{% block title %}{% endblock %}

").append(c.replace(bM,"")).find(g):c)),d&&i.each(d,[c,b,a])}});return this},serialize:function(){return f.param(this.serializeArray())},serializeArray:function(){return this.map(function(){return this.elements?f.makeArray(this.elements):this}).filter(function(){return this.name&&!this.disabled&&(this.checked||bN.test(this.nodeName)||bH.test(this.type))}).map(function(a,b){var c=f(this).val();return c==null?null:f.isArray(c)?f.map(c,function(a,c){return{name:b.name,value:a.replace(bE,"\r\n")}}):{name:b.name,value:c.replace(bE,"\r\n")}}).get()}}),f.each("ajaxStart ajaxStop ajaxComplete ajaxError ajaxSuccess ajaxSend".split(" "),function(a,b){f.fn[b]=function(a){return this.on(b,a)}}),f.each(["get","post"],function(a,c){f[c]=function(a,d,e,g){f.isFunction(d)&&(g=g||e,e=d,d=b);return f.ajax({type:c,url:a,data:d,success:e,dataType:g})}}),f.extend({getScript:function(a,c){return f.get(a,b,c,"script")},getJSON:function(a,b,c){return f.get(a,b,c,"json")},ajaxSetup:function(a,b){b?b$(a,f.ajaxSettings):(b=a,a=f.ajaxSettings),b$(a,b);return a},ajaxSettings:{url:bU,isLocal:bI.test(bV[1]),global:!0,type:"GET",contentType:"application/x-www-form-urlencoded; charset=UTF-8",processData:!0,async:!0,accepts:{xml:"application/xml, text/xml",html:"text/html",text:"text/plain",json:"application/json, text/javascript","*":bW},contents:{xml:/xml/,html:/html/,json:/json/},responseFields:{xml:"responseXML",text:"responseText"},converters:{"* text":a.String,"text html":!0,"text json":f.parseJSON,"text xml":f.parseXML},flatOptions:{context:!0,url:!0}},ajaxPrefilter:bY(bS),ajaxTransport:bY(bT),ajax:function(a,c){function w(a,c,l,m){if(s!==2){s=2,q&&clearTimeout(q),p=b,n=m||"",v.readyState=a>0?4:0;var o,r,u,w=c,x=l?ca(d,v,l):b,y,z;if(a>=200&&a<300||a===304){if(d.ifModified){if(y=v.getResponseHeader("Last-Modified"))f.lastModified[k]=y;if(z=v.getResponseHeader("Etag"))f.etag[k]=z}if(a===304)w="notmodified",o=!0;else try{r=cb(d,x),w="success",o=!0}catch(A){w="parsererror",u=A}}else{u=w;if(!w||a)w="error",a<0&&(a=0)}v.status=a,v.statusText=""+(c||w),o?h.resolveWith(e,[r,w,v]):h.rejectWith(e,[v,w,u]),v.statusCode(j),j=b,t&&g.trigger("ajax"+(o?"Success":"Error"),[v,d,o?r:u]),i.fireWith(e,[v,w]),t&&(g.trigger("ajaxComplete",[v,d]),--f.active||f.event.trigger("ajaxStop"))}}typeof a=="object"&&(c=a,a=b),c=c||{};var d=f.ajaxSetup({},c),e=d.context||d,g=e!==d&&(e.nodeType||e instanceof f)?f(e):f.event,h=f.Deferred(),i=f.Callbacks("once memory"),j=d.statusCode||{},k,l={},m={},n,o,p,q,r,s=0,t,u,v={readyState:0,setRequestHeader:function(a,b){if(!s){var c=a.toLowerCase();a=m[c]=m[c]||a,l[a]=b}return this},getAllResponseHeaders:function(){return s===2?n:null},getResponseHeader:function(a){var c;if(s===2){if(!o){o={};while(c=bG.exec(n))o[c[1].toLowerCase()]=c[2]}c=o[a.toLowerCase()]}return c===b?null:c},overrideMimeType:function(a){s||(d.mimeType=a);return this},abort:function(a){a=a||"abort",p&&p.abort(a),w(0,a);return this}};h.promise(v),v.success=v.done,v.error=v.fail,v.complete=i.add,v.statusCode=function(a){if(a){var b;if(s<2)for(b in a)j[b]=[j[b],a[b]];else b=a[v.status],v.then(b,b)}return this},d.url=((a||d.url)+"").replace(bF,"").replace(bK,bV[1]+"//"),d.dataTypes=f.trim(d.dataType||"*").toLowerCase().split(bO),d.crossDomain==null&&(r=bQ.exec(d.url.toLowerCase()),d.crossDomain=!(!r||r[1]==bV[1]&&r[2]==bV[2]&&(r[3]||(r[1]==="http:"?80:443))==(bV[3]||(bV[1]==="http:"?80:443)))),d.data&&d.processData&&typeof d.data!="string"&&(d.data=f.param(d.data,d.traditional)),bZ(bS,d,c,v);if(s===2)return!1;t=d.global,d.type=d.type.toUpperCase(),d.hasContent=!bJ.test(d.type),t&&f.active++===0&&f.event.trigger("ajaxStart");if(!d.hasContent){d.data&&(d.url+=(bL.test(d.url)?"&":"?")+d.data,delete d.data),k=d.url;if(d.cache===!1){var x=f.now(),y=d.url.replace(bP,"$1_="+x);d.url=y+(y===d.url?(bL.test(d.url)?"&":"?")+"_="+x:"")}}(d.data&&d.hasContent&&d.contentType!==!1||c.contentType)&&v.setRequestHeader("Content-Type",d.contentType),d.ifModified&&(k=k||d.url,f.lastModified[k]&&v.setRequestHeader("If-Modified-Since",f.lastModified[k]),f.etag[k]&&v.setRequestHeader("If-None-Match",f.etag[k])),v.setRequestHeader("Accept",d.dataTypes[0]&&d.accepts[d.dataTypes[0]]?d.accepts[d.dataTypes[0]]+(d.dataTypes[0]!=="*"?", "+bW+"; q=0.01":""):d.accepts["*"]);for(u in d.headers)v.setRequestHeader(u,d.headers[u]);if(d.beforeSend&&(d.beforeSend.call(e,v,d)===!1||s===2)){v.abort();return!1}for(u in{success:1,error:1,complete:1})v[u](d[u]);p=bZ(bT,d,c,v);if(!p)w(-1,"No Transport");else{v.readyState=1,t&&g.trigger("ajaxSend",[v,d]),d.async&&d.timeout>0&&(q=setTimeout(function(){v.abort("timeout")},d.timeout));try{s=1,p.send(l,w)}catch(z){if(s<2)w(-1,z);else throw z}}return v},param:function(a,c){var d=[],e=function(a,b){b=f.isFunction(b)?b():b,d[d.length]=encodeURIComponent(a)+"="+encodeURIComponent(b)};c===b&&(c=f.ajaxSettings.traditional);if(f.isArray(a)||a.jquery&&!f.isPlainObject(a))f.each(a,function(){e(this.name,this.value)});else for(var g in a)b_(g,a[g],c,e);return d.join("&").replace(bC,"+")}}),f.extend({active:0,lastModified:{},etag:{}});var cc=f.now(),cd=/(\=)\?(&|$)|\?\?/i;f.ajaxSetup({jsonp:"callback",jsonpCallback:function(){return f.expando+"_"+cc++}}),f.ajaxPrefilter("json jsonp",function(b,c,d){var e=typeof b.data=="string"&&/^application\/x\-www\-form\-urlencoded/.test(b.contentType);if(b.dataTypes[0]==="jsonp"||b.jsonp!==!1&&(cd.test(b.url)||e&&cd.test(b.data))){var g,h=b.jsonpCallback=f.isFunction(b.jsonpCallback)?b.jsonpCallback():b.jsonpCallback,i=a[h],j=b.url,k=b.data,l="$1"+h+"$2";b.jsonp!==!1&&(j=j.replace(cd,l),b.url===j&&(e&&(k=k.replace(cd,l)),b.data===k&&(j+=(/\?/.test(j)?"&":"?")+b.jsonp+"="+h))),b.url=j,b.data=k,a[h]=function(a){g=[a]},d.always(function(){a[h]=i,g&&f.isFunction(i)&&a[h](g[0])}),b.converters["script json"]=function(){g||f.error(h+" was not called");return g[0]},b.dataTypes[0]="json";return"script"}}),f.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/javascript|ecmascript/},converters:{"text script":function(a){f.globalEval(a);return a}}}),f.ajaxPrefilter("script",function(a){a.cache===b&&(a.cache=!1),a.crossDomain&&(a.type="GET",a.global=!1)}),f.ajaxTransport("script",function(a){if(a.crossDomain){var d,e=c.head||c.getElementsByTagName("head")[0]||c.documentElement;return{send:function(f,g){d=c.createElement("script"),d.async="async",a.scriptCharset&&(d.charset=a.scriptCharset),d.src=a.url,d.onload=d.onreadystatechange=function(a,c){if(c||!d.readyState||/loaded|complete/.test(d.readyState))d.onload=d.onreadystatechange=null,e&&d.parentNode&&e.removeChild(d),d=b,c||g(200,"success")},e.insertBefore(d,e.firstChild)},abort:function(){d&&d.onload(0,1)}}}});var ce=a.ActiveXObject?function(){for(var a in cg)cg[a](0,1)}:!1,cf=0,cg;f.ajaxSettings.xhr=a.ActiveXObject?function(){return!this.isLocal&&ch()||ci()}:ch,function(a){f.extend(f.support,{ajax:!!a,cors:!!a&&"withCredentials"in a})}(f.ajaxSettings.xhr()),f.support.ajax&&f.ajaxTransport(function(c){if(!c.crossDomain||f.support.cors){var d;return{send:function(e,g){var h=c.xhr(),i,j;c.username?h.open(c.type,c.url,c.async,c.username,c.password):h.open(c.type,c.url,c.async);if(c.xhrFields)for(j in c.xhrFields)h[j]=c.xhrFields[j];c.mimeType&&h.overrideMimeType&&h.overrideMimeType(c.mimeType),!c.crossDomain&&!e["X-Requested-With"]&&(e["X-Requested-With"]="XMLHttpRequest");try{for(j in e)h.setRequestHeader(j,e[j])}catch(k){}h.send(c.hasContent&&c.data||null),d=function(a,e){var j,k,l,m,n;try{if(d&&(e||h.readyState===4)){d=b,i&&(h.onreadystatechange=f.noop,ce&&delete cg[i]);if(e)h.readyState!==4&&h.abort();else{j=h.status,l=h.getAllResponseHeaders(),m={},n=h.responseXML,n&&n.documentElement&&(m.xml=n);try{m.text=h.responseText}catch(a){}try{k=h.statusText}catch(o){k=""}!j&&c.isLocal&&!c.crossDomain?j=m.text?200:404:j===1223&&(j=204)}}}catch(p){e||g(-1,p)}m&&g(j,k,m,l)},!c.async||h.readyState===4?d():(i=++cf,ce&&(cg||(cg={},f(a).unload(ce)),cg[i]=d),h.onreadystatechange=d)},abort:function(){d&&d(0,1)}}}});var cj={},ck,cl,cm=/^(?:toggle|show|hide)$/,cn=/^([+\-]=)?([\d+.\-]+)([a-z%]*)$/i,co,cp=[["height","marginTop","marginBottom","paddingTop","paddingBottom"],["width","marginLeft","marginRight","paddingLeft","paddingRight"],["opacity"]],cq;f.fn.extend({show:function(a,b,c){var d,e;if(a||a===0)return this.animate(ct("show",3),a,b,c);for(var g=0,h=this.length;g=i.duration+this.startTime){this.now=this.end,this.pos=this.state=1,this.update(),i.animatedProperties[this.prop]=!0;for(b in i.animatedProperties)i.animatedProperties[b]!==!0&&(g=!1);if(g){i.overflow!=null&&!f.support.shrinkWrapBlocks&&f.each(["","X","Y"],function(a,b){h.style["overflow"+b]=i.overflow[a]}),i.hide&&f(h).hide();if(i.hide||i.show)for(b in i.animatedProperties)f.style(h,b,i.orig[b]),f.removeData(h,"fxshow"+b,!0),f.removeData(h,"toggle"+b,!0);d=i.complete,d&&(i.complete=!1,d.call(h))}return!1}i.duration==Infinity?this.now=e:(c=e-this.startTime,this.state=c/i.duration,this.pos=f.easing[i.animatedProperties[this.prop]](this.state,c,0,1,i.duration),this.now=this.start+(this.end-this.start)*this.pos),this.update();return!0}},f.extend(f.fx,{tick:function(){var a,b=f.timers,c=0;for(;c-1,k={},l={},m,n;j?(l=e.position(),m=l.top,n=l.left):(m=parseFloat(h)||0,n=parseFloat(i)||0),f.isFunction(b)&&(b=b.call(a,c,g)),b.top!=null&&(k.top=b.top-g.top+m),b.left!=null&&(k.left=b.left-g.left+n),"using"in b?b.using.call(a,k):e.css(k)}},f.fn.extend({position:function(){if(!this[0])return null;var a=this[0],b=this.offsetParent(),c=this.offset(),d=cx.test(b[0].nodeName)?{top:0,left:0}:b.offset();c.top-=parseFloat(f.css(a,"marginTop"))||0,c.left-=parseFloat(f.css(a,"marginLeft"))||0,d.top+=parseFloat(f.css(b[0],"borderTopWidth"))||0,d.left+=parseFloat(f.css(b[0],"borderLeftWidth"))||0;return{top:c.top-d.top,left:c.left-d.left}},offsetParent:function(){return this.map(function(){var a=this.offsetParent||c.body;while(a&&!cx.test(a.nodeName)&&f.css(a,"position")==="static")a=a.offsetParent;return a})}}),f.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(a,c){var d=/Y/.test(c);f.fn[a]=function(e){return f.access(this,function(a,e,g){var h=cy(a);if(g===b)return h?c in h?h[c]:f.support.boxModel&&h.document.documentElement[e]||h.document.body[e]:a[e];h?h.scrollTo(d?f(h).scrollLeft():g,d?g:f(h).scrollTop()):a[e]=g},a,e,arguments.length,null)}}),f.each({Height:"height",Width:"width"},function(a,c){var d="client"+a,e="scroll"+a,g="offset"+a;f.fn["inner"+a]=function(){var a=this[0];return a?a.style?parseFloat(f.css(a,c,"padding")):this[c]():null},f.fn["outer"+a]=function(a){var b=this[0];return b?b.style?parseFloat(f.css(b,c,a?"margin":"border")):this[c]():null},f.fn[c]=function(a){return f.access(this,function(a,c,h){var i,j,k,l;if(f.isWindow(a)){i=a.document,j=i.documentElement[d];return f.support.boxModel&&j||i.body&&i.body[d]||j}if(a.nodeType===9){i=a.documentElement;if(i[d]>=i[e])return i[d];return Math.max(a.body[e],i[e],a.body[g],i[g])}if(h===b){k=f.css(a,c),l=parseFloat(k);return f.isNumeric(l)?l:k}f(a).css(c,h)},c,a,arguments.length,null)}}),a.jQuery=a.$=f,typeof define=="function"&&define.amd&&define.amd.jQuery&&define("jquery",[],function(){return f})})(window); \ No newline at end of file diff --git a/www/js/phorkie.js b/www/js/phorkie.js new file mode 100644 index 0000000..1171b1a --- /dev/null +++ b/www/js/phorkie.js @@ -0,0 +1,53 @@ +function filenameChange(elem, id) { + var filename = elem.value; + var hasExt = filename.indexOf(".") != -1; + if (hasExt) { + $('#typeselect_' + id).hide(); + $('#typetext_' + id).show(); + } else { + $('#typeselect_' + id).show(); + $('#typetext_' + id).hide(); + } +} + +function initEdit() +{ + initFilenames(); + initAdditionals(); + $('.filegroup:visible:last textarea').focus(); +} +function initFilenames() +{ + $('input.filename').each( + function(num, elem) { + var id = elem.id; + var pos = id.indexOf('_'); + if (pos != -1) { + var elemNum = id.substr(pos + 1); + if (elemNum != 'new') { + filenameChange(elem, elemNum); + } + } + } + ); +} +function initAdditionals() +{ + $('a.additional-btn').each( + function(num, elem) { + toggleAdditional(elem, 0); + $(elem).show(); + } + ); +} + +function toggleAdditional(elem, time) +{ + if (undefined == time) { + time = 'fast'; + } + var jt = jQuery(elem); + jt.children('i').toggleClass('icon-chevron-down') + .toggleClass('icon-chevron-up'); + jt.parents('.row-fluid').children('.additional').toggle(time); +} \ No newline at end of file diff --git a/www/phorkie.css b/www/phorkie.css deleted file mode 100644 index c8d8dce..0000000 --- a/www/phorkie.css +++ /dev/null @@ -1,110 +0,0 @@ -/* show IDs for anchors */ -a.anchorlink:before { - font-size: smaller; - content: '_'; - color: transparent; -} -h1[id]:hover a.anchorlink:before, -h2[id]:hover a.anchorlink:before, -h3[id]:hover a.anchorlink:before, -h4[id]:hover a.anchorlink:before, -h5[id]:hover a.anchorlink:before, -h6[id]:hover a.anchorlink:before { - content: "\00B6";/* pilcrow */ - color: #888; - font-size: smaller; -} -a.anchorlink { - text-decoration: none; - margin-left: 0.5em; - font-size: smaller; -} -.navbar .brand { - /*float: right;*/ - color: #DDA; - text-shadow: 0 0 30px rgba(255, 255, 255, .9); -} -.navbar .brand:hover { - color: #FFA; -} - -.navbar .container { - width: 940px; -} -.footer { - margin-top: 36px; - margin-bottom: 0px; - border-top: 1px solid #DDD; - color: #999; - text-align: center; -} - -h1 { - margin-bottom: 0.5ex; -} - -.repo-info { - margin-bottom: 2em; -} -.file .header { - padding: 1.0ex; - margin-bottom: 1em; - background-color: whiteSmoke; - border: 1px solid #EEE; - border: 1px solid rgba(0, 0, 0, 0.05); - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; -} -.file .header .btn-mini { - margin-left: 2px; -} -.file .code { - margin-left: 2em; -} -.file .image { - margin-bottom: 2ex; -} - -div.annotations div.alert { - margin-bottom: 1ex; -} - -ul.history li { - padding-left: 2px; - padding-bottom: 1px; -} -ul.history li.active { - background-color: #EEE; - border-radius: 3px; -} -ul.history a.hash { - font-family: monospace; -} - - -ul.pager { - margin-top: 2ex; -} - -form textarea.content { - width: 100%; - box-sizing: border-box; - font-family: monospace; -} -form .allwidth { - box-sizing: border-box; -} -form .allwidth label { - width: 20%; - float: left; -} -form input#description { - box-sizing: border-box; - height: 2em; - width: 100%; -} - -form label.inline { - display: inline; -} \ No newline at end of file diff --git a/www/phorkie.js b/www/phorkie.js deleted file mode 100644 index 1171b1a..0000000 --- a/www/phorkie.js +++ /dev/null @@ -1,53 +0,0 @@ -function filenameChange(elem, id) { - var filename = elem.value; - var hasExt = filename.indexOf(".") != -1; - if (hasExt) { - $('#typeselect_' + id).hide(); - $('#typetext_' + id).show(); - } else { - $('#typeselect_' + id).show(); - $('#typetext_' + id).hide(); - } -} - -function initEdit() -{ - initFilenames(); - initAdditionals(); - $('.filegroup:visible:last textarea').focus(); -} -function initFilenames() -{ - $('input.filename').each( - function(num, elem) { - var id = elem.id; - var pos = id.indexOf('_'); - if (pos != -1) { - var elemNum = id.substr(pos + 1); - if (elemNum != 'new') { - filenameChange(elem, elemNum); - } - } - } - ); -} -function initAdditionals() -{ - $('a.additional-btn').each( - function(num, elem) { - toggleAdditional(elem, 0); - $(elem).show(); - } - ); -} - -function toggleAdditional(elem, time) -{ - if (undefined == time) { - time = 'fast'; - } - var jt = jQuery(elem); - jt.children('i').toggleClass('icon-chevron-down') - .toggleClass('icon-chevron-up'); - jt.parents('.row-fluid').children('.additional').toggle(time); -} \ No newline at end of file -- cgit v1.2.3 From a73791f16d10ea0e2c477f29d9049d75516aa774 Mon Sep 17 00:00:00 2001 From: "Justin J. Novack" Date: Sun, 16 Sep 2012 01:17:46 -0400 Subject: Added OpenID Authentication --- data/config.default.php | 5 + data/config.php.dist | 4 + data/templates/base.htm | 8 ++ data/templates/forbidden.htm | 21 ++++ data/templates/login.htm | 44 +++++++ src/openid/config.php | 55 +++++++++ src/openid/wrapper.php | 27 +++++ www/.htaccess | 4 + www/auth.php | 258 ++++++++++++++++++++++++++++++++++++++++ www/css/debug.css | 85 +++++++++++++ www/css/openid.css | 64 ++++++++++ www/delete.php | 3 + www/display.php | 3 + www/edit.php | 3 + www/forbidden.php | 11 ++ www/fork.php | 3 + www/images/access_denied.png | Bin 0 -> 15610 bytes www/images/google.gif | Bin 0 -> 1596 bytes www/images/openid-inputicon.gif | Bin 0 -> 237 bytes www/images/yahoo.gif | Bin 0 -> 1682 bytes www/index.php | 3 + www/list.php | 5 +- www/login.php | 11 ++ www/new.php | 3 + www/raw.php | 3 + www/revision.php | 3 + www/secure.php | 11 ++ www/www-header.php | 4 + 28 files changed, 640 insertions(+), 1 deletion(-) create mode 100644 data/templates/forbidden.htm create mode 100644 data/templates/login.htm create mode 100644 src/openid/config.php create mode 100644 src/openid/wrapper.php create mode 100644 www/auth.php create mode 100644 www/css/debug.css create mode 100644 www/css/openid.css create mode 100644 www/forbidden.php create mode 100644 www/images/access_denied.png create mode 100644 www/images/google.gif create mode 100644 www/images/openid-inputicon.gif create mode 100644 www/images/yahoo.gif create mode 100644 www/login.php create mode 100644 www/secure.php diff --git a/data/config.default.php b/data/config.default.php index 88c9ae5..7ecbda3 100644 --- a/data/config.default.php +++ b/data/config.default.php @@ -12,6 +12,11 @@ $GLOBALS['phorkie']['cfg'] = array( 'geshi' => 'MediaWiki/geshi/geshi/geshi.php', 'index' => 'new'//"new" or "list" ); +$GLOBALS['phorkie']['auth'] = array( + 'secure' => 0, // 0 = public, no authentication, 1 = protect adds/edits/deletes, 2 = use authentication + 'userlist' => false, // true = user must be explicitly defined, false = anyone allowed, but they must authenticate + 'anonymousEmail' => 'anonymous@phorkie' // Email for non-authenticated commits +); $GLOBALS['phorkie']['tools'] = array( '\\phorkie\\Tool_Xmllint' => true, '\\phorkie\\Tool_PHPlint' => true, diff --git a/data/config.php.dist b/data/config.php.dist index 1e814bd..e90f704 100644 --- a/data/config.php.dist +++ b/data/config.php.dist @@ -5,4 +5,8 @@ //$GLOBALS['phorkie']['cfg']['git']['private'] = 'ssh://git@bogo:paste/'; //$GLOBALS['phorkie']['cfg']['elasticsearch'] = 'http://localhost:9200/phorkie/'; //$GLOBALS['phorkie']['cfg']['setupcheck'] = false; +//$GLOBALS['phorkie']['users'] = array( +// 'https://www.google.com/accounts/o8/id?id=ABCDEFGHIJKLMNOPQRSTUVWXYZ', +// 'http://anonymous.phorkie.openid' +//); ?> diff --git a/data/templates/base.htm b/data/templates/base.htm index 2b8544b..8192b6b 100644 --- a/data/templates/base.htm +++ b/data/templates/base.htm @@ -25,6 +25,14 @@

