======================= AuthOpenID for MODx by John Ehn ======================= ======================= Instructions ======================= 1. Create a Chunk called "OpenIDNotLoggedIn", and paste in the appropriate code below. 2. Create a Chunk called "OpenIDLoggedIn", and paste in the appropriate code below. 3. Create a Snippet called "AuthOpenID", and paste in the appropriate code below. 4. In the Properties tab of the AuthOpenID snippet, paste the following line in the Default Properties field: &tmpl_loggedin=Logged In Chunk;string;OpenIDLoggedIn &tmpl_loggedout=Logged Out Chunk;string;OpenIDNotLoggedIn &policyurl=Privacy Policy URL;string;http://www.yoursite.com/privacy.html &fields_required=Required Fields;string;nickname,email &fields_optional=Optional Fields;string;fullname,postcode,dob,gender 5. Click in a space somewhere outside of the field - the properties table will expand with all the options. Change the preferences as needed to fit with your site. 6. Last, edit your template to include the AuthOpenID snippet: [[AuthOpenID]] ======================= OpenIDNotLoggedIn Chunk =======================

==================== OpenIDLoggedIn Chunk ====================

Welcome, [+identity+]. Log out

================== AuthOpenID Snippet ================== config['base_path'] . "assets/snippets/"; if(!isset($tmpl_loggedin)){ $tmpl_loggedin = "OpenIDLoggedIn"; } if(!isset($tmpl_loggedout)){ $tmpl_loggedout = "OpenIDNotLoggedIn"; } if(!isset($fields_required)){ $fields_required = "nickname,email"; } if(!isset($fields_optional)){ $fields_optional = "fullname,postcode,country,language,timezone,dob,gender"; } $var2dbmap = array('nickname' => 'comment', 'email' => 'email', 'country' => 'country', 'postcode' => 'zip', 'dob' => 'dob', 'gender' => 'gender'); session_start(); $errortext = ""; if (!isset($_SESSION['openid_authmode'])) { $_SESSION['openid_authmode'] = "newuser"; } if ($_POST['openid_action'] == "login" || $_GET['openid_action'] == "login"){ // Get identity from user and redirect browser to OpenID Server $openid = new SimpleOpenID; if (isset($_POST['openid_url'])) { $openid->SetIdentity($_POST['openid_url']); } if (isset($_GET['openid_url'])) { $openid->SetIdentity($_GET['openid_url']); } if (isset($policyurl)) { $openid->SetPolicyURL($policyurl); } $_SESSION['openid_orig'] = $openid->OpenID_Standarize($_POST['openid_url']); $_SESSION['openid_token'] = rand(); // See if user already exists in db. If not, request registration info. $userexists = testUser(); if ($userexists == 0) { $openid->SetRequiredFields(explode(",",$fields_required)); $openid->SetOptionalFields(explode(",",$fields_optional)); } else if ($userexists == 1) { $_SESSION['openid_authmode'] = "cached"; } $openid->SetTrustRoot('http://' . $_SERVER["HTTP_HOST"]); if ($openid->GetOpenIDServer()){ $openid->SetApprovedURL('http://' . $_SERVER["HTTP_HOST"] . '/' . $modx->documentObject['alias'] . $modx->config['friendly_url_suffix']); // Send Response from OpenID server to this script $openid->Redirect(); // This will redirect user to OpenID Server }else{ $error = $openid->GetError(); $errortext = $error['description']; } } else if($_GET['openid_action'] == "logout"){ openIDLogout(); modxWebLogout(); } else if($_GET['openid_mode'] == 'id_res'){ // Perform HTTP Request to OpenID server to validate key $openid = new SimpleOpenID; $openid->SetIdentity($_GET['openid_identity']); $openid->SetApprovedURL('http://' . $_SERVER["HTTP_HOST"] . '/' . $modx->documentObject['alias'] . $modx->config['friendly_url_suffix']); $openid_validation_result = $openid->ValidateWithServer(); // $openid_botbouncer_result = $openid->BotBouncer(); if ($openid_validation_result == true){ // OK HERE KEY IS