diff options
| author | Justin J. Novack <jnovack@gmail.com> | 2012-09-16 01:17:46 -0400 |
|---|---|---|
| committer | Justin J. Novack <jnovack@gmail.com> | 2012-09-16 01:17:46 -0400 |
| commit | a73791f16d10ea0e2c477f29d9049d75516aa774 (patch) | |
| tree | c5cc7406b5710804600477a45d20fa21815c67a3 | |
| parent | b0687c328fcaa4d891b31c2146694654cd4707c9 (diff) | |
| download | phorkie-a73791f16d10ea0e2c477f29d9049d75516aa774.tar.gz phorkie-a73791f16d10ea0e2c477f29d9049d75516aa774.zip | |
Added OpenID Authentication
| -rw-r--r-- | data/config.default.php | 5 | ||||
| -rw-r--r-- | data/config.php.dist | 4 | ||||
| -rw-r--r-- | data/templates/base.htm | 8 | ||||
| -rw-r--r-- | data/templates/forbidden.htm | 21 | ||||
| -rw-r--r-- | data/templates/login.htm | 44 | ||||
| -rw-r--r-- | src/openid/config.php | 55 | ||||
| -rw-r--r-- | src/openid/wrapper.php | 27 | ||||
| -rw-r--r-- | www/.htaccess | 4 | ||||
| -rw-r--r-- | www/auth.php | 258 | ||||
| -rw-r--r-- | www/css/debug.css | 85 | ||||
| -rw-r--r-- | www/css/openid.css | 64 | ||||
| -rw-r--r-- | www/delete.php | 3 | ||||
| -rw-r--r-- | www/display.php | 3 | ||||
| -rw-r--r-- | www/edit.php | 3 | ||||
| -rw-r--r-- | www/forbidden.php | 11 | ||||
| -rw-r--r-- | www/fork.php | 3 | ||||
| -rw-r--r-- | www/images/access_denied.png | bin | 0 -> 15610 bytes | |||
| -rw-r--r-- | www/images/google.gif | bin | 0 -> 1596 bytes | |||
| -rw-r--r-- | www/images/openid-inputicon.gif | bin | 0 -> 237 bytes | |||
| -rw-r--r-- | www/images/yahoo.gif | bin | 0 -> 1682 bytes | |||
| -rw-r--r-- | www/index.php | 3 | ||||
| -rw-r--r-- | www/list.php | 5 | ||||
| -rw-r--r-- | www/login.php | 11 | ||||
| -rw-r--r-- | www/new.php | 3 | ||||
| -rw-r--r-- | www/raw.php | 3 | ||||
| -rw-r--r-- | www/revision.php | 3 | ||||
| -rw-r--r-- | www/secure.php | 11 | ||||
| -rw-r--r-- | www/www-header.php | 4 |
28 files changed, 640 insertions, 1 deletions
diff --git a/data/config.default.php b/data/config.default.php index 88c9ae5..7ecbda3 100644 --- a/data/config.default.php +++ b/data/config.default.php @@ -12,6 +12,11 @@ $GLOBALS['phorkie']['cfg'] = array( 'geshi' => 'MediaWiki/geshi/geshi/geshi.php', 'index' => 'new'//"new" or "list" ); +$GLOBALS['phorkie']['auth'] = array( + 'secure' => 0, // 0 = public, no authentication, 1 = protect adds/edits/deletes, 2 = use authentication + 'userlist' => false, // true = user must be explicitly defined, false = anyone allowed, but they must authenticate + 'anonymousEmail' => 'anonymous@phorkie' // Email for non-authenticated commits +); $GLOBALS['phorkie']['tools'] = array( '\\phorkie\\Tool_Xmllint' => true, '\\phorkie\\Tool_PHPlint' => true, diff --git a/data/config.php.dist b/data/config.php.dist index 1e814bd..e90f704 100644 --- a/data/config.php.dist +++ b/data/config.php.dist @@ -5,4 +5,8 @@ //$GLOBALS['phorkie']['cfg']['git']['private'] = 'ssh://git@bogo:paste/'; //$GLOBALS['phorkie']['cfg']['elasticsearch'] = 'http://localhost:9200/phorkie/'; //$GLOBALS['phorkie']['cfg']['setupcheck'] = false; +//$GLOBALS['phorkie']['users'] = array( +// 'https://www.google.com/accounts/o8/id?id=ABCDEFGHIJKLMNOPQRSTUVWXYZ', +// 'http://anonymous.phorkie.openid' +//); ?