List all

+ {% if identity %} +

+ {{name}} ({{email}}) +

+ Logout +

+ {% endif %} {% if db.adapter %}

diff --git a/data/templates/forbidden.htm b/data/templates/forbidden.htm new file mode 100644 index 0000000..ad40a9f --- /dev/null +++ b/data/templates/forbidden.htm @@ -0,0 +1,21 @@ +{% extends "base.htm" %} +{% block title %}Access Denied{% endblock %} + +{% block content %} + +

+ Access Denied +

+{% endblock %} + +{% block sidebar %} + {% if recents.results %} +

Recently created

+ {% for repo in recents.repos %} + {% include 'repo-sidebar-list.htm' %} + {% endfor %} + + {% endif %} +{% endblock %} diff --git a/data/templates/login.htm b/data/templates/login.htm new file mode 100644 index 0000000..13d86be --- /dev/null +++ b/data/templates/login.htm @@ -0,0 +1,44 @@ +{% extends "base.htm" %} +{% block title %}Login{% endblock %} + +{% block content %} + + + + + + + + + + + +

+ Sign-in +

Please choose your account provider

+ + +

or enter your OpenID URL.

+ + +

+{% endblock %} + +{% block sidebar %} + {% if recents.results %} +

Recently created

+ {% for repo in recents.repos %} + {% include 'repo-sidebar-list.htm' %} + {% endfor %} + + {% endif %} +{% endblock %} diff --git a/src/openid/config.php b/src/openid/config.php new file mode 100644 index 0000000..fdec5e1 --- /dev/null +++ b/src/openid/config.php @@ -0,0 +1,55 @@ + + * @copyright 2009 Bill Shupp + * @license http://www.opensource.org/licenses/bsd-license.php FreeBSD + * @link http://github.com/shupp/openid + */ + +set_include_path(dirname(__FILE__) . '/../../:' . get_include_path()); + +/** + * Required files + */ +require_once 'OpenID/RelyingParty.php'; +require_once 'OpenID/Discover.php'; +require_once 'OpenID/Store.php'; +require_once 'OpenID/Extension/SREG10.php'; +require_once 'OpenID/Extension/SREG11.php'; +require_once 'OpenID/Extension/AX.php'; +require_once 'OpenID/Extension/UI.php'; +require_once 'OpenID/Extension/OAuth.php'; +require_once 'OpenID/Message.php'; +require_once 'OpenID/Observer/Log.php'; +require_once 'Net/URL2.php'; + +// Determine realm and return_to +$base = 'http'; +if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') { + $base .= 's'; +} +$base .= '://' . $_SERVER['SERVER_NAME'] . ':' . $_SERVER['SERVER_PORT']; + +$realm = $base . '/'; +$returnTo = $base . dirname($_SERVER['PHP_SELF']); +if ($returnTo[strlen($returnTo) - 1] != '/') { + $returnTo .= '/'; +} +$returnTo .= 'auth'; + +// SQL storage example +// $storeOptions = array( +// 'dsn' => 'mysql://user:pass@db.example.com/openid' +// ); +// OpenID::setStore(OpenID_Store::factory('MDB2', $storeOptions)); +// +// // The first time you run it, you'll also need to create the tables: +// OpenID::getStore()->createTables(); + +?> diff --git a/src/openid/wrapper.php b/src/openid/wrapper.php new file mode 100644 index 0000000..cb57f4e --- /dev/null +++ b/src/openid/wrapper.php @@ -0,0 +1,27 @@ + + * @copyright 2009 Bill Shupp + * @license http://www.opensource.org/licenses/bsd-license.php FreeBSD + * @link http://github.com/shupp/openid + */ +?> + + + PEAR OpenID Debug + + + + + + diff --git a/www/.htaccess b/www/.htaccess index a8f2eed..fd2963b 100644 --- a/www/.htaccess +++ b/www/.htaccess @@ -19,3 +19,7 @@ RewriteRule ^list/([0-9]+)$ /list.php?page=$1 RewriteRule ^search$ /search.php RewriteRule ^search/([0-9]+)$ /search.php?page=$1 + +RewriteRule ^auth$ /auth.php +RewriteRule ^login$ /login.php +RewriteRule ^forbidden$ /forbidden.php diff --git a/www/auth.php b/www/auth.php new file mode 100644 index 0000000..8fe38e0 --- /dev/null +++ b/www/auth.php @@ -0,0 +1,258 @@ + + * @copyright 2009 Bill Shupp + * @license http://www.opensource.org/licenses/bsd-license.php FreeBSD + * @link http://github.com/shupp/openid + */ + +// A tool for testing Relying Party functionality +set_include_path( + __DIR__ . '/../../src/' + . PATH_SEPARATOR . get_include_path() +); + +require_once 'www-header.php'; +require_once 'openid/config.php'; + + +if (isset($_REQUEST['logout'])) { + unset($_SESSION); + session_destroy(); + $redirect = 'http://' . $_SERVER['HTTP_HOST']; + header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL)); + exit; +} + +if (!count($_GET) && !count($_POST)) { + $redirect = 'http://' . $_SERVER['HTTP_HOST'] . "/login"; + header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL)); + exit; +} + +// Hackaround Non-Javascript Login Page +if (!count($_POST) && isset($_GET['start'])) { + $_POST = $_GET; +} + +if (isset($_POST['identifier'])) { + $identifier = $_POST['identifier']; +} else if (isset($_SESSION['identifier'])) { + $identifier = $_SESSION['identifier']; +} else { + $identifier = null; +} + +try { + $o = new OpenID_RelyingParty($returnTo, $realm, $identifier); +} catch (OpenID_Exception $e) { + $contents = "

\n"; + $contents .= "

" . $e->getMessage() . "

\n"; + $contents .= "

"; + include_once 'openid/wrapper.php'; + exit; +} + +if (!empty($_POST['disable_associations']) + || !empty($_SESSION['disable_associations'])) { + + $o->disableAssociations(); + $_SESSION['disable_associations'] = true; +} + +$log = new OpenID_Observer_Log; +OpenID::attach($log); + +if (isset($_POST['start'])) { + + $_SESSION['identifier'] = $identifier; + try { + $authRequest = $o->prepare(); + } catch (OpenID_Exception $e) { + $contents = "

\n"; + $contents .= "

