X-Git-Url: https://git.cweiske.de/phorkie.git/blobdiff_plain/dff68e21ac958ebfb8164bca4cb2143c427f4330..ffa9d514d3a14c76170e26047f09009b4a6de07c:/www/login.php diff --git a/www/login.php b/www/login.php index b8cb512..9c1b136 100644 --- a/www/login.php +++ b/www/login.php @@ -1,46 +1,22 @@ - * @copyright 2009 Bill Shupp - * @license http://www.opensource.org/licenses/bsd-license.php FreeBSD - * @link http://github.com/shupp/openid - */ namespace phorkie; -// A tool for testing Relying Party functionality -set_include_path( - __DIR__ . '/../../src/' - . PATH_SEPARATOR . get_include_path() -); - -$pageRequiresLogin = false; +$noSecurityCheck = true; require_once 'www-header.php'; -require_once 'openid/config.php'; - if (isset($_REQUEST['logout'])) { unset($_SESSION); session_destroy(); - $redirect = 'http://' . $_SERVER['HTTP_HOST']; - header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL)); - exit; + header('Location: ' . Tools::fullUrl('/')); + exit(); } if (!count($_GET) && !count($_POST)) { - render( - 'login', - null - ); - exit; + render('login'); + exit(); } // Hackaround Non-Javascript Login Page -if (!count($_POST) && isset($_GET['start'])) { +if (!count($_POST) && isset($_GET['openid_url'])) { $_POST = $_GET; } @@ -52,6 +28,9 @@ if (isset($_POST['openid_url'])) { $openid_url = null; } +$realm = Tools::fullUrl('/'); +$returnTo = Tools::fullUrl('/login'); + try { $o = new \OpenID_RelyingParty($returnTo, $realm, $openid_url); } catch (OpenID_Exception $e) { @@ -70,7 +49,7 @@ if (!empty($_POST['disable_associations']) || !empty($_SESSION['disable_associat $log = new \OpenID_Observer_Log; \OpenID::attach($log); -if (isset($_POST['start'])) { +if (isset($_POST['openid_url'])) { $_SESSION['openid_url'] = $openid_url; try { @@ -83,15 +62,9 @@ if (isset($_POST['start'])) { exit; } - // checkid_immediate - if (!empty($_POST['checkid_immediate'])) { - $authRequest->setMode('checkid_immediate'); - } - // SREG $sreg = new \OpenID_Extension_SREG11(\OpenID_Extension::REQUEST); - $sreg->set('required', 'email,firstname,lastname,nickname'); - $sreg->set('optional', 'gender,dob'); + $sreg->set('required', 'email,fullname'); $authRequest->addExtension($sreg); // AX @@ -103,117 +76,84 @@ if (isset($_POST['start'])) { $ax->set('required', 'email,firstname,lastname'); $authRequest->addExtension($ax); - // UI - if (!empty($_POST['ui'])) { - $ui = new \OpenID_Extension_UI(\OpenID_Extension::REQUEST); - $ui->set('mode', 'popup'); - $ui->set('language', 'en-US'); - $authRequest->addExtension($ui); - } - - // OAuth - if (!empty($_POST['oauth'])) { - $oauth = new \OpenID_Extension_OAuth(\OpenID_Extension::REQUEST); - $oauth->set('consumer', $_POST['oauth_consumer_key']); - $_SESSION['OAuth_consumer_key'] = $_POST['oauth_consumer_key']; - $_SESSION['OAuth_consumer_secret'] = $_POST['oauth_consumer_secret']; - - $oauth->set('scope', $_POST['oauth_scope']); - $_SESSION['OAuth_scope'] = $_POST['oauth_scope']; - - $_SESSION['OAuth_access_token_url'] = $_POST['oauth_access_token_url']; - $_SESSION['OAuth_access_token_method'] = $_POST['oauth_access_token_method']; - - $authRequest->addExtension($oauth); - } - $url = $authRequest->getAuthorizeURL(); + + header("Location: $url"); + exit; - if (empty($_POST['debug'])) { - header("Location: $url"); - exit; - } - +} + +if (isset($_SESSION['openid_url'])) { + $usid = $_SESSION['openid_url']; + unset($_SESSION['openid_url']); } else { - if (isset($_SESSION['openid_url'])) { - $usid = $_SESSION['openid_url']; - unset($_SESSION['openid_url']); - } else { - $usid = null; - } + $usid = null; +} - unset($_SESSION['disable_associations']); +unset($_SESSION['disable_associations']); - if (!count($_POST)) { - list(, $queryString) = explode('?', $_SERVER['REQUEST_URI']); - } else { - // I hate php sometimes - $queryString = file_get_contents('php://input'); - } +if (!count($_POST)) { + list(, $queryString) = explode('?', $_SERVER['REQUEST_URI']); +} else { + // I hate php sometimes + $queryString = file_get_contents('php://input'); +} - $message = new \OpenID_Message($queryString, \OpenID_Message::FORMAT_HTTP); - $id = $message->get('openid.claimed_id'); - $mode = $message->get('openid.mode'); +$message = new \OpenID_Message($queryString, \OpenID_Message::FORMAT_HTTP); +$id = $message->get('openid.claimed_id'); +$mode = $message->get('openid.mode'); - try { - $result = $o->verify(new \Net_URL2($returnTo . '?' . $queryString), $message); - - if ($result->success()) { - $status = "