255 lines
12 KiB
PHP
255 lines
12 KiB
PHP
<?php # $Id$
|
|
|
|
// Probe for a language include with constants. Still include defines later on, if some constants were missing
|
|
$probelang = dirname(__FILE__) . '/' . $serendipity['charset'] . 'lang_' . $serendipity['lang'] . '.inc.php';
|
|
if (file_exists($probelang)) {
|
|
include $probelang;
|
|
}
|
|
include_once dirname(__FILE__) . '/lang_en.inc.php';
|
|
|
|
function escape($message) {
|
|
return htmlspecialchars($message, ENT_QUOTES);
|
|
}
|
|
|
|
class serendipity_common_openid {
|
|
|
|
function redir_openidserver($openid_url, $store_path, $wfFlag=1) {
|
|
global $serendipity;
|
|
|
|
$path_extra = dirname(__FILE__).DIRECTORY_SEPARATOR.'PHP-openid/';
|
|
$path = ini_get('include_path');
|
|
$path = $path_extra . PATH_SEPARATOR . $path;
|
|
ini_set('include_path', $path);
|
|
require_once "Auth/OpenID/Consumer.php";
|
|
require_once "Auth/OpenID/FileStore.php";
|
|
|
|
$store = new Auth_OpenID_FileStore($store_path);
|
|
$consumer = new Auth_OpenID_Consumer($store);
|
|
$trust_root = $serendipity['baseURL'];
|
|
switch ($wfFlag) {
|
|
case 1:
|
|
$process_url = $trust_root . 'serendipity_admin.php?serendipity[openidflag]=1';
|
|
break;
|
|
case 3:
|
|
$process_url = $trust_root . 'serendipity_admin.php?serendipity[openidflag]=3'.
|
|
'&serendipity[adminModule]=event_display&serendipity[adminAction]=profiles';
|
|
break;
|
|
default:
|
|
$process_url = $trust_root . $serendipity['indexFile'] . '?serendipity[subpage]=addopenid&serendipity[openidflag]=2';
|
|
}
|
|
|
|
$auth_request = $consumer->begin($openid_url);
|
|
|
|
if (!$auth_request) {
|
|
return FALSE;
|
|
}
|
|
|
|
$auth_request->addExtensionArg('sreg', 'required', 'fullname');
|
|
$auth_request->addExtensionArg('sreg', 'required', 'email');
|
|
|
|
$redirect_url = $auth_request->redirectURL($trust_root,
|
|
$process_url);
|
|
header('Status: 302 Found');
|
|
header("Location: ".$redirect_url);
|
|
exit;
|
|
}
|
|
|
|
function reauth_openid() {
|
|
global $serendipity;
|
|
if (isset($_SESSION['serendipityOpenID']) && $_SESSION['serendipityOpenID']) {
|
|
$serendipity['serendipityUser'] = $_SESSION['serendipityUser'];
|
|
$serendipity['serendipityPassword'] = $_SESSION['serendipityPassword'];
|
|
$serendipity['serendipityEmail'] = $_SESSION['serendipityEmail'];
|
|
$serendipity['authorid'] = $_SESSION['serendipityAuthorid'];
|
|
$serendipity['serendipityUserlevel'] = $_SESSION['serendipityUserlevel'];
|
|
$serendipity['serendipityAuthedUser'] = $_SESSION['serendipityAuthedUser'];
|
|
$serendipity['serendipityRightPublish'] = $_SESSION['serendipityRightPublish'];
|
|
serendipity_load_configuration($serendipity['authorid']);
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
function authenticate_openid($getData, $store_path, $returnData = false) {
|
|
global $serendipity;
|
|
|
|
$trust_root = $serendipity['baseURL'] . 'serendipity_admin.php';
|
|
|
|
$path_extra = dirname(__FILE__).DIRECTORY_SEPARATOR.'PHP-openid';
|
|
$path = ini_get('include_path');
|
|
$path = $path_extra . PATH_SEPARATOR . $path;
|
|
ini_set('include_path', $path);
|
|
require_once("Auth/OpenID/Consumer.php");
|
|
require_once("Auth/OpenID/FileStore.php");
|
|
require_once("Auth/OpenID/SReg.php");
|
|
require_once("Auth/OpenID/PAPE.php");
|
|
$store = new Auth_OpenID_FileStore($store_path);
|
|
$consumer = new Auth_OpenID_Consumer($store);
|
|
$response = $consumer->complete($trust_root); //, $getData);
|
|
|
|
if ($response->status == Auth_OpenID_CANCEL) {
|
|
$success = 'Verification cancelled.';
|
|
} else if ($response->status == Auth_OpenID_FAILURE) {
|
|
$success = "OpenID authentication failed: " . $response->message;
|
|
} else if ($response->status == Auth_OpenID_SUCCESS) {
|
|
// This means the authentication succeeded; extract the
|
|
// identity URL and Simple Registration data (if it was
|
|
// returned).