" . $e->getMessage() . "

\n"; + $contents .= "

diff --git a/src/phorkie/Repository.php b/src/phorkie/Repository.php index 448982b..6ed3807 100644 --- a/src/phorkie/Repository.php +++ b/src/phorkie/Repository.php @@ -32,6 +32,12 @@ class Repository */ public $hash; + /** + * Commit message of the last (or current) revision + * + * @var string + */ + public $message; /** @@ -56,6 +62,7 @@ class Repository $this->id = (int)$_GET['id']; $this->loadDirs(); $this->loadHash(); + $this->loadMessage(); } protected function loadDirs() @@ -97,6 +104,23 @@ class Repository $this->hash = $output; } + public function loadMessage() + { + $rev = (isset($this->hash)) ? $this->hash : 'HEAD'; + $output = $this->getVc()->getCommand('log') + ->setOption('oneline') + ->addArgument('-1') + ->addArgument($rev) + ->execute(); + $output = trim($output); + if (strpos($output, ' ') > 0) { + $output = substr($output, strpos($output, ' '), strlen($output)); + $this->message = trim($output); + } else { + $this->message = "This commit message intentionally left blank."; + } + } + public function loadById($id) { if (!is_numeric($id)) { -- cgit v1.2.3 From 2935763e253c3616d951bc18c7d21a56349531fa Mon Sep 17 00:00:00 2001 From: "Justin J. Novack" Date: Sun, 16 Sep 2012 15:37:49 -0400 Subject: Updated ChangeLog and README.rst --- ChangeLog | 4 ++++ README.rst | 14 ++++++++++++++ src/phorkie/Repository.php | 2 +- 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 7e45b7d..35e7456 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2012-09-16 Justin J. Novack + + * Add OpenID authentication + 2012-09-08 Christian Weiske * Fix bug #11: do not index edit, delete and tool pages diff --git a/README.rst b/README.rst index c94f29e..56bef95 100644 --- a/README.rst +++ b/README.rst @@ -190,6 +190,15 @@ URLs List all pastes, with optional page ``/new`` Shows form for new paste +``/login`` + Login page for protecting site +``/auth`` + Authentication callback url +``/forbidden`` + Access denied page +``/user`` + Edit logged-in user information + Internal directory layout ========================= @@ -227,4 +236,9 @@ If you use nginx, place the following lines into your ``server`` block: rewrite ^/search$ /search.php; rewrite ^/search/([0-9]+)$ /search.php?page=$1; + + rewrite ^/login$ /login.php; + rewrite ^/auth$ /auth.php; + rewrite ^/forbidden$ /forbidden.php; + rewrite ^/user$ /user.php; } diff --git a/src/phorkie/Repository.php b/src/phorkie/Repository.php index 6ed3807..9f8f264 100644 --- a/src/phorkie/Repository.php +++ b/src/phorkie/Repository.php @@ -118,7 +118,7 @@ class Repository $this->message = trim($output); } else { $this->message = "This commit message intentionally left blank."; - } + } } public function loadById($id) -- cgit v1.2.3 From 76aa2ab76d8f2305db7a2bb7cdbe461cca0146a3 Mon Sep 17 00:00:00 2001 From: "Justin J. Novack" Date: Mon, 17 Sep 2012 09:53:19 -0400 Subject: ADD: Add identity to /forbidden page for easy administration --- data/templates/forbidden.htm | 6 +++++- www/auth.php | 9 --------- www/secure.php | 8 ++++++++ 3 files changed, 13 insertions(+), 10 deletions(-) diff --git a/data/templates/forbidden.htm b/data/templates/forbidden.htm index ad40a9f..e6965dd 100644 --- a/data/templates/forbidden.htm +++ b/data/templates/forbidden.htm @@ -5,7 +5,11 @@

Access Denied -

We're sorry, your identity is not authorized:

{{ identity }}

If you feel this message is in error, please notify the site admin + and include your identity.

{% endblock %} diff --git a/www/auth.php b/www/auth.php index bb4fcb2..b8d08ff 100644 --- a/www/auth.php +++ b/www/auth.php @@ -201,15 +201,6 @@ if (isset($_POST['start'])) { } $openid = $message->getArrayFormat(); - if ($GLOBALS['phorkie']['auth']['secure'] > 0 && - $GLOBALS['phorkie']['auth']['userlist']) { - if (!in_array($openid['openid.identity'], $GLOBALS['phorkie']['users'])) { - $redirect = 'http://' . $_SERVER['HTTP_HOST'] . "/forbidden"; - header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL)); - exit; - } - } - // include_once 'openid/wrapper.php'; $email = (isset($openid['openid.ext1.value.email'])) ? $openid['openid.ext1.value.email'] : null; $email = (isset($openid['openid.ext2.value.email']) && !isset($email)) ? $openid['openid.ext2.value.email'] : $email; diff --git a/www/secure.php b/www/secure.php index 07cdfb6..4b81d59 100644 --- a/www/secure.php +++ b/www/secure.php @@ -9,4 +9,12 @@ if (!isset($_SESSION['identity'])) { header("Location: /login"); exit; } +if ($GLOBALS['phorkie']['auth']['secure'] > 0 && + $GLOBALS['phorkie']['auth']['userlist']) { + if (!in_array($_SESSION['identity'], $GLOBALS['phorkie']['users'])) { + $redirect = 'http://' . $_SERVER['HTTP_HOST'] . "/forbidden"; + header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL)); + exit; + } +} ?> -- cgit v1.2.3 From f9ade082ba49cf487af31339afa7aeeb0653af57 Mon Sep 17 00:00:00 2001 From: "Justin J. Novack" Date: Mon, 17 Sep 2012 13:42:49 -0400 Subject: PEAR Coding Standards intermediate update for files changed --- src/phorkie/Repository.php | 5 +++++ www/auth.php | 11 ++++------- www/delete.php | 2 +- www/display.php | 2 +- www/edit.php | 2 +- www/forbidden.php | 2 +- www/fork.php | 4 ++-- www/list.php | 2 +- www/new.php | 2 +- www/raw.php | 2 +- www/user.php | 2 +- www/www-header.php | 8 ++++++-- 12 files changed, 25 insertions(+), 19 deletions(-) diff --git a/src/phorkie/Repository.php b/src/phorkie/Repository.php index 995a16d..43f2b23 100644 --- a/src/phorkie/Repository.php +++ b/src/phorkie/Repository.php @@ -104,6 +104,11 @@ class Repository $this->hash = $output; } + /** + * Populates $this->message + * + * @return void + */ public function loadMessage() { $rev = (isset($this->hash)) ? $this->hash : 'HEAD'; diff --git a/www/auth.php b/www/auth.php index b8d08ff..1cafd59 100644 --- a/www/auth.php +++ b/www/auth.php @@ -27,7 +27,7 @@ if (isset($_REQUEST['logout'])) { session_destroy(); $redirect = 'http://' . $_SERVER['HTTP_HOST']; header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL)); - exit; + exit; } if (!count($_GET) && !count($_POST)) { @@ -59,9 +59,7 @@ try { exit; } -if (!empty($_POST['disable_associations']) - || !empty($_SESSION['disable_associations'])) { - +if (!empty($_POST['disable_associations']) || !empty($_SESSION['disable_associations'])) { $o->disableAssociations(); $_SESSION['disable_associations'] = true; } @@ -159,8 +157,7 @@ if (isset($_POST['start'])) { $mode = $message->get('openid.mode'); try { - $result = $o->verify(new Net_URL2($returnTo . '?' . $queryString), - $message); + $result = $o->verify(new Net_URL2($returnTo . '?' . $queryString), $message); if ($result->success()) { $status = "Status:SUCCESS!"; @@ -202,7 +199,7 @@ if (isset($_POST['start'])) { $openid = $message->getArrayFormat(); - $email = (isset($openid['openid.ext1.value.email'])) ? $openid['openid.ext1.value.email'] : null; + $email = (isset($openid['openid.ext1.value.email'])) ? $openid['openid.ext1.value.email'] : null; $email = (isset($openid['openid.ext2.value.email']) && !isset($email)) ? $openid['openid.ext2.value.email'] : $email; $email = (isset($openid['openid.sreg.email']) && !isset($email)) ? $openid['openid.sreg.email'] : $email; $email = (isset($openid['openid.ax.value.email']) && !isset($email)) ? $openid['openid.ax.value.email'] : $email; diff --git a/www/delete.php b/www/delete.php index f332028..85f6258 100644 --- a/www/delete.php +++ b/www/delete.php @@ -5,7 +5,7 @@ namespace phorkie; */ require_once 'www-header.php'; if ($GLOBALS['phorkie']['auth']['secure'] > 0) { - require_once 'secure.php'; + include_once 'secure.php'; } $repo = new Repository(); diff --git a/www/display.php b/www/display.php index 2376d30..6f754d9 100644 --- a/www/display.php +++ b/www/display.php @@ -5,7 +5,7 @@ namespace phorkie; */ require_once 'www-header.php'; if ($GLOBALS['phorkie']['auth']['secure'] == 2) { - require_once 'secure.php'; + include_once 'secure.php'; } $repo = new Repository(); diff --git a/www/edit.php b/www/edit.php index db4428b..20e7793 100644 --- a/www/edit.php +++ b/www/edit.php @@ -5,7 +5,7 @@ namespace phorkie; */ require_once 'www-header.php'; if ($GLOBALS['phorkie']['auth']['secure'] > 0) { - require_once 'secure.php'; + include_once 'secure.php'; } $repo = new Repository(); diff --git a/www/forbidden.php b/www/forbidden.php index 1f587a2..3646b0a 100644 --- a/www/forbidden.php +++ b/www/forbidden.php @@ -1,6 +1,6 @@ 0) { - require_once 'secure.php'; + include_once 'secure.php'; } if ($_SERVER['REQUEST_METHOD'] !== 'POST') { @@ -33,4 +33,4 @@ foreach (\glob($new->gitDir . '/hooks/*') as $hookfile) { //FIXME: where to put fork source link? redirect($new->getLink('display')); -?> \ No newline at end of file +?> diff --git a/www/list.php b/www/list.php index 17f46b1..5a394eb 100644 --- a/www/list.php +++ b/www/list.php @@ -5,7 +5,7 @@ namespace phorkie; require_once 'www-header.php'; if ($GLOBALS['phorkie']['auth']['secure'] == 2) { - require_once 'secure.php'; + include_once 'secure.php'; } $rs = new Repositories(); diff --git a/www/new.php b/www/new.php index 8d1a231..0675b4d 100644 --- a/www/new.php +++ b/www/new.php @@ -12,7 +12,7 @@ namespace phorkie; */ require_once 'www-header.php'; if ($GLOBALS['phorkie']['auth']['secure'] > 0) { - require_once 'secure.php'; + include_once 'secure.php'; } $repopo = new Repository_Post(); diff --git a/www/raw.php b/www/raw.php index 67a21ee..6b20633 100644 --- a/www/raw.php +++ b/www/raw.php @@ -5,7 +5,7 @@ namespace phorkie; require_once 'www-header.php'; if ($GLOBALS['phorkie']['auth']['secure'] == 2) { - require_once 'secure.php'; + include_once 'secure.php'; } $repo = new Repository(); $repo->loadFromRequest(); diff --git a/www/user.php b/www/user.php index 1cc8aeb..fd851c4 100644 --- a/www/user.php +++ b/www/user.php @@ -5,7 +5,7 @@ namespace phorkie; require_once 'www-header.php'; if (!isset($_SESSION['identity'])) { - require_once 'secure.php'; + include_once 'secure.php'; } if (isset($_POST['name'])) { diff --git a/www/www-header.php b/www/www-header.php index 5785a3e..64dca11 100644 --- a/www/www-header.php +++ b/www/www-header.php @@ -50,8 +50,12 @@ if ($GLOBALS['phorkie']['cfg']['setupcheck']) { // Set/Get git commit session variables $_SESSION['ipaddr'] = $_SERVER['REMOTE_ADDR']; -if (!isset($_SESSION['name'])) { $_SESSION['name'] = $GLOBALS['phorkie']['auth']['anonymousName']; } -if (!isset($_SESSION['email'])) { $_SESSION['email'] = $GLOBALS['phorkie']['auth']['anonymousEmail']; } +if (!isset($_SESSION['name'])) { + $_SESSION['name'] = $GLOBALS['phorkie']['auth']['anonymousName']; +} +if (!isset($_SESSION['email'])) { + $_SESSION['email'] = $GLOBALS['phorkie']['auth']['anonymousEmail']; +} \Twig_Autoloader::register(); -- cgit v1.2.3 From b8b5759174c0734d6682502b4e1830334dd0df13 Mon Sep 17 00:00:00 2001 From: "Justin J. Novack" Date: Mon, 17 Sep 2012 15:20:48 -0400 Subject: FIX: Removed forbidden page, added to secure.php --- README.rst | 3 --- www/.htaccess | 1 - www/forbidden.php | 15 --------------- www/secure.php | 10 ++++++++-- 4 files changed, 8 insertions(+), 21 deletions(-) delete mode 100644 www/forbidden.php diff --git a/README.rst b/README.rst index 56bef95..0b40b39 100644 --- a/README.rst +++ b/README.rst @@ -194,8 +194,6 @@ URLs Login page for protecting site ``/auth`` Authentication callback url -``/forbidden`` - Access denied page ``/user`` Edit logged-in user information @@ -239,6 +237,5 @@ If you use nginx, place the following lines into your ``server`` block: rewrite ^/login$ /login.php; rewrite ^/auth$ /auth.php; - rewrite ^/forbidden$ /forbidden.php; rewrite ^/user$ /user.php; } diff --git a/www/.htaccess b/www/.htaccess index 4c52627..f6c3720 100644 --- a/www/.htaccess +++ b/www/.htaccess @@ -23,5 +23,4 @@ RewriteRule ^search/([0-9]+)$ /search.php?page=$1 RewriteRule ^auth$ /auth.php RewriteRule ^login$ /login.php -RewriteRule ^forbidden$ /forbidden.php RewriteRule ^user$ /user.php diff --git a/www/forbidden.php b/www/forbidden.php deleted file mode 100644 index 3646b0a..0000000 --- a/www/forbidden.php +++ /dev/null @@ -1,15 +0,0 @@ - $db->getSearch()->listAll(0, 5, 'crdate', 'desc'), - ) -); -?> diff --git a/www/secure.php b/www/secure.php index 4b81d59..e614087 100644 --- a/www/secure.php +++ b/www/secure.php @@ -12,8 +12,14 @@ if (!isset($_SESSION['identity'])) { if ($GLOBALS['phorkie']['auth']['secure'] > 0 && $GLOBALS['phorkie']['auth']['userlist']) { if (!in_array($_SESSION['identity'], $GLOBALS['phorkie']['users'])) { - $redirect = 'http://' . $_SERVER['HTTP_HOST'] . "/forbidden"; - header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL)); + header('HTTP/1.1 403 Forbidden'); + $db = new Database(); + render( + 'forbidden', + array( + 'recents' => $db->getSearch()->listAll(0, 5, 'crdate', 'desc'), + ) + ); exit; } } -- cgit v1.2.3 From 13989a4e7cb4453225762dab6b5e5a7565b43df8 Mon Sep 17 00:00:00 2001 From: "Justin J. Novack" Date: Mon, 17 Sep 2012 15:30:15 -0400 Subject: FIX: login - sreg/ax default, identifier renamed to openid_url --- data/templates/login.htm | 6 +++--- www/auth.php | 46 +++++++++++++++++++++------------------------- www/css/openid.css | 2 +- www/www-header.php | 5 ++++- 4 files changed, 29 insertions(+), 30 deletions(-) diff --git a/data/templates/login.htm b/data/templates/login.htm index 154994a..7e724b0 100644 --- a/data/templates/login.htm +++ b/data/templates/login.htm @@ -15,12 +15,12 @@

Please choose your account provider

- - + +

or enter your OpenID URL.