VALID $_SESSION['openid_user'] = $_SESSION['openid_orig']; if ($_SESSION['openid_authmode'] == "newuser") { foreach (explode(",",$fields_required) as $field) { $_SESSION['openid_' . $field] = $_GET['openid_sreg_' . $field]; } foreach (explode(",",$fields_optional) as $field) { $_SESSION['openid_' . $field] = $_GET['openid_sreg_' . $field]; } createUser(); } else if ($_SESSION['openid_authmode'] == "cached") { retrieveUser($var2dbmap); } setcookie("TPF_OpenID", $_SESSION['openid_user'], time()+60*60*24*365); $errortext = modxWebLogin(); }else if($openid->IsError() == true){ // ON THE WAY, WE GOT SOME ERROR $error = $openid->GetError(); $errortext = $error['description']; }else{ // Signature Verification Failed $errortext = "Failed to verify signature!"; } }else if ($_GET['openid_mode'] == 'cancel'){ // User Canceled your Request openIDLogout(); $errortext = "Request cancelled by user."; } if(isset($_SESSION['openid_user'])) { $here = "[~" . $modx->documentObject['id'] . "~]"; $chunk = $modx->getChunk($tmpl_loggedin); if (!$_SESSION['openid_nickname'] == "") { $chunk = str_replace("[+identity+]","".$_SESSION['openid_nickname']." (".$_SESSION['openid_user'].")",$chunk); } else { $chunk = str_replace("[+identity+]","".$_SESSION['openid_user']."",$chunk); } $chunk = str_replace("[+here+]",$here,$chunk); $chunk = str_replace("[+error+]",$errortext,$chunk); echo $chunk; } else { $here = "[~" . $modx->documentObject['id'] . "~]"; $chunk = $modx->getChunk($tmpl_loggedout); $chunk = str_replace("[+error+]",$errortext,$chunk); $chunk = str_replace("[+here+]",$here,$chunk); if (isset($_COOKIE['TPF_OpenID'])) { $chunk = str_replace("[+identity+]",$_COOKIE['TPF_OpenID'],$chunk); } else { $chunk = str_replace("[+identity+]",$_POST['openid_url'],$chunk); } echo $chunk; } function openIDLogout() { global $fields_required, $fields_optional; unset($_SESSION['openid_user']); unset($_SESSION['openid_authmode']); unset($_SESSION['openid_token']); foreach (explode(",",$fields_required) as $field) { unset($_SESSION['openid_' . $field]); } foreach (explode(",",$fields_optional) as $field) { unset($_SESSION['openid_' . $field]); } if (isset($_COOKIE['TPF_OpenID'])) { setcookie("TPF_OpenID", '', time()-42000, '/'); } } function testUser() { global $modx; $username = $modx->db->escape($_SESSION['openid_orig']); $sql = "SELECT id FROM ".$modx->getFullTableName("web_users")." WHERE username='$username'"; if(!$rs = $modx->dbQuery($sql)){ return -1; } $limit = $modx->db->getRecordCount($rs); if($limit>0) { return 1; } else { return 0; } } function retrieveUser($var2dbmap) { global $modx; $username = $modx->db->escape($_SESSION['openid_user']); $sql = "SELECT id FROM ".$modx->getFullTableName("web_users")." WHERE username='$username'"; $id = 0; if(!$rs = $modx->db->query($sql)){ return -1; } $limit = $modx->db->getRecordCount($rs); if($limit>0) { $row = $modx->fetchRow($rs); $id = $row['id']; } else { return 0; } $sql = "SELECT * FROM ".$modx->getFullTableName("web_user_attributes")." WHERE internalKey = $id"; if(!$rs = $modx->db->query($sql)){ return -1; } $limit = $modx->db->getRecordCount($rs); if($limit>0) { $row = $modx->fetchRow($rs); foreach ($var2dbmap as $key => $value) { $_SESSION['openid_'.$key] = $row[$value]; } if (isset($_SESSION['openid_gender'])) { if ($_SESSION['openid_gender'] == "1") { $_SESSION['openid_gender'] = "M"; } if ($_SESSION['openid_gender'] == "2") { $_SESSION['openid_gender'] = "F"; } } } else { return 0; } return 1; } function createUser() { global $modx; $username = $modx->db->escape($_SESSION['openid_user']); $fullname = $modx->db->escape($_SESSION['openid_fullname']); $email = $modx->db->escape($_SESSION['openid_email']); $state = ""; $password = createRandomPassword(); $country = $_SESSION['openid_country']; $zip = $_SESSION['openid_postcode']; $comment = $_SESSION['openid_nickname']; $dob = $_SESSION['openid_dob']; $gender = $_SESSION['openid_gender']; if ($gender == "M") { $gender = "1"; } else if ($gender == "F") { $gender = "2"; } else { $gender = ""; } if (!