Added OpenID Authentication
authorJustin J. Novack <jnovack@gmail.com>
Sun, 16 Sep 2012 05:17:46 +0000 (01:17 -0400)
committerJustin J. Novack <jnovack@gmail.com>
Sun, 16 Sep 2012 05:17:46 +0000 (01:17 -0400)
28 files changed:
data/config.default.php
data/config.php.dist
data/templates/base.htm
data/templates/forbidden.htm [new file with mode: 0644]
data/templates/login.htm [new file with mode: 0644]
src/openid/config.php [new file with mode: 0644]
src/openid/wrapper.php [new file with mode: 0644]
www/.htaccess
www/auth.php [new file with mode: 0644]
www/css/debug.css [new file with mode: 0644]
www/css/openid.css [new file with mode: 0644]
www/delete.php
www/display.php
www/edit.php
www/forbidden.php [new file with mode: 0644]
www/fork.php
www/images/access_denied.png [new file with mode: 0644]
www/images/google.gif [new file with mode: 0644]
www/images/openid-inputicon.gif [new file with mode: 0644]
www/images/yahoo.gif [new file with mode: 0644]
www/index.php
www/list.php
www/login.php [new file with mode: 0644]
www/new.php
www/raw.php
www/revision.php
www/secure.php [new file with mode: 0644]
www/www-header.php

index 88c9ae5..7ecbda3 100644 (file)
@@ -12,6 +12,11 @@ $GLOBALS['phorkie']['cfg'] = array(
     'geshi'         => 'MediaWiki/geshi/geshi/geshi.php',
     'index'         => 'new'//"new" or "list"
 );
+$GLOBALS['phorkie']['auth'] = array(
+    'secure'         => 0,                   // 0 = public, no authentication, 1 = protect adds/edits/deletes, 2 = use authentication
+    'userlist'       => false,               // true = user must be explicitly defined, false = anyone allowed, but they must authenticate
+    'anonymousEmail' => 'anonymous@phorkie'  // Email for non-authenticated commits
+);
 $GLOBALS['phorkie']['tools'] = array(
     '\\phorkie\\Tool_Xmllint' => true,
     '\\phorkie\\Tool_PHPlint' => true,
index 1e814bd..e90f704 100644 (file)
@@ -5,4 +5,8 @@
 //$GLOBALS['phorkie']['cfg']['git']['private'] = 'ssh://git@bogo:paste/';
 //$GLOBALS['phorkie']['cfg']['elasticsearch'] = 'http://localhost:9200/phorkie/';
 //$GLOBALS['phorkie']['cfg']['setupcheck'] = false;
+//$GLOBALS['phorkie']['users'] = array(
+//    'https://www.google.com/accounts/o8/id?id=ABCDEFGHIJKLMNOPQRSTUVWXYZ',
+//    'http://anonymous.phorkie.openid'
+//);
 ?>
index 2b8544b..8192b6b 100644 (file)
       <li>
        <a href="/list">List all</a>
       </li>
+      {% if identity %}
+      <li>
+       <a href="#">{{name}} ({{email}})</a>
+      </li>
+      <li>
+       <a href="/auth?logout">Logout</a>
+      </li>
+      {% endif %}
       {% if db.adapter %}
       <li>
        <form class="navbar-search pull-left" action="/search" method="get">
diff --git a/data/templates/forbidden.htm b/data/templates/forbidden.htm
new file mode 100644 (file)
index 0000000..ad40a9f
--- /dev/null
@@ -0,0 +1,21 @@
+{% extends "base.htm" %}
+{% block title %}Access Denied{% endblock %}
+
+{% block content %}
+
+<fieldset>
+  <legend>Access Denied</legend>
+  <img src="images/access_denied.png">
+</fieldset>
+{% endblock %}
+
+{% block sidebar %}
+ {% if recents.results %}
+ <h3>Recently created</h3>
+ <ul>
+ {% for repo in recents.repos %}
+   {% include 'repo-sidebar-list.htm' %}
+ {% endfor %}
+ </ul>
+ {% endif %}
+{% endblock %}
diff --git a/data/templates/login.htm b/data/templates/login.htm
new file mode 100644 (file)
index 0000000..13d86be
--- /dev/null
@@ -0,0 +1,44 @@