- +

diff --git a/www/auth.php b/www/auth.php index 1cafd59..29d7b37 100644 --- a/www/auth.php +++ b/www/auth.php @@ -41,16 +41,16 @@ if (!count($_POST) && isset($_GET['start'])) { $_POST = $_GET; } -if (isset($_POST['identifier'])) { - $identifier = $_POST['identifier']; -} else if (isset($_SESSION['identifier'])) { - $identifier = $_SESSION['identifier']; +if (isset($_POST['openid_url'])) { + $openid_url = $_POST['openid_url']; +} else if (isset($_SESSION['openid_url'])) { + $openid_url = $_SESSION['openid_url']; } else { - $identifier = null; + $openid_url = null; } try { - $o = new OpenID_RelyingParty($returnTo, $realm, $identifier); + $o = new OpenID_RelyingParty($returnTo, $realm, $openid_url); } catch (OpenID_Exception $e) { $contents = "

\n"; $contents .= "

" . $e->getMessage() . "

\n"; @@ -69,7 +69,7 @@ OpenID::attach($log); if (isset($_POST['start'])) { - $_SESSION['identifier'] = $identifier; + $_SESSION['openid_url'] = $openid_url; try { $authRequest = $o->prepare(); } catch (OpenID_Exception $e) { @@ -86,23 +86,19 @@ if (isset($_POST['start'])) { } // SREG - if (!empty($_POST['sreg'])) { - $sreg = new OpenID_Extension_SREG11(OpenID_Extension::REQUEST); - $sreg->set('required', 'email,firstname,lastname,nickname'); - $sreg->set('optional', 'gender,dob'); - $authRequest->addExtension($sreg); - } + $sreg = new OpenID_Extension_SREG11(OpenID_Extension::REQUEST); + $sreg->set('required', 'email,firstname,lastname,nickname'); + $sreg->set('optional', 'gender,dob'); + $authRequest->addExtension($sreg); // AX - if (!empty($_POST['ax'])) { - $ax = new OpenID_Extension_AX(OpenID_Extension::REQUEST); - $ax->set('type.email', 'http://axschema.org/contact/email'); - $ax->set('type.firstname', 'http://axschema.org/namePerson/first'); - $ax->set('type.lastname', 'http://axschema.org/namePerson/last'); - $ax->set('mode', 'fetch_request'); - $ax->set('required', 'email,firstname,lastname'); - $authRequest->addExtension($ax); - } + $ax = new OpenID_Extension_AX(OpenID_Extension::REQUEST); + $ax->set('type.email', 'http://axschema.org/contact/email'); + $ax->set('type.firstname', 'http://axschema.org/namePerson/first'); + $ax->set('type.lastname', 'http://axschema.org/namePerson/last'); + $ax->set('mode', 'fetch_request'); + $ax->set('required', 'email,firstname,lastname'); + $authRequest->addExtension($ax); // UI if (!empty($_POST['ui'])) { @@ -136,9 +132,9 @@ if (isset($_POST['start'])) { } } else { - if (isset($_SESSION['identifier'])) { - $usid = $_SESSION['identifier']; - unset($_SESSION['identifier']); + if (isset($_SESSION['openid_url'])) { + $usid = $_SESSION['openid_url']; + unset($_SESSION['openid_url']); } else { $usid = null; } diff --git a/www/css/openid.css b/www/css/openid.css index 38988a7..296618b 100644 --- a/www/css/openid.css +++ b/www/css/openid.css @@ -25,7 +25,7 @@ body { background-color: #FFFCC9; float: left; } -#identifier { +#openid_url { margin: 0px !important; width: 250px; background: #FFF url(/images/openid-inputicon.gif) no-repeat scroll 0 50%; diff --git a/www/www-header.php b/www/www-header.php index 64dca11..96cd481 100644 --- a/www/www-header.php +++ b/www/www-header.php @@ -1,6 +1,9 @@ Date: Mon, 17 Sep 2012 15:50:56 -0400 Subject: FIX: Combine auth.php to login.php --- README.rst | 3 - data/templates/login.htm | 6 +- src/openid/config.php | 2 +- www/.htaccess | 1 - www/auth.php | 216 ---------------------------------------------- www/login.php | 217 +++++++++++++++++++++++++++++++++++++++++++++-- 6 files changed, 216 insertions(+), 229 deletions(-) delete mode 100644 www/auth.php diff --git a/README.rst b/README.rst index 0b40b39..b92804a 100644 --- a/README.rst +++ b/README.rst @@ -192,8 +192,6 @@ URLs Shows form for new paste ``/login`` Login page for protecting site -``/auth`` - Authentication callback url ``/user`` Edit logged-in user information @@ -236,6 +234,5 @@ If you use nginx, place the following lines into your ``server`` block: rewrite ^/search/([0-9]+)$ /search.php?page=$1; rewrite ^/login$ /login.php; - rewrite ^/auth$ /auth.php; rewrite ^/user$ /user.php; } diff --git a/data/templates/login.htm b/data/templates/login.htm index 7e724b0..418432e 100644 --- a/data/templates/login.htm +++ b/data/templates/login.htm @@ -5,7 +5,7 @@ -

+ @@ -15,8 +15,8 @@

Please choose your account provider

- - + +

or enter your OpenID URL.

diff --git a/src/openid/config.php b/src/openid/config.php index fdec5e1..76ebc6a 100644 --- a/src/openid/config.php +++ b/src/openid/config.php @@ -41,7 +41,7 @@ $returnTo = $base . dirname($_SERVER['PHP_SELF']); if ($returnTo[strlen($returnTo) - 1] != '/') { $returnTo .= '/'; } -$returnTo .= 'auth'; +$returnTo .= 'login'; // SQL storage example // $storeOptions = array( diff --git a/www/.htaccess b/www/.htaccess index f6c3720..1f03fac 100644 --- a/www/.htaccess +++ b/www/.htaccess @@ -21,6 +21,5 @@ RewriteRule ^list/([0-9]+)$ /list.php?page=$1 RewriteRule ^search$ /search.php RewriteRule ^search/([0-9]+)$ /search.php?page=$1 -RewriteRule ^auth$ /auth.php RewriteRule ^login$ /login.php RewriteRule ^user$ /user.php diff --git a/www/auth.php b/www/auth.php deleted file mode 100644 index 29d7b37..0000000 --- a/www/auth.php +++ /dev/null @@ -1,216 +0,0 @@ - - * @copyright 2009 Bill Shupp - * @license http://www.opensource.org/licenses/bsd-license.php FreeBSD - * @link http://github.com/shupp/openid - */ - -// A tool for testing Relying Party functionality -set_include_path( - __DIR__ . '/../../src/' - . PATH_SEPARATOR . get_include_path() -); - -require_once 'www-header.php'; -require_once 'openid/config.php'; - - -if (isset($_REQUEST['logout'])) { - unset($_SESSION); - session_destroy(); - $redirect = 'http://' . $_SERVER['HTTP_HOST']; - header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL)); - exit; -} - -if (!count($_GET) && !count($_POST)) { - $redirect = 'http://' . $_SERVER['HTTP_HOST'] . "/login"; - header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL)); - exit; -} - -// Hackaround Non-Javascript Login Page -if (!count($_POST) && isset($_GET['start'])) { - $_POST = $_GET; -} - -if (isset($_POST['openid_url'])) { - $openid_url = $_POST['openid_url']; -} else if (isset($_SESSION['openid_url'])) { - $openid_url = $_SESSION['openid_url']; -} else { - $openid_url = null; -} - -try { - $o = new OpenID_RelyingParty($returnTo, $realm, $openid_url); -} catch (OpenID_Exception $e) { - $contents = "

\n"; - $contents .= "

" . $e->getMessage() . "

\n"; - $contents .= "

"; - include_once 'openid/wrapper.php'; - exit; -} - -if (!empty($_POST['disable_associations']) || !empty($_SESSION['disable_associations'])) { - $o->disableAssociations(); - $_SESSION['disable_associations'] = true; -} - -$log = new OpenID_Observer_Log; -OpenID::attach($log); - -if (isset($_POST['start'])) { - - $_SESSION['openid_url'] = $openid_url; - try { - $authRequest = $o->prepare(); - } catch (OpenID_Exception $e) { - $contents = "

\n"; - $contents .= "

" . $e->getMessage() . "

\n"; - $contents .= "

"; - include_once 'openid/wrapper.php'; - exit; - } - - // checkid_immediate - if (!empty($_POST['checkid_immediate'])) { - $authRequest->setMode('checkid_immediate'); - } - - // SREG - $sreg = new OpenID_Extension_SREG11(OpenID_Extension::REQUEST); - $sreg->set('required', 'email,firstname,lastname,nickname'); - $sreg->set('optional', 'gender,dob'); - $authRequest->addExtension($sreg); - - // AX - $ax = new OpenID_Extension_AX(OpenID_Extension::REQUEST); - $ax->set('type.email', 'http://axschema.org/contact/email'); - $ax->set('type.firstname', 'http://axschema.org/namePerson/first'); - $ax->set('type.lastname', 'http://axschema.org/namePerson/last'); - $ax->set('mode', 'fetch_request'); - $ax->set('required', 'email,firstname,lastname'); - $authRequest->addExtension($ax); - - // UI - if (!empty($_POST['ui'])) { - $ui = new OpenID_Extension_UI(OpenID_Extension::REQUEST); - $ui->set('mode', 'popup'); - $ui->set('language', 'en-US'); - $authRequest->addExtension($ui); - } - - // OAuth - if (!empty($_POST['oauth'])) { - $oauth = new OpenID_Extension_OAuth(OpenID_Extension::REQUEST); - $oauth->set('consumer', $_POST['oauth_consumer_key']); - $_SESSION['OAuth_consumer_key'] = $_POST['oauth_consumer_key']; - $_SESSION['OAuth_consumer_secret'] = $_POST['oauth_consumer_secret']; - - $oauth->set('scope', $_POST['oauth_scope']); - $_SESSION['OAuth_scope'] = $_POST['oauth_scope']; - - $_SESSION['OAuth_access_token_url'] = $_POST['oauth_access_token_url']; - $_SESSION['OAuth_access_token_method'] = $_POST['oauth_access_token_method']; - - $authRequest->addExtension($oauth); - } - - $url = $authRequest->getAuthorizeURL(); - - if (empty($_POST['debug'])) { - header("Location: $url"); - exit; - } - -} else { - if (isset($_SESSION['openid_url'])) { - $usid = $_SESSION['openid_url']; - unset($_SESSION['openid_url']); - } else { - $usid = null; - } - - unset($_SESSION['disable_associations']); - - if (!count($_POST)) { - list(, $queryString) = explode('?', $_SERVER['REQUEST_URI']); - } else { - // I hate php sometimes - $queryString = file_get_contents('php://input'); - } - - $message = new OpenID_Message($queryString, OpenID_Message::FORMAT_HTTP); - $id = $message->get('openid.claimed_id'); - $mode = $message->get('openid.mode'); - - try { - $result = $o->verify(new Net_URL2($returnTo . '?' . $queryString), $message); - - if ($result->success()) { - $status = "Status:SUCCESS!"; - $status .= " ({$result->getAssertionMethod()})"; - } else { - $status = "Status:FAIL!"; - $status .= " ({$result->getAssertionMethod()})"; - } - } catch (OpenID_Exception $e) { - $status = "Status:EXCEPTION!"; - $status .= " ({$e->getMessage()} : {$e->getCode()})"; - } - - // OAuth hyprid fetching access token - if (isset($_SESSION['OAuth_consumer_key'], - $_SESSION['OAuth_consumer_secret'], - $_SESSION['OAuth_access_token_url'], - $_SESSION['OAuth_access_token_method'])) { - - try { - $oauth = new OpenID_Extension_OAuth(OpenID_Extension::RESPONSE, - $message); - - // Fix line lengths. - $consumerKey = $_SESSION['OAuth_consumer_key']; - $consumerSecret = $_SESSION['OAuth_consumer_key']; - $tokenURL = $_SESSION['OAuth_access_token_url']; - $tokenMethod = $_SESSION['OAuth_access_token_method']; - - $oauthData = $oauth->getAccessToken($consumerKey, - $consumerSecret, - $tokenURL, - array(), - $tokenMethod); - - } catch (Exception $e) { - } - } - - $openid = $message->getArrayFormat(); - - $email = (isset($openid['openid.ext1.value.email'])) ? $openid['openid.ext1.value.email'] : null; - $email = (isset($openid['openid.ext2.value.email']) && !isset($email)) ? $openid['openid.ext2.value.email'] : $email; - $email = (isset($openid['openid.sreg.email']) && !isset($email)) ? $openid['openid.sreg.email'] : $email; - $email = (isset($openid['openid.ax.value.email']) && !isset($email)) ? $openid['openid.ax.value.email'] : $email; - $_SESSION['email'] = (isset($email)) ? $email : $GLOBALS['phorkie']['auth']['anonymousEmail']; - - $name = (isset($openid['openid.ext1.value.firstname']) && isset($openid['openid.ext1.value.lastname'])) ? $openid['openid.ext1.value.firstname']." ".$openid['openid.ext1.value.lastname'] : null; - $name = (isset($openid['openid.sreg.firstname']) && isset($openid['openid.sreg.lastname']) && !isset($name)) ? $openid['openid.sreg.firstname']." ".$openid['openid.sreg.lastname'] : $name; - $name = (isset($openid['openid.sreg.nickname']) && !isset($name)) ? $openid['openid.sreg.nickname'] : $name; - $_SESSION['name'] = (isset($name)) ? $name : $_SERVER['REMOTE_ADDR']; - - $_SESSION['identity'] = $openid['openid.identity']; - - $redirect = 'http://' . $_SERVER['HTTP_HOST'] . $_SESSION['REQUEST_URI']; - header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL)); - exit; -} - -?> diff --git a/www/login.php b/www/login.php index 87c34f4..00d1877 100644 --- a/www/login.php +++ b/www/login.php @@ -1,11 +1,218 @@ + * @copyright 2009 Bill Shupp + * @license http://www.opensource.org/licenses/bsd-license.php FreeBSD + * @link http://github.com/shupp/openid */ namespace phorkie; -require_once 'www-header.php'; -render( - 'login', - null +// A tool for testing Relying Party functionality +set_include_path( + __DIR__ . '/../../src/' + . PATH_SEPARATOR . get_include_path() ); + +require_once 'www-header.php'; +require_once 'openid/config.php'; + + +if (isset($_REQUEST['logout'])) { + unset($_SESSION); + session_destroy(); + $redirect = 'http://' . $_SERVER['HTTP_HOST']; + header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL)); + exit; +} + +if (!count($_GET) && !count($_POST)) { + render( + 'login', + null + ); + exit; +} + +// Hackaround Non-Javascript Login Page +if (!count($_POST) && isset($_GET['start'])) { + $_POST = $_GET; +} + +if (isset($_POST['openid_url'])) { + $openid_url = $_POST['openid_url']; +} else if (isset($_SESSION['openid_url'])) { + $openid_url = $_SESSION['openid_url']; +} else { + $openid_url = null; +} + +try { + $o = new OpenID_RelyingParty($returnTo, $realm, $openid_url); +} catch (OpenID_Exception $e) { + $contents = "