$dob == "") { $dob = date(strtotime($dob)); } // create the user account $sql = "INSERT INTO ".$modx->getFullTableName("web_users")." (username, password) VALUES('".$username."', md5('".$password."'));"; $rs = $modx->db->query($sql); if(!$rs){ return; } // now get the id $key=$modx->db->getInsertId(); // save user attributes $sql = "INSERT INTO ".$modx->getFullTableName("web_user_attributes")." (internalKey, fullname, email, zip, state, country, comment, dob, gender) VALUES($key, '$fullname', '$email', '$zip', '$state', '$country', '$comment', '$dob', '$gender');"; $rs = $modx->db->query($sql); if(!$rs){ return; } // add user to web groups if(count($groups)>0) { $ds = $modx->dbQuery("SELECT id FROM ".$modx->getFullTableName("webgroup_names")." WHERE name IN ('".implode("','",$groups)."')"); if(!$ds) return; else { while ($row = $modx->fetchRow($ds)) { $wg = $row["id"]; $modx->dbQuery("REPLACE INTO ".$modx->getFullTableName("web_groups")." (webgroup,webuser) VALUES('$wg','$key')"); } } } } function createRandomPassword() { $chars = "abcdefghijkmnopqrstuvwxyz023456789"; srand((double)microtime()*1000000); $i = 0; $pass = '' ; while ($i <= 7) { $num = rand() % 33; $tmp = substr($chars, $num, 1); $pass = $pass . $tmp; $i++; } return $pass; } function modxWebLogout() { global $modx; $dbase = $modx->dbConfig['dbase']; $table_prefix = $modx->dbConfig['table_prefix']; $internalKey = $_SESSION['webInternalKey']; $username = $_SESSION['webShortname']; // invoke OnBeforeWebLogout event $modx->invokeEvent("OnBeforeWebLogout", array( "userid" => $internalKey, "username" => $username )); // if we were launched from the manager // do NOT destroy session if(isset($_SESSION['mgrValidated'])) { unset($_SESSION['webShortname']); unset($_SESSION['webFullname']); unset($_SESSION['webEmail']); unset($_SESSION['webValidated']); unset($_SESSION['webInternalKey']); unset($_SESSION['webValid']); unset($_SESSION['webUser']); unset($_SESSION['webFailedlogins']); unset($_SESSION['webLastlogin']); unset($_SESSION['webnrlogins']); unset($_SESSION['webUsrConfigSet']); unset($_SESSION['webUserGroupNames']); unset($_SESSION['webDocgroups']); } else { // Unset all of the session variables. $_SESSION = array(); // destroy session cookie if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time()-42000, '/'); } session_destroy(); $sessionID = md5(date('d-m-Y H:i:s')); session_id($sessionID); startCMSSession(); session_destroy(); } // invoke OnWebLogout event $modx->invokeEvent("OnWebLogout", array( "userid" => $internalKey, "username" => $username )); return; } function modxWebLogin() { global $modx; $dbase = $modx->dbConfig['dbase']; $table_prefix = $modx->dbConfig['table_prefix']; $username = $modx->db->escape($_SESSION['openid_user']); // invoke OnBeforeWebLogin event $modx->invokeEvent("OnBeforeWebLogin", array( "username" => $username, "userpassword" => $givenPassword, "rememberme" => $_POST['rememberme'] )); $sql = "SELECT $dbase.".$table_prefix."web_users.*, $dbase.".$table_prefix."web_user_attributes.* FROM $dbase.".$table_prefix."web_users, $dbase.".$table_prefix."web_user_attributes WHERE BINARY $dbase.".$table_prefix."web_users.username = '".$username."' and $dbase.".$table_prefix."web_user_attributes.internalKey=$dbase.".