+{% extends "base.htm" %}
+{% block title %}Login{% endblock %}
+
+{% block content %}
+
+<!-- Simple OpenID Selector -->
+<link rel="stylesheet" href="css/openid.css" />
+
+<style type="text/css">
+/* Basic page formatting. */
+</style>
+
+<form method="post" action="/auth" id="openid_form">
+  <input id="start" name="start" type="hidden" value="submit" />
+  <input id="sreg" name="sreg" type="hidden" value="on" />
+  <input id="ax" name="ax" type="hidden" value="on" />
+
+<fieldset>
+  <legend>Sign-in</legend>
+  <div id="openid_choice" style="display: block; ">
+    <p>Please choose your account provider</p>
+    <div id="openid_btns">
+      <a title="Google" href="/auth?identifier=https://www.google.com/accounts/o8/id&ax=on&sreg=on&start=submit" class="google openid_large_btn"></a>
+      <a title="Yahoo" href="/auth?identifier=http://yahoo.com&ax=on&sreg=on&start=submit" class="yahoo openid_large_btn"></a>
+    </div>
+    <div id="openid_input_area">
+      <p>or enter your OpenID URL.</p>
+      <input class="" id="identifier" type="text" name="identifier" value="http://">
+      <input class="btn" id="openid_submit" type="submit" value="Sign-In">
+    </div>
+  </div>
+</fieldset>
+{% endblock %}
+
+{% block sidebar %}
+ {% if recents.results %}
+ <h3>Recently created</h3>
+ <ul>
+ {% for repo in recents.repos %}
+   {% include 'repo-sidebar-list.htm' %}
+ {% endfor %}
+ </ul>
+ {% endif %}
+{% endblock %}
diff --git a/src/openid/config.php b/src/openid/config.php
new file mode 100644 (file)
index 0000000..fdec5e1
--- /dev/null
@@ -0,0 +1,55 @@
+<?php
+/**
+ * OpenID 
+ * 
+ * PHP Version 5.2.0+
+ * 
+ * @category  Auth
+ * @package   OpenID
+ * @author    Bill Shupp <hostmaster@shupp.org> 
+ * @copyright 2009 Bill Shupp
+ * @license   http://www.opensource.org/licenses/bsd-license.php FreeBSD
+ * @link      http://github.com/shupp/openid
+ */
+
+set_include_path(dirname(__FILE__) . '/../../:' . get_include_path());
+
+/**
+ * Required files
+ */
+require_once 'OpenID/RelyingParty.php';
+require_once 'OpenID/Discover.php';
+require_once 'OpenID/Store.php';
+require_once 'OpenID/Extension/SREG10.php';
+require_once 'OpenID/Extension/SREG11.php';
+require_once 'OpenID/Extension/AX.php';
+require_once 'OpenID/Extension/UI.php';
+require_once 'OpenID/Extension/OAuth.php';
+require_once 'OpenID/Message.php';
+require_once 'OpenID/Observer/Log.php';
+require_once 'Net/URL2.php';
+
+// Determine realm and return_to
+$base = 'http';
+if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
+    $base .= 's';
+}
+$base .= '://' . $_SERVER['SERVER_NAME'] . ':' . $_SERVER['SERVER_PORT'];
+
+$realm    = $base . '/';
+$returnTo = $base . dirname($_SERVER['PHP_SELF']);
+if ($returnTo[strlen($returnTo) - 1] != '/') {
+    $returnTo .= '/';
+}
+$returnTo .= 'auth';
+
+// SQL storage example
+// $storeOptions = array(
+//     'dsn' => 'mysql://user:pass@db.example.com/openid'
+// );
+// OpenID::setStore(OpenID_Store::factory('MDB2', $storeOptions));
+//
+// // The first time you run it, you'll also need to create the tables:
+// OpenID::getStore()->createTables();
+
+?>
diff --git a/src/openid/wrapper.php b/src/openid/wrapper.php
new file mode 100644 (file)
index 0000000..cb57f4e
--- /dev/null
@@ -0,0 +1,27 @@
+<?php
+/**
+ * OpenID 
+ * 
+ * PHP Version 5.2.0+
+ * 
+ * @category  Auth
+ * @package   OpenID
+ * @author    Bill Shupp <hostmaster@shupp.org> 