> diff --git a/data/templates/base.htm b/data/templates/base.htm index 2b8544b..8192b6b 100644 --- a/data/templates/base.htm +++ b/data/templates/base.htm @@ -25,6 +25,14 @@ <li> <a href="/list">List all</a> </li> + {% if identity %} + <li> + <a href="#">{{name}} ({{email}})</a> + </li> + <li> + <a href="/auth?logout">Logout</a> + </li> + {% endif %} {% if db.adapter %} <li> <form class="navbar-search pull-left" action="/search" method="get"> diff --git a/data/templates/forbidden.htm b/data/templates/forbidden.htm new file mode 100644 index 0000000..ad40a9f --- /dev/null +++ b/data/templates/forbidden.htm @@ -0,0 +1,21 @@ +{% extends "base.htm" %} +{% block title %}Access Denied{% endblock %} + +{% block content %} + +<fieldset> + <legend>Access Denied</legend> + <img src="images/access_denied.png"> +</fieldset> +{% endblock %} + +{% block sidebar %} + {% if recents.results %} + <h3>Recently created</h3> + <ul> + {% for repo in recents.repos %} + {% include 'repo-sidebar-list.htm' %} + {% endfor %} + </ul> + {% endif %} +{% endblock %} diff --git a/data/templates/login.htm b/data/templates/login.htm new file mode 100644 index 0000000..13d86be --- /dev/null +++ b/data/templates/login.htm @@ -0,0 +1,44 @@ +{% extends "base.htm" %} +{% block title %}Login{% endblock %} + +{% block content %} + +<!-- Simple OpenID Selector --> +<link rel="stylesheet" href="css/openid.css" /> + +<style type="text/css"> +/* Basic page formatting. */ +</style> + +<form method="post" action="/auth" id="openid_form"> + <input id="start" name="start" type="hidden" value="submit" /> + <input id="sreg" name="sreg" type="hidden" value="on" /> + <input id="ax" name="ax" type="hidden" value="on" /> + +<fieldset> + <legend>Sign-in</legend> + <div id="openid_choice" style="display: block; "> + <p>Please choose your account provider</p> + <div id="openid_btns"> + <a title="Google" href="/auth?identifier=https://www.google.com/accounts/o8/id&ax=on&sreg=on&start=submit" class="google openid_large_btn"></a> + <a title="Yahoo" href="/auth?identifier=http://yahoo.com&ax=on&sreg=on&start=submit" class="yahoo openid_large_btn"></a> + </div> + <div id="openid_input_area"> + <p>or enter your OpenID URL.</p> + <input class="" id="identifier" type="text" name="identifier" value="http://"> + <input class="btn" id="openid_submit" type="submit" value="Sign-In"> + </div> + </div> +</fieldset> +{% endblock %} + +{% block sidebar %} + {% if recents.results %} + <h3>Recently created</h3> + <ul> + {% for repo in recents.repos %} + {% include 'repo-sidebar-list.htm' %} + {% endfor %} + </ul> + {% endif %} +{% endblock %} diff --git a/src/openid/config.php b/src/openid/config.php new file mode 100644 index 0000000..fdec5e1 --- /dev/null +++ b/src/openid/config.php @@ -0,0 +1,55 @@ +<?php +/** + * OpenID + * + * PHP Version 5.2.0+ + * + * @category Auth + * @package OpenID + * @author Bill Shupp <hostmaster@shupp.org> + * @copyright 2009 Bill Shupp + * @license http://www.opensource.org/licenses/bsd-license.php FreeBSD + * @link http://github.com/shupp/openid + */ + +set_include_path(dirname(__FILE__) . '/../../:' . get_include_path()); + +/** + * Required files + */ +require_once 'OpenID/RelyingParty.php'; +require_once 'OpenID/Discover.php'; +require_once 'OpenID/Store.php'; +require_once 'OpenID/Extension/SREG10.php'; +require_once 'OpenID/Extension/SREG11.php'; +require_once 'OpenID/Extension/AX.php'; +require_once 'OpenID/Extension/UI.php'; +require_once 'OpenID/Extension/OAuth.php'; +require_once 'OpenID/Message.php'; +require_once 'OpenID/Observer/Log.php'; +require_once 'Net/URL2.php'; + +// Determine realm and return_to +$base = 'http'; +if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') { + $base .= 's'; +} +$base .= '://' . $_SERVER['SERVER_NAME'] . ':' . $_SERVER['SERVER_PORT']; + +$realm = $base . '/'; +$returnTo = $base . dirname($_SERVER['PHP_SELF']); +if ($returnTo[strlen($returnTo) - 1] != '/') { + $returnTo .