$table_prefix."web_users.id;"; $ds = $modx->dbQuery($sql); $limit = $modx->db->getRecordCount($ds); if($limit==0 || $limit>1) { return; } $row = $modx->db->getRow($ds); $internalKey = $row['internalKey']; $dbasePassword = $row['password']; $failedlogins = $row['failedlogincount']; $blocked = $row['blocked']; $blockeduntildate = $row['blockeduntil']; $blockedafterdate = $row['blockedafter']; $registeredsessionid = $row['sessionid']; $role = $row['role']; $lastlogin = $row['lastlogin']; $nrlogins = $row['logincount']; $fullname = $row['fullname']; //$sessionRegistered = checkSession(); $email = $row['email']; // load user settings if($internalKey){ $result = $modx->dbQuery("SELECT setting_name, setting_value FROM ".$dbase.".".$table_prefix."web_user_settings WHERE webuser='$internalKey'"); while ($row = $modx->fetchRow($result, 'both')) $modx->config[$row[0]] = $row[1]; } if($blocked=="1") { // this user has been blocked by an admin, so no way he's loggin in! $errortext = "You are blocked and cannot log in!"; openIDLogout(); return $errortext; } // blockuntil if($blockeduntildate>time()) { // this user has a block until date $errortext = "You are blocked and cannot log in! Please try again later."; openIDLogout(); return $errortext; } // blockafter if($blockedafterdate>0 && $blockedafterdateconfig['allowed_ip'])) { if (strpos($modx->config['allowed_ip'],$_SERVER['REMOTE_ADDR'])===false) { $errortext = "You are not allowed to login from this location."; openIDLogout(); return $errortext; } } // allowed days if (isset($modx->config['allowed_days'])) { $date = getdate(); $day = $date['wday']+1; if (strpos($modx->config['allowed_days'],"$day")===false) { $errortext = "You are not allowed to login at this time. Please try again later."; openIDLogout(); return $errortext; } } // invoke OnWebAuthentication event $rt = $modx->invokeEvent("OnWebAuthentication", array( "userid" => $internalKey, "username" => $username, "userpassword" => $givenPassword, "savedpassword" => $dbasePassword, "rememberme" => $_POST['rememberme'] )); $currentsessionid = session_id(); if(!isset($_SESSION['webValidated'])) { $sql = "update $dbase.".$table_prefix."web_user_attributes SET failedlogincount=0, logincount=logincount+1, lastlogin=thislogin, thislogin=".time().", sessionid='$currentsessionid' where internalKey=$internalKey"; $ds = $modx->dbQuery($sql); } $_SESSION['webShortname']=$username; $_SESSION['webFullname']=$fullname; $_SESSION['webEmail']=$email; $_SESSION['webValidated']=1; $_SESSION['webInternalKey']=$internalKey; $_SESSION['webValid']=base64_encode($givenPassword); $_SESSION['webUser']=base64_encode($username); $_SESSION['webFailedlogins']=$failedlogins; $_SESSION['webLastlogin']=$lastlogin; $_SESSION['webnrlogins']=$nrlogins; $_SESSION['webUserGroupNames'] = ''; // reset user group names // get user's document groups $dg='';$i=0; $tblug = $dbase.".".$table_prefix."web_groups"; $tbluga = $dbase.".".$table_prefix."webgroup_access"; $sql = "SELECT uga.documentgroup FROM $tblug ug INNER JOIN $tbluga uga ON uga.webgroup=ug.webgroup WHERE ug.webuser =".$internalKey; $ds = $modx->db->query($sql); while ($row = $modx->db->getRow($ds,'num')) $dg[$i++]=$row[0]; $_SESSION['webDocgroups'] = $dg; // $log = new logHandler; // $log->initAndWriteLog("Logged in", $_SESSION['webInternalKey'], $_SESSION['webShortname'], "58", "-", "WebLogin"); // invoke OnWebLogin event $modx->invokeEvent("OnWebLogin", array( "userid" => $internalKey, "username" => $username, "userpassword" => $givenPassword, "rememberme" => $_POST['rememberme'] )); return; } /* FREE TO USE Simple OpenID PHP Class - Version 1.2 Contributed by http://www.fivestores.com/ Updated by http://extremeswank.com/, 2008-02-03 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= This Class was written to make easy for you to integrate OpenID on your