+ * @copyright 2009 Bill Shupp
+ * @license   http://www.opensource.org/licenses/bsd-license.php FreeBSD
+ * @link      http://github.com/shupp/openid
+ */
+?>
+<html>
+    <head>
+        <title>PEAR OpenID Debug</title>
+        <link rel="stylesheet" href="/css/debug.css" type="text/css" />
+    </head>
+    <body>
+<?php
+if (isset($contents)) {
+    echo $contents;
+}
+?>
+    </body>
+</html>
index a8f2eed..fd2963b 100644 (file)
@@ -19,3 +19,7 @@ RewriteRule ^list/([0-9]+)$ /list.php?page=$1
 
 RewriteRule ^search$ /search.php
 RewriteRule ^search/([0-9]+)$ /search.php?page=$1
+
+RewriteRule ^auth$ /auth.php
+RewriteRule ^login$ /login.php
+RewriteRule ^forbidden$ /forbidden.php
diff --git a/www/auth.php b/www/auth.php
new file mode 100644 (file)
index 0000000..8fe38e0
--- /dev/null
@@ -0,0 +1,258 @@
+<?php
+/**
+ * OpenID 
+ * 
+ * PHP Version 5.2.0+
+ * 
+ * @category  Auth
+ * @package   OpenID
+ * @author    Bill Shupp <hostmaster@shupp.org> 
+ * @copyright 2009 Bill Shupp
+ * @license   http://www.opensource.org/licenses/bsd-license.php FreeBSD
+ * @link      http://github.com/shupp/openid
+ */
+
+// A tool for testing Relying Party functionality
+set_include_path(
+    __DIR__ . '/../../src/'
+    . PATH_SEPARATOR . get_include_path()
+);
+
+require_once 'www-header.php';
+require_once 'openid/config.php';
+
+
+if (isset($_REQUEST['logout'])) {
+    unset($_SESSION);
+    session_destroy();
+    $redirect = 'http://' . $_SERVER['HTTP_HOST'];
+    header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
+       exit;
+}
+
+if (!count($_GET) && !count($_POST)) {
+    $redirect = 'http://' . $_SERVER['HTTP_HOST'] . "/login";
+    header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
+    exit;
+}
+
+// Hackaround Non-Javascript Login Page
+if (!count($_POST) && isset($_GET['start'])) {
+    $_POST = $_GET;
+}
+
+if (isset($_POST['identifier'])) {
+    $identifier = $_POST['identifier'];
+} else if (isset($_SESSION['identifier'])) {
+    $identifier = $_SESSION['identifier'];
+} else {
+    $identifier = null;
+}
+
+try {
+    $o = new OpenID_RelyingParty($returnTo, $realm, $identifier);
+} catch (OpenID_Exception $e) {
+    $contents  = "<div class='openid_results'>\n";
+    $contents .= "<pre>" . $e->getMessage() . "</pre>\n";
+    $contents .= "</div class='openid_results'>";
+    include_once 'openid/wrapper.php';
+    exit;
+}
+
+if (!empty($_POST['disable_associations'])
+    || !empty($_SESSION['disable_associations'])) {
+
+    $o->disableAssociations();
+    $_SESSION['disable_associations'] = true;
+}
+
+$log = new OpenID_Observer_Log;
+OpenID::attach($log);
+
+if (isset($_POST['start'])) {
+
+    $_SESSION['identifier'] = $identifier;
+    try {
+        $authRequest = $o->prepare();
+    } catch (OpenID_Exception $e) {
+        $contents  = "<div class='openid_results'>\n";
+        $contents .= "<pre>" . $e->getMessage() . "</pre>\n";
+        $contents .= "</div class='openid_results'>";
+        include_once 'openid/wrapper.php';
+        exit;
+    }
+
+    // checkid_immediate
+    if (!empty($_POST['checkid_immediate'])) {
+        $authRequest->setMode('checkid_immediate');
+    }
+
+    // SREG
+    if (!empty($_POST['sreg'])) {
+        $sreg = new OpenID_Extension_SREG11(OpenID_Extension::REQUEST);
+        $sreg->set('required', 'email,firstname,lastname,nickname');
+        $sreg->set('optional', 'gender,dob');