\n"; + $contents .= "

" . $e->getMessage() . "

\n"; + $contents .= "

"; + include_once 'openid/wrapper.php'; + exit; +} + +if (!empty($_POST['disable_associations']) || !empty($_SESSION['disable_associations'])) { + $o->disableAssociations(); + $_SESSION['disable_associations'] = true; +} + +$log = new OpenID_Observer_Log; +OpenID::attach($log); + +if (isset($_POST['start'])) { + + $_SESSION['openid_url'] = $openid_url; + try { + $authRequest = $o->prepare(); + } catch (OpenID_Exception $e) { + $contents = "

\n"; + $contents .= "

" . $e->getMessage() . "

\n"; + $contents .= "

"; + include_once 'openid/wrapper.php'; + exit; + } + + // checkid_immediate + if (!empty($_POST['checkid_immediate'])) { + $authRequest->setMode('checkid_immediate'); + } + + // SREG + $sreg = new OpenID_Extension_SREG11(OpenID_Extension::REQUEST); + $sreg->set('required', 'email,firstname,lastname,nickname'); + $sreg->set('optional', 'gender,dob'); + $authRequest->addExtension($sreg); + + // AX + $ax = new OpenID_Extension_AX(OpenID_Extension::REQUEST); + $ax->set('type.email', 'http://axschema.org/contact/email'); + $ax->set('type.firstname', 'http://axschema.org/namePerson/first'); + $ax->set('type.lastname', 'http://axschema.org/namePerson/last'); + $ax->set('mode', 'fetch_request'); + $ax->set('required', 'email,firstname,lastname'); + $authRequest->addExtension($ax); + + // UI + if (!empty($_POST['ui'])) { + $ui = new OpenID_Extension_UI(OpenID_Extension::REQUEST); + $ui->set('mode', 'popup'); + $ui->set('language', 'en-US'); + $authRequest->addExtension($ui); + } + + // OAuth + if (!empty($_POST['oauth'])) { + $oauth = new OpenID_Extension_OAuth(OpenID_Extension::REQUEST); + $oauth->set('consumer', $_POST['oauth_consumer_key']); + $_SESSION['OAuth_consumer_key'] = $_POST['oauth_consumer_key']; + $_SESSION['OAuth_consumer_secret'] = $_POST['oauth_consumer_secret']; + + $oauth->set('scope', $_POST['oauth_scope']); + $_SESSION['OAuth_scope'] = $_POST['oauth_scope']; + + $_SESSION['OAuth_access_token_url'] = $_POST['oauth_access_token_url']; + $_SESSION['OAuth_access_token_method'] = $_POST['oauth_access_token_method']; + + $authRequest->addExtension($oauth); + } + + $url = $authRequest->getAuthorizeURL(); + + if (empty($_POST['debug'])) { + header("Location: $url"); + exit; + } + +} else { + if (isset($_SESSION['openid_url'])) { + $usid = $_SESSION['openid_url']; + unset($_SESSION['openid_url']); + } else { + $usid = null; + } + + unset($_SESSION['disable_associations']); + + if (!count($_POST)) { + list(, $queryString) = explode('?', $_SERVER['REQUEST_URI']); + } else { + // I hate php sometimes + $queryString = file_get_contents('php://input'); + } + + $message = new OpenID_Message($queryString, OpenID_Message::FORMAT_HTTP); + $id = $message->get('openid.claimed_id'); + $mode = $message->get('openid.mode'); + + try { + $result = $o->verify(new Net_URL2($returnTo . '?' . $queryString), $message); + + if ($result->success()) { + $status = "Status:SUCCESS!"; + $status .= " ({$result->getAssertionMethod()})"; + } else { + $status = "Status:FAIL!"; + $status .= " ({$result->getAssertionMethod()})"; + } + } catch (OpenID_Exception $e) { + $status = "Status:EXCEPTION!"; + $status .= " ({$e->getMessage()} : {$e->getCode()})"; + } + + // OAuth hyprid fetching access token + if (isset($_SESSION['OAuth_consumer_key'], + $_SESSION['OAuth_consumer_secret'], + $_SESSION['OAuth_access_token_url'], + $_SESSION['OAuth_access_token_method'])) { + + try { + $oauth = new OpenID_Extension_OAuth(OpenID_Extension::RESPONSE, + $message); + + // Fix line lengths. + $consumerKey = $_SESSION['OAuth_consumer_key']; + $consumerSecret = $_SESSION['OAuth_consumer_key']; + $tokenURL = $_SESSION['OAuth_access_token_url']; + $tokenMethod = $_SESSION['OAuth_access_token_method']; + + $oauthData = $oauth->getAccessToken($consumerKey, + $consumerSecret, + $tokenURL, + array(), + $tokenMethod); + + } catch (Exception $e) { + } + } + + $openid = $message->getArrayFormat(); + + $email = (isset($openid['openid.ext1.value.email'])) ? $openid['openid.ext1.value.email'] : null; + $email = (isset($openid['openid.ext2.value.email']) && !isset($email)) ? $openid['openid.ext2.value.email'] : $email; + $email = (isset($openid['openid.sreg.email']) && !isset($email)) ? $openid['openid.sreg.email'] : $email; + $email = (isset($openid['openid.ax.value.email']) && !isset($email)) ? $openid['openid.ax.value.email'] : $email; + $_SESSION['email'] = (isset($email)) ? $email : $GLOBALS['phorkie']['auth']['anonymousEmail']; + + $name = (isset($openid['openid.ext1.value.firstname']) && isset($openid['openid.ext1.value.lastname'])) ? $openid['openid.ext1.value.firstname']." ".$openid['openid.ext1.value.lastname'] : null; + $name = (isset($openid['openid.sreg.firstname']) && isset($openid['openid.sreg.lastname']) && !isset($name)) ? $openid['openid.sreg.firstname']." ".$openid['openid.sreg.lastname'] : $name; + $name = (isset($openid['openid.sreg.nickname']) && !isset($name)) ? $openid['openid.sreg.nickname'] : $name; + $_SESSION['name'] = (isset($name)) ? $name : $_SERVER['REMOTE_ADDR']; + + $_SESSION['identity'] = $openid['openid.identity']; + + $redirect = 'http://' . $_SERVER['HTTP_HOST'] . $_SESSION['REQUEST_URI']; + header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL)); + exit; +} + ?> -- cgit v1.2.3 From 740ce67c8db40367f83248653309e69f1866b288 Mon Sep 17 00:00:00 2001 From: "Justin J. Novack" Date: Mon, 17 Sep 2012 15:51:20 -0400 Subject: FIX: URL for access_denied image --- data/templates/forbidden.htm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/templates/forbidden.htm b/data/templates/forbidden.htm index e6965dd..d7d3b61 100644 --- a/data/templates/forbidden.htm +++ b/data/templates/forbidden.htm @@ -5,7 +5,7 @@

Access Denied -

We're sorry, your identity is not authorized:

{{ identity }}

If you feel this message is in error, please notify the site admin -- cgit v1.2.3 From ac41dd93568256fe5f2cd75530e30bc9b7e1668d Mon Sep 17 00:00:00 2001 From: "Justin J. Novack" Date: Mon, 17 Sep 2012 16:09:48 -0400 Subject: FIX: logout url --- data/templates/base.htm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/templates/base.htm b/data/templates/base.htm index ec2b746..5681f80 100644 --- a/data/templates/base.htm +++ b/data/templates/base.htm @@ -30,7 +30,7 @@ {{name}} ({{email}})

Access Denied

+ We're sorry; but you are not allowed to access this page. +

+ You may log in if you want. +

Recently created

- {% for repo in recents.repos %} - {% include 'repo-sidebar-list.htm' %} - {% endfor %} -

Date: Mon, 17 Sep 2012 23:05:41 +0200 Subject: request full name from OpenID provider (sreg) --- www/login.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/www/login.php b/www/login.php index b8cb512..1feb3ce 100644 --- a/www/login.php +++ b/www/login.php @@ -90,8 +90,7 @@ if (isset($_POST['start'])) { // SREG $sreg = new \OpenID_Extension_SREG11(\OpenID_Extension::REQUEST); - $sreg->set('required', 'email,firstname,lastname,nickname'); - $sreg->set('optional', 'gender,dob'); + $sreg->set('required', 'email,fullname'); $authRequest->addExtension($sreg); // AX @@ -205,8 +204,7 @@ if (isset($_POST['start'])) { $_SESSION['email'] = (isset($email)) ? $email : $GLOBALS['phorkie']['auth']['anonymousEmail']; $name = (isset($openid['openid.ext1.value.firstname']) && isset($openid['openid.ext1.value.lastname'])) ? $openid['openid.ext1.value.firstname']." ".$openid['openid.ext1.value.lastname'] : null; - $name = (isset($openid['openid.sreg.firstname']) && isset($openid['openid.sreg.lastname']) && !isset($name)) ? $openid['openid.sreg.firstname']." ".$openid['openid.sreg.lastname'] : $name; - $name = (isset($openid['openid.sreg.nickname']) && !isset($name)) ? $openid['openid.sreg.nickname'] : $name; + $name = (isset($openid['openid.sreg.fullname']) && !isset($name)) ? $openid['openid.sreg.fullname'] : $name; $_SESSION['name'] = (isset($name)) ? $name : $_SERVER['REMOTE_ADDR']; $_SESSION['identity'] = $openid['openid.identity']; -- cgit v1.2.3 From 2017065c9b89d4f435e86d03d28c219edcdf5bf9 Mon Sep 17 00:00:00 2001 From: Christian Weiske Date: Mon, 17 Sep 2012 23:13:38 +0200 Subject: reformat attribute reading --- www/login.php | 36 ++++++++++++++++++++++++++---------- 1 file changed, 26 insertions(+), 10 deletions(-) diff --git a/www/login.php b/www/login.php index 1feb3ce..e4438a4 100644 --- a/www/login.php +++ b/www/login.php @@ -197,16 +197,32 @@ if (isset($_POST['start'])) { $openid = $message->getArrayFormat(); - $email = (isset($openid['openid.ext1.value.email'])) ? $openid['openid.ext1.value.email'] : null; - $email = (isset($openid['openid.ext2.value.email']) && !isset($email)) ? $openid['openid.ext2.value.email'] : $email; - $email = (isset($openid['openid.sreg.email']) && !isset($email)) ? $openid['openid.sreg.email'] : $email; - $email = (isset($openid['openid.ax.value.email']) && !isset($email)) ? $openid['openid.ax.value.email'] : $email; - $_SESSION['email'] = (isset($email)) ? $email : $GLOBALS['phorkie']['auth']['anonymousEmail']; - - $name = (isset($openid['openid.ext1.value.firstname']) && isset($openid['openid.ext1.value.lastname'])) ? $openid['openid.ext1.value.firstname']." ".$openid['openid.ext1.value.lastname'] : null; - $name = (isset($openid['openid.sreg.fullname']) && !isset($name)) ? $openid['openid.sreg.fullname'] : $name; - $_SESSION['name'] = (isset($name)) ? $name : $_SERVER['REMOTE_ADDR']; - + $email = isset($openid['openid.ext1.value.email']) + ? $openid['openid.ext1.value.email'] + : null; + $email = isset($openid['openid.ext2.value.email']) && !isset($email) + ? $openid['openid.ext2.value.email'] + : $email; + $email = isset($openid['openid.sreg.email']) && !isset($email) + ? $openid['openid.sreg.email'] + : $email; + $email = isset($openid['openid.ax.value.email']) && !isset($email) + ? $openid['openid.ax.value.email'] + : $email; + $_SESSION['email'] = isset($email) + ? $email + : $GLOBALS['phorkie']['auth']['anonymousEmail']; + + $name = isset($openid['openid.ext1.value.firstname']) + && isset($openid['openid.ext1.value.lastname']) + ? $openid['openid.ext1.value.firstname'] . ' ' + . $openid['openid.ext1.value.lastname'] + : null; + $name = isset($openid['openid.sreg.fullname']) && !isset($name) + ? $openid['openid.sreg.fullname'] + : $name; + + $_SESSION['name'] = isset($name) ? $name : $_SERVER['REMOTE_ADDR']; $_SESSION['identity'] = $openid['openid.identity']; $redirect = 'http://' . $_SERVER['HTTP_HOST'] . $_SESSION['REQUEST_URI']; -- cgit v1.2.3 From ec100647ebe4c913ec261fddcab5004114fb5a66 Mon Sep 17 00:00:00 2001 From: Christian Weiske Date: Mon, 17 Sep 2012 23:15:35 +0200 Subject: fix html validation problems --- data/templates/login.htm | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/data/templates/login.htm b/data/templates/login.htm index 418432e..b02503f 100644 --- a/data/templates/login.htm +++ b/data/templates/login.htm @@ -15,13 +15,13 @@

Please choose your account provider

- - + +

or enter your OpenID URL.

- - + +

-- cgit v1.2.3 From d7f8ad629a9090c2a0380f44a04049a0804cbf61 Mon Sep 17 00:00:00 2001 From: Christian Weiske Date: Mon, 17 Sep 2012 23:17:03 +0200 Subject: fix another validation error --- data/templates/base.htm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/templates/base.htm b/data/templates/base.htm index 5681f80..e503369 100644 --- a/data/templates/base.htm +++ b/data/templates/base.htm @@ -61,7 +61,7 @@ phorkie, the self-hosted, git-based pastebin software is available under the - AGPL. + AGPL.

