From 86dd023448a1aed54a076df9533ecdf50c4dcd97 Mon Sep 17 00:00:00 2001 From: Alessandro Cosentino Date: Tue, 7 Jun 2011 15:48:21 -0400 Subject: Adding clear logs functions --- apps/files_publiclink/js/admin.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'apps') diff --git a/apps/files_publiclink/js/admin.js b/apps/files_publiclink/js/admin.js index 017c62cb42a..9a0bad604a2 100644 --- a/apps/files_publiclink/js/admin.js +++ b/apps/files_publiclink/js/admin.js @@ -48,5 +48,5 @@ $(document).ready(function() { } } }); - }) + }); }); \ No newline at end of file -- cgit v1.2.3 From 97ab331b2a41777b64881118819902183e5f0b98 Mon Sep 17 00:00:00 2001 From: Kamil Domanski Date: Sat, 18 Jun 2011 23:57:03 +0200 Subject: change db index names to avoid collisions --- apps/files_publiclink/appinfo/database.xml | 2 +- db_structure.xml | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) (limited to 'apps') diff --git a/apps/files_publiclink/appinfo/database.xml b/apps/files_publiclink/appinfo/database.xml index de63b03f445..4fe6be47d8d 100644 --- a/apps/files_publiclink/appinfo/database.xml +++ b/apps/files_publiclink/appinfo/database.xml @@ -35,7 +35,7 @@ true - token + a_files_publiclink_token true token diff --git a/db_structure.xml b/db_structure.xml index 599352c2a8d..19cdccef8a4 100644 --- a/db_structure.xml +++ b/db_structure.xml @@ -208,7 +208,7 @@ - path + locks_path path ascending @@ -216,7 +216,7 @@ - path_2 + locks_path_2 path ascending @@ -224,7 +224,7 @@ - path_3 + locks_path_3 path ascending @@ -236,7 +236,7 @@ - expires + locks_expires expires ascending @@ -253,7 +253,7 @@ - token + locks_token true token -- cgit v1.2.3 From 14dddc0c9e116874b76bdf5965cd2c1b0e4d2e5e Mon Sep 17 00:00:00 2001 From: Jakob Sack Date: Sun, 19 Jun 2011 14:23:24 +0200 Subject: forgot "event" as a parameter. --- apps/files_publiclink/js/admin.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'apps') diff --git a/apps/files_publiclink/js/admin.js b/apps/files_publiclink/js/admin.js index 9a0bad604a2..21857718149 100644 --- a/apps/files_publiclink/js/admin.js +++ b/apps/files_publiclink/js/admin.js @@ -8,7 +8,7 @@ $(document).ready(function() { source: "../../files/ajax/autocomplete.php", minLength: 1 }); - $("button.delete").live('click', function() { + $("button.delete").live('click', function( event ) { event.preventDefault(); var token=$(this).attr('data-token'); var data="token="+token; @@ -22,7 +22,7 @@ $(document).ready(function() { } }); }); - $('#newlink').submit(function(){ + $('#newlink').submit(function( event ){ event.preventDefault(); var path=$('#path').val(); var expire=$('#expire_time').val()||0; -- cgit v1.2.3 From a7b7f5a76ce7fe3fb371f008d5de9c749ac5c1c1 Mon Sep 17 00:00:00 2001 From: Kamil Domanski Date: Mon, 20 Jun 2011 00:17:49 +0200 Subject: app files_publiclink is now translateable --- apps/files_publiclink/templates/admin.php | 10 +++++----- apps/files_publiclink/templates/index.php | 6 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) (limited to 'apps') diff --git a/apps/files_publiclink/templates/admin.php b/apps/files_publiclink/templates/admin.php index 2483eef321a..95b99109f23 100644 --- a/apps/files_publiclink/templates/admin.php +++ b/apps/files_publiclink/templates/admin.php @@ -2,18 +2,18 @@ - - - + + + '> - + - + diff --git a/apps/files_publiclink/templates/index.php b/apps/files_publiclink/templates/index.php index 9e238452603..759f3ad8772 100644 --- a/apps/files_publiclink/templates/index.php +++ b/apps/files_publiclink/templates/index.php @@ -5,9 +5,9 @@ - - - + + + -- cgit v1.2.3 From c0af177223f5ebd74614b775121ea7f3497d25a5 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Wed, 22 Jun 2011 12:40:13 +0200 Subject: public link config is also for non admins --- apps/files_publiclink/admin.