website. This is just a client, which checks for user's identity. This Class Requires CURL Module. It should be easy to use some other HTTP Request Method, but remember, often OpenID servers are using SSL. We need to be able to perform SSL Verification on the background to check for valid signature. HOW TO USE THIS CLASS: STEP 1) $openid = new SimpleOpenID; :: SET IDENTITY :: $openid->SetIdentity($_POST['openid_url']); :: SET RETURN URL :: $openid->SetApprovedURL('http://www.yoursite.com/return.php'); // Script which handles a response from OpenID Server :: SET TRUST ROOT :: $openid->SetTrustRoot('http://www.yoursite.com/'); :: FETCH SERVER URL FROM IDENTITY PAGE :: [Note: It is recomended to cache this (Session, Cookie, Database)] $openid->GetOpenIDServer(); // Returns false if server is not found :: REDIRECT USER TO OPEN ID SERVER FOR APPROVAL :: :: (OPTIONAL) SET OPENID SERVER :: $openid->SetOpenIDServer($server_url); // If you have cached previously this, you don't have to call GetOpenIDServer and set value this directly STEP 2) Once user gets returned we must validate signature :: VALIDATE REQUEST :: true|false = $openid->ValidateWithServer(); ERRORS: array = $openid->GetError(); // Get latest Error code FIELDS: OpenID allowes you to retreive a profile. To set what fields you'd like to get use (accepts either string or array): $openid->SetRequiredFields(array('email','fullname','dob','gender','postcode','country','language','timezone')); or $openid->SetOptionalFields('postcode'); IMPORTANT TIPS: OPENID as is now, is not trust system. It is a great single-sign on method. If you want to store information about OpenID in your database for later use, make sure you handle url identities properly. For example: https://steve.myopenid.com/ https://steve.myopenid.com http://steve.myopenid.com/ http://steve.myopenid.com ... are representing one single user. Some OpenIDs can be in format openidserver.com/users/user/ - keep this in mind when storing identities To help you store an OpenID in your DB, you can use function: $openid_db_safe = $openid->OpenID_Standarize($upenid); This may not be comatible with current specs, but it works in current enviroment. Use this function to get openid in one format like steve.myopenid.com (without trailing slashes and http/https). Use output to insert Identity to database. Don't use this for validation - it may fail. */ class SimpleOpenID{ var $openid_url_identity; var $openid_url_type; var $openid_url_orig; var $URLs = array(); var $error = array(); var $fields = array(); function SimpleOpenID(){ if (!function_exists('curl_exec')) { die('Error: Class SimpleOpenID requires curl extension to work'); } } function SetOpenIDServer($a){ $this->URLs['openid_server'] = $a; } function SetTrustRoot($a){ $this->URLs['trust_root'] = $a; } function SetCancelURL($a){ $this->URLs['cancel'] = $a; } function SetApprovedURL($a){ $this->URLs['approved'] = $a; } function SetPolicyURL($a) { $this->URLs['policyurl'] = $a; } function SetRequiredFields($a){ if (is_array($a)){ $this->fields['required'] = $a; }else{ $this->fields['required'][] = $a; } } function SetOptionalFields($a){ if (is_array($a)){ $this->fields['optional'] = $a; }else{ $this->fields['optional'][] = $a; } } function SetIdentity($a){ // Set Identity URL $this->openid_url_orig = $a; $this->openid_url_type = 1; $xriprefixes = array("xri://", "xri://\$ip*", "xri://\$dns*"); $inameprefixes = array("=", "@", "+", "$", "!"); foreach ($inameprefixes as $prefix) { if (substr($a, 0, 1) == $prefix) { $this->openid_url_type = 2; $this->openid_url_identity = $a; $this->fixId(); return; } } foreach ($xriprefixes as $prefix) { if(substr($a, 0, strlen($prefix)) == $prefix) { $a = substr($a, strlen($prefix), strlen($a)-strlen($prefix)); $this->openid_url_type = 2; $this->openid_url_identity = $a; $this->fixId(); return; } } if(substr($a, 0, 7) != 'http://') { $a = 'http://'.