X-Git-Url: https://git.cweiske.de/phorkie.git/blobdiff_plain/f5bdbfca6e34e35231ab7ae72241c152b047f86b..78215a8279ecc048bd6bbb6a4977ee58766928b6:/www/login.php

diff --git a/www/login.php b/www/login.php
index 00d1877..2762b4b 100644
--- a/www/login.php
+++ b/www/login.php
@@ -1,45 +1,45 @@
 <?php
-/**
- * OpenID 
- * 
- * PHP Version 5.2.0+
- * 
- * @category  Auth
- * @package   OpenID
- * @author    Bill Shupp <hostmaster@shupp.org> 
- * @copyright 2009 Bill Shupp
- * @license   http://www.opensource.org/licenses/bsd-license.php FreeBSD
- * @link      http://github.com/shupp/openid
- */
 namespace phorkie;
-// A tool for testing Relying Party functionality
-set_include_path(
-    __DIR__ . '/../../src/'
-    . PATH_SEPARATOR . get_include_path()
-);
-
+$noSecurityCheck = true;
 require_once 'www-header.php';
-require_once 'openid/config.php';
-
 
 if (isset($_REQUEST['logout'])) {
     unset($_SESSION);
     session_destroy();
-    $redirect = 'http://' . $_SERVER['HTTP_HOST'];
-    header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
-    exit;
+    //delete last openid cookie.
+    // if you deliberately log out, you do not want to be logged in
+    // automatically on the next page reload.
+    setcookie('lastopenid', '0', time() - 3600);
+
+    header('Location: ' . Tools::fullUrl());
+    exit();
+}
+
+$bAutologin = false;
+if (isset($_GET['autologin']) && $_GET['autologin']
+    && isset($_COOKIE['lastopenid'])
+) {
+    $bAutologin = true;
+    // autologin=1: start openid autologin
+    // autologin=2: response from openid server
+    if ($_GET['autologin'] == 1) {
+        $_POST['openid_url'] = $_COOKIE['lastopenid'];
+    }
 }
 
 if (!count($_GET) && !count($_POST)) {
     render(
         'login',
-        null
+        array(
+            'openid' => isset($_COOKIE['lastopenid'])
+                ? $_COOKIE['lastopenid'] : 'http://'
+        )
     );
-    exit;
+    exit();
 }
 
 // Hackaround Non-Javascript Login Page
-if (!count($_POST) && isset($_GET['start'])) {
+if (!count($_POST) && isset($_GET['openid_url'])) {
     $_POST = $_GET;
 }
 
@@ -51,14 +51,16 @@ if (isset($_POST['openid_url'])) {
     $openid_url = null;
 }
 
+$realm    = Tools::fullUrl();
+$returnTo = Tools::fullUrl('login');
+if ($bAutologin) {
+    $returnTo = Tools::fullUrl('login?autologin=2');
+}
+
 try {
-    $o = new OpenID_RelyingParty($returnTo, $realm, $openid_url);
-} catch (OpenID_Exception $e) {
-    $contents  = "<div class='openid_results'>\n";
-    $contents .= "<pre>" . $e->getMessage() . "</pre>\n";
-    $contents .= "</div class='openid_results'>";
-    include_once 'openid/wrapper.php';
-    exit;
+    $o = new \OpenID_RelyingParty($returnTo, $realm, $openid_url);
+} catch (\OpenID_Exception $e) {
+    throw new Exception($e->getMessage());
 }
 
 if (!empty($_POST['disable_associations']) || !empty($_SESSION['disable_associations'])) {
@@ -66,153 +68,162 @@ if (!empty($_POST['disable_associations']) || !empty($_SESSION['disable_associat
     $_SESSION['disable_associations'] = true;
 }
 
-$log = new OpenID_Observer_Log;
-OpenID::attach($log);
-
-if (isset($_POST['start'])) {
+if (isset($_POST['openid_url'])) {
 