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'apps') diff --git a/apps/files_publiclink/admin.php b/apps/files_publiclink/admin.php index a48076b4d42..afb726da312 100644 --- a/apps/files_publiclink/admin.php +++ b/apps/files_publiclink/admin.php @@ -29,7 +29,7 @@ require( 'template.php' ); // Check if we are a user -if( !OC_USER::isLoggedIn() || !OC_GROUP::inGroup( $_SESSION['user_id'], 'admin' )){ +if( !OC_USER::isLoggedIn()){ header( "Location: ".OC_HELPER::linkTo( "index.php" )); exit(); } -- cgit v1.2.3 From 83958ebd4be58c64b23a3e9535f4246faeff8f4a Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Wed, 22 Jun 2011 12:50:57 +0200 Subject: add oc_user::getUser to get the user id of the loggedin user --- admin/ajax/changepassword.php | 2 +- admin/ajax/creategroup.php | 2 +- admin/ajax/createuser.php | 2 +- admin/ajax/removegroup.php | 2 +- admin/ajax/removeuser.php | 2 +- admin/ajax/togglegroups.php | 2 +- admin/apps.php | 2 +- admin/system.php | 2 +- admin/users.php | 2 +- apps/files_publiclink/lib_public.php | 6 +++--- files/admin.php | 2 +- lib/base.php | 2 +- lib/l10n.php | 4 ++-- lib/user.php | 13 +++++++++++++ log/index.php | 8 ++++---- settings/ajax/setlanguage.php | 2 +- settings/index.php | 2 +- 17 files changed, 35 insertions(+), 22 deletions(-) (limited to 'apps') diff --git a/admin/ajax/changepassword.php b/admin/ajax/changepassword.php index a8f3af15175..51634908a76 100644 --- a/admin/ajax/changepassword.php +++ b/admin/ajax/changepassword.php @@ -7,7 +7,7 @@ require_once('../../lib/base.php'); header( "Content-Type: application/jsonrequest" ); // Check if we are a user -if( !OC_USER::isLoggedIn() || !OC_GROUP::inGroup( $_SESSION['user_id'], 'admin' )){ +if( !OC_USER::isLoggedIn() || !OC_GROUP::inGroup( OC_USER::getUser(), 'admin' )){ echo json_encode( array( "status" => "error", "data" => array( "message" => "Authentication error" ))); exit(); } diff --git a/admin/ajax/creategroup.php b/admin/ajax/creategroup.php index eec27587930..df9a36aaa2f 100644 --- a/admin/ajax/creategroup.php +++ b/admin/ajax/creategroup.php @@ -7,7 +7,7 @@ require_once('../../lib/base.php'); header( "Content-Type: application/jsonrequest" ); // Check if we are a user -if( !OC_USER::isLoggedIn() || !OC_GROUP::inGroup( $_SESSION['user_id'], 'admin' )){ +if( !OC_USER::isLoggedIn() || !OC_GROUP::inGroup( OC_USER::getUser(), 'admin' )){ echo json_encode( array( "status" => "error", "data" => array( "message" => "Authentication error" ))); exit(); } diff --git a/admin/ajax/createuser.php b/admin/ajax/createuser.php index a6e4ec0e93d..507ded9079f 100644 --- a/admin/ajax/createuser.php +++ b/admin/ajax/createuser.php @@ -7,7 +7,7 @@ require_once('../../lib/base.php'); header( "Content-Type: application/jsonrequest" ); // Check if we are a user -if( !OC_USER::isLoggedIn() || !OC_GROUP::inGroup( $_SESSION['user_id'], 'admin' )){ +if( !OC_USER::isLoggedIn() || !OC_GROUP::inGroup( OC_USER::getUser(), 'admin' )){ echo