X-Git-Url: https://git.cweiske.de/phorkie.git/blobdiff_plain/f662a50e02abe50321766c84a23b977a455d401c..78215a8279ecc048bd6bbb6a4977ee58766928b6:/www/login.php

diff --git a/www/login.php b/www/login.php
index 6a13fa2..2762b4b 100644
--- a/www/login.php
+++ b/www/login.php
@@ -1,17 +1,40 @@
 <?php
 namespace phorkie;
-$pageRequiresLogin = false;
+$noSecurityCheck = true;
 require_once 'www-header.php';
 
 if (isset($_REQUEST['logout'])) {
     unset($_SESSION);
     session_destroy();
-    header('Location: ' . Tools::fullUrl('/'));
+    //delete last openid cookie.
+    // if you deliberately log out, you do not want to be logged in
+    // automatically on the next page reload.
+    setcookie('lastopenid', '0', time() - 3600);
+
+    header('Location: ' . Tools::fullUrl());
     exit();
 }
 
+$bAutologin = false;
+if (isset($_GET['autologin']) && $_GET['autologin']
+    && isset($_COOKIE['lastopenid'])
+) {
+    $bAutologin = true;
+    // autologin=1: start openid autologin
+    // autologin=2: response from openid server
+    if ($_GET['autologin'] == 1) {
+        $_POST['openid_url'] = $_COOKIE['lastopenid'];
+    }
+}
+
 if (!count($_GET) && !count($_POST)) {
-    render('login');
+    render(
+        'login',
+        array(
+            'openid' => isset($_COOKIE['lastopenid'])
+                ? $_COOKIE['lastopenid'] : 'http://'
+        )
+    );
     exit();
 }
 
@@ -28,17 +51,16 @@ if (isset($_POST['openid_url'])) {
     $openid_url = null;
 }
 
-$realm    = Tools::fullUrl('/');
-$returnTo = Tools::fullUrl('/login');
+$realm    = Tools::fullUrl();
+$returnTo = Tools::fullUrl('login');
+if ($bAutologin) {
+    $returnTo = Tools::fullUrl('login?autologin=2');
+}
 
 try {
     $o = new \OpenID_RelyingParty($returnTo, $realm, $openid_url);
-} catch (OpenID_Exception $e) {
-    $contents  = "<div class='openid_results'>\n";
-    $contents .= "<pre>" . $e->getMessage() . "</pre>\n";
-    $contents .= "</div class='openid_results'>";
-    include_once 'openid/wrapper.php';
-    exit;
+} catch (\OpenID_Exception $e) {
+    throw new Exception($e->getMessage());
 }
 
 if (!empty($_POST['disable_associations']) || !empty($_SESSION['disable_associations'])) {
@@ -46,20 +68,28 @@ if (!empty($_POST['disable_associations']) || !empty($_SESSION['disable_associat
     $_SESSION['disable_associations'] = true;
 }
 
-$log = new \OpenID_Observer_Log;
-\OpenID::attach($log);
-
 if (isset($_POST['openid_url'])) {
 
     $_SESSION['openid_url'] = $openid_url;
     try {
         $authRequest = $o->prepare();
-    } catch (OpenID_Exception $e) {
-        $contents  = "<div class='openid_results'>\n";
-        $contents .= "<pre>" . $e->getMessage() . "</pre>\n";
-        $contents .= "</div class='openid_results'>";
-        include_once 'openid/wrapper.php';
-        exit;
+        if ($bAutologin) {
+            $authRequest->setMode(\OpenID::MODE_CHECKID_IMMEDIATE);
+        }
+    } catch (\OpenID_Exception $e) {
+        if ($bAutologin) {
+            $alres = new Login_AutologinResponse('error', $e->getMessage());
+            $alres->send();
+            exit(0);
+        }
+        throw new Exception($e->getMessage());
+    } catch (\Exception $e) {
+        if ($bAutologin) {
+            $alres = new Login_AutologinResponse('error', $e->getMessage());
+            $alres->send();
+            exit(0);
+        }
+        throw $e;
     }
 
     // SREG
@@ -67,17 +97,18 @@ if (isset($_POST['openid_url'])) {
     $sreg->set('required', 'email,fullname');
     $authRequest->addExtension($sreg);
 