= '/'; +} +$returnTo .= 'auth'; + +// SQL storage example +// $storeOptions = array( +// 'dsn' => 'mysql://user:pass@db.example.com/openid' +// ); +// OpenID::setStore(OpenID_Store::factory('MDB2', $storeOptions)); +// +// // The first time you run it, you'll also need to create the tables: +// OpenID::getStore()->createTables(); + +?> diff --git a/src/openid/wrapper.php b/src/openid/wrapper.php new file mode 100644 index 0000000..cb57f4e --- /dev/null +++ b/src/openid/wrapper.php @@ -0,0 +1,27 @@ +<?php +/** + * OpenID + * + * PHP Version 5.2.0+ + * + * @category Auth + * @package OpenID + * @author Bill Shupp <hostmaster@shupp.org> + * @copyright 2009 Bill Shupp + * @license http://www.opensource.org/licenses/bsd-license.php FreeBSD + * @link http://github.com/shupp/openid + */ +?> +<html> + <head> + <title>PEAR OpenID Debug</title> + <link rel="stylesheet" href="/css/debug.css" type="text/css" /> + </head> + <body> +<?php +if (isset($contents)) { + echo $contents; +} +?> + </body> +</html> diff --git a/www/.htaccess b/www/.htaccess index a8f2eed..fd2963b 100644 --- a/www/.htaccess +++ b/www/.htaccess @@ -19,3 +19,7 @@ RewriteRule ^list/([0-9]+)$ /list.php?page=$1 RewriteRule ^search$ /search.php RewriteRule ^search/([0-9]+)$ /search.php?page=$1 + +RewriteRule ^auth$ /auth.php +RewriteRule ^login$ /login.php +RewriteRule ^forbidden$ /forbidden.php diff --git a/www/auth.php b/www/auth.php new file mode 100644 index 0000000..8fe38e0 --- /dev/null +++ b/www/auth.php @@ -0,0 +1,258 @@ +<?php +/** + * OpenID + * + * PHP Version 5.2.0+ + * + * @category Auth + * @package OpenID + * @author Bill Shupp <hostmaster@shupp.org> + * @copyright 2009 Bill Shupp + * @license http://www.opensource.org/licenses/bsd-license.php FreeBSD + * @link http://github.com/shupp/openid + */ + +// A tool for testing Relying Party functionality +set_include_path( + __DIR__ . '/../../src/' + . PATH_SEPARATOR . get_include_path() +); + +require_once 'www-header.php'; +require_once 'openid/config.php'; + + +if (isset($_REQUEST['logout'])) { + unset($_SESSION); + session_destroy(); + $redirect = 'http://' . $_SERVER['HTTP_HOST']; + header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL)); + exit; +} + +if (!count($_GET) && !count($_POST)) { + $redirect = 'http://' . $_SERVER['HTTP_HOST'] . "/login"; + header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL)); + exit; +} + +// Hackaround Non-Javascript Login Page +if (!count($_POST) && isset($_GET['start'])) { + $_POST = $_GET; +} + +if (isset($_POST['identifier'])) { + $identifier = $_POST['identifier']; +} else if (isset($_SESSION['identifier'])) { + $identifier = $_SESSION['identifier']; +} else { + $identifier = null; +} + +try { + $o = new OpenID_RelyingParty($returnTo, $realm, $identifier); +} catch (OpenID_Exception $e) { + $contents = "<div class='openid_results'>\n"; + $contents .= "<pre>" . $e->getMessage() . "</pre>\n"; + $contents .= "</div class='openid_results'>"; + include_once 'openid/wrapper.php'; + exit; +} + +if (!empty($_POST['disable_associations']) + || !empty($_SESSION['disable_associations'])) { + + $o->disableAssociations(); + $_SESSION['disable_associations'] = true; +} + +$log = new OpenID_Observer_Log; +OpenID::attach($log); + +if (isset($_POST['start'])) { + + $_SESSION['identifier'] = $identifier; + try { + $authRequest = $o->prepare(); + } catch (OpenID_Exception $e) { + $contents = "<div class='openid_results'>\n"; + $contents .= "<pre>" . $e->getMessage() . "</pre>\n"; + $contents .