diff options
Diffstat (limited to 'lib')
| -rwxr-xr-x | lib/actions.php | 173 | ||||
| -rwxr-xr-x | lib/common.php | 164 | ||||
| -rwxr-xr-x | lib/session.php | 140 |
3 files changed, 0 insertions, 477 deletions
diff --git a/lib/actions.php b/lib/actions.php deleted file mode 100755 index f5f05d952..000000000 --- a/lib/actions.php +++ /dev/null @@ -1,173 +0,0 @@ -<?php
-
-require_once "common.php";
-require_once "session.php";
-
-require_once "Auth/OpenID.php";
-
-/**
- * Handle a standard OpenID server request
- */
-function action_default()
-{
- global $store;
-
- $server =& getServer();
- $method = $_SERVER['REQUEST_METHOD'];
- /*$request = null;
- if ($method == 'GET') {
- $request = $_GET;
- } else {
- $request = $_POST;
- } */
-
- $request = $server->decodeRequest();
-
- if (!$request) {
- return ""; //about_render();
- }
-
- setRequestInfo($request);
-
- if (in_array($request->mode,
- array('checkid_immediate', 'checkid_setup'))) {
-
-
- $identity = getLoggedInUser();
- if (isTrusted($identity, $request->trust_root, $request->return_to)) {
- if ($request->message->isOpenID1()) {
- $response =& $request->answer(true);
- } else {
- $response =& $request->answer(true, false, getServerURL(), $identity);
- }
- } else if ($request->immediate) {
- $response =& $request->answer(false, getServerURL());
- } else {
- if (!getLoggedInUser()) {
- $_SESSION['last_forward_from'] = current_page_url().'?'.http_build_query(Auth_OpenID::getQuery());
- system_message(elgg_echo('openid_server:not_logged_in'));
- forward('login');
- }
- return trust_render($request);
- }
- addSregFields(&$response);
-
- } else {
- $response =& $server->handleRequest($request);
- }
-
- $webresponse =& $server->encodeResponse($response);
-
- foreach ($webresponse->headers as $k => $v) {
- header("$k: $v");
- }
-
- header(header_connection_close);
- print $webresponse->body;
- exit(0);
-}
-
-/**
- * Log out the currently logged in user
- */
-function action_logout()
-{
- setLoggedInUser(null);
- setRequestInfo(null);
- return authCancel(null);
-}
-
-/**
- * Check the input values for a login request
- */
-function login_checkInput($input)
-{
- $openid_url = false;
- $errors = array();
-
- if (!isset($input['openid_url'])) {
- $errors[] = gettext('Enter an OpenID URL to continue');
- }
- if (!isset($input['password'])) {
- $errors[] = gettext('Enter a password to continue');
- }
- if (count($errors) == 0) {
- $openid_url = $input['openid_url'];
- // don't normalise yet
- // $openid_url = Auth_OpenID::normalizeUrl($openid_url);
- $password = $input['password'];
- if (!checkLogin($openid_url, $password)) {
- $errors[] = 'The entered password does not match the ' .
