--- /dev/null
+<?php
+namespace phorkie;
+
+class Login_AutologinResponse
+{
+ /**
+ * 'error' or 'ok'
+ *
+ * @var string
+ */
+ public $status;
+
+ /**
+ * Status message
+ *
+ * @var string
+ */
+ public $message;
+
+ public $name;
+ public $identity;
+
+ public function __construct($status = 'error', $message = null)
+ {
+ $this->status = $status;
+ $this->message = $message;
+ }
+
+ public function send()
+ {
+ if ($this->status == 'error') {
+ //Cookie to prevent trying autologin again and again.
+ // After 1 hour the cookie expires and autologin is tried again.
+ setcookie('tried-autologin', '1', time() + 60 * 60);
+ }
+
+ $data = htmlspecialchars(json_encode($this), ENT_NOQUOTES);
+ header('Content-type: text/html');
+ echo <<<XML
+<html>
+ <head>
+ <title>Autologin response</title>
+ <script type="text/javascript">
+ parent.notifyAutologin($data);
+ </script>
+ </head>
+ <body></body>
+</html>
+
+XML;
+ }
+}
+?>
--- /dev/null
+jQuery(function($) {
+ document.getElementsByTagName("body")[0]
+ .insertAdjacentHTML(
+ 'beforeend',
+ '<iframe id="autologin" src="/login.php?autologin=1"'
+ + ' width="10" height="10" style="display: none"'
+ + '></iframe>'
+ );
+ /*;
+ $.ajax("../login.php?autologin=1")
+ .done(function() {
+ alert("success");
+ })
+ .fail(function() {
+ alert("error");
+ });
+ */
+});
+
+function notifyAutologin(data)
+{
+ if (data.status != 'ok') {
+ return;
+ }
+ document.getElementsByTagName("body")[0]
+ .insertAdjacentHTML(
+ 'beforeend',
+ '<div id="autologinnotifier" class="alert alert-success"'
+ + ' style="display: none; position: fixed; top: 0px; left: 0px; width: 100%; text-align: center">'
+ + 'Welcome, ' + data.name + '.'
+ + ' You have been logged in - '
+ + '<a href="#" onclick="document.location.reload();">reload</a> to see it.'
+ + '</div>'
+ );
+ $('#autologinnotifier').click(function(event) {
+ $(this).fadeOut();
+ });
+ $('#autologinnotifier').hide().fadeIn('slow');
+}
if (isset($_REQUEST['logout'])) {
unset($_SESSION);
session_destroy();
+ //delete last openid cookie.
+ // if you deliberately log out, you do not want to be logged in
+ // automatically on the next page reload.
+ setcookie('lastopenid', '0', time() - 3600);
+
header('Location: ' . Tools::fullUrl());
exit();
}
+$bAutologin = false;
+if (isset($_GET['autologin']) && $_GET['autologin']
+ && isset($_COOKIE['lastopenid'])
+) {
+ $bAutologin = true;
+ // autologin=1: start openid autologin
+ // autologin=2: response from openid server
+ if ($_GET['autologin'] == 1) {
+ $_POST['openid_url'] = $_COOKIE['lastopenid'];
+ }
+}
+
if (!count($_GET) && !count($_POST)) {
render(
'login',
$realm = Tools::fullUrl();
$returnTo = Tools::fullUrl('login');
+if ($bAutologin) {
+ $returnTo = Tools::fullUrl('login?autologin=2');
+}
try {
$o = new \OpenID_RelyingParty($returnTo, $realm, $openid_url);
-} catch (OpenID_Exception $e) {
+} catch (\OpenID_Exception $e) {
throw new Exception($e->getMessage());
}
$_SESSION['openid_url'] = $openid_url;
try {
$authRequest = $o->prepare();
- } catch (OpenID_Exception $e) {
+ if ($bAutologin) {
+ $authRequest->setMode(\OpenID::MODE_CHECKID_IMMEDIATE);
+ }
+ } catch (\OpenID_Exception $e) {
+ if ($bAutologin) {
+ $alres = new Login_AutologinResponse('error', $e->getMessage());
+ $alres->send();
+ exit(0);
+ }
throw new Exception($e->getMessage());
+ } catch (\Exception $e) {
+ if ($bAutologin) {
+ $alres = new Login_AutologinResponse('error', $e->getMessage());
+ $alres->send();
+ exit(0);
+ }
+ throw $e;
}
// SREG
$mode = $message->get('openid.mode');
try {
- $result = $o->verify(new \Net_URL2($returnTo . '?' . $queryString), $message);
+ $sep = '?';
+ if (strpos($returnTo, '?') !== false) {
+ $sep = '&';
+ }
+ $result = $o->verify(new \Net_URL2($returnTo . $sep . $queryString), $message);
if ($result->success()) {
$status = "<tr><td>Status:</td><td><font color='green'>SUCCESS!";
$status .= " ({$result->getAssertionMethod()})</font></td></tr>";
} else {
+ if ($bAutologin) {
+ $alres = new Login_AutologinResponse(
+ 'error', 'Error logging in: ' . $result->getAssertionMethod()
+ );
+ $alres->send();
+ exit(0);
+ }
throw new Exception('Error logging in');
$status = "<tr><td>Status:</td><td><font color='red'>FAIL!";
$status .= " ({$result->getAssertionMethod()})</font></td></tr>";
}
-} catch (OpenID_Exception $e) {
+} catch (\OpenID_Exception $e) {
+ if ($bAutologin) {
+ $alres = new Login_AutologinResponse('error', $e->getMessage());
+ $alres->send();
+ exit(0);
+ }
throw new Exception('Error logging in');
$status = "<tr><td>Status:</td><td><font color='red'>EXCEPTION!";
$status .= " ({$e->getMessage()} : {$e->getCode()})</font></td></tr>";
$_SESSION['name'] = isset($name) ? $name : $_SERVER['REMOTE_ADDR'];
$_SESSION['identity'] = $openid['openid.identity'];
-setcookie('lastopenid', $_SESSION['identity'], time() + 84600 * 60, '/login');
+setcookie('tried-autologin', '0', time() - 3600);//delete
+setcookie('lastopenid', $_SESSION['identity'], time() + 84600 * 60);
+
+if ($bAutologin) {
+ $alres = new Login_AutologinResponse('ok');
+ $alres->name = $_SESSION['name'];
+ $alres->identity = $_SESSION['identity'];
+ $alres->send();
+ exit(0);
+}
+
$url = '';
if (isset($_SESSION['REQUEST_URI'])) {