkid_immediate
- if (!empty($_POST['checkid_immediate'])) {
- $authRequest->setMode('checkid_immediate');
+ if ($bAutologin) {
+ $authRequest->setMode(\OpenID::MODE_CHECKID_IMMEDIATE);
+ }
+ } catch (\OpenID_Exception $e) {
+ if ($bAutologin) {
+ $alres = new Login_AutologinResponse('error', $e->getMessage());
+ $alres->send();
+ exit(0);
+ }
+ throw new Exception($e->getMessage());
+ } catch (\Exception $e) {
+ if ($bAutologin) {
+ $alres = new Login_AutologinResponse('error', $e->getMessage());
+ $alres->send();
+ exit(0);
+ }
+ throw $e;
}
// SREG
$sreg = new \OpenID_Extension_SREG11(\OpenID_Extension::REQUEST);
- $sreg->set('required', 'email,firstname,lastname,nickname');
- $sreg->set('optional', 'gender,dob');
+ $sreg->set('required', 'email,fullname');
$authRequest->addExtension($sreg);
- // AX
+ // AX, http://stackoverflow.com/a/7657061/282601
$ax = new \OpenID_Extension_AX(\OpenID_Extension::REQUEST);
$ax->set('type.email', 'http://axschema.org/contact/email');
$ax->set('type.firstname', 'http://axschema.org/namePerson/first');
$ax->set('type.lastname', 'http://axschema.org/namePerson/last');
+ $ax->set('type.fullname', 'http://axschema.org/namePerson');
$ax->set('mode', 'fetch_request');
- $ax->set('required', 'email,firstname,lastname');
+ $ax->set('required', 'email,firstname,lastname,fullname');
$authRequest->addExtension($ax);
- // UI
- if (!empty($_POST['ui'])) {
- $ui = new \OpenID_Extension_UI(\OpenID_Extension::REQUEST);
- $ui->set('mode', 'popup');
- $ui->set('language', 'en-US');
- $authRequest->addExtension($ui);
- }
+ $url = $authRequest->getAuthorizeURL();
- // OAuth
- if (!empty($_POST['oauth'])) {
- $oauth = new \OpenID_Extension_OAuth(\OpenID_Extension::REQUEST);
- $oauth->set('consumer', $_POST['oauth_consumer_key']);
- $_SESSION['OAuth_consumer_key'] = $_POST['oauth_consumer_key'];
- $_SESSION['OAuth_consumer_secret'] = $_POST['oauth_consumer_secret'];
+ header("Location: $url");
+ exit;
+
+}
- $oauth->set('scope', $_POST['oauth_scope']);
- $_SESSION['OAuth_scope'] = $_POST['oauth_scope'];
+if (isset($_SESSION['openid_url'])) {
+ $usid = $_SESSION['openid_url'];
+ unset($_SESSION['openid_url']);
+} else {
+ $usid = null;
+}
- $_SESSION['OAuth_access_token_url'] = $_POST['oauth_access_token_url'];
- $_SESSION['OAuth_access_token_method'] = $_POST['oauth_access_token_method'];
+unset($_SESSION['disable_associations']);
- $authRequest->addExtension($oauth);
- }
-
- $url = $authRequest->getAuthorizeURL();
-
- if (empty($_POST['debug'])) {
- header("Location: $url");
- exit;
- }
-
+if (!count($_POST)) {
+ list(, $queryString) = explode('?', $_SERVER['REQUEST_URI']);
} else {
- if (isset($_SESSION['openid_url'])) {
- $usid = $_SESSION['openid_url'];
- unset($_SESSION['openid_url']);
- } else {
- $usid = null;
- }
+ // I hate php sometimes
+ $queryString = file_get_contents('php://input');
+}
- unset($_SESSION['disable_associations']);
+$message = new \OpenID_Message($queryString, \OpenID_Message::FORMAT_HTTP);
+$id = $message->get('openid.claimed_id');
+$mode = $message->get('openid.mode');
- if (!count($_POST)) {
- list(, $queryString) = explode('?', $_SERVER['REQUEST_URI']);
- } else {
- // I hate php sometimes
- $queryString = file_get_contents('php://input');
+try {
+ $sep = '?';
+ if (strpos($returnTo, '?') !== false) {
+ $sep = '&';
}
+ $result = $o->verify(new \Net_URL2($returnTo . $sep . $queryString), $message);
- $message = new \OpenID_Message($queryString, \OpenID_Message::FORMAT_HTTP);
- $id = $message->get('openid.claimed_id');
- $mode = $message->get('openid.mode');
-
- try {
- $result = $o->verify(new \Net_URL2($returnTo . '?' . $queryString), $message);
-
- if ($result->success()) {
- $status = "Status: | SUCCESS!";
- $status .= " ({$result->getAssertionMethod()}) |
";
- } else {
- $status = "Status: | FAIL!";
- $status .= " ({$result->getAssertionMethod()}) |
";
+ if ($result->success()) {
+ $status = "Status: | SUCCESS!";
+ $status .= " ({$result->getAssertionMethod()}) |
";
+ } else {
+ if ($bAutologin) {
+ $alres = new Login_AutologinResponse(
+ 'error', 'Error logging in: ' . $result->getAssertionMethod()
+ );
+ $alres->send();
+ exit(0);
}
- } catch (OpenID_Exception $e) {
- $status = "Status: | EXCEPTION!";
- $status .= " ({$e->getMessage()} : {$e->getCode()}) |
";
+ throw new Exception('Error logging in');
+ $status = "Status: | FAIL!";
+ $status .= " ({$result->getAssertionMethod()}) |
";
}
-
- // OAuth hyprid fetching access token
- if (isset($_SESSION['OAuth_consumer_key'],
- $_SESSION['OAuth_consumer_secret'],
- $_SESSION['OAuth_access_token_url'],
- $_SESSION['OAuth_access_token_method'])) {
-
- try {
- $oauth = new \OpenID_Extension_OAuth(\OpenID_Extension::RESPONSE,
- $message);
-
- // Fix line lengths.