Access Denied

- We're sorry; but you are not allowed to access this page. + You are logged in with the following OpenID:

- You may log in if you want. + {{identity}}

+ Unfortunately, your OpenID is not unlocked. + Contact the site administrator to get access. +

+ We're sorry; but you have to log in to access this page. +

Date: Mon, 17 Sep 2012 23:48:19 +0200 Subject: allow people to logout and login in secure mode --- www/login.php | 1 + www/www-header.php | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/www/login.php b/www/login.php index 6a13fa2..150cf25 100644 --- a/www/login.php +++ b/www/login.php @@ -1,6 +1,7 @@ addExtension(new \Twig_Extension_Debug()); -require __DIR__ . '/www-security.php'; +if (!isset($noSecurityCheck) || $noSecurityCheck !== true) { + require __DIR__ . '/www-security.php'; +} function render($tplname, $vars = array()) { -- cgit v1.2.3 From e280bcc8d00257607f2626f85afd01eec50831b3 Mon Sep 17 00:00:00 2001 From: Christian Weiske Date: Mon, 17 Sep 2012 23:53:33 +0200 Subject: send 403 header on forbidden page --- www/forbidden.php | 1 + 1 file changed, 1 insertion(+) diff --git a/www/forbidden.php b/www/forbidden.php index 6c44099..f55c4ba 100644 --- a/www/forbidden.php +++ b/www/forbidden.php @@ -4,6 +4,7 @@ namespace phorkie; * Show an access denied error */ +header('HTTP/1.0 403 Forbidden'); render( 'forbidden', array( -- cgit v1.2.3 From 82d22f5e2176392ca2389df0e47a29092cf38089 Mon Sep 17 00:00:00 2001 From: Christian Weiske Date: Mon, 17 Sep 2012 23:57:14 +0200 Subject: remove session id check, it was not working the way I hoped for --- www/www-header.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/www/www-header.php b/www/www-header.php index ed41503..9aa8732 100644 --- a/www/www-header.php +++ b/www/www-header.php @@ -1,8 +1,6 @@ Date: Mon, 17 Sep 2012 21:11:58 -0400 Subject: FIX: Revamped security measures --- www/delete.php | 1 + www/display.php | 2 +- www/doap.php | 2 +- www/edit.php | 2 +- www/fork.php | 1 + www/list.php | 2 +- www/login.php | 1 - www/new.php | 2 +- www/raw.php | 2 +- www/revision.php | 2 +- www/search.php | 2 +- www/www-security.php | 24 ++++++++++++++++-------- 12 files changed, 26 insertions(+), 17 deletions(-) diff --git a/www/delete.php b/www/delete.php index 6d68ae4..e4ee5e7 100644 --- a/www/delete.php +++ b/www/delete.php @@ -3,6 +3,7 @@ namespace phorkie; /** * Delete paste or ask for deletion */ +$pageRequiresLogin = '1'; require_once 'www-header.php'; $repo = new Repository(); diff --git a/www/display.php b/www/display.php index 534a119..94b2ef9 100644 --- a/www/display.php +++ b/www/display.php @@ -3,7 +3,7 @@ namespace phorkie; /** * Display paste contents */ -$pageRequiresLogin = false; +$pageRequiresLogin = '0'; require_once 'www-header.php'; $repo = new Repository(); diff --git a/www/doap.php b/www/doap.php index f374dba..cc61845 100644 --- a/www/doap.php +++ b/www/doap.php @@ -4,7 +4,7 @@ namespace phorkie; * Display DOAP of the paste. * Contains a machine-readable project description with Git URL. */ -$pageRequiresLogin = false; +$pageRequiresLogin = '0'; require_once 'www-header.php'; $repo = new Repository(); diff --git a/www/edit.php b/www/edit.php index 897aada..b925f0b 100644 --- a/www/edit.php +++ b/www/edit.php @@ -3,8 +3,8 @@ namespace phorkie; /** * Edit paste contents */ +$pageRequiresLogin = '1'; require_once 'www-header.php'; - $repo = new Repository(); $repo->loadFromRequest(); diff --git a/www/fork.php b/www/fork.php index 3d1c4b7..2832fe4 100644 --- a/www/fork.php +++ b/www/fork.php @@ -3,6 +3,7 @@ * Fork a repository */ namespace phorkie; +$pageRequiresLogin = '1'; require_once 'www-header.php'; if ($_SERVER['REQUEST_METHOD'] !== 'POST') { diff --git a/www/list.php b/www/list.php index 721d20c..cc8aa87 100644 --- a/www/list.php +++ b/www/list.php @@ -3,7 +3,7 @@ * List a repository */ namespace phorkie; -$pageRequiresLogin = false; +$pageRequiresLogin = '0'; require_once 'www-header.php'; $rs = new Repositories(); diff --git a/www/login.php b/www/login.php index 150cf25..a2cf97c 100644 --- a/www/login.php +++ b/www/login.php @@ -1,6 +1,5 @@ error - require 'forbidden.php'; -} else if (isset($pageRequiresLogin) && !$pageRequiresLogin) { +if ($pageRequiresLogin >= $GLOBALS['phorkie']['auth']['secure']) { + if ($logged_in) { + return; + } +} else { return; } +// p / G / log_in = disp +// 0 / 1 / true = return +// 0 / 1 / false = block +// 0 / 2 / true = return +// 0 / 2 / false = return +// 1 / 1 / true = return +// 1 / 1 / false = block +// 1 / 2 / true = return +// 1 / 2 / false = block + require 'forbidden.php'; -?> \ No newline at end of file +?> -- cgit v1.2.3 From 29abc10fb620c14f0ccfcd4ca220e0186274e93c Mon Sep 17 00:00:00 2001 From: "Justin J. Novack" Date: Mon, 17 Sep 2012 21:20:41 -0400 Subject: ADD: Login button when logged out --- data/templates/base.htm | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/data/templates/base.htm b/data/templates/base.htm index e503369..7722105 100644 --- a/data/templates/base.htm +++ b/data/templates/base.htm @@ -32,6 +32,10 @@

Logout

+ {% else %} +

+ Login +

{% endif %} {% if db.adapter %}

-- cgit v1.2.3 From e7c60768692aef84b7d35809eb6cb533d04a651b Mon Sep 17 00:00:00 2001 From: "Justin J. Novack" Date: Mon, 17 Sep 2012 21:21:18 -0400 Subject: FIX: Removed commit message from display --- data/templates/revision-head.htm | 3 --- 1 file changed, 3 deletions(-) diff --git a/data/templates/revision-head.htm b/data/templates/revision-head.htm index a5f7e88..9a60b05 100644 --- a/data/templates/revision-head.htm +++ b/data/templates/revision-head.htm @@ -9,9 +9,6 @@

