268cd4b3cd
OpenID was installed, too)
234 lines
9.5 KiB
PHP
234 lines
9.5 KiB
PHP
<?php # $Id$
|
|
|
|
// Probe for a language include with constants. Still include defines later on, if some constants were missing
|
|
$probelang = dirname(__FILE__) . '/' . $serendipity['charset'] . 'lang_' . $serendipity['lang'] . '.inc.php';
|
|
if (file_exists($probelang)) {
|
|
include $probelang;
|
|
}
|
|
include_once dirname(__FILE__) . '/lang_en.inc.php';
|
|
|
|
class serendipity_event_browserid extends serendipity_event
|
|
{
|
|
function introspect(&$propbag)
|
|
{
|
|
global $serendipity;
|
|
|
|
$propbag->add('name', PLUGIN_BROWSERID_NAME);
|
|
$propbag->add('description', PLUGIN_BROWSERID_DESC);
|
|
$propbag->add('stackable', false);
|
|
$propbag->add('author', 'Grischa Brockhaus');
|
|
$propbag->add('version', '1.1');
|
|
$propbag->add('requirements', array(
|
|
'serendipity' => '1.6',
|
|
'smarty' => '2.6.7',
|
|
'php' => '5.1.3'
|
|
));
|
|
$propbag->add('groups', array('BACKEND_USERMANAGEMENT'));
|
|
$propbag->add('event_hooks', array(
|
|
'backend_login' => true,
|
|
'backend_login_page' => true,
|
|
'backend_header' => true,
|
|
'external_plugin' => true,
|
|
));
|
|
|
|
$propbag->add('configuration', array(
|
|
'plugin_desc',
|
|
));
|
|
}
|
|
|
|
function introspect_config_item($name, &$propbag)
|
|
{
|
|
switch($name) {
|
|
case 'plugin_desc':
|
|
$propbag->add('type', 'content');
|
|
$propbag->add('default', PLUGIN_BROWSERID_DESCRIPTION);
|
|
break;
|
|
default:
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
function generate_content(&$title) {
|
|
$title = PLUGIN_BROWSERID_NAME;
|
|
}
|
|
|
|
function event_hook($event, &$bag, &$eventData, $addData = null) {
|
|
global $serendipity;
|
|
static $login_url = null;
|
|
|
|
if ($login_url === null) {
|
|
$login_url = $serendipity['baseURL'] . $serendipity['indexFile'] . '?/plugin/loginbox';
|
|
}
|
|
|
|
$hooks = &$bag->get('event_hooks');
|
|
|
|
if (isset($hooks[$event])) {
|
|
switch($event) {
|
|
case 'external_plugin':
|
|
if ($eventData=="serendipity_event_browserid.js") {
|
|
header('Content-Type: text/javascript');
|
|
echo file_get_contents(dirname(__FILE__). '/serendipity_event_browserid.js');
|
|
}
|
|
else if ($eventData=="browserid_signin.png") {
|
|
header('Content-Type: image/png');
|
|
echo file_get_contents(dirname(__FILE__). '/browserid_signin.png');
|
|
}
|
|
else if ($eventData=="serendipity_event_browserid_verify") {
|
|
$this->verify();
|
|
}
|
|
break;
|
|
|
|
case 'backend_login_page':
|
|
$this->print_loginpage($eventData);
|
|
break;
|
|
|
|
case 'backend_login':
|
|
if ($eventData) {
|
|
return true;
|
|
}
|
|
if ($_SESSION['serendipityAuthedUser'] == true) {
|
|
$eventData = $this->reauth();
|
|
}
|
|
|
|
return;
|
|
case 'backend_header':
|
|
$this->print_backend_header();
|
|
return true;
|
|
|
|
default:
|
|
return false;
|
|
}
|
|
} else {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
function verify() {
|
|
global $serendipity;
|
|
|
|
$url = 'https://browserid.org/verify';
|
|
$assert = $_POST['assert'];
|
|
$params = 'assertion='.$assert.'&audience=' .
|
|
urlencode($serendipity['baseURL']);
|
|
$ch = curl_init();
|
|
curl_setopt($ch,CURLOPT_URL,$url);
|
|
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
|
|
curl_setopt($ch,CURLOPT_POST,2);
|
|
curl_setopt($ch,CURLOPT_POSTFIELDS, $params);
|
|
$result = curl_exec($ch);
|
|
curl_close($ch);
|
|
$response = json_decode($result);
|
|
if (isset($response) && $response->status=='okay') {
|
|
$email = $response->email;
|
|
$audience = $response->audience;
|
|
if ($audience!=$serendipity['baseURL']) { // The login has the wrong host!