+        $authRequest->addExtension($sreg);
+    }
+
+    // AX
+    if (!empty($_POST['ax'])) {
+        $ax = new OpenID_Extension_AX(OpenID_Extension::REQUEST);
+        $ax->set('type.email', 'http://axschema.org/contact/email');
+        $ax->set('type.firstname', 'http://axschema.org/namePerson/first');
+        $ax->set('type.lastname', 'http://axschema.org/namePerson/last');
+        $ax->set('mode', 'fetch_request');
+        $ax->set('required', 'email,firstname,lastname');
+        $authRequest->addExtension($ax);
+    }
+
+    // UI
+    if (!empty($_POST['ui'])) {
+        $ui = new OpenID_Extension_UI(OpenID_Extension::REQUEST);
+        $ui->set('mode', 'popup');
+        $ui->set('language', 'en-US');
+        $authRequest->addExtension($ui);
+    }
+
+    // OAuth
+    if (!empty($_POST['oauth'])) {
+        $oauth = new OpenID_Extension_OAuth(OpenID_Extension::REQUEST);
+        $oauth->set('consumer', $_POST['oauth_consumer_key']);
+        $_SESSION['OAuth_consumer_key']    = $_POST['oauth_consumer_key'];
+        $_SESSION['OAuth_consumer_secret'] = $_POST['oauth_consumer_secret'];
+
+        $oauth->set('scope', $_POST['oauth_scope']);
+        $_SESSION['OAuth_scope'] = $_POST['oauth_scope'];
+
+        $_SESSION['OAuth_access_token_url']    = $_POST['oauth_access_token_url'];
+        $_SESSION['OAuth_access_token_method'] = $_POST['oauth_access_token_method'];
+
+        $authRequest->addExtension($oauth);
+    }
+    
+    $url = $authRequest->getAuthorizeURL();
+    
+    if (empty($_POST['debug'])) {
+        header("Location: $url");
+        exit;
+    }
+    
+} else {
+    if (isset($_SESSION['identifier'])) {
+        $usid = $_SESSION['identifier'];
+        unset($_SESSION['identifier']);
+    } else {
+        $usid = null;
+    }
+
+    unset($_SESSION['disable_associations']);
+
+    if (!count($_POST)) {
+        list(, $queryString) = explode('?', $_SERVER['REQUEST_URI']);
+    } else {
+        // I hate php sometimes
+        $queryString = file_get_contents('php://input');
+    }
+
+    $message = new OpenID_Message($queryString, OpenID_Message::FORMAT_HTTP);
+    $id      = $message->get('openid.claimed_id');
+    $mode    = $message->get('openid.mode');
+
+    try {
+        $result = $o->verify(new Net_URL2($returnTo . '?' . $queryString),
+                                          $message);
+
+        if ($result->success()) {
+            $status  = "<tr><td>Status:</td><td><font color='green'>SUCCESS!";
+            $status .= " ({$result->getAssertionMethod()})</font></td></tr>";
+        } else {
+            $status  = "<tr><td>Status:</td><td><font color='red'>FAIL!";
+            $status .= " ({$result->getAssertionMethod()})</font></td></tr>";
+        }
+    } catch (OpenID_Exception $e) {
+        $status  = "<tr><td>Status:</td><td><font color='red'>EXCEPTION!";
+        $status .= " ({$e->getMessage()} : {$e->getCode()})</font></td></tr>";
+    }
+
+    // OAuth hyprid fetching access token
+    if (isset($_SESSION['OAuth_consumer_key'],
+              $_SESSION['OAuth_consumer_secret'],
+              $_SESSION['OAuth_access_token_url'],
+              $_SESSION['OAuth_access_token_method'])) {
+
+        try {
+            $oauth = new OpenID_Extension_OAuth(OpenID_Extension::RESPONSE,
+                                                $message);
+
+            // Fix line lengths.