json_encode( array( "status" => "error", "data" => array( "message" => "Authentication error" ))); exit(); } diff --git a/admin/ajax/removegroup.php b/admin/ajax/removegroup.php index c7991ba5819..e3d62e5fac8 100644 --- a/admin/ajax/removegroup.php +++ b/admin/ajax/removegroup.php @@ -7,7 +7,7 @@ require_once('../../lib/base.php'); header( "Content-Type: application/jsonrequest" ); // Check if we are a user -if( !OC_USER::isLoggedIn() || !OC_GROUP::inGroup( $_SESSION['user_id'], 'admin' )){ +if( !OC_USER::isLoggedIn() || !OC_GROUP::inGroup( OC_USER::getUser(), 'admin' )){ echo json_encode( array( "status" => "error", "data" => array( "message" => "Authentication error" ))); exit(); } diff --git a/admin/ajax/removeuser.php b/admin/ajax/removeuser.php index 7e587f16058..6b48146ad45 100644 --- a/admin/ajax/removeuser.php +++ b/admin/ajax/removeuser.php @@ -7,7 +7,7 @@ require_once('../../lib/base.php'); header( "Content-Type: application/jsonrequest" ); // Check if we are a user -if( !OC_USER::isLoggedIn() || !OC_GROUP::inGroup( $_SESSION['user_id'], 'admin' )){ +if( !OC_USER::isLoggedIn() || !OC_GROUP::inGroup( OC_USER::getUser(), 'admin' )){ echo json_encode( array( "status" => "error", "data" => array( "message" => "Authentication error" ))); exit(); } diff --git a/admin/ajax/togglegroups.php b/admin/ajax/togglegroups.php index f821ae0bfaa..5c7bd393e92 100644 --- a/admin/ajax/togglegroups.php +++ b/admin/ajax/togglegroups.php @@ -7,7 +7,7 @@ require_once('../../lib/base.php'); header( "Content-Type: application/jsonrequest" ); // Check if we are a user -if( !OC_USER::isLoggedIn() || !OC_GROUP::inGroup( $_SESSION['user_id'], 'admin' )){ +if( !OC_USER::isLoggedIn() || !OC_GROUP::inGroup( OC_USER::getUser(), 'admin' )){ echo json_encode( array( "status" => "error", "data" => array( "message" => "Authentication error" ))); exit(); } diff --git a/admin/apps.php b/admin/apps.php index 285cf9e90f5..b47611f536d 100644 --- a/admin/apps.php +++ b/admin/apps.php @@ -24,7 +24,7 @@ require_once('../lib/base.php'); include_once('../lib/installer.php'); require( 'template.php' ); -if( !OC_USER::isLoggedIn() || !OC_GROUP::inGroup( $_SESSION['user_id'], 'admin' )){ +if( !OC_USER::isLoggedIn() || !OC_GROUP::inGroup( OC_USER::getUser(), 'admin' )){ header( "Location: ".OC_HELPER::linkTo( "", "index.php" )); exit(); } diff --git a/admin/system.php b/admin/system.php index 310979295f0..284509144ee 100644 --- a/admin/system.php +++ b/admin/system.php @@ -23,7 +23,7 @@ require_once('../lib/base.php'); require( 'template.php' ); -if( !OC_USER::isLoggedIn() || !OC_GROUP::inGroup( $_SESSION['user_id'], 'admin' )){ +if( !OC_USER::isLoggedIn() || !OC_GROUP::inGroup( OC_USER::getUser(), 'admin' )){ header( "Location: ".OC_HELPER::linkTo( "index.php" )); exit(); } diff --git a/admin/users.php b/admin/users.php index e44feb40fe2..0848d57162a 100644 --- a/admin/users.php +++ b/admin/users.php @@ -23,7 +23,7 @@ require_once('../lib/base.php'); require( 'template.php' ); -if( !OC_USER::isLoggedIn() || !OC_GROUP::inGroup( $_SESSION['user_id'], 'admin' )){ +if( !OC_USER::isLoggedIn() || !OC_GROUP::inGroup( OC_USER::getUser(), 'admin' )){ header( "Location: ".OC_HELPER::linkTo( "index.php" )); exit(); } diff --git a/apps/files_publiclink/lib_public.php b/apps/files_publiclink/lib_public.php index aeef9212377..93ccc52d0e9 100644 --- a/apps/files_publiclink/lib_public.php +++ b/apps/files_publiclink/lib_public.php @@ -7,7 +7,7 @@ class OC_PublicLink{ */ public function __construct($path,$expiretime=0){ if($path and OC_FILESYSTEM::file_exists($path) and OC_FILESYSTEM::is_readable($path)){ - $user=$_SESSION['user_id']; + $user=OC_USER::getUser(); $token=sha1("$user-$path-$expiretime"); $query=OC_DB::prepare("INSERT INTO *PREFIX*publiclink VALUES(?,?,?,?)"); $result=$query->execute(array($token,$path,$user,$expiretime)); @@ -60,7 +60,7 @@ class OC_PublicLink{ */ static public function getLinks(){ $query=OC_DB::prepare("SELECT * FROM *PREFIX*publiclink WHERE user=?"); - return $query->execute(array($_SESSION['user_id']))->fetchAll(); + return $query->execute(array(OC_USER::getUser()))->fetchAll(); } /** @@ -69,7 +69,7 @@ class OC_PublicLink{ static public function delete($token){ $query=OC_DB::prepare("SELECT user,path FROM *PREFIX*publiclink WHERE token=?"); $result=$query->execute(array($token))->fetchAll(); - if(count($result)>0 and $result[0]['user']==$_SESSION['user_id']){ + if(count($result)>0 and $result[0]['user']==OC_USER::getUser()){ $query=OC_DB::prepare("DELETE FROM *PREFIX*publiclink WHERE token=?"); $query->execute(array($token)); } diff --git a/files/admin.php b/files/admin.php index 59b822468ed..5c9923aff86 100644 --- a/files/admin.php +++ b/files/admin.php @@ -28,7 +28,7 @@ require( 'template.php' ); // Check if we are a user -if( !OC_USER::isLoggedIn() || !OC_GROUP::inGroup( $_SESSION['user_id'], 'admin' )){ +if( !OC_USER::isLoggedIn() || !OC_GROUP::inGroup( OC_USER::getUser(), 'admin' )){ header( "Location: ".OC_HELPER::linkTo( "index.php" )); exit(); } diff --git a/lib/base.php b/lib/base.php index e93c4712727..0453e272a4b 100644 --- a/lib/base.php +++ b/lib/base.php @@ -142,7 +142,7 @@ class OC_UTIL { // If we are not forced to load a specific user we load the one that is logged in if( $user == "" && OC_USER::isLoggedIn()){ - $user = $_SESSION['user_id']; + $user = OC_USER::getUser(); } if( $user != "" ){ //if we aren't logged in, there is no use to set up the filesystem diff --git a/lib/l10n.php b/lib/l10n.php index ff0238241a6..053c6fbc10e 100644 --- a/lib/l10n.php +++ b/lib/l10n.php @@ -200,8 +200,8 @@ class OC_L10N{ else{ $available=self::findAvailableLanguages( $app ); } - if( isset($_SESSION['user_id']) && $_SESSION['user_id'] && OC_PREFERENCES::getValue( $_SESSION['user_id'], 'core', 'lang' )){ - $lang = OC_PREFERENCES::getValue( $_SESSION['user_id'], 'core', 'lang' ); + if( OC_USER::getUser() && OC_PREFERENCES::getValue( OC_USER::getUser(), 'core', 'lang' )){ + $lang = OC_PREFERENCES::getValue( OC_USER::getUser(), 'core', 'lang' ); self::$language = $lang; if( array_search( $lang, $available ) !== false ){ return $lang; diff --git a/lib/user.php b/lib/user.php index 2e11a30e85e..7eafef924a8 100644 --- a/lib/user.php +++ b/lib/user.php @@ -231,6 +231,19 @@ class OC_USER { } } + /** + * @brief get the user idea of the user currently logged in. + * @return string uid or false + */ + public static function getUser(){ + if( isset($_SESSION['user_id']) AND $_SESSION['user_id'] ){ + return $_SESSION['user_id']; + } + else{ + return false; + } + } + /** * @brief Autogenerate a password * @returns string diff --git a/log/index.php b/log/index.php index 950e1f82d19..4986526e007 100644 --- a/log/index.php +++ b/log/index.php @@ -43,8 +43,8 @@ if(isset($_POST['save'])){ $selectedActions[]=$action; } } - OC_PREFERENCES::setValue($_SESSION['user_id'],'log','actions',implode(',',$selectedActions)); - OC_PREFERENCES::setValue($_SESSION['user_id'],'log','pagesize',$_POST['size']); + OC_PREFERENCES::setValue(OC_USER::getUser(),'log','actions',implode(',',$selectedActions)); + OC_PREFERENCES::setValue(OC_USER::getUser(),'log','pagesize',$_POST['size']); } //clear log entries elseif(isset($_POST['clear'])){ @@ -62,10 +62,10 @@ OC_APP::setActiveNavigationEntry( 'log' ); $logs=OC_LOG::get(); -$selectedActions=explode(',',OC_PREFERENCES::getValue($_SESSION['user_id'],'log','actions',implode(',',$allActions))); +$selectedActions=explode(',',OC_PREFERENCES::getValue(OC_USER::getUser(),'log','actions',implode(',',$allActions))); $logs=OC_LOG::filterAction($logs,$selectedActions); -$pageSize=OC_PREFERENCES::getValue($_SESSION['user_id'],'log','pagesize',20); +$pageSize=OC_PREFERENCES::getValue(OC_USER::getUser(),'log','pagesize',20); $pageCount=ceil(count($logs)/$pageSize); $page=isset($_GET['page'])?$_GET['page']:0; if($page>=$pageCount){ diff --git a/settings/ajax/setlanguage.php b/settings/ajax/setlanguage.php index f971806f4c6..bc467fb9004 100644 --- a/settings/ajax/setlanguage.php +++ b/settings/ajax/setlanguage.php @@ -17,7 +17,7 @@ if( !OC_USER::isLoggedIn()){ // Get data if( isset( $_POST['lang'] ) ){ $lang=$_POST['lang']; - OC_PREFERENCES::setValue( $_SESSION['user_id'], 'core', 'lang', $lang ); + OC_PREFERENCES::setValue( OC_USER::getUser(), 'core', 'lang', $lang ); echo json_encode( array( "status" => "success", "data" => array( "message" => $l->t("Language changed") ))); }else{ echo json_encode( array( "status" => "error", "data" => array( "message" => $l->t("Invalid request") ))); diff --git a/settings/index.php b/settings/index.php index e2a73a5d9f3..07adba142d6 100644 --- a/settings/index.php +++ b/settings/index.php @@ -18,7 +18,7 @@ $free=OC_FILESYSTEM::free_space(); $total=$free+$used; $relative=round(($used/$total)*100); -$lang=OC_PREFERENCES::getValue( $_SESSION['user_id'], 'core', 'lang', 'en' ); +$lang=OC_PREFERENCES::getValue( OC_USER::getUser(), 'core', 'lang', 'en' ); $languages=OC_L10N::findAvailableLanguages(); //put the current language in the front unset($languages[array_search($lang,$languages)]); -- cgit v1.2.3 From bd4aec2c4c979cf88fd2e430b52eb22b34b56dba Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Thu, 23 Jun 2011 17:04:32 +0200 Subject: Experimental OpenID user backend and server. Currently all users can set one OpenID identity that allows access to the account. The identity url's for the server is owncloud/apps/user_openid/user.php/$username --- apps/user_openid/appinfo/app.php | 38 + apps/user_openid/appinfo/info.xml | 10 + apps/user_openid/class.openid.v3.php | 328 ++++++ apps/user_openid/phpmyid.php | 1723 +++++++++++++++++++++++++++++++ apps/user_openid/settings.php | 24 + apps/user_openid/templates/settings.php | 7 + apps/user_openid/user.php | 34 + apps/user_openid/user_openid.php | 73 ++ 8 files changed, 2237 insertions(+) create mode 100644 apps/user_openid/appinfo/app.php create mode 100644 apps/user_openid/appinfo/info.xml create mode 100644 apps/user_openid/class.openid.v3.php create mode 100644 apps/user_openid/phpmyid.php create mode 100644 apps/user_openid/settings.php create mode 100644 apps/user_openid/templates/settings.php create mode 100644 apps/user_openid/user.php create mode 100644 