     $_SESSION['openid_url'] = $openid_url;
     try {
         $authRequest = $o->prepare();
-    } catch (OpenID_Exception $e) {
-        $contents  = "<div class='openid_results'>\n";
-        $contents .= "<pre>" . $e->getMessage() . "</pre>\n";
-        $contents .= "</div class='openid_results'>";
-        include_once 'openid/wrapper.php';
-        exit;
-    }
-
-    // checkid_immediate
-    if (!empty($_POST['checkid_immediate'])) {
-        $authRequest->setMode('checkid_immediate');
+        if ($bAutologin) {
+            $authRequest->setMode(\OpenID::MODE_CHECKID_IMMEDIATE);
+        }
+    } catch (\OpenID_Exception $e) {
+        if ($bAutologin) {
+            $alres = new Login_AutologinResponse('error', $e->getMessage());
+            $alres->send();
+            exit(0);
+        }
+        throw new Exception($e->getMessage());
+    } catch (\Exception $e) {
+        if ($bAutologin) {
+            $alres = new Login_AutologinResponse('error', $e->getMessage());
+            $alres->send();
+            exit(0);
+        }
+        throw $e;
     }
 
     // SREG
-    $sreg = new OpenID_Extension_SREG11(OpenID_Extension::REQUEST);
-    $sreg->set('required', 'email,firstname,lastname,nickname');
-    $sreg->set('optional', 'gender,dob');
+    $sreg = new \OpenID_Extension_SREG11(\OpenID_Extension::REQUEST);
+    $sreg->set('required', 'email,fullname');
     $authRequest->addExtension($sreg);
 
-    // AX
-    $ax = new OpenID_Extension_AX(OpenID_Extension::REQUEST);
+    // AX, http://stackoverflow.com/a/7657061/282601
+    $ax = new \OpenID_Extension_AX(\OpenID_Extension::REQUEST);
     $ax->set('type.email', 'http://axschema.org/contact/email');
     $ax->set('type.firstname', 'http://axschema.org/namePerson/first');
     $ax->set('type.lastname', 'http://axschema.org/namePerson/last');
+    $ax->set('type.fullname', 'http://axschema.org/namePerson');
     $ax->set('mode', 'fetch_request');
-    $ax->set('required', 'email,firstname,lastname');
+    $ax->set('required', 'email,firstname,lastname,fullname');
     $authRequest->addExtension($ax);
 
-    // UI
-    if (!empty($_POST['ui'])) {
-        $ui = new OpenID_Extension_UI(OpenID_Extension::REQUEST);
-        $ui->set('mode', 'popup');
-        $ui->set('language', 'en-US');
-        $authRequest->addExtension($ui);
-    }
+    $url = $authRequest->getAuthorizeURL();
 
-    // OAuth
-    if (!empty($_POST['oauth'])) {
-        $oauth = new OpenID_Extension_OAuth(OpenID_Extension::REQUEST);
-        $oauth->set('consumer', $_POST['oauth_consumer_key']);
-        $_SESSION['OAuth_consumer_key']    = $_POST['oauth_consumer_key'];
-        $_SESSION['OAuth_consumer_secret'] = $_POST['oauth_consumer_secret'];
+    header("Location: $url");
+    exit;
+    
+}
 
-        $oauth->set('scope', $_POST['oauth_scope']);
-        $_SESSION['OAuth_scope'] = $_POST['oauth_scope'];
+if (isset($_SESSION['openid_url'])) {
+    $usid = $_SESSION['openid_url'];
+    unset($_SESSION['openid_url']);
+} else {
+    $usid = null;
+}
 
-        $_SESSION['OAuth_access_token_url']    = $_POST['oauth_access_token_url'];
-        $_SESSION['OAuth_access_token_method'] = $_POST['oauth_access_token_method'];
+unset($_SESSION['disable_associations']);
 
-        $authRequest->addExtension($oauth);
-    }
-    
-    $url = $authRequest->getAuthorizeURL();
-    
-    if (empty($_POST['debug'])) {
-        header("Location: $url");
-        exit;
-    }
-    
+if (!count($_POST)) {
+    list(, $queryString) = explode('?', $_SERVER['REQUEST_URI']);
 } else {
-    if (isset($_SESSION['openid_url'])) {
-        $usid = $_SESSION['openid_url'];
-        unset($_SESSION['openid_url']);
-    } else {
-        $usid = null;
-    }
+    // I hate php sometimes
+    $queryString = file_get_contents('php://input');
+}
 