|
|
$openid = $response->getDisplayIdentifier();
|
|
$esc_identity = escape($openid);
|
|
|
|
$success = sprintf('You have successfully verified ' .
|
|
'<a href="%s">%s</a> as your identity.',
|
|
$esc_identity, $esc_identity);
|
|
|
|
if ($response->endpoint->canonicalID) {
|
|
$escaped_canonicalID = escape($response->endpoint->canonicalID);
|
|
$success .= ' (XRI CanonicalID: '.$escaped_canonicalID.') ';
|
|
}
|
|
|
|
$sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response);
|
|
|
|
$sreg = $sreg_resp->contents();
|
|
|
|
if (@$sreg['email']) {
|
|
escape($sreg['email']);
|
|
$success .= " You also returned '".escape($sreg['email']).
|
|
"' as your email.";
|
|
}
|
|
|
|
if (@$sreg['nickname']) {
|
|
$success .= " Your nickname is '".escape($sreg['nickname']).
|
|
"'.";
|
|
}
|
|
|
|
if (@$sreg['fullname']) {
|
|
$success .= " Your fullname is '".escape($sreg['fullname']).
|
|
"'.";
|
|
}
|
|
/*
|
|
$pape_resp = Auth_OpenID_PAPE_Response::fromSuccessResponse($response);
|
|
|
|
if ($pape_resp) {
|
|
if ($pape_resp->auth_policies) {
|
|
$success .= "<p>The following PAPE policies affected the authentication:</p><ul>";
|
|
|
|
foreach ($pape_resp->auth_policies as $uri) {
|
|
$escaped_uri = escape($uri);
|
|
$success .= "<li><tt>$escaped_uri</tt></li>";
|
|
}
|
|
|
|
$success .= "</ul>";
|
|
} else {
|
|
$success .= "<p>No PAPE policies affected the authentication.</p>";
|
|
}
|
|
|
|
if ($pape_resp->auth_age) {
|
|
$age = ($pape_resp->auth_age);
|
|
$success .= "<p>The authentication age returned by the " .
|
|
"server is: <tt>".$age."</tt></p>";
|
|
}
|
|
|
|
if ($pape_resp->nist_auth_level) {
|
|
$auth_level = escape($pape_resp->nist_auth_level);
|
|
$success .= "<p>The NIST auth level returned by the " .