= "</div class='openid_results'>"; + include_once 'openid/wrapper.php'; + exit; + } + + // checkid_immediate + if (!empty($_POST['checkid_immediate'])) { + $authRequest->setMode('checkid_immediate'); + } + + // SREG + if (!empty($_POST['sreg'])) { + $sreg = new OpenID_Extension_SREG11(OpenID_Extension::REQUEST); + $sreg->set('required', 'email,firstname,lastname,nickname'); + $sreg->set('optional', 'gender,dob'); + $authRequest->addExtension($sreg); + } + + // AX + if (!empty($_POST['ax'])) { + $ax = new OpenID_Extension_AX(OpenID_Extension::REQUEST); + $ax->set('type.email', 'http://axschema.org/contact/email'); + $ax->set('type.firstname', 'http://axschema.org/namePerson/first'); + $ax->set('type.lastname', 'http://axschema.org/namePerson/last'); + $ax->set('mode', 'fetch_request'); + $ax->set('required', 'email,firstname,lastname'); + $authRequest->addExtension($ax); + } + + // UI + if (!empty($_POST['ui'])) { + $ui = new OpenID_Extension_UI(OpenID_Extension::REQUEST); + $ui->set('mode', 'popup'); + $ui->set('language', 'en-US'); + $authRequest->addExtension($ui); + } + + // OAuth + if (!empty($_POST['oauth'])) { + $oauth = new OpenID_Extension_OAuth(OpenID_Extension::REQUEST); + $oauth->set('consumer', $_POST['oauth_consumer_key']); + $_SESSION['OAuth_consumer_key'] = $_POST['oauth_consumer_key']; + $_SESSION['OAuth_consumer_secret'] = $_POST['oauth_consumer_secret']; + + $oauth->set('scope', $_POST['oauth_scope']); + $_SESSION['OAuth_scope'] = $_POST['oauth_scope']; + + $_SESSION['OAuth_access_token_url'] = $_POST['oauth_access_token_url']; + $_SESSION['OAuth_access_token_method'] = $_POST['oauth_access_token_method']; + + $authRequest->addExtension($oauth); + } + + $url = $authRequest->getAuthorizeURL(); + + if (empty($_POST['debug'])) { + header("Location: $url"); + exit; + } + +} else { + if (isset($_SESSION['identifier'])) { + $usid = $_SESSION['identifier']; + unset($_SESSION['identifier']); + } else { + $usid = null; + } + + unset($_SESSION['disable_associations']); + + if (!count($_POST)) { + list(, $queryString) = explode('?', $_SERVER['REQUEST_URI']); + } else { + // I hate php sometimes + $queryString = file_get_contents('php://input'); + } + + $message = new OpenID_Message($queryString, OpenID_Message::FORMAT_HTTP); + $id = $message->get('openid.claimed_id'); + $mode = $message->get('openid.mode'); + + try { + $result = $o->verify(new Net_URL2($returnTo . '?' . $queryString), + $message); + + if ($result->success()) { + $status = "<tr><td>Status:</td><td><font color='green'>SUCCESS!"; + $status .= " ({$result->getAssertionMethod()})</font></td></tr>"; + } else { + $status = "<tr><td>Status:</td><td><font color='red'>FAIL!"; + $status .= " ({$result->getAssertionMethod()})</font></td></tr>"; + } + } catch (OpenID_Exception $e) { + $status = "<tr><td>Status:</td><td><font color='red'>EXCEPTION!"; + $status .= " ({$e->getMessage()} : {$e->getCode()})</font></td></tr>"; + } + + // OAuth hyprid fetching access token + if (isset($_SESSION['OAuth_consumer_key'], + $_SESSION['OAuth_consumer_secret'], + $_SESSION['OAuth_access_token_url'], + $_SESSION['OAuth_access_token_method'])) { + + try { + $oauth = new OpenID_Extension_OAuth(OpenID_Extension::RESPONSE, + $message); + + // Fix line lengths. + $consumerKey = $_SESSION['OAuth_consumer_key']; + $consumerSecret = $_SESSION['OAuth_consumer_key']; + $tokenURL = $_SESSION['OAuth_access_token_url']; + $tokenMethod = $_SESSION['OAuth_access_token_method']; + + $oauthData = $oauth->getAccessToken($consumerKey, + $consumerSecret, + $tokenURL, + array(), + $tokenMethod); + + } catch (Exception $e) { + } + } + + $contents = "<div class='openid_results'> + <p> + <table> + <tr colspan=2><td><b>Results</b></td></tr> + <tr><td>User Supplied Identifier:</td><td>$usid</td></tr> + <tr><td>Claimed Identifier:</td><td>$id</td></tr> + <tr><td>Mode:</td><td>$mode</td></tr> + $status\n + <tr colspan=2><td><p><br><b>Message Contents</b></td></tr>"; + + foreach ($message->getArrayFormat() as $key => $value) { + $contents .