+            $consumerKey    = $_SESSION['OAuth_consumer_key'];
+            $consumerSecret = $_SESSION['OAuth_consumer_key'];
+            $tokenURL       = $_SESSION['OAuth_access_token_url'];
+            $tokenMethod    = $_SESSION['OAuth_access_token_method'];
+
+            $oauthData = $oauth->getAccessToken($consumerKey,
+                                                $consumerSecret,
+                                                $tokenURL,
+                                                array(),
+                                                $tokenMethod);
+
+        } catch (Exception $e) {
+        }
+    }
+
+    $contents = "<div class='openid_results'>
+    <p>
+    <table>
+    <tr colspan=2><td><b>Results</b></td></tr>
+    <tr><td>User Supplied Identifier:</td><td>$usid</td></tr>
+    <tr><td>Claimed Identifier:</td><td>$id</td></tr>
+    <tr><td>Mode:</td><td>$mode</td></tr>
+    $status\n
+    <tr colspan=2><td><p><br><b>Message Contents</b></td></tr>";
+
+    foreach ($message->getArrayFormat() as $key => $value) {
+        $contents .= "<tr><td align=left>$key</td><td>$value</td></tr>\n";
+    }
+
+    if (isset($oauthData) && count($oauthData)) {
+        $contents .= "<tr colspan=2>";
+        $contents .= "    <td><p><br><b>OAuth Access token/secret</b></td>";
+        $contents .= "</tr>";
+
+        foreach ($oauthData as $key => $value) {
+            $contents .= "<tr><td align=left>$key</td><td>$value</td></tr>\n";
+        }
+    }
+
+    $contents .= "</table>";
+    $contents .= "</div>";
+
+    $openid = $message->getArrayFormat();
+    if ($GLOBALS['phorkie']['auth']['secure'] > 0 &&
+        $GLOBALS['phorkie']['auth']['userlist']) {
+               if (!in_array($openid['openid.identity'], $GLOBALS['phorkie']['users'])) {
+            $redirect = 'http://' . $_SERVER['HTTP_HOST'] . "/forbidden";
+            header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
+                       exit;
+        }
+    }
+    // include_once 'openid/wrapper.php';
+
+       $email = (isset($openid['openid.ext1.value.email'])) ? $openid['openid.ext1.value.email'] : null;
+    $email = (isset($openid['openid.ext2.value.email']) && !isset($email)) ? $openid['openid.ext2.value.email'] : $email;
+    $email = (isset($openid['openid.sreg.email']) && !isset($email)) ? $openid['openid.sreg.email'] : $email;
+    $email = (isset($openid['openid.ax.value.email']) && !isset($email)) ? $openid['openid.ax.value.email'] : $email;
+    $_SESSION['email'] = (isset($email)) ? $email : $GLOBALS['phorkie']['auth']['anonymousEmail'];
+
+    $name = (isset($openid['openid.ext1.value.firstname']) && isset($openid['openid.ext1.value.lastname'])) ? $openid['openid.ext1.value.firstname']." ".$openid['openid.ext1.value.lastname'] : null;
+    $name = (isset($openid['openid.sreg.firstname']) && isset($openid['openid.sreg.lastname']) && !isset($name)) ? $openid['openid.sreg.firstname']." ".$openid['openid.sreg.lastname'] : $name;
+    $name = (isset($openid['openid.sreg.nickname']) && !isset($name)) ? $openid['openid.sreg.nickname'] : $name;
+    $_SESSION['name'] = (isset($name)) ? $name : $_SERVER['REMOTE_ADDR'];
+
+    $_SESSION['identity'] = $openid['openid.identity'];
+
+    $redirect = 'http://' . $_SERVER['HTTP_HOST'] . $_SESSION['REQUEST_URI'];
+    header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
+}
+
+?>
diff --git a/www/css/debug.css b/www/css/debug.css
new file mode 100644 (file)
index 0000000..634243a
--- /dev/null
@@ -0,0 +1,85 @@
+html, body {
+    background: #ededed;
+    font: 82.5% Helvetica Neue, HelveticaNeue, Helvetica, sans-serif;
+    margin: 30px 0 0; padding: 0px; }
