X-Git-Url: https://git.cweiske.de/phorkie.git/blobdiff_plain/97c4ac59eed8b66b2e7f85d8ac325b063fb8a0ce..78215a8279ecc048bd6bbb6a4977ee58766928b6:/www/login.php diff --git a/www/login.php b/www/login.php index 87c34f4..2762b4b 100644 --- a/www/login.php +++ b/www/login.php @@ -1,11 +1,229 @@ isset($_COOKIE['lastopenid']) + ? $_COOKIE['lastopenid'] : 'http://' + ) + ); + exit(); +} + +// Hackaround Non-Javascript Login Page +if (!count($_POST) && isset($_GET['openid_url'])) { + $_POST = $_GET; +} + +if (isset($_POST['openid_url'])) { + $openid_url = $_POST['openid_url']; +} else if (isset($_SESSION['openid_url'])) { + $openid_url = $_SESSION['openid_url']; +} else { + $openid_url = null; +} + +$realm = Tools::fullUrl(); +$returnTo = Tools::fullUrl('login'); +if ($bAutologin) { + $returnTo = Tools::fullUrl('login?autologin=2'); +} + +try { + $o = new \OpenID_RelyingParty($returnTo, $realm, $openid_url); +} catch (\OpenID_Exception $e) { + throw new Exception($e->getMessage()); +} + +if (!empty($_POST['disable_associations']) || !empty($_SESSION['disable_associations'])) { + $o->disableAssociations(); + $_SESSION['disable_associations'] = true; +} + +if (isset($_POST['openid_url'])) { + + $_SESSION['openid_url'] = $openid_url; + try { + $authRequest = $o->prepare(); + if ($bAutologin) { + $authRequest->setMode(\OpenID::MODE_CHECKID_IMMEDIATE); + } + } catch (\OpenID_Exception $e) { + if ($bAutologin) { + $alres = new Login_AutologinResponse('error', $e->getMessage()); + $alres->send(); + exit(0); + } + throw new Exception($e->getMessage()); + } catch (\Exception $e) { + if ($bAutologin) { + $alres = new Login_AutologinResponse('error', $e->getMessage()); + $alres->send(); + exit(0); + } + throw $e; + } + + // SREG + $sreg = new \OpenID_Extension_SREG11(\OpenID_Extension::REQUEST); + $sreg->set('required', 'email,fullname'); + $authRequest->addExtension($sreg); + + // AX, http://stackoverflow.com/a/7657061/282601 + $ax = new \OpenID_Extension_AX(\OpenID_Extension::REQUEST); + $ax->set('type.email', 'http://axschema.org/contact/email'); + $ax->set('type.firstname', 'http://axschema.org/namePerson/first'); + $ax->set('type.lastname', 'http://axschema.org/namePerson/last'); + $ax->set('type.fullname', 'http://axschema.org/namePerson'); + $ax->set('mode', 'fetch_request'); + $ax->set('required', 'email,firstname,lastname,fullname'); + $authRequest->addExtension($ax); + + $url = $authRequest->getAuthorizeURL(); + + header("Location: $url"); + exit; + +} + +if (isset($_SESSION['openid_url'])) { + $usid = $_SESSION['openid_url']; + unset($_SESSION['openid_url']); +} else { + $usid = null; +} + +unset($_SESSION['disable_associations']); + +if (!count($_POST)) { + list(, $queryString) = explode('?', $_SERVER['REQUEST_URI']); +} else { + // I hate php sometimes + $queryString = file_get_contents('php://input'); +} + +$message = new \OpenID_Message($queryString, \OpenID_Message::FORMAT_HTTP); +$id = $message->get('openid.claimed_id'); +$mode = $message->get('openid.mode'); + +try { + $sep = '?'; + if (strpos($returnTo, '?') !== false) { + $sep = '&'; + } + $result = $o->verify(new \Net_URL2($returnTo . $sep . $queryString), $message); + + if ($result->success()) { + $status = "