= "<tr><td align=left>$key</td><td>$value</td></tr>\n"; + } + + if (isset($oauthData) && count($oauthData)) { + $contents .= "<tr colspan=2>"; + $contents .= " <td><p><br><b>OAuth Access token/secret</b></td>"; + $contents .= "</tr>"; + + foreach ($oauthData as $key => $value) { + $contents .= "<tr><td align=left>$key</td><td>$value</td></tr>\n"; + } + } + + $contents .= "</table>"; + $contents .= "</div>"; + + $openid = $message->getArrayFormat(); + if ($GLOBALS['phorkie']['auth']['secure'] > 0 && + $GLOBALS['phorkie']['auth']['userlist']) { + if (!in_array($openid['openid.identity'], $GLOBALS['phorkie']['users'])) { + $redirect = 'http://' . $_SERVER['HTTP_HOST'] . "/forbidden"; + header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL)); + exit; + } + } + // include_once 'openid/wrapper.php'; + + $email = (isset($openid['openid.ext1.value.email'])) ? $openid['openid.ext1.value.email'] : null; + $email = (isset($openid['openid.ext2.value.email']) && !isset($email)) ? $openid['openid.ext2.value.email'] : $email; + $email = (isset($openid['openid.sreg.email']) && !isset($email)) ? $openid['openid.sreg.email'] : $email; + $email = (isset($openid['openid.ax.value.email']) && !isset($email)) ? $openid['openid.ax.value.email'] : $email; + $_SESSION['email'] = (isset($email)) ? $email : $GLOBALS['phorkie']['auth']['anonymousEmail']; + + $name = (isset($openid['openid.ext1.value.firstname']) && isset($openid['openid.ext1.value.lastname'])) ? $openid['openid.ext1.value.firstname']." ".$openid['openid.ext1.value.lastname'] : null; + $name = (isset($openid['openid.sreg.firstname']) && isset($openid['openid.sreg.lastname']) && !isset($name)) ? $openid['openid.sreg.firstname']." ".$openid['openid.sreg.lastname'] : $name; + $name = (isset($openid['openid.sreg.nickname']) && !isset($name)) ? $openid['openid.sreg.nickname'] : $name; + $_SESSION['name'] = (isset($name)) ? $name : $_SERVER['REMOTE_ADDR']; + + $_SESSION['identity'] = $openid['openid.identity']; + + $redirect = 'http://' . $_SERVER['HTTP_HOST'] . $_SESSION['REQUEST_URI']; + header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL)); +} + +?> diff --git a/www/css/debug.css b/www/css/debug.css new file mode 100644 index 0000000..634243a --- /dev/null +++ b/www/css/debug.css @@ -0,0 +1,85 @@ +html, body { + background: #ededed; + font: 82.5% Helvetica Neue, HelveticaNeue, Helvetica, sans-serif; + margin: 30px 0 0; padding: 0px; } + +h3 { + color: #aaa; + margin: 0; padding: 0; + font-size: 1.3em; + + position: absolute; + top: 30px; + width: 100%; + text-align: center; + left: 0; +} + +h3 a { + color: #111; + text-decoration: none; +} + +h3 a:hover { + text-decoration: underline; + +} + +form { + padding: 30px; + background: #fff; + -moz-border-radius: 6px; + -webkit-border-radius: 6px; + width: 400px; + margin: 50px auto 0; + } + +table { + font-size: 1.1em !important; + font-weight: bold; +} + +td { + width: 200px; +} +.discover_results { + margin: 60px 0 ; + padding: 30px; + background: #111; + text-align: center; +} + + +.discover_results b { + color: #fff; + font-size: 