|
|
"server is: <tt>".$auth_level."</tt></p>";
|
|
}
|
|
|
|
} else {
|
|
$success .= "<p>No PAPE response was sent by the provider.</p>";
|
|
}
|
|
*/
|
|
}
|
|
//print "Message: $success";
|
|
|
|
if (! empty($openid)) {
|
|
if ($returnData) {
|
|
return array('realname'=>$realname, 'email'=>$email, 'openID'=>$openid);
|
|
}
|
|
$password = md5($openid);
|
|
$query = "SELECT DISTINCT a.email, a.authorid, a.userlevel, a.right_publish
|
|
FROM
|
|
{$serendipity['dbPrefix']}authors AS a, {$serendipity['dbPrefix']}openid_authors AS oa
|
|
WHERE
|
|
oa.openid_url = '".serendipity_db_escape_string($openid)."' and
|
|
oa.authorid = a.authorid";
|
|
$row = serendipity_db_query($query, true, 'assoc');
|
|
if (is_array($row)) {
|
|
serendipity_setCookie('old_session', session_id());
|
|
serendipity_setAuthorToken();
|
|
$_SESSION['serendipityUser'] = $serendipity['serendipityUser'] = $realname;
|
|
$_SESSION['serendipityPassword'] = $serendipity['serendipityPassword'] = $password;
|
|
$_SESSION['serendipityEmail'] = $serendipity['serendipityEmail'] = $email;
|
|
$_SESSION['serendipityAuthorid'] = $serendipity['authorid'] = $row['authorid'];
|
|
$_SESSION['serendipityUserlevel'] = $serendipity['serendipityUserlevel'] = $row['userlevel'];
|
|
$_SESSION['serendipityAuthedUser'] = $serendipity['serendipityAuthedUser'] = true;
|
|
$_SESSION['serendipityRightPublish']= $serendipity['serendipityRightPublish'] = $row['right_publish'];
|
|
$_SESSION['serendipityOpenID'] = true;
|
|
serendipity_load_configuration($serendipity['authorid']);
|
|
return true;
|
|
} else {
|
|
$_SESSION['serendipityAuthedUser'] = false;
|
|
@session_destroy();
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
|
|
function getOpenID($userID, $checkExist=false) {
|
|
global $serendipity;
|
|
$q = "SELECT openid_url, authorid FROM {$serendipity['dbPrefix']}openid_authors WHERE authorid = " . (int)$userID;
|
|
$author = serendipity_db_query($q, true);
|
|
if (is_array($author)) {
|
|
if ($checkExist) {
|
|
return $author['authorid'];
|
|
} elseif (! empty($author['openid_url'])) {
|
|
return $author['openid_url'];
|
|
}
|
|
}
|
|
return '';
|
|
}
|
|
|
|
function updateOpenID($openid_url, $authorID) {
|
|
global $serendipity;
|
|
|
|
if (!is_array(serendipity_db_query("SELECT username FROM {$serendipity['dbPrefix']}openid_authors LIMIT 1", true, 'both', false, false, false, true))) {
|
|
serendipity_db_schema_import("CREATE TABLE {$serendipity['dbPrefix']}openid_authors (
|
|
openid_url varchar(255) default null,
|
|
hash varchar(32) default null,
|
|
authorid int(11) default '0'
|
|
);");
|
|
}
|
|
|
|
$hash = md5($openid_url);
|
|
if (serendipity_common_openid::getOpenID($authorID, true)) {
|
|
$retVal = serendipity_db_update('openid_authors',
|
|
array('authorid'=>$authorID),
|
|
array('openid_url'=> $openid_url,
|
|
'hash'=> $hash));
|
|
} else {
|
|
$retVal = serendipity_db_insert('openid_authors',
|
|
array('openid_url'=> $openid_url,
|
|
'hash'=> $hash,
|
|
'authorid'=>$authorID));
|
|
}
|
|
return ($retVal===true)?true:false;
|
|
}
|
|
|
|
function loginform($url, $hidden = array(), $instructions = '') {
|
|
global $serendipity;
|
|
|
|
$imgpath = $serendipity['baseURL'] . 'index.php?/plugin/openid.png';
|
|
$form = '';
|
|
if (! empty($instructions)) {
|
|
$form = $instructions . '<br /><br />';
|
|
}
|
|
$form .= '<form name="openid" id="openid" method="post" action="' . $url . '">'.
|
|
"\n ".' <input type="hidden" name="serendipity[openidflag]" value="1" />'."\n ";
|
|
foreach($hidden AS $key => $val) {
|
|
$form .= '<input type="hidden" name="serendipity[' . $key . ']" value="' . htmlspecialchars($val) . '" />' . "\n";
|
|
}
|
|
$form .= '<img src="' . $imgpath . '" alt="OpenID"> <input type="text" size="40" name="serendipity[openid_url]" value="" placeholder="' . PLUGIN_OPENID_LOGIN_INPUT . '"/>'."\n".
|
|
'<input type="submit" name="openIDLogin" value="Login" /></form>';
|
|
return $form;
|
|
}
|
|
}
|