- $consumerKey = $_SESSION['OAuth_consumer_key'];
- $consumerSecret = $_SESSION['OAuth_consumer_key'];
- $tokenURL = $_SESSION['OAuth_access_token_url'];
- $tokenMethod = $_SESSION['OAuth_access_token_method'];
-
- $oauthData = $oauth->getAccessToken($consumerKey,
- $consumerSecret,
- $tokenURL,
- array(),
- $tokenMethod);
-
- } catch (Exception $e) {
- }
+} catch (\OpenID_Exception $e) {
+ if ($bAutologin) {
+ $alres = new Login_AutologinResponse('error', $e->getMessage());
+ $alres->send();
+ exit(0);
}
+ throw new Exception('Error logging in');
+ $status = "Status: | EXCEPTION!";
+ $status .= " ({$e->getMessage()} : {$e->getCode()}) |
";
+}
- $openid = $message->getArrayFormat();
-
- $email = (isset($openid['openid.ext1.value.email'])) ? $openid['openid.ext1.value.email'] : null;
- $email = (isset($openid['openid.ext2.value.email']) && !isset($email)) ? $openid['openid.ext2.value.email'] : $email;
- $email = (isset($openid['openid.sreg.email']) && !isset($email)) ? $openid['openid.sreg.email'] : $email;
- $email = (isset($openid['openid.ax.value.email']) && !isset($email)) ? $openid['openid.ax.value.email'] : $email;
- $_SESSION['email'] = (isset($email)) ? $email : $GLOBALS['phorkie']['auth']['anonymousEmail'];
- $name = (isset($openid['openid.ext1.value.firstname']) && isset($openid['openid.ext1.value.lastname'])) ? $openid['openid.ext1.value.firstname']." ".$openid['openid.ext1.value.lastname'] : null;
- $name = (isset($openid['openid.sreg.firstname']) && isset($openid['openid.sreg.lastname']) && !isset($name)) ? $openid['openid.sreg.firstname']." ".$openid['openid.sreg.lastname'] : $name;
- $name = (isset($openid['openid.sreg.nickname']) && !isset($name)) ? $openid['openid.sreg.nickname'] : $name;
- $_SESSION['name'] = (isset($name)) ? $name : $_SERVER['REMOTE_ADDR'];
+$openid = $message->getArrayFormat();
+
+$email = isset($openid['openid.ext1.value.email'])
+ ? $openid['openid.ext1.value.email']
+ : null;
+$email = isset($openid['openid.ext2.value.email']) && !isset($email)
+ ? $openid['openid.ext2.value.email']
+ : $email;
+$email = isset($openid['openid.sreg.email']) && !isset($email)
+ ? $openid['openid.sreg.email']
+ : $email;
+$email = isset($openid['openid.ax.value.email'])
+ && isset($openid['openid.ax.type.email'])
+ && $openid['openid.ax.type.email'] == 'http://axschema.org/contact/email'
+ && !isset($email)
+ ? $openid['openid.ax.value.email']
+ : $email;
+$_SESSION['email'] = isset($email)
+ ? $email
+ : $GLOBALS['phorkie']['auth']['anonymousEmail'];
+
+$name = isset($openid['openid.ext1.value.firstname'])
+ && isset($openid['openid.ext1.value.lastname'])
+ ? $openid['openid.ext1.value.firstname'] . ' '
+ . $openid['openid.ext1.value.lastname']
+ : null;
+$name = isset($openid['openid.sreg.fullname']) && !isset($name)
+ ? $openid['openid.sreg.fullname']
+ : $name;
+$name = isset($openid['openid.ax.value.fullname'])
+ && isset($openid['openid.ax.type.fullname'])
+ && $openid['openid.ax.type.fullname'] == 'http://axschema.org/namePerson'
+ && !isset($name)
+ ? $openid['openid.ax.value.fullname']
+ : $name;
+
+$_SESSION['name'] = isset($name) ? $name : $_SERVER['REMOTE_ADDR'];
+$_SESSION['identity'] = $openid['openid.identity'];
+
+setcookie('tried-autologin', '0', time() - 3600);//delete
+setcookie('lastopenid', $_SESSION['identity'], time() + 84600 * 60);
+
+if ($bAutologin) {
+ $alres = new Login_AutologinResponse('ok');
+ $alres->name = $_SESSION['name'];
+ $alres->identity = $_SESSION['identity'];
+ $alres->send();
+ exit(0);
+}
- $_SESSION['identity'] = $openid['openid.identity'];
- $redirect = 'http://' . $_SERVER['HTTP_HOST'] . $_SESSION['REQUEST_URI'];
- header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
- exit;
+$url = '';
+if (isset($_SESSION['REQUEST_URI'])) {
+ $url = substr($_SESSION['REQUEST_URI'], 1);
}
-
+$redirect = Tools::fullUrl($url);
+header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
+exit;
?>