2.4em; +} + +.relyingparty_results { + width: 100%; +} + +.relyingparty_results table b { + display: block; + width: 300px; + font-size: 1.7em; + color: #fff; +} + + +pre, .relyingparty_results p table { + font-size: 1.2em; + width: 900px !important; + text-align: left; + margin: 0 auto; + + color: #ddd; + padding: 30px; + +} + +.relyingparty_results { + background: #111; + padding: 30px; + margin: 60px 0; +} diff --git a/www/css/openid.css b/www/css/openid.css new file mode 100644 index 0000000..38988a7 --- /dev/null +++ b/www/css/openid.css @@ -0,0 +1,64 @@ +body { + font-family:"Helvetica Neue", Helvetica, Arial, sans-serif; +} +#openid_form { + width: 470px; +} +#openid_form legend { + font-weight: bold; +} +#openid_choice { + display: none; +} +#openid_input_area { + clear: both; +} +#openid_btns { + height: 66px; + margin-bottom: 10px; +} +#openid_btns br { + clear: both; +} +#openid_highlight { + padding: 3px; + background-color: #FFFCC9; + float: left; +} +#identifier { + margin: 0px !important; + width: 250px; + background: #FFF url(/images/openid-inputicon.gif) no-repeat scroll 0 50%; + padding-left:18px; +} +.openid_large_btn { + width: 100px; + height: 60px; + border: 1px solid #DDD; + margin: 3px; + float: left; +} +.openid_small_btn { + width: 24px; + height: 24px; + border: 1px solid #DDD; + margin: 3px; + float: left; +} +.google { + background: #FFF url(/images/google.gif) no-repeat center center; +} +.yahoo { + background: #FFF url(/images/yahoo.gif) no-repeat center center; +} + +a.openid_large_btn:hover { + outline: none; + border: 1px solid #030303; +} +a.openid_large_btn:focus { + -moz-outline-style: none; +} +.openid_selected { + border: 4px solid #DDD; +} diff --git a/www/delete.php b/www/delete.php index 6d68ae4..f332028 100644 --- a/www/delete.php +++ b/www/delete.php @@ -4,6 +4,9 @@ namespace phorkie; * Delete paste or ask for deletion */ require_once 'www-header.php'; +if ($GLOBALS['phorkie']['auth']['secure'] > 0) { + require_once 'secure.php'; +} $repo = new Repository(); $repo->loadFromRequest(); diff --git a/www/display.php b/www/display.php index c8df8a9..2376d30 100644 --- a/www/display.php +++ b/www/display.php @@ -4,6 +4,9 @@ namespace phorkie; * Display paste contents */ require_once 'www-header.php'; +if ($GLOBALS['phorkie']['auth']['secure'] == 2) { + require_once 'secure.php'; +} $repo = new Repository(); $repo->loadFromRequest(); diff --git a/www/edit.php b/www/edit.php index 562c97c..226b774 100644 --- a/www/edit.php +++ b/www/edit.php @@ -4,6 +4,9 @@ namespace phorkie; * Edit paste contents */ require_once 'www-header.php'; +if ($GLOBALS['phorkie']['auth']['secure'] > 0) { + require_once 'secure.php'; +} $repo = new Repository(); $repo->loadFromRequest(); diff --git a/www/forbidden.php b/www/forbidden.php new file mode 100644 index 0000000..e8fb7ec --- /dev/null +++ b/www/forbidden.php @@ -0,0 +1,11 @@ +<?php +/** + * Access Denied + */ +namespace phorkie; +require_once 'www-header.php'; +render( + 'forbidden', + null +); +?> diff --git a/www/fork.php b/www/fork.php index 7997632..cc2ed33 100644 --- a/www/fork.php +++ b/www/fork.php @@ -4,6 +4,9 @@ */ namespace phorkie; require_once 'www-header.php'; +if ($GLOBALS['phorkie']['auth']['secure'] > 0) { + require_once 'secure.php'; +} if ($_SERVER['REQUEST_METHOD'] !