|
|
$response->status = 'errorhost';
|
|
$response->message= "Internal error logging you in (wrong host: $audience)";
|
|
$_SESSION['serendipityAuthedUser'] = false;
|
|
@session_destroy();
|
|
}
|
|
else { // host ist correct, check what we have with this email
|
|
$password = md5($email);
|
|
$query = "SELECT DISTINCT a.email, a.authorid, a.userlevel, a.right_publish, a.realname
|
|
FROM
|
|
{$serendipity['dbPrefix']}authors AS a
|
|
WHERE
|
|
a.email = '{$email}'";
|
|
$row = serendipity_db_query($query, true, 'assoc');
|
|
if (is_array($row)) {
|
|
serendipity_setCookie('old_session', session_id());
|
|
serendipity_setAuthorToken();
|
|
$_SESSION['serendipityUser'] = $serendipity['serendipityUser'] = $row['realname'];
|
|
$_SESSION['serendipityPassword'] = $serendipity['serendipityPassword'] = $password;
|
|
$_SESSION['serendipityEmail'] = $serendipity['serendipityEmail'] = $email;
|
|
$_SESSION['serendipityAuthorid'] = $serendipity['authorid'] = $row['authorid'];
|
|
$_SESSION['serendipityUserlevel'] = $serendipity['serendipityUserlevel'] = $row['userlevel'];
|
|
$_SESSION['serendipityAuthedUser'] = $serendipity['serendipityAuthedUser'] = true;
|
|
$_SESSION['serendipityRightPublish']= $serendipity['serendipityRightPublish'] = $row['right_publish'];
|
|
// Prevent session manupulation:
|
|
$_SESSION['serendipityBrowserID'] = $this->get_install_token();
|
|
serendipity_load_configuration($serendipity['authorid']);
|
|
}
|
|
else { // No user found for that email!
|
|
$response->status = 's9yunknown';
|
|
$response->message= "Sorry, we don't have a user for $email";
|
|
$_SESSION['serendipityAuthedUser'] = false;
|
|
@session_destroy();
|
|
}
|
|
|
|
|
|
}
|
|
$result = json_encode($response);
|
|
}
|
|
echo $result;
|
|
}
|
|
|
|
function reauth() {
|
|
global $serendipity;
|
|
// Reauth only, if valid session
|
|
if (isset($_SESSION['serendipityBrowserID']) && $_SESSION['serendipityBrowserID']===$this->get_install_token()) {
|
|
$serendipity['serendipityUser'] = $_SESSION['serendipityUser'];
|
|
$serendipity['serendipityPassword'] = $_SESSION['serendipityPassword'];
|
|
$serendipity['serendipityEmail'] = $_SESSION['serendipityEmail'];
|
|
$serendipity['authorid'] = $_SESSION['serendipityAuthorid'];
|
|
$serendipity['serendipityUserlevel'] = $_SESSION['serendipityUserlevel'];
|
|
$serendipity['serendipityAuthedUser'] = $_SESSION['serendipityAuthedUser'];
|
|
$serendipity['serendipityRightPublish'] = $_SESSION['serendipityRightPublish'];
|
|
serendipity_load_configuration($serendipity['authorid']);
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Produces or loads a token unique to this installation.
|
|
*/
|
|
function get_install_token() {
|
|
$token = $this->get_config("installationtoken");
|
|
if (empty($token)) {
|
|
$token = md5(time());
|
|
$this->set_config("installationtoken", $token);
|
|
}
|
|
return $token;
|
|
}
|
|
|
|
function print_backend_header() {
|
|
echo '
|
|
<script src="https://browserid.org/include.js" type="text/javascript"></script>
|
|
';
|
|
}
|
|
|
|
function print_loginpage(&$eventData) {
|
|
global $serendipity;
|
|
|
|
$hidden = array('action'=>'admin');
|
|
$bid_title = "Sign-in with BrowserID";
|
|
$local_signin_img = $serendipity['baseURL'] . 'index.php?/plugin/browserid_signin.png';
|
|
$local_js = $serendipity['baseURL'] . 'index.php?/plugin/serendipity_event_browserid.js';
|
|
$verify_url = $serendipity['baseURL'] . 'index.php?/plugin/serendipity_event_browserid_verify';
|
|
|
|
$eventData['header'] .= '
|
|
<!-- browserid start -->
|
|
<script type="text/javascript">var browserid_verify="'. $verify_url . '";</script>
|
|
<div align="center">
|
|
<section><button><img src="' . $local_signin_img . '" alt="' . $bid_title . '" title="' . $bid_title . '"></button></section>
|
|
</div>
|
|
<script src="' . $local_js . '" type="text/javascript"></script>
|
|
<!-- browserid end -->
|
|
';
|
|
|
|
}
|
|
|
|
function print_backend_footer() {
|
|
global $serendipity;
|
|
$local_js = $serendipity['baseURL'] . 'index.php?/plugin/serendipity_event_browserid.js';
|
|
echo '
|
|
<!-- browserid start -->
|
|
<script src="' . $local_js . '" type="text/javascript"></script>
|
|
<!-- browserid end -->
|
|
';
|
|
}
|
|
}
|
|
|
|
/* vim: set sts=4 ts=4 expandtab : */
|