-    unset($_SESSION['disable_associations']);
+$message = new \OpenID_Message($queryString, \OpenID_Message::FORMAT_HTTP);
+$id      = $message->get('openid.claimed_id');
+$mode    = $message->get('openid.mode');
 
-    if (!count($_POST)) {
-        list(, $queryString) = explode('?', $_SERVER['REQUEST_URI']);
-    } else {
-        // I hate php sometimes
-        $queryString = file_get_contents('php://input');
+try {
+    $sep = '?';
+    if (strpos($returnTo, '?') !== false) {
+        $sep = '&';
     }
+    $result = $o->verify(new \Net_URL2($returnTo . $sep . $queryString), $message);
 
-    $message = new OpenID_Message($queryString, OpenID_Message::FORMAT_HTTP);
-    $id      = $message->get('openid.claimed_id');
-    $mode    = $message->get('openid.mode');
-
-    try {
-        $result = $o->verify(new Net_URL2($returnTo . '?' . $queryString), $message);
-
-        if ($result->success()) {
-            $status  = "<tr><td>Status:</td><td><font color='green'>SUCCESS!";
-            $status .= " ({$result->getAssertionMethod()})</font></td></tr>";
-        } else {
-            $status  = "<tr><td>Status:</td><td><font color='red'>FAIL!";
-            $status .= " ({$result->getAssertionMethod()})</font></td></tr>";
+    if ($result->success()) {
+        $status  = "<tr><td>Status:</td><td><font color='green'>SUCCESS!";
+        $status .= " ({$result->getAssertionMethod()})</font></td></tr>";
+    } else {
+        if ($bAutologin) {
+            $alres = new Login_AutologinResponse(
+                'error', 'Error logging in: ' . $result->getAssertionMethod()
+            );
+            $alres->send();
+            exit(0);
         }
-    } catch (OpenID_Exception $e) {
-        $status  = "<tr><td>Status:</td><td><font color='red'>EXCEPTION!";
-        $status .= " ({$e->getMessage()} : {$e->getCode()})</font></td></tr>";
+        throw new Exception('Error logging in');
+        $status  = "<tr><td>Status:</td><td><font color='red'>FAIL!";
+        $status .= " ({$result->getAssertionMethod()})</font></td></tr>";
     }
-
-    // OAuth hyprid fetching access token
-    if (isset($_SESSION['OAuth_consumer_key'],
-              $_SESSION['OAuth_consumer_secret'],
-              $_SESSION['OAuth_access_token_url'],
-              $_SESSION['OAuth_access_token_method'])) {
-
-        try {
-            $oauth = new OpenID_Extension_OAuth(OpenID_Extension::RESPONSE,
-                                                $message);
-
-            // Fix line lengths.
-            $consumerKey    = $_SESSION['OAuth_consumer_key'];
-            $consumerSecret = $_SESSION['OAuth_consumer_key'];
-            $tokenURL       = $_SESSION['OAuth_access_token_url'];
-            $tokenMethod    = $_SESSION['OAuth_access_token_method'];
-
-            $oauthData = $oauth->getAccessToken($consumerKey,
-                                                $consumerSecret,
-                                                $tokenURL,
-                                                array(),
-                                                $tokenMethod);
-
-        } catch (Exception $e) {
-        }
+} catch (\OpenID_Exception $e) {
+    if ($bAutologin) {
+        $alres = new Login_AutologinResponse('error', $e->getMessage());
+        $alres->send();
+        exit(0);
     }
+    throw new Exception('Error logging in');
+    $status  = "<tr><td>Status:</td><td><font color='red'>EXCEPTION!";
+    $status .= " ({$e->getMessage()} : {$e->getCode()})</font></td></tr>";
+}
 