== 'POST') { throw new Exception_Input('Forking only possible via POST'); diff --git a/www/images/access_denied.png b/www/images/access_denied.png Binary files differnew file mode 100644 index 0000000..c13d7b9 --- /dev/null +++ b/www/images/access_denied.png diff --git a/www/images/google.gif b/www/images/google.gif Binary files differnew file mode 100644 index 0000000..1b6cd07 --- /dev/null +++ b/www/images/google.gif diff --git a/www/images/openid-inputicon.gif b/www/images/openid-inputicon.gif Binary files differnew file mode 100644 index 0000000..cde836c --- /dev/null +++ b/www/images/openid-inputicon.gif diff --git a/www/images/yahoo.gif b/www/images/yahoo.gif Binary files differnew file mode 100644 index 0000000..42adbfa --- /dev/null +++ b/www/images/yahoo.gif diff --git a/www/index.php b/www/index.php index 9a05add..7ac6fcf 100644 --- a/www/index.php +++ b/www/index.php @@ -1,4 +1,7 @@ <?php +/** + * Jump to the index as per the configuration + */ namespace phorkie; require_once 'www-header.php'; require_once $GLOBALS['phorkie']['cfg']['index'].".php"; diff --git a/www/list.php b/www/list.php index 911f26d..17f46b1 100644 --- a/www/list.php +++ b/www/list.php @@ -1,9 +1,12 @@ <?php /** - * Fork a repository + * List a repository */ namespace phorkie; require_once 'www-header.php'; +if ($GLOBALS['phorkie']['auth']['secure'] == 2) { + require_once 'secure.php'; +} $rs = new Repositories(); $page = 0; diff --git a/www/login.php b/www/login.php new file mode 100644 index 0000000..87c34f4 --- /dev/null +++ b/www/login.php @@ -0,0 +1,11 @@ +<?php +/** + * Display sign-in page + */ +namespace phorkie; +require_once 'www-header.php'; +render( + 'login', + null +); +?> diff --git a/www/new.php b/www/new.php index ef9daec..fc6d5f3 100644 --- a/www/new.php +++ b/www/new.php @@ -11,6 +11,9 @@ namespace phorkie; * Creates and redirects to display page */ require_once 'www-header.php'; +if ($GLOBALS['phorkie']['auth']['secure'] > 0) { + require_once 'secure.php'; +} $repopo = new Repository_Post(); if ($repopo->process($_POST)) { diff --git a/www/raw.php b/www/raw.php index 8bda11e..67a21ee 100644 --- a/www/raw.php +++ b/www/raw.php @@ -4,6 +4,9 @@ */ namespace phorkie; require_once 'www-header.php'; +if ($GLOBALS['phorkie']['auth']['secure'] == 2) { + require_once 'secure.php'; +} $repo = new Repository(); $repo->loadFromRequest(); diff --git a/www/revision.php b/www/revision.php index 53ac458..06462af 100644 --- a/www/revision.php +++ b/www/revision.php @@ -4,6 +4,9 @@ namespace phorkie; * Display paste contents */ require_once 'www-header.php'; +if ($GLOBALS['phorkie']['auth']['secure'] == 2) { + require_once 'secure.php'; +} $repo = new Repository(); $repo->loadFromRequest(); diff --git a/www/secure.php b/www/secure.php new file mode 100644 index 0000000..5893033 --- /dev/null +++ b/www/secure.php @@ -0,0 +1,11 @@ +<?php +/** + * Protect page + */ +namespace phorkie; +require_once 'www-header.php'; +$_SESSION['REQUEST_URI'] = $_SERVER['REQUEST_URI']; +if (!isset($_SESSION['identity'])) { + header("Location: /login"); +} +?> diff --git a/www/www-header.php b/www/www-header.php index 72a2e67..3bb7e89 100644 --- a/www/www-header.php +++ b/www/www-header.php @@ -1,5 +1,6 @@ <?php namespace phorkie; +session_start(); set_include_path( __DIR__ . '/../src/' . PATH_SEPARATOR . get_include_path() @@ -63,6 +64,9 @@ function render($tplname, $vars) $vars['css'] = $GLOBALS['phorkie']['cfg']['css']; $vars['title'] = $GLOBALS['phorkie']['cfg']['title']; $vars['topbar'] = $GLOBALS['phorkie']['cfg']['topbar']; + $vars['identity'] = $_SESSION['identity']; + $vars['name'] = $_SESSION['name']; + $vars['email'] = $_SESSION['email']; $vars['db'] = new Database(); $template = $GLOBALS['twig']->loadTemplate($tplname . '.htm'); |