+
+h3 {
+    color: #aaa;
+    margin: 0; padding: 0;
+    font-size: 1.3em;
+    
+    position: absolute;
+    top: 30px;
+    width: 100%;
+    text-align: center;
+    left: 0;
+}
+
+h3 a {
+    color: #111;
+    text-decoration: none;
+}
+
+h3 a:hover {
+    text-decoration: underline;
+    
+}
+
+form {
+    padding: 30px;
+    background: #fff;
+        -moz-border-radius: 6px;
+    -webkit-border-radius: 6px;
+    width: 400px;
+    margin: 50px auto 0;
+    }
+    
+table {
+        font-size: 1.1em !important;
+        font-weight: bold;
+}
+
+td {
+    width: 200px;
+}
+.discover_results {
+    margin: 60px 0 ;
+    padding: 30px;
+    background: #111;
+    text-align: center;
+}
+
+
+.discover_results b {
+    color: #fff;
+    font-size: 2.4em;
+}
+
+.relyingparty_results {
+    width: 100%;
+}
+
+.relyingparty_results table b {
+    display: block;
+    width: 300px;   
+    font-size: 1.7em;
+    color: #fff;
+}
+
+
+pre, .relyingparty_results p table {
+    font-size: 1.2em;
+    width: 900px !important;
+    text-align: left;
+    margin: 0 auto;
+    
+    color: #ddd;
+    padding: 30px;
+
+}
+
+.relyingparty_results {
+    background: #111;
+    padding: 30px;
+    margin: 60px 0;
+}
diff --git a/www/css/openid.css b/www/css/openid.css
new file mode 100644 (file)
index 0000000..38988a7
--- /dev/null
@@ -0,0 +1,64 @@
+body {
+  font-family:"Helvetica Neue", Helvetica, Arial, sans-serif;
+}
+#openid_form {
+  width: 470px;        
+}
+#openid_form legend {
+  font-weight: bold;
+}
+#openid_choice {
+  display: none;
+}
+#openid_input_area {
+  clear: both;
+}
+#openid_btns {
+  height: 66px;
+  margin-bottom: 10px;
+}
+#openid_btns br {
+  clear: both;
+}
+#openid_highlight {
+  padding: 3px;
+  background-color: #FFFCC9;
+  float: left;
+}
+#identifier {
+  margin: 0px !important;
+  width: 250px;
+  background: #FFF url(/images/openid-inputicon.gif) no-repeat scroll 0 50%;
+  padding-left:18px;
+}
+.openid_large_btn {
+  width: 100px;
+  height: 60px;
+  border: 1px solid #DDD;
+  margin: 3px;
+  float: left;
+}
+.openid_small_btn {
+  width: 24px;
+  height: 24px;
+  border: 1px solid #DDD;
+  margin: 3px;
+  float: left;
+}
+.google {
+  background: #FFF url(/images/google.gif) no-repeat center center;
+}
+.yahoo {
+  background: #FFF url(/images/yahoo.gif) no-repeat center center;
+}
+
+a.openid_large_btn:hover {
+  outline: none;
+  border: 1px solid #030303;
+}
+a.openid_large_btn:focus {
+  -moz-outline-style: none;
+}
+.openid_selected {
+  border: 4px solid #DDD;
+}      
index 6d68ae4..f332028 100644 (file)
@@ -4,6 +4,9 @@ namespace phorkie;
  * Delete paste or ask for deletion
  */
 require_once 'www-header.php';
+if ($GLOBALS['phorkie']['auth']['secure'] > 0) {
+    require_once 'secure.php';
+}
 
 $repo = new Repository();
 $repo->loadFromRequest();
index c8df8a9..2376d30 100644 (file)
@@ -4,6 +4,9 @@ namespace phorkie;
  * Display paste contents
  */
 require_once 'www-header.php';
+if ($GLOBALS['phorkie']['auth']['secure'] == 2) {
+    require_once 'secure.php';
+}
 
 $repo = new Repository();
 $repo->loadFromRequest();
index 562c97c..226b774 100644 (file)
@@ -4,6 +4,9 @@ namespace phorkie;
  * Edit paste contents
  */
 require_once 'www-header.php';
+if ($GLOBALS['phorkie']['auth']['secure'] > 0) {
+    require_once 'secure.php';
+}
 
 $repo = new Repository();
 $repo->loadFromRequest();
diff --git a/www/forbidden.php b/www/forbidden.php
new file mode 100644 (file)
index 0000000..e8fb7ec
--- /dev/null
@@ -0,0 +1,11 @@
+<?php
+/**
+ * Access Denied
+ */
+namespace phorkie;
+require_once 'www-header.php';
+render(
+    'forbidden',
+    null