$a; $this->openid_url_type = 1; $this->openid_url_identity = $a; $this->fixId(); return; } $this->openid_url_identity = $a; $this->fixId(); } function fixId() { if (!$this->endsWith($this->openid_url_identity, "/")) { $this->openid_url_identity .= "/"; } } function GetIdentity(){ // Get Identity return $this->openid_url_identity; } function GetError(){ $e = $this->error; return array('code'=>$e[0],'description'=>$e[1]); } function beginsWith( $str, $sub ) { return ( substr( $str, 0, strlen( $sub ) ) === $sub ); } function endsWith( $str, $sub ) { return ( substr( $str, strlen( $str ) - strlen( $sub ) ) === $sub ); } function ErrorStore($code, $desc = null){ $errs['OPENID_NOSERVERSFOUND'] = 'Cannot find OpenID Server using this identity.'; if ($desc == null){ $desc = $errs[$code]; } $this->error = array($code,$desc); } function IsError(){ if (count($this->error) > 0){ return true; }else{ return false; } } function splitResponse($response) { $r = array(); $response = explode("\n", $response); foreach($response as $line) { $line = trim($line); if ($line != "") { list($key, $value) = explode(":", $line, 2); $r[trim($key)] = trim($value); } } return $r; } function OpenID_Standarize($openid_identity){ if ($this->openid_url_type == 2) { return $openid_identity; } $u = parse_url(strtolower(trim($openid_identity))); if ($u['path'] == '/'){ $u['path'] = ''; } if(substr($u['path'],-1,1) == '/'){ $u['path'] = substr($u['path'], 0, strlen($u['path'])-1); } if (isset($u['query'])){ // If there is a query string, then use identity as is return $u['host'] . $u['path'] . '?' . $u['query']; }else{ return $u['host'] . $u['path']; } } function array2url($arr){ // converts associated array to URL Query String if (!is_array($arr)){ return false; } foreach($arr as $key => $value){ $query .= $key . "=" . $value . "&"; } return $query; } function CURL_Request($url, $method="GET", $params = "") { // Remember, SSL MUST BE SUPPORTED if (is_array($params)) $params = $this->array2url($params); if ($this->openid_url_type == 2) { $url = 'http://xri.net/'.$url; } $curl = curl_init($url . ($method == "GET" && $params != "" ? "?" . $params : "")); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true); curl_setopt($curl, CURLOPT_HEADER, true); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curl, CURLOPT_HTTPGET, ($method == "GET")); curl_setopt($curl, CURLOPT_POST, ($method == "POST")); if ($this->openid_url_type == 2) { $headers = array("Accept: application/xrds+xml"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); } if ($method == "POST") curl_setopt($curl, CURLOPT_POSTFIELDS, $params); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($curl); if (curl_errno($curl) == 0){ $response; }else{ $this->ErrorStore('OPENID_CURL', curl_error($curl)); } return $response; } function HTML2OpenIDServer($content) { $get = array(); // Get details of their OpenID server and (optional) delegate preg_match_all('/]*rel=["\']openid.server["\'][^>]*href=["\']([^"\']+)["\'][^>]*\/?>/i', $content, $matches1); preg_match_all('/]*href=["\']([^"\']+)["\'][^>]*rel=["\']openid.server["\'][^>]*\/?>/i', $content, $matches2); $servers = array_merge($matches1[1], $matches2[1]); preg_match_all('/]*rel=["\']openid.delegate["\'][^>]*href=["\']([^"\']+)["\'][^>]*\/?>/i', $content, $matches1); preg_match_all('/]*href=["\']([^"\']+)["\'][^>]*rel=["\']openid.delegate["\'][^>]*\/?