apps/user_openid/user_openid.php (limited to 'apps') diff --git a/apps/user_openid/appinfo/app.php b/apps/user_openid/appinfo/app.php new file mode 100644 index 00000000000..fb3de10e2a8 --- /dev/null +++ b/apps/user_openid/appinfo/app.php @@ -0,0 +1,38 @@ + "user_openid_settings", 'order'=>1, "href" => OC_HELPER::linkTo( "user_openid", "settings.php" ), "name" => "OpenID")); + +//active the openid backend +OC_USER::useBackend('openid'); + +//check for results from openid requests +if(isset($_GET['openid_mode']) and $_GET['openid_mode'] == 'id_res'){ + error_log('openid retured'); + $openid = new SimpleOpenID; + $openid->SetIdentity($_GET['openid_identity']); + $openid_validation_result = $openid->ValidateWithServer(); + if ($openid_validation_result == true){ // OK HERE KEY IS VALID + error_log('auth sucessfull'); + global $WEBROOT; + $identity=$openid->GetIdentity(); + error_log("auth as $identity"); + $user=OC_USER_OPENID::findUserForIdentity($identity); + if($user){ + $_SESSION['user_id']=$user; + header("Location: $WEBROOT"); + } + }else if($openid->IsError() == true){ // ON THE WAY, WE GOT SOME ERROR + $error = $openid->GetError(); + error_log("ERROR CODE: " . $error['code']); + error_log("ERROR DESCRIPTION: " . $error['description']); + }else{ // Signature Verification Failed + error_log("INVALID AUTHORIZATION"); + } +}else if (isset($_GET['openid_mode']) and $_GET['openid_mode'] == 'cancel'){ // User Canceled your Request + error_log("USER CANCELED REQUEST"); + return false; +} + +?> diff --git a/apps/user_openid/appinfo/info.xml b/apps/user_openid/appinfo/info.xml new file mode 100644 index 00000000000..32525009d61 --- /dev/null +++ b/apps/user_openid/appinfo/info.xml @@ -0,0 +1,10 @@ + + + user_openid + OpenID user backend + Allow login through OpenID + 0.1 + AGPL + Robin Appelman + 2 + \ No newline at end of file diff --git a/apps/user_openid/class.openid.v3.php b/apps/user_openid/class.openid.v3.php new file mode 100644 index 00000000000..8afb9e5b817 --- /dev/null +++ b/apps/user_openid/class.openid.v3.php @@ -0,0 +1,328 @@ +SetIdentity($_POST['openid_url']); + :: SET RETURN URL :: + $openid->SetApprovedURL('http://www.yoursite.com/return.php'); // Script which handles a response from OpenID Server + :: SET TRUST ROOT :: + $openid->SetTrustRoot('http://www.yoursite.com/'); + :: FETCH SERVER URL FROM IDENTITY PAGE :: [Note: It is recomended to cache this (Session, Cookie, Database)] + $openid->GetOpenIDServer(); // Returns false if server is not found + :: REDIRECT USER TO OPEN ID SERVER FOR APPROVAL :: + + :: (OPTIONAL) SET OPENID SERVER :: + $openid->SetOpenIDServer($server_url); // If you have cached previously this, you don't have to call GetOpenIDServer and set value this directly + + STEP 2) + Once user gets returned we must validate signature + :: VALIDATE REQUEST :: + true|false = $openid->ValidateWithServer(); + + ERRORS: + array = $openid->GetError(); // Get latest Error code + + FIELDS: + OpenID allowes you to retreive a profile. To set what fields you'd like to get use (accepts either string or array): + $openid->SetRequiredFields(array('email','fullname','dob','gender','postcode','country','language','timezone')); + or + $openid->SetOptionalFields('postcode'); + +IMPORTANT TIPS: +OPENID as is now, is not trust system. It is a great single-sign on method. If you want to +store information about OpenID in your