- 'entered identity URL.';
- }
- }
- return array($errors, $openid_url);
-}
-
-/**
- * Log in a user and potentially continue the requested identity approval
- */
-function action_login()
-{
- $method = $_SERVER['REQUEST_METHOD'];
- switch ($method) {
- case 'GET':
- return login_render();
- case 'POST':
- $info = getRequestInfo();
- $fields = $_POST;
- if (isset($fields['cancel'])) {
- return authCancel($info);
- }
-
- list ($errors, $openid_url) = login_checkInput($fields);
- if (count($errors) || !$openid_url) {
- $needed = $info ? $info->identity : false;
- //KJ - use $openid_url instead
- // return login_render($errors, @$fields['openid_url'], $needed);
- return login_render($errors, $openid_url, $needed);
- } else {
- setLoggedInUser(normaliseUsername($openid_url));
- return doAuth($info);
- }
- default:
- return login_render(array('Unsupported HTTP method: $method'));
- }
-}
-
-/**
- * Ask the user whether he wants to trust this site
- */
-function action_trust()
-{
- global $store;
-
- $info = getRequestInfo();
- $trusted = isset($_POST['trust']);
- if ($info && isset($_POST['remember'])) {
- $store->setTrustedSite($info->trust_root);
- }
- return doAuth($info, $trusted, true);
-}
-
-function action_sites()
-{
- global $store;
-
- $sites = $store->getTrustedSites();
-
- if ($_SERVER['REQUEST_METHOD'] == 'POST') {
- if (isset($_POST['forget'])) {
- $store->removeAllTrustedSites();
- } elseif (isset($_POST['remove'])) {
- foreach ($_POST as $k => $v) {
- if (preg_match('/^site[0-9]+$/', $k)) {
- $store->removeTrustedSite($v);
- }
- }
- }
- }
- return sites_render($store->getTrustedSites());
-}
-
-?>
diff --git a/lib/common.php b/lib/common.php deleted file mode 100755 index 3e3e6b034..000000000 --- a/lib/common.php +++ /dev/null @@ -1,164 +0,0 @@ -<?php
-
-require_once "session.php";
-
-require_once "Auth/OpenID/Server.php";
-require_once "Auth/OpenID/SReg.php";
-try {
- // include_once "Auth/OpenID/HMACSHA1.php";
-} catch(Exception $e) {
- // new way :P
- require_once "Auth/OpenID/HMAC.php";
-}
-
-function getUsernameFromUrl($url)
-{
- $un = trim($url);
- $lun = strlen($un);
- $last_stroke_pos = strrpos($un,"/");
- if ($last_stroke_pos === false) {
- // no slash, so assume that this is already a username
- $username = $url;
- } else {
- if ($last_stroke_pos == ($lun - 1)) {
- // this url ends in a slash - ignore it
- $un = substr($un, 0,-1);
- }
- $last_stroke_pos = strrpos($un,"/");
- $username = substr($un,$last_stroke_pos+1);
- }
-
- return $username;
-}
-
-function normaliseUsername($username)
-// check to see if the current username contains a slash
-// if so, assume that this is an OpenID URL
-// if not, munge it until it is
-// normalise OpenID URLs to include a closing slash
-{
- global $CONFIG;
-
- $stroke_pos = strpos($username,"/");
- if ($stroke_pos === false) {
- return $CONFIG->wwwroot."profile/".$username;
- } else {
- if (substr($username,-1,1) == "/") {
- return substr($username, 0, strlen($username-1));
- } else {
- return $username;
- }
- }
-}
-
-function addSregFields(&$response,$info, $req_url)
-{
- $username = getUsernameFromUrl($req_url);
- $user = get_user_by_username($username);
- if ($user) {
- $email = $user->email;
- $fullname = $user->name;
-
- $sreg_data = array(
- 'fullname' => $fullname,
- 'email' => $email
- );
-
- // Add the simple registration response values to the OpenID
- // response message.
- $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($info);
-
- $sreg_response = Auth_OpenID_SRegResponse::extractResponse(
- $sreg_request, $sreg_data);
- //error_log('DEBUG:' . (string)($response->fields));
- $sreg_response->toMessage($response->fields);
- }
-
-}
-
-// KJ - this code is now used in trust.php
-
-/*function authCancel($info)
-{
- if ($info) {
- setRequestInfo();
- $url = $info->getCancelURL();
- } else {
- $url = getServerURL();
- }
- return redirect_render($url);
-}
-
-function doAuth($info, $trusted=null, $fail_cancels=false,$idpSelect=null)
-{
- if (!$info) {
- // There is no authentication information, so bail
- return authCancel(null);
- }
-
- if ($info->idSelect()) {
- if ($idpSelect) {
- $req_url = idURL($idpSelect);
- } else {
- $trusted = false;
- }
- } else {
- $req_url = normaliseUsername($info->identity);
- }
-
- $user = getLoggedInUser();
- setRequestInfo($info);