>/i', $content, $matches2); $delegates = array_merge($matches1[1], $matches2[1]); if (count($servers) == 0 && count($delegates) == 0) { preg_match_all('/]*http-equiv=["\']X-XRDS-Location["\'][^>]*content=["\']([^"\']+)["\'][^>]*\/>/i', $content, $matches3); preg_match_all('/]*content=["\']([^"\']+)["\'][^>]*http-equiv=["\']X-XRDS-Location["\'][^>]*\/>/i', $content, $matches4); if ($matches3[1][0] != "") { $url = $matches3[1][0]; } else if ($matches4[1][0] != "") { $url = $matches4[1][0]; } if ($url != "") { $response = $this->CURL_Request($url); list($servers, $delegates) = $this->XRDS2OpenIDServer($response); } } $ret = array($servers, $delegates); return $ret; } function XRDS2OpenIDServer($content) { $arrcon = explode("\n", $content); $services = array(); $delegates = array(); $i=0; while ($i < count($arrcon)) { if (substr(trim($arrcon[$i]),0,8) == "]*>([^<]+)<\/URI>/i', $service, $matches1); preg_match_all('/]*>([^<]+)<\/openid:Delegate>/i', $service, $matches2); } } $servers = $matches1[1]; $delegates = $matches2[1]; $ret = array($servers, $delegates); return $ret; } function CheckHeadersForXRDS($content) { $arrcon = explode("\n", $content); $i = 0; while ($i < count($arrcon)) { if (substr($arrcon[$i],0,16) == "X-XRDS-Location:") { $keyval = explode(':', $arrcon[$i], 2); $newurl = trim($keyval[1]); return $newurl; } $i++; } return ""; } function GetOpenIDServer(){ $response = $this->CURL_Request($this->openid_url_identity); $xrds_url = $this->CheckHeadersForXRDS($response); if ($xrds_url != "") { $response = $this->CURL_Request($xrds_url); list($servers, $delegates) = $this->XRDS2OpenIDServer($response); } else if ($this->openid_url_type == 1) { list($servers, $delegates) = $this->HTML2OpenIDServer($response); } else if ($this->openid_url_type == 2) { list($servers, $delegates) = $this->XRDS2OpenIDServer($response); } if (count($servers) == 0){ $this->ErrorStore('OPENID_NOSERVERSFOUND'); return false; } if ($delegates[0] != ""){ $this->openid_url_identity = $delegates[0]; $this->fixId(); } $this->SetOpenIDServer($servers[0]); return $servers[0]; } function GetRedirectURL(){ $params = array(); $params['openid.return_to'] = urlencode($this->URLs['approved']); $params['openid.mode'] = 'checkid_setup'; $params['openid.identity'] = urlencode($this->openid_url_identity); $params['openid.trust_root'] = urlencode($this->URLs['trust_root']); if (count($this->fields['required']) > 0){ $params['openid.sreg.required'] = implode(',',$this->fields['required']); } if (count($this->fields['optional']) > 0){ $params['openid.sreg.optional'] = implode(',',$this->fields['optional']); } $params['openid.sreg.policy_url'] = urlencode($this->URLs['policyurl']); if (strpos($this->URLs['openid_server'], "?") != false) { return $this->URLs['openid_server'] . "&" . $this->array2url($params); } else { return $this->URLs['openid_server'] . "?". $this->array2url($params); } } function Redirect(){ $redirect_to = $this->GetRedirectURL(); if (headers_sent()){ // Use JavaScript to redirect if content has been previously sent (not recommended, but safe) echo ''; }else{ // Default Header Redirect header('Location: ' . $redirect_to); } } function ValidateWithServer(){ $params = array( 'openid.assoc_handle' => urlencode($_GET['openid_assoc_handle']), 'openid.signed' => urlencode($_GET['openid_signed']), 'openid.sig' => urlencode($_GET['openid_sig']) ); // Send only required parameters to confirm validity $arr_signed = explode(",",str_replace('sreg.','sreg_',$_GET['openid_signed'])); for ($i=0; $i"; // print_r($_GET); // print_r($params); // print ""; $openid_server = $this->GetOpenIDServer(); if ($openid_server == false){ return false; } $response = $this->CURL_Request($openid_server,'GET',$params); $data = $this->splitResponse($response); if ($data['is_valid'] == "true") { return true; }else{ return false; } } } ?>