+);
+?>
index 7997632..cc2ed33 100644 (file)
@@ -4,6 +4,9 @@
  */
 namespace phorkie;
 require_once 'www-header.php';
+if ($GLOBALS['phorkie']['auth']['secure'] > 0) {
+    require_once 'secure.php';
+}
 
 if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
     throw new Exception_Input('Forking only possible via POST');
diff --git a/www/images/access_denied.png b/www/images/access_denied.png
new file mode 100644 (file)
index 0000000..c13d7b9
Binary files /dev/null and b/www/images/access_denied.png differ
diff --git a/www/images/google.gif b/www/images/google.gif
new file mode 100644 (file)
index 0000000..1b6cd07
Binary files /dev/null and b/www/images/google.gif differ
diff --git a/www/images/openid-inputicon.gif b/www/images/openid-inputicon.gif
new file mode 100644 (file)
index 0000000..cde836c
Binary files /dev/null and b/www/images/openid-inputicon.gif differ
diff --git a/www/images/yahoo.gif b/www/images/yahoo.gif
new file mode 100644 (file)
index 0000000..42adbfa
Binary files /dev/null and b/www/images/yahoo.gif differ
index 9a05add..7ac6fcf 100644 (file)
@@ -1,4 +1,7 @@
 <?php
+/**
+ * Jump to the index as per the configuration
+ */
 namespace phorkie;
 require_once 'www-header.php';
 require_once $GLOBALS['phorkie']['cfg']['index'].".php";
index 911f26d..17f46b1 100644 (file)
@@ -1,9 +1,12 @@
 <?php
 /**
- * Fork a repository
+ * List a repository
  */
 namespace phorkie;
 require_once 'www-header.php';
+if ($GLOBALS['phorkie']['auth']['secure'] == 2) {
+    require_once 'secure.php';
+}
 $rs = new Repositories();
 
 $page = 0;
diff --git a/www/login.php b/www/login.php
new file mode 100644 (file)
index 0000000..87c34f4
--- /dev/null
@@ -0,0 +1,11 @@
+<?php
+/**
+ * Display sign-in page
+ */
+namespace phorkie;
+require_once 'www-header.php';
+render(
+    'login',
+    null
+);
+?>
index ef9daec..fc6d5f3 100644 (file)
@@ -11,6 +11,9 @@ namespace phorkie;
  * Creates and redirects to display page
  */
 require_once 'www-header.php';
+if ($GLOBALS['phorkie']['auth']['secure'] > 0) {
+    require_once 'secure.php';
+}
 
 $repopo = new Repository_Post();
 if ($repopo->process($_POST)) {
index 8bda11e..67a21ee 100644 (file)
@@ -4,6 +4,9 @@
  */
 namespace phorkie;
 require_once 'www-header.php';
+if ($GLOBALS['phorkie']['auth']['secure'] == 2) {
+    require_once 'secure.php';
+}
 $repo = new Repository();
 $repo->loadFromRequest();
 
index 53ac458..06462af 100644 (file)
@@ -4,6 +4,9 @@ namespace phorkie;
  * Display paste contents
  */
 require_once 'www-header.php';
+if ($GLOBALS['phorkie']['auth']['secure'] == 2) {
+    require_once 'secure.php';
+}
 
 $repo = new Repository();
 $repo->loadFromRequest();
diff --git a/www/secure.php b/www/secure.php
new file mode 100644 (file)
index 0000000..5893033
--- /dev/null
@@ -0,0 +1,11 @@
+<?php
+/** 
+ * Protect page
+ */
+namespace phorkie;
+require_once 'www-header.php';
+$_SESSION['REQUEST_URI'] = $_SERVER['REQUEST_URI'];
+if (!isset($_SESSION['identity'])) {
+    header("Location: /login");
+}
+?>
index 72a2e67..3bb7e89 100644 (file)
@@ -1,5 +1,6 @@
 <?php
 namespace phorkie;
+session_start();
 set_include_path(
     __DIR__ . '/../src/'
     . PATH_SEPARATOR . get_include_path()
@@ -63,6 +64,9 @@ function render($tplname, $vars)
     $vars['css'] = $GLOBALS['phorkie']['cfg']['css'];
     $vars['title'] = $GLOBALS['phorkie']['cfg']['title'];
     $vars['topbar'] = $GLOBALS['phorkie']['cfg']['topbar'];
+    $vars['identity'] = $_SESSION['identity'];
+    $vars['name'] = $_SESSION['name'];
+    $vars['email'] = $_SESSION['email'];
     $vars['db'] = new Database();
 
     $template = $GLOBALS['twig']->loadTemplate($tplname . '.htm');