revision {{repo.hash}}

- message {{repo.message}} -

Access Denied

diff --git a/www/images/access_denied.png b/www/images/access_denied.png deleted file mode 100644 index c13d7b9..0000000 Binary files a/www/images/access_denied.png and /dev/null differ -- cgit v1.2.3 From 3367fca1c9cdeb70c95154f20011b268d4d080a4 Mon Sep 17 00:00:00 2001 From: Christian Weiske Date: Tue, 18 Sep 2012 07:41:31 +0200 Subject: rename "secure" config setting to "securityLevel" --- data/config.default.php | 2 +- www/www-security.php | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/data/config.default.php b/data/config.default.php index da16241..0c9ec69 100644 --- a/data/config.default.php +++ b/data/config.default.php @@ -13,7 +13,7 @@ $GLOBALS['phorkie']['cfg'] = array( 'index' => 'new'//"new" or "list" ); $GLOBALS['phorkie']['auth'] = array( - 'secure' => 0, // 0 = public, no authentication, 1 = protect adds/edits/deletes, 2 = use authentication + 'securityLevel' => 0, // 0 = public, no authentication, 1 = protect adds/edits/deletes, 2 = require authentication 'userlist' => false, // true = user must be explicitly defined, false = anyone allowed, but they must authenticate 'anonymousName' => 'Anonymous', // Email for non-authenticated commits 'anonymousEmail' => 'anonymous@phorkie' // Email for non-authenticated commits diff --git a/www/www-security.php b/www/www-security.php index 9fae87b..e9fdab7 100644 --- a/www/www-security.php +++ b/www/www-security.php @@ -4,12 +4,12 @@ namespace phorkie; * security levels + login requirement: */ -if (!isset($GLOBALS['phorkie']['auth']['secure'])) { +if (!isset($GLOBALS['phorkie']['auth']['securityLevel'])) { //not set? highest level of security - $GLOBALS['phorkie']['auth']['secure'] = 2; + $GLOBALS['phorkie']['auth']['securityLevel'] = 2; } -if ($GLOBALS['phorkie']['auth']['secure'] == 0) { +if ($GLOBALS['phorkie']['auth']['securityLevel'] == 0) { //everyone may do everything return; } @@ -26,7 +26,7 @@ if (!isset($_SESSION['identity'])) { $logged_in = true; } -if ($secureAtLevel >= $GLOBALS['phorkie']['auth']['secure']) { +if ($secureAtLevel >= $GLOBALS['phorkie']['auth']['securityLevel']) { if ($logged_in) { return; } -- cgit v1.2.3 From 8aa0b9bda25f570e591e554bdbece99d5f6458c8 Mon Sep 17 00:00:00 2001 From: Christian Weiske Date: Tue, 18 Sep 2012 07:46:49 +0200 Subject: rename auth configuration variables to make them more readable --- data/config.default.php | 9 ++++++--- data/config.php.dist | 5 ++++- www/www-security.php | 4 ++-- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/data/config.default.php b/data/config.default.php index 0c9ec69..a0270b5 100644 --- a/data/config.default.php +++ b/data/config.default.php @@ -13,10 +13,13 @@ $GLOBALS['phorkie']['cfg'] = array( 'index' => 'new'//"new" or "list" ); $GLOBALS['phorkie']['auth'] = array( - 'securityLevel' => 0, // 0 = public, no authentication, 1 = protect adds/edits/deletes, 2 = require authentication - 'userlist' => false, // true = user must be explicitly defined, false = anyone allowed, but they must authenticate + // 0 = public, no authentication, 1 = protect adds/edits/deletes, + // 2 = require authentication + 'securityLevel' => 0, + 'listedUsersOnly' => false, + 'users' => array(), // Array of OpenIDs that may login 'anonymousName' => 'Anonymous', // Email for non-authenticated commits - 'anonymousEmail' => 'anonymous@phorkie' // Email for non-authenticated commits + 'anonymousEmail' => 'anonymous@phorkie', // Email for non-authenticated commits ); $GLOBALS['phorkie']['tools'] = array( '\\phorkie\\Tool_Xmllint' => true, diff --git a/data/config.php.dist b/data/config.php.dist index e90f704..ced993f 100644 --- a/data/config.php.dist +++ b/data/config.php.dist @@ -5,7 +5,10 @@ //$GLOBALS['phorkie']['cfg']['git']['private'] = 'ssh://git@bogo:paste/'; //$GLOBALS['phorkie']['cfg']['elasticsearch'] = 'http://localhost:9200/phorkie/'; //$GLOBALS['phorkie']['cfg']['setupcheck'] = false; -//$GLOBALS['phorkie']['users'] = array( + +//$GLOBALS['phorkie']['auth']['securityLevel'] = 0; +//$GLOBALS['phorkie']['auth']['listedUsersOnly'] = false; +//$GLOBALS['phorkie']['auth']['users'] = array( // 'https://www.google.com/accounts/o8/id?id=ABCDEFGHIJKLMNOPQRSTUVWXYZ', // 'http://anonymous.phorkie.openid' //); diff --git a/www/www-security.php b/www/www-security.php index e9fdab7..ccbdb97 100644 --- a/www/www-security.php +++ b/www/www-security.php @@ -17,8 +17,8 @@ if ($GLOBALS['phorkie']['auth']['securityLevel'] == 0) { $logged_in = false; if (!isset($_SESSION['identity'])) { //not logged in -} else if ($GLOBALS['phorkie']['auth']['userlist']) { - if (in_array($_SESSION['identity'], $GLOBALS['phorkie']['users'])) { +} else if ($GLOBALS['phorkie']['auth']['listedUsersOnly']) { + if (in_array($_SESSION['identity'], $GLOBALS['phorkie']['auth']['users'])) { $logged_in = true; } } else { -- cgit v1.2.3 From 5b589f6213337eb1c88ed983f54552f2bafefd80 Mon Sep 17 00:00:00 2001 From: "Justin J. Novack" Date: Tue, 18 Sep 2012 06:43:46 -0400 Subject: CLEAN: How about changing the rest of the files with your variable? :p --- www/delete.php | 2 +- www/display.php | 2 +- www/doap.php | 2 +- www/edit.php | 2 +- www/fork.php | 2 +- www/index.php | 2 +- www/list.php | 2 +- www/new.php | 2 +- www/raw.php | 2 +- www/revision.php | 2 +- www/search.php | 2 +- www/user.php | 2 +- www/www-security.php | 2 +- 13 files changed, 13 insertions(+), 13 deletions(-) diff --git a/www/delete.php b/www/delete.php index d9ee251..2271b21 100644 --- a/www/delete.php +++ b/www/delete.php @@ -3,7 +3,7 @@ namespace phorkie; /** * Delete paste or ask for deletion */ -$secureAtLevel = '1'; +$securityLevel = '1'; require_once 'www-header.php'; $repo = new Repository(); diff --git a/www/display.php b/www/display.php index fc93b0d..91a7321 100644 --- a/www/display.php +++ b/www/display.php @@ -3,7 +3,7 @@ namespace phorkie; /** * Display paste contents */ -$secureAtLevel = '0'; +$securityLevel = '0'; require_once 'www-header.php'; $repo = new Repository(); diff --git a/www/doap.php b/www/doap.php index 377030b..e605f15 100644 --- a/www/doap.php +++ b/www/doap.php @@ -4,7 +4,7 @@ namespace phorkie; * Display DOAP of the paste. * Contains a machine-readable project description with Git URL. */ -$secureAtLevel = '0'; +$securityLevel = '0'; require_once 'www-header.php'; $repo = new Repository(); diff --git a/www/edit.php b/www/edit.php index f83dfb3..2525056 100644 --- a/www/edit.php +++ b/www/edit.php @@ -3,7 +3,7 @@ namespace phorkie; /** * Edit paste contents */ -$secureAtLevel = '1'; +$securityLevel = '1'; require_once 'www-header.php'; $repo = new Repository(); $repo->loadFromRequest(); diff --git a/www/fork.php b/www/fork.php index 10bd1e2..0366938 100644 --- a/www/fork.php +++ b/www/fork.php @@ -3,7 +3,7 @@ * Fork a repository */ namespace phorkie; -$secureAtLevel = '1'; +$securityLevel = '1'; require_once 'www-header.php'; if ($_SERVER['REQUEST_METHOD'] !== 'POST') { diff --git a/www/index.php b/www/index.php index 7ff1814..9bbb29f 100644 --- a/www/index.php +++ b/www/index.php @@ -3,7 +3,7 @@ * Jump to the index as per the configuration */ namespace phorkie; -$secureAtLevel = false; +$securityLevel = false; require_once 'www-header.php'; header( diff --git a/www/list.php b/www/list.php index 8252f37..c9cd81a 100644 --- a/www/list.php +++ b/www/list.php @@ -3,7 +3,7 @@ * List a repository */ namespace phorkie; -$secureAtLevel = '0'; +$securityLevel = '0'; require_once 'www-header.php'; $rs = new Repositories(); diff --git a/www/new.php b/www/new.php index e2611c0..10c5ab3 100644 --- a/www/new.php +++ b/www/new.php @@ -10,7 +10,7 @@ namespace phorkie; * * Creates and redirects to display page */ -$secureAtLevel = '1'; +$securityLevel = '1'; require_once 'www-header.php'; $repopo = new Repository_Post(); diff --git a/www/raw.php b/www/raw.php index 612a6b8..8e60241 100644 --- a/www/raw.php +++ b/www/raw.php @@ -3,7 +3,7 @@ namespace phorkie; /** * Displays a file */ -$secureAtLevel = '0'; +$securityLevel = '0'; require_once 'www-header.php'; $repo = new Repository(); diff --git a/www/revision.php b/www/revision.php index 513ca67..8c0bf6b 100644 --- a/www/revision.php +++ b/www/revision.php @@ -3,7 +3,7 @@ namespace phorkie; /** * Display historic paste contents */ -$secureAtLevel = '0'; +$securityLevel = '0'; require_once 'www-header.php'; $repo = new Repository(); diff --git a/www/search.php b/www/search.php index 82d5f76..d7fb669 100644 --- a/www/search.php +++ b/www/search.php @@ -3,7 +3,7 @@ namespace phorkie; /** * Search for a search term */ -$secureAtLevel = '0'; +$securityLevel = '0'; require_once 'www-header.php'; if (!isset($_GET['q']) || $_GET['q'] == '') { diff --git a/www/user.php b/www/user.php index 9e20f6a..dc79459 100644 --- a/www/user.php +++ b/www/user.php @@ -3,7 +3,7 @@ * Edit user information */ namespace phorkie; -$secureAtLevel = '1'; +$securityLevel = '1'; require_once 'www-header.php'; if (isset($_POST['name'])) { diff --git a/www/www-security.php b/www/www-security.php index ccbdb97..3fe6f20 100644 --- a/www/www-security.php +++ b/www/www-security.php @@ -26,7 +26,7 @@ if (!isset($_SESSION['identity'])) { $logged_in = true; } -if ($secureAtLevel >= $GLOBALS['phorkie']['auth']['securityLevel']) { +if ($securityLevel >= $GLOBALS['phorkie']['auth']['securityLevel']) { if ($logged_in) { return; } -- cgit v1.2.3 From a1bceaf02f8f8a3fdbb8042ffcfab4b3a35f14f7 Mon Sep 17 00:00:00 2001 From: "Justin J. Novack" Date: Tue, 18 Sep 2012 06:51:56 -0400 Subject: CLEAN: Corrected spacing --- data/config.default.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/data/config.default.php b/data/config.default.php index a0270b5..a087767 100644 --- a/data/config.default.php +++ b/data/config.default.php @@ -17,9 +17,9 @@ $GLOBALS['phorkie']['auth'] = array( // 2 = require authentication 'securityLevel' => 0, 'listedUsersOnly' => false, - 'users' => array(), // Array of OpenIDs that may login - 'anonymousName' => 'Anonymous', // Email for non-authenticated commits - 'anonymousEmail' => 'anonymous@phorkie', // Email for non-authenticated commits + 'users' => array(), // Array of OpenIDs that may login + 'anonymousName' => 'Anonymous', // Email for non-authenticated commits + 'anonymousEmail' => 'anonymous@phorkie', // Email for non-authenticated commits ); $GLOBALS['phorkie']['tools'] = array( '\\phorkie\\Tool_Xmllint' => true, -- cgit v1.2.3 From 92d6cf1f537c2126baf324cbdadbef1067e156b6 Mon Sep 17 00:00:00 2001 From: "Justin J. Novack" Date: Tue, 18 Sep 2012 07:43:52 -0400 Subject: REVERT: variable name change --- www/delete.php | 2 +- www/display.php | 2 +- www/doap.php | 2 +- www/edit.php | 2 +- www/fork.php | 2 +- www/index.php | 2 +- www/list.php | 2 +- www/new.php | 2 +- www/raw.php | 2 +- www/revision.php | 2 +- www/search.php | 2 +- www/user.php | 2 +- www/www-security.php | 2 +- 13 files changed, 13 insertions(+), 13 deletions(-) diff --git a/www/delete.php b/www/delete.php index 2271b21..d9ee251 100644 --- a/www/delete.php +++ b/www/delete.php @@ -3,7 +3,7 @@ namespace phorkie; /** * Delete paste or ask for deletion */ -$securityLevel = '1'; +$secureAtLevel = '1'; require_once 'www-header.php'; $repo = new Repository(); diff --git a/www/display.php b/www/display.php index 91a7321..fc93b0d 100644 --- a/www/display.php +++ b/www/display.php @@ -3,7 +3,7 @@ namespace phorkie; /** * Display paste contents */ -$securityLevel = '0'; +$secureAtLevel = '0'; require_once 'www-header.php'; $repo = new Repository(); diff --git a/www/doap.php b/www/doap.php index e605f15..377030b 100644 --- a/www/doap.php +++ b/www/doap.php @@ -4,7 +4,7 @@ namespace phorkie; * Display DOAP of the paste. * Contains a machine-readable project description with Git URL. */ -$securityLevel = '0'; +$secureAtLevel = '0'; require_once 'www-header.php'; $repo = new Repository(); diff --git a/www/edit.php b/www/edit.php index 2525056..f83dfb3 100644 --- a/www/edit.php +++ b/www/edit.php @@ -3,7 +3,7 @@ namespace phorkie; /** * Edit paste contents */ -$securityLevel = '1'; +$secureAtLevel = '1'; require_once 'www-header.php'; $repo = new Repository(); $repo->loadFromRequest(); diff --git a/www/fork.php b/www/fork.php index 0366938..10bd1e2 100644 --- a/www/fork.php +++ b/www/fork.php @@ -3,7 +3,7 @@ * Fork a repository */ namespace phorkie; -$securityLevel = '1'; +$secureAtLevel = '1'; require_once 'www-header.php'; if ($_SERVER['REQUEST_METHOD'] !== 'POST') { diff --git a/www/index.php b/www/index.php index 9bbb29f..7ff1814 100644 --- a/www/index.php +++ b/www/index.php @@ -3,7 +3,7 @@ * Jump to the index as per the configuration */ namespace phorkie; -$securityLevel = false; +$secureAtLevel = false; require_once 'www-header.php'; header( diff --git a/www/list.php b/www/list.php index c9cd81a..8252f37 100644 --- a/www/list.php +++ b/www/list.php @@ -3,7 +3,7 @@ * List a repository */ namespace phorkie; -$securityLevel = '0'; +$secureAtLevel = '0'; require_once 'www-header.php'; $rs = new Repositories(); diff --git a/www/new.php b/www/new.php index 10c5ab3..e2611c0 100644 --- a/www/new.php +++ b/www/new.php @@ -10,7 +10,7 @@ namespace phorkie; * * Creates and redirects to display page */ -$securityLevel = '1'; +$secureAtLevel = '1'; require_once 'www-header.php'; $repopo = new Repository_Post(); diff --git a/www/raw.php b/www/raw.php index 8e60241..612a6b8 100644 --- a/www/raw.php +++ b/www/raw.php @@ -3,7 +3,7 @@ namespace phorkie; /** * Displays a file */ -$securityLevel = '0'; +$secureAtLevel = '0'; require_once 'www-header.php'; $repo = new Repository(); diff --git a/www/revision.php b/www/revision.php index 8c0bf6b..513ca67 100644 --- a/www/revision.php +++ b/www/revision.php @@ -3,7 +3,7 @@ namespace phorkie; /** * Display historic paste contents */ -$securityLevel = '0'; +$secureAtLevel = '0'; require_once 'www-header.php'; $repo = new Repository(); diff --git a/www/search.php b/www/search.php index d7fb669..82d5f76 100644 --- a/www/search.php +++ b/www/search.php @@ -3,7 +3,7 @@ namespace phorkie; /** * Search for a search term */ -$securityLevel = '0'; +$secureAtLevel = '0'; require_once 'www-header.php'; if (!isset($_GET['q']) || $_GET['q'] == '') { diff --git a/www/user.php b/www/user.php index dc79459..9e20f6a 100644 --- a/www/user.php +++ b/www/user.php @@ -3,7 +3,7 @@ * Edit user information */ namespace phorkie; -$securityLevel = '1'; +$secureAtLevel = '1'; require_once 'www-header.php'; if (isset($_POST['name'])) { diff --git a/www/www-security.php b/www/www-security.php index 3fe6f20..ccbdb97 100644 --- a/www/www-security.php +++ b/www/www-security.php @@ -26,7 +26,7 @@ if (!isset($_SESSION['identity'])) { $logged_in = true; } -if ($securityLevel >= $GLOBALS['phorkie']['auth']['securityLevel']) { +if ($secureAtLevel >= $GLOBALS['phorkie']['auth']['securityLevel']) { if ($logged_in) { return; } -- cgit v1.2.3 From 4293cbe275bec99763c9fd4bd5df347bd359599f Mon Sep 17 00:00:00 2001 From: "Justin J. Novack" Date: Tue, 18 Sep 2012 08:09:00 -0400 Subject: FIX: Add identity to notes rather than commit --- src/phorkie/Repository/Post.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/phorkie/Repository/Post.php b/src/phorkie/Repository/Post.php index ed44cf1..9119e06 100644 --- a/src/phorkie/Repository/Post.php +++ b/src/phorkie/Repository/Post.php @@ -118,10 +118,11 @@ class Repository_Post } $commitmsg = "phorkie commit"; + if (isset($sessionData['identity'])) { - $commitmsg .= " from ".$sessionData['identity']; + $notes = $sessionData['identity']; } else { - $commitmsg .= " by ".$sessionData['ipaddr']; + $notes = $sessionData['ipaddr']; } if ($bCommit) { @@ -129,6 +130,11 @@ class Repository_Post ->setOption('message', $commitmsg) ->setOption('author', $sessionData['name'].' <'.$sessionData['email'].'>') ->execute(); + //FIXME: git needs ref BEFORE add. ideally VersionControl_Git needs to be updated + $vc->getCommand('notes --ref=identity add') + ->setOption('force') + ->setOption('message', "$notes") + ->execute(); $bChanged = true; } -- cgit v1.2.3 From ffa9d514d3a14c76170e26047f09009b4a6de07c Mon Sep 17 00:00:00 2001 From: "Justin J. Novack" Date: Tue, 18 Sep 2012 10:08:33 -0400 Subject: CLEAN: use fullUrl when possible --- www/login.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/www/login.php b/www/login.php index a2cf97c..9c1b136 100644 --- a/www/login.php +++ b/www/login.php @@ -77,7 +77,7 @@ if (isset($_POST['openid_url'])) { $authRequest->addExtension($ax); $url = $authRequest->getAuthorizeURL(); - + header("Location: $url"); exit; @@ -116,7 +116,7 @@ try { } catch (OpenID_Exception $e) { $status = "Status:EXCEPTION!"; $status .= " ({$e->getMessage()} : {$e->getCode()})"; - } +} $openid = $message->getArrayFormat(); @@ -149,7 +149,11 @@ $name = isset($openid['openid.sreg.fullname']) && !isset($name) $_SESSION['name'] = isset($name) ? $name : $_SERVER['REMOTE_ADDR']; $_SESSION['identity'] = $openid['openid.identity']; -$redirect = 'http://' . $_SERVER['HTTP_HOST'] . $_SESSION['REQUEST_URI']; +if (isset($_SESSION['REQUEST_URI'])) { + $redirect = Tools::fullUrl($_SESSION['REQUEST_URI']); +} else { + $redirect = Tools::fullUrl('/'); +} header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL)); exit; ?> -- cgit v1.2.3 From 91e9d451126b1165a564f5f211082dce3b0348d9 Mon Sep 17 00:00:00 2001 From: "Justin J. Novack" Date: Tue, 18 Sep 2012 10:10:19 -0400 Subject: CLEAN: use fullUrl when possible --- www/secure.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/www/secure.php b/www/secure.php index e614087..9506614 100644 --- a/www/secure.php +++ b/www/secure.php @@ -6,7 +6,7 @@ namespace phorkie; require_once 'www-header.php'; $_SESSION['REQUEST_URI'] = $_SERVER['REQUEST_URI']; if (!isset($_SESSION['identity'])) { - header("Location: /login"); + header("Location: " . Tools::fullUrl('/login')); exit; } if ($GLOBALS['phorkie']['auth']['secure'] > 0 && -- cgit v1.2.3 From 6dbf5501308792a7ab375a8be5562e8c85a48628 Mon Sep 17 00:00:00 2001 From: "Justin J. Novack" Date: Tue, 18 Sep 2012 10:15:30 -0400 Subject: CLEAN: reformatted to look consistent --- data/templates/user.htm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/data/templates/user.htm b/data/templates/user.htm index c8ef387..eb032bd 100644 --- a/data/templates/user.htm +++ b/data/templates/user.htm @@ -6,7 +6,8 @@

User Profile -

Please update your git preferences for {{ identity }}

Please update your git preferences.

OpenID:{{ identity }}

Name:
Email:
-- cgit v1.2.3 From bd7506015c1976511ccd333417da2aec8e5e18f6 Mon Sep 17 00:00:00 2001 From: Christian Weiske Date: Tue, 18 Sep 2012 18:21:40 +0200 Subject: add vcs-git links to html head, to support autodiscovery apart from DOAP - http://joeyh.name/rfc/rel-vcs/ --- data/templates/display.htm | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/data/templates/display.htm b/data/templates/display.htm index 5bcb016..799f94d 100644 --- a/data/templates/display.htm +++ b/data/templates/display.htm @@ -5,6 +5,12 @@ {% block meta %} +{% if repo.getCloneURL(true) %} + +{% endif %} +{% if repo.getCloneURL(false) %} + +{% endif %} {% endblock %} {% block content %} -- cgit v1.2.3 From b81d2ab65f8fafce3b818eeb96c1cdcecd3e675f Mon Sep 17 00:00:00 2001 From: "Justin J. Novack" Date: Tue, 18 Sep 2012 13:53:14 -0400 Subject: CLEAN: Removed openid debugging information --- src/openid/wrapper.php | 27 ---------------- www/css/debug.css | 85 -------------------------------------------------- www/login.php | 12 ++----- 3 files changed, 2 insertions(+), 122 deletions(-) delete mode 100644 src/openid/wrapper.php delete mode 100644 www/css/debug.css diff --git a/src/openid/wrapper.php b/src/openid/wrapper.php deleted file mode 100644 index cb57f4e..0000000 --- a/src/openid/wrapper.php +++ /dev/null @@ -1,27 +0,0 @@ - - * @copyright 2009 Bill Shupp - * @license http://www.opensource.org/licenses/bsd-license.php FreeBSD - * @link http://github.com/shupp/openid - */ -?> - - - PEAR OpenID Debug - - - - - - diff --git a/www/css/debug.css b/www/css/debug.css deleted file mode 100644 index 634243a..0000000 --- a/www/css/debug.css +++ /dev/null @@ -1,85 +0,0 @@ -html, body { - background: #ededed; - font: 82.5% Helvetica Neue, HelveticaNeue, Helvetica, sans-serif; - margin: 30px 0 0; padding: 0px; } - -h3 { - color: #aaa; - margin: 0; padding: 0; - font-size: 1.3em; - - position: absolute; - top: 30px; - width: 100%; - text-align: center; - left: 0; -} - -h3 a { - color: #111; - text-decoration: none; -} - -h3 a:hover { - text-decoration: underline; - -} - -form { - padding: 30px; - background: #fff; - -moz-border-radius: 6px; - -webkit-border-radius: 6px; - width: 400px; - margin: 50px auto 0; - } - -table { - font-size: 1.1em !important; - font-weight: bold; -} - -td { - width: 200px; -} -.discover_results { - margin: 60px 0 ; - padding: 30px; - background: #111; - text-align: center; -} - - -.discover_results b { - color: #fff; - font-size: 2.4em; -} - -.relyingparty_results { - width: 100%; -} - -.relyingparty_results table b { - display: block; - width: 300px; - font-size: 1.7em; - color: #fff; -} - - -pre, .relyingparty_results p table { - font-size: 1.2em; - width: 900px !important; - text-align: left; - margin: 0 auto; - - color: #ddd; - padding: 30px; - -} - -.relyingparty_results { - background: #111; - padding: 30px; - margin: 60px 0; -} diff --git a/www/login.php b/www/login.php index 9c1b136..a97246f 100644 --- a/www/login.php +++ b/www/login.php @@ -34,11 +34,7 @@ $returnTo = Tools::fullUrl('/login'); try { $o = new \OpenID_RelyingParty($returnTo, $realm, $openid_url); } catch (OpenID_Exception $e) { - $contents = "