-    $openid = $message->getArrayFormat();
-
-    $email = (isset($openid['openid.ext1.value.email'])) ? $openid['openid.ext1.value.email'] : null;
-    $email = (isset($openid['openid.ext2.value.email']) && !isset($email)) ? $openid['openid.ext2.value.email'] : $email;
-    $email = (isset($openid['openid.sreg.email']) && !isset($email)) ? $openid['openid.sreg.email'] : $email;
-    $email = (isset($openid['openid.ax.value.email']) && !isset($email)) ? $openid['openid.ax.value.email'] : $email;
-    $_SESSION['email'] = (isset($email)) ? $email : $GLOBALS['phorkie']['auth']['anonymousEmail'];
 
-    $name = (isset($openid['openid.ext1.value.firstname']) && isset($openid['openid.ext1.value.lastname'])) ? $openid['openid.ext1.value.firstname']." ".$openid['openid.ext1.value.lastname'] : null;
-    $name = (isset($openid['openid.sreg.firstname']) && isset($openid['openid.sreg.lastname']) && !isset($name)) ? $openid['openid.sreg.firstname']." ".$openid['openid.sreg.lastname'] : $name;
-    $name = (isset($openid['openid.sreg.nickname']) && !isset($name)) ? $openid['openid.sreg.nickname'] : $name;
-    $_SESSION['name'] = (isset($name)) ? $name : $_SERVER['REMOTE_ADDR'];
+$openid = $message->getArrayFormat();
+
+$email = isset($openid['openid.ext1.value.email'])
+    ? $openid['openid.ext1.value.email']
+    : null;
+$email = isset($openid['openid.ext2.value.email']) && !isset($email)
+    ? $openid['openid.ext2.value.email']
+    : $email;
+$email = isset($openid['openid.sreg.email']) && !isset($email)
+    ? $openid['openid.sreg.email']
+    : $email;
+$email = isset($openid['openid.ax.value.email'])
+    && isset($openid['openid.ax.type.email'])
+    && $openid['openid.ax.type.email'] == 'http://axschema.org/contact/email'
+    && !isset($email)
+    ? $openid['openid.ax.value.email']
+    : $email;
+$_SESSION['email'] = isset($email)
+    ? $email
+    : $GLOBALS['phorkie']['auth']['anonymousEmail'];
+
+$name = isset($openid['openid.ext1.value.firstname'])
+    && isset($openid['openid.ext1.value.lastname'])
+    ? $openid['openid.ext1.value.firstname'] . ' '
+    . $openid['openid.ext1.value.lastname']
+    : null;
+$name = isset($openid['openid.sreg.fullname']) && !isset($name)
+    ? $openid['openid.sreg.fullname']
+    : $name;
+$name = isset($openid['openid.ax.value.fullname'])
+    && isset($openid['openid.ax.type.fullname'])
+    && $openid['openid.ax.type.fullname'] == 'http://axschema.org/namePerson'
+    && !isset($name)
+    ? $openid['openid.ax.value.fullname']
+    : $name;
+
+$_SESSION['name'] = isset($name) ? $name : $_SERVER['REMOTE_ADDR'];
+$_SESSION['identity'] = $openid['openid.identity'];
+
+setcookie('tried-autologin', '0', time() - 3600);//delete
+setcookie('lastopenid', $_SESSION['identity'], time() + 84600 * 60);
+
+if ($bAutologin) {
+    $alres = new Login_AutologinResponse('ok');
+    $alres->name     = $_SESSION['name'];
+    $alres->identity = $_SESSION['identity'];
+    $alres->send();
+    exit(0);
+}
 
-    $_SESSION['identity'] = $openid['openid.identity'];
 
-    $redirect = 'http://' . $_SERVER['HTTP_HOST'] . $_SESSION['REQUEST_URI'];
-    header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
-    exit;
+$url = '';
+if (isset($_SESSION['REQUEST_URI'])) {
+    $url = substr($_SESSION['REQUEST_URI'], 1);
 }
-
+$redirect = Tools::fullUrl($url);
+header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
+exit;
 ?>