-    // AX
+    // AX, http://stackoverflow.com/a/7657061/282601
     $ax = new \OpenID_Extension_AX(\OpenID_Extension::REQUEST);
     $ax->set('type.email', 'http://axschema.org/contact/email');
     $ax->set('type.firstname', 'http://axschema.org/namePerson/first');
     $ax->set('type.lastname', 'http://axschema.org/namePerson/last');
+    $ax->set('type.fullname', 'http://axschema.org/namePerson');
     $ax->set('mode', 'fetch_request');
-    $ax->set('required', 'email,firstname,lastname');
+    $ax->set('required', 'email,firstname,lastname,fullname');
     $authRequest->addExtension($ax);
 
     $url = $authRequest->getAuthorizeURL();
-    
+
     header("Location: $url");
     exit;
     
@@ -104,19 +135,37 @@ $id      = $message->get('openid.claimed_id');
 $mode    = $message->get('openid.mode');
 
 try {
-    $result = $o->verify(new \Net_URL2($returnTo . '?' . $queryString), $message);
+    $sep = '?';
+    if (strpos($returnTo, '?') !== false) {
+        $sep = '&';
+    }
+    $result = $o->verify(new \Net_URL2($returnTo . $sep . $queryString), $message);
 
     if ($result->success()) {
         $status  = "<tr><td>Status:</td><td><font color='green'>SUCCESS!";
         $status .= " ({$result->getAssertionMethod()})</font></td></tr>";
     } else {
+        if ($bAutologin) {
+            $alres = new Login_AutologinResponse(
+                'error', 'Error logging in: ' . $result->getAssertionMethod()
+            );
+            $alres->send();
+            exit(0);
+        }
+        throw new Exception('Error logging in');
         $status  = "<tr><td>Status:</td><td><font color='red'>FAIL!";
         $status .= " ({$result->getAssertionMethod()})</font></td></tr>";
     }
-} catch (OpenID_Exception $e) {
+} catch (\OpenID_Exception $e) {
+    if ($bAutologin) {
+        $alres = new Login_AutologinResponse('error', $e->getMessage());
+        $alres->send();
+        exit(0);
+    }
+    throw new Exception('Error logging in');
     $status  = "<tr><td>Status:</td><td><font color='red'>EXCEPTION!";
     $status .= " ({$e->getMessage()} : {$e->getCode()})</font></td></tr>";
-  }
+}
 
 
 $openid = $message->getArrayFormat();
@@ -130,7 +179,10 @@ $email = isset($openid['openid.ext2.value.email']) && !isset($email)
 $email = isset($openid['openid.sreg.email']) && !isset($email)
     ? $openid['openid.sreg.email']
     : $email;
-$email = isset($openid['openid.ax.value.email']) && !isset($email)
+$email = isset($openid['openid.ax.value.email'])
+    && isset($openid['openid.ax.type.email'])
+    && $openid['openid.ax.type.email'] == 'http://axschema.org/contact/email'
+    && !isset($email)
     ? $openid['openid.ax.value.email']
     : $email;
 $_SESSION['email'] = isset($email)
@@ -145,11 +197,33 @@ $name = isset($openid['openid.ext1.value.firstname'])
 $name = isset($openid['openid.sreg.fullname']) && !isset($name)
     ? $openid['openid.sreg.fullname']
     : $name;
+$name = isset($openid['openid.ax.value.fullname'])
+    && isset($openid['openid.ax.type.fullname'])
+    && $openid['openid.ax.type.fullname'] == 'http://axschema.org/namePerson'
+    && !isset($name)
+    ? $openid['openid.ax.value.fullname']
+    : $name;
 
 $_SESSION['name'] = isset($name) ? $name : $_SERVER['REMOTE_ADDR'];
 $_SESSION['identity'] = $openid['openid.identity'];
 
-$redirect = 'http://' . $_SERVER['HTTP_HOST'] . $_SESSION['REQUEST_URI'];
+setcookie('tried-autologin', '0', time() - 3600);//delete
+setcookie('lastopenid', $_SESSION['identity'], time() + 84600 * 60);
+
+if ($bAutologin) {
+    $alres = new Login_AutologinResponse('ok');
+    $alres->name     = $_SESSION['name'];
+    $alres->identity = $_SESSION['identity'];
+    $alres->send();
+    exit(0);
+}
+
+
+$url = '';
+if (isset($_SESSION['REQUEST_URI'])) {
+    $url = substr($_SESSION['REQUEST_URI'], 1);
+}
+$redirect = Tools::fullUrl($url);
 header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
 exit;
 ?>