\n"; - $contents .= "

" . $e->getMessage() . "

\n"; - $contents .= "

"; - include_once 'openid/wrapper.php'; - exit; + throw new Exception($e->getMessage()); } if (!empty($_POST['disable_associations']) || !empty($_SESSION['disable_associations'])) { @@ -55,11 +51,7 @@ if (isset($_POST['openid_url'])) { try { $authRequest = $o->prepare(); } catch (OpenID_Exception $e) { - $contents = "

\n"; - $contents .= "

" . $e->getMessage() . "

\n"; - $contents .= "

"; - include_once 'openid/wrapper.php'; - exit; + throw new Exception($e->getMessage()); } // SREG -- cgit v1.2.3 From 6eef15cdc3bef5971d8ffe95bcbcaff368c87e69 Mon Sep 17 00:00:00 2001 From: Christian Weiske Date: Tue, 18 Sep 2012 23:28:11 +0200 Subject: rename "secureAtLevel" variable since it does not define a level at all --- www/delete.php | 2 +- www/display.php | 2 +- www/doap.php | 2 +- www/edit.php | 3 ++- www/fork.php | 2 +- www/index.php | 2 +- www/list.php | 2 +- www/new.php | 2 +- www/raw.php | 2 +- www/revision.php | 2 +- www/search.php | 2 +- www/user.php | 2 +- www/www-security.php | 24 ++++++++++-------------- 13 files changed, 23 insertions(+), 26 deletions(-) diff --git a/www/delete.php b/www/delete.php index d9ee251..43ec9d5 100644 --- a/www/delete.php +++ b/www/delete.php @@ -3,7 +3,7 @@ namespace phorkie; /** * Delete paste or ask for deletion */ -$secureAtLevel = '1'; +$reqWritePermissions = true; require_once 'www-header.php'; $repo = new Repository(); diff --git a/www/display.php b/www/display.php index fc93b0d..ffc9786 100644 --- a/www/display.php +++ b/www/display.php @@ -3,7 +3,7 @@ namespace phorkie; /** * Display paste contents */ -$secureAtLevel = '0'; +$reqWritePermissions = false; require_once 'www-header.php'; $repo = new Repository(); diff --git a/www/doap.php b/www/doap.php index 377030b..63a66e6 100644 --- a/www/doap.php +++ b/www/doap.php @@ -4,7 +4,7 @@ namespace phorkie; * Display DOAP of the paste. * Contains a machine-readable project description with Git URL. */ -$secureAtLevel = '0'; +$reqWritePermissions = false; require_once 'www-header.php'; $repo = new Repository(); diff --git a/www/edit.php b/www/edit.php index f83dfb3..4de3d47 100644 --- a/www/edit.php +++ b/www/edit.php @@ -3,8 +3,9 @@ namespace phorkie; /** * Edit paste contents */ -$secureAtLevel = '1'; +$reqWritePermissions = true; require_once 'www-header.php'; + $repo = new Repository(); $repo->loadFromRequest(); diff --git a/www/fork.php b/www/fork.php index 10bd1e2..6c96a6a 100644 --- a/www/fork.php +++ b/www/fork.php @@ -3,7 +3,7 @@ * Fork a repository */ namespace phorkie; -$secureAtLevel = '1'; +$reqWritePermissions = true; require_once 'www-header.php'; if ($_SERVER['REQUEST_METHOD'] !== 'POST') { diff --git a/www/index.php b/www/index.php index 7ff1814..0ee9211 100644 --- a/www/index.php +++ b/www/index.php @@ -3,7 +3,7 @@ * Jump to the index as per the configuration */ namespace phorkie; -$secureAtLevel = false; +$reqWritePermissions = false; require_once 'www-header.php'; header( diff --git a/www/list.php b/www/list.php index 8252f37..750e811 100644 --- a/www/list.php +++ b/www/list.php @@ -3,7 +3,7 @@ * List a repository */ namespace phorkie; -$secureAtLevel = '0'; +$reqWritePermissions = false; require_once 'www-header.php'; $rs = new Repositories(); diff --git a/www/new.php b/www/new.php index e2611c0..7a70891 100644 --- a/www/new.php +++ b/www/new.php @@ -10,7 +10,7 @@ namespace phorkie; * * Creates and redirects to display page */ -$secureAtLevel = '1'; +$reqWritePermissions = true; require_once 'www-header.php'; $repopo = new Repository_Post(); diff --git a/www/raw.php b/www/raw.php index 612a6b8..605462d 100644 --- a/www/raw.php +++ b/www/raw.php @@ -3,7 +3,7 @@ namespace phorkie; /** * Displays a file */ -$secureAtLevel = '0'; +$reqWritePermissions = false; require_once 'www-header.php'; $repo = new Repository(); diff --git a/www/revision.php b/www/revision.php index 513ca67..4d4f97c 100644 --- a/www/revision.php +++ b/www/revision.php @@ -3,7 +3,7 @@ namespace phorkie; /** * Display historic paste contents */ -$secureAtLevel = '0'; +$reqWritePermissions = false; require_once 'www-header.php'; $repo = new Repository(); diff --git a/www/search.php b/www/search.php index 82d5f76..9c7ff6e 100644 --- a/www/search.php +++ b/www/search.php @@ -3,7 +3,7 @@ namespace phorkie; /** * Search for a search term */ -$secureAtLevel = '0'; +$reqWritePermissions = false; require_once 'www-header.php'; if (!isset($_GET['q']) || $_GET['q'] == '') { diff --git a/www/user.php b/www/user.php index 9e20f6a..8b86a50 100644 --- a/www/user.php +++ b/www/user.php @@ -3,7 +3,7 @@ * Edit user information */ namespace phorkie; -$secureAtLevel = '1'; +$reqWritePermissions = true; require_once 'www-header.php'; if (isset($_POST['name'])) { diff --git a/www/www-security.php b/www/www-security.php index ccbdb97..5051b0f 100644 --- a/www/www-security.php +++ b/www/www-security.php @@ -26,23 +26,19 @@ if (!isset($_SESSION['identity'])) { $logged_in = true; } -if ($secureAtLevel >= $GLOBALS['phorkie']['auth']['securityLevel']) { - if ($logged_in) { - return; - } -} else { +if ($logged_in) { + //you may do everything if you're logged in return; } -// p / G / log_in = disp -// 0 / 1 / true = return -// 0 / 1 / false = block -// 0 / 2 / true = return -// 0 / 2 / false = return -// 1 / 1 / true = return -// 1 / 1 / false = block -// 1 / 2 / true = return -// 1 / 2 / false = block +if (!isset($reqWritePermissions)) { + $reqWritePermissions = true; +} +if ($GLOBALS['phorkie']['auth']['securityLevel'] == 1 + && !$reqWritePermissions +) { + return; +} $_SESSION['REQUEST_URI'] = $_SERVER['REQUEST_URI']; require 'forbidden.php'; -- cgit v1.2.3 From 4dec3c5aa93e77ed29ade646c6db3a9ea39d7896 Mon Sep 17 00:00:00 2001 From: Christian Weiske Date: Tue, 18 Sep 2012 23:29:58 +0200 Subject: secure.php is not used anymore --- www/secure.php | 26 -------------------------- 1 file changed, 26 deletions(-) delete mode 100644 www/secure.php diff --git a/www/secure.php b/www/secure.php deleted file mode 100644 index 9506614..0000000 --- a/www/secure.php +++ /dev/null @@ -1,26 +0,0 @@ - 0 && - $GLOBALS['phorkie']['auth']['userlist']) { - if (!in_array($_SESSION['identity'], $GLOBALS['phorkie']['users'])) { - header('HTTP/1.1 403 Forbidden'); - $db = new Database(); - render( - 'forbidden', - array( - 'recents' => $db->getSearch()->listAll(0, 5, 'crdate', 'desc'), - ) - ); - exit; - } -} -?> -- cgit v1.2.3 From eaf0573ebdcca11a984f4f98577ca77a6c63654e Mon Sep 17 00:00:00 2001 From: Christian Weiske Date: Tue, 18 Sep 2012 23:51:29 +0200 Subject: verify openid AX email type --- www/login.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/www/login.php b/www/login.php index a97246f..bba7c99 100644 --- a/www/login.php +++ b/www/login.php @@ -122,7 +122,10 @@ $email = isset($openid['openid.ext2.value.email']) && !isset($email) $email = isset($openid['openid.sreg.email']) && !isset($email) ? $openid['openid.sreg.email'] : $email; -$email = isset($openid['openid.ax.value.email']) && !isset($email) +$email = isset($openid['openid.ax.value.email']) + && isset($openid['openid.ax.type.email']) + && $openid['openid.ax.type.email'] == 'http://axschema.org/contact/email' + && !isset($email) ? $openid['openid.ax.value.email'] : $email; $_SESSION['email'] = isset($email) -- cgit v1.2.3 From b255e81e31bf7925c37352bf608c48f3a897a4ef Mon Sep 17 00:00:00 2001 From: Christian Weiske Date: Tue, 18 Sep 2012 23:51:45 +0200 Subject: read full name from Yahoo! OpenID --- www/login.php | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/www/login.php b/www/login.php index bba7c99..77e3953 100644 --- a/www/login.php +++ b/www/login.php @@ -59,13 +59,14 @@ if (isset($_POST['openid_url'])) { $sreg->set('required', 'email,fullname'); $authRequest->addExtension($sreg); - // AX + // AX, http://stackoverflow.com/a/7657061/282601 $ax = new \OpenID_Extension_AX(\OpenID_Extension::REQUEST); $ax->set('type.email', 'http://axschema.org/contact/email'); $ax->set('type.firstname', 'http://axschema.org/namePerson/first'); $ax->set('type.lastname', 'http://axschema.org/namePerson/last'); + $ax->set('type.fullname', 'http://axschema.org/namePerson'); $ax->set('mode', 'fetch_request'); - $ax->set('required', 'email,firstname,lastname'); + $ax->set('required', 'email,firstname,lastname,fullname'); $authRequest->addExtension($ax); $url = $authRequest->getAuthorizeURL(); @@ -140,6 +141,12 @@ $name = isset($openid['openid.ext1.value.firstname']) $name = isset($openid['openid.sreg.fullname']) && !isset($name) ? $openid['openid.sreg.fullname'] : $name; +$name = isset($openid['openid.ax.value.fullname']) + && isset($openid['openid.ax.type.fullname']) + && $openid['openid.ax.type.fullname'] == 'http://axschema.org/namePerson' + && !isset($name) + ? $openid['openid.ax.value.fullname'] + : $name; $_SESSION['name'] = isset($name) ? $name : $_SERVER['REMOTE_ADDR']; $_SESSION['identity'] = $openid['openid.identity']; -- cgit v1.2.3 From d316adab970b993504ba38736a0f8753ef4bb052 Mon Sep 17 00:00:00 2001 From: "Justin J. Novack" Date: Tue, 18 Sep 2012 15:25:47 -0400 Subject: Feature: Add Markdown parsing --- ChangeLog | 4 ++++ README.rst | 3 +++ data/config.default.php | 5 +++++ src/phorkie/Renderer/Markdown.php | 27 +++++++++++++++++++++++++++ 4 files changed, 39 insertions(+) create mode 100644 src/phorkie/Renderer/Markdown.php diff --git a/ChangeLog b/ChangeLog index afefa9a..8557be7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2012-09-18 Justin J. Novack + + * Add Markdown as a known file-type. + 2012-09-16 Christian Weiske * Implement request #12: DOAP documents for all pastes diff --git a/README.rst b/README.rst index d1c6491..4a157bf 100644 --- a/README.rst +++ b/README.rst @@ -84,6 +84,9 @@ phorkie stands on the shoulders of giants. $ pear channel-discover zustellzentrum.cweiske.de $ pear install zz/mime_type_plaindetect-alpha + $ pear channel-discover pear.michelf.ca + $ pear install michelf/Markdown + Note that this version of GeSHi is a bit outdated, but it's the fastest way to install it. diff --git a/data/config.default.php b/data/config.default.php index 88c9ae5..3fc48f6 100644 --- a/data/config.default.php +++ b/data/config.default.php @@ -57,6 +57,11 @@ $GLOBALS['phorkie']['languages'] = array( 'mime' => 'application/javascript', 'geshi' => 'javascript' ), + 'md' => array( + 'title' => 'Markdown', + 'mime' => 'text/x-markdown', + 'renderer' => '\\phorkie\\Renderer_Markdown' + ), 'pl' => array( 'title' => 'Perl', 'mime' => 'application/x-perl', diff --git a/src/phorkie/Renderer/Markdown.php b/src/phorkie/Renderer/Markdown.php new file mode 100644 index 0000000..628d87f --- /dev/null +++ b/src/phorkie/Renderer/Markdown.php @@ -0,0 +1,27 @@ +getContent()); + + return '

' + . $markdown + . '

'; + } +} + +?> -- cgit v1.2.3 From 29035e26e880fcbc3027d5b6bd283959cb869534 Mon Sep 17 00:00:00 2001 From: Christian Weiske Date: Wed, 19 Sep 2012 00:05:11 +0200 Subject: move login link and user name+email to the right on the navigation bar --- data/templates/base.htm | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/data/templates/base.htm b/data/templates/base.htm index 7722105..dc06566 100644 --- a/data/templates/base.htm +++ b/data/templates/base.htm @@ -25,6 +25,15 @@

List all

+ {% if db.adapter %} +

+ + + +

+ {% endif %} + +

{{name}} ({{email}}) @@ -37,13 +46,6 @@ Login
-
- -
-

-- cgit v1.2.3 From 149e039741f94f9e22bd2c8d7dcf33158a110e79 Mon Sep 17 00:00:00 2001 From: Christian Weiske Date: Wed, 19 Sep 2012 00:12:51 +0200 Subject: talk about vcs-git in changelog --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 1dc1447..51548c2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2012-09-19 Christian Weiske + + * Implement request #12: add link rel="vcs-git" + 2012-09-18 Justin J. Novack * Add Markdown as a known file-type. -- cgit v1.2.3

Results
User Supplied Identifier:	$usid
Claimed Identifier:	$id
Mode:	$mode
Message Contents
$key	$value
OAuth Access token/secret
$key	$value

Results
User Supplied Identifier:	$usid
Claimed Identifier:	$id
Mode:	$mode
Message Contents
$key	$value
OAuth Access token/secret
$key	$value

Status:	SUCCESS!"; + $status .= " ({$result->getAssertionMethod()})
Status:	FAIL!"; + $status .= " ({$result->getAssertionMethod()})
Status:	EXCEPTION!"; + $status .= " ({$e->getMessage()} : {$e->getCode()})