-
- if ($req_url != $user) {
- return login_render(array(), $req_url, $req_url);
- }
-
- $trust_root = $info->trust_root;
- // $fail_cancels = $fail_cancels || isset($sites[$trust_root]);
- $trusted = isset($trusted) ? $trusted : isTrusted($req_url,$trust_root);
- if ($trusted) {
- setRequestInfo();
- $server =& getServer();
- $response =& $info->answer(true, null, $req_url);
-
- addSregFields($response, $info, $req_url);
-
- $webresponse =& $server->encodeResponse($response);
-
- $new_headers = array();
-
- foreach ($webresponse->headers as $k => $v) {
- $new_headers[] = $k.": ".$v;
- }
-
- return array($new_headers, $webresponse->body);
- } elseif ($fail_cancels) {
- return authCancel($info);
- } else {
- return trust_render($info);
- }
-}*/
-
-
-function trust_render($info) {
-
- $vars = array('openid_url' =>getLoggedInUser(), 'openid_trust_root' =>htmlspecialchars($info->trust_root));
- $title = elgg_echo('openid_server:trust_title');
- return array(
- array(),
- elgg_view_page(
- $title,
- elgg_view_layout('content', array(
- 'title' => $title,
- 'content' => elgg_view_form("openid_server/trust", array(), $vars),
- 'filter' => false,
- ))
- ));
-}
-
-function login_render($errors=null, $input=null, $needed=null) {
- system_message(elgg_echo('openid_server:not_logged_in'));
- forward(current_page_url());
-}
-
-?>
diff --git a/lib/session.php b/lib/session.php deleted file mode 100755 index ccd1e8f4c..000000000 --- a/lib/session.php +++ /dev/null @@ -1,140 +0,0 @@ -<?php
-
-//require_once(dirname(dirname(__FILE__)).'/config.php');
-//require_once "render.php";
-
-require_once "Auth/OpenID/Server.php";
-
-// require_once('elgg/includes.php');
-
-/**
- * Set up the session
- */
-// get information from Elgg if logged in
-// KJ - this should not be necessary as it can always be generated from the user name
-function init()
-{
- global $CFG;
-
- if (elgg_is_logged_in()) {
- setLoggedInUser(normaliseUsername($_SESSION['user']->username));
- } else {
- setLoggedInUser(null);
- }
-}
-
-
-/**
- * Get the URL of the current script
- */
-function getServerURL()
-{
- global $CONFIG;
-
- return $CONFIG->wwwroot.'mod/openid_server/server.php';
-}
-
-/**
- * Build a URL to a server action
- */
-function buildURL($action=null, $escaped=true)
-{
- $url = getServerURL();
- if ($action) {
- $url .= '/' . $action;
- }
- return $escaped ? htmlspecialchars($url, ENT_QUOTES) : $url;
-}
-
-/**
- * Extract the current action from the request
- * KJ - this should be replaced by Elgg 1 action system
- */
-function getAction()
-{
- $path_info = @$_SERVER['PATH_INFO'];
- $action = ($path_info) ? substr($path_info, 1) : '';
- $function_name = 'action_' . $action;
- return $function_name;
-}
-
-/**
- * Write the response to the request
- */
-function writeResponse($resp)
-{
- list ($headers, $body) = $resp;
- array_walk($headers, 'header');
- header(header_connection_close);
- print $body;
-}
-
-/**
- * Instantiate a new OpenID server object
- */
-function getServer()
-{
- global $CONFIG;
- static $server;
- $op_endpoint = getServerURL();
- if (!isset($server)) {
- $server =& new Auth_OpenID_Server(getOpenIDServerStore(),$op_endpoint);
- }
- return $server;
-}
-
-/**
- * Return whether the trust root is currently trusted
- *
- */
-function isTrusted($identity_url, $trust_root, $return_to)
-{
- global $store;
-
- if ($identity_url != getLoggedInUser()) {
- return false;
- }
-
- $sites = $store->getTrustedSites($identity_url);
-
- if (empty($sites)) {
- return false;
- } else {
- return in_array($trust_root, $sites) && fnmatch($trust_root.'*',$return_to);
- }
-}
-
-
-/**
- * Get the openid_url out of the cookie
- *
- * @return mixed $openid_url The URL that was stored in the cookie or
- * false if there is none present or if the cookie is bad.
- */
-function getLoggedInUser()
-{
- global $CONFIG;
- if (elgg_is_logged_in()) {
- return $CONFIG->wwwroot.'profile/'.$_SESSION['user']->username;
- } else {
- return '';
- }
-}
-
-function getRequestInfo()
-{
- return isset($_SESSION['openid_server_request'])
- ? unserialize($_SESSION['openid_server_request'])
- : false;
-}
-
-function setRequestInfo($info=null)
-{
- if (!isset($info)) {
- unset($_SESSION['openid_server_request']);
- } else {
- $_SESSION['openid_server_request'] = serialize($info);
- }
-}
-
-?>
|