database for later use, make sure you handle url identities +properly. + For example: + https://steve.myopenid.com/ + https://steve.myopenid.com + http://steve.myopenid.com/ + http://steve.myopenid.com + ... are representing one single user. Some OpenIDs can be in format openidserver.com/users/user/ - keep this in mind when storing identities + + To help you store an OpenID in your DB, you can use function: + $openid_db_safe = $openid->OpenID_Standarize($upenid); + This may not be comatible with current specs, but it works in current enviroment. Use this function to get openid + in one format like steve.myopenid.com (without trailing slashes and http/https). + Use output to insert Identity to database. Don't use this for validation - it may fail. + +*/ + +class SimpleOpenID{ + var $openid_url_identity; + var $URLs = array(); + var $error = array(); + var $fields = array( + 'required' => array(), + 'optional' => array(), + ); + + function SimpleOpenID(){ + if (!function_exists('curl_exec')) { + die('Error: Class SimpleOpenID requires curl extension to work'); + } + } + function SetOpenIDServer($a){ + $this->URLs['openid_server'] = $a; + } + function SetTrustRoot($a){ + $this->URLs['trust_root'] = $a; + } + function SetCancelURL($a){ + $this->URLs['cancel'] = $a; + } + function SetApprovedURL($a){ + $this->URLs['approved'] = $a; + } + function SetRequiredFields($a){ + if (is_array($a)){ + $this->fields['required'] = $a; + }else{ + $this->fields['required'][] = $a; + } + } + function SetOptionalFields($a){ + if (is_array($a)){ + $this->fields['optional'] = $a; + }else{ + $this->fields['optional'][] = $a; + } + } + function SetIdentity($a){ // Set Identity URL + if ((stripos($a, 'http://') === false) + && (stripos($a, 'https://') === false)){ + $a = 'http://'.$a; + } +/* + $u = parse_url(trim($a)); + if (!isset($u['path'])){ + $u['path'] = '/'; + }else if(substr($u['path'],-1,1) == '/'){ + $u['path'] = substr($u['path'], 0, strlen($u['path'])-1); + } + if (isset($u['query'])){ // If there is a query string, then use identity as is + $identity = $a; + }else{ + $identity = $u['scheme'] . '://' . $u['host'] . $u['path']; + } +//*/ + $this->openid_url_identity = $a; + } + function GetIdentity(){ // Get Identity + return $this->openid_url_identity; + } + function GetError(){ + $e = $this->error; + return array('code'=>$e[0],'description'=>$e[1]); + } + + function ErrorStore($code, $desc = null){ + $errs['OPENID_NOSERVERSFOUND'] = 'Cannot find OpenID Server TAG on Identity page.'; + if ($desc == null){ + $desc = $errs[$code]; + } + $this->error = array($code,$desc); + } + + function IsError(){ + if (count($this->error) > 0){ + return true; + }else{ + return false; + } + } + + function splitResponse($response) { + $r = array(); + $response = explode("\n", $response); + foreach($response as $line) { + $line = trim($line); + if ($line != "") { + list($key, $value) = explode(":", $line, 2); + $r[trim($key)] = trim($value); + } + } + return $r; + } + + function OpenID_Standarize($openid_identity = null){ + if ($openid_identity === null) + $openid_identity = $this->openid_url_identity; + + $u = parse_url(strtolower(trim($openid_identity))); + + if (!isset($u['path']) || ($u['path'] == '/')) { + $u['path'] = ''; + } + if(substr($u['path'],-1,1) == '/'){ + $u['path'] = substr($u['path'], 0, strlen($u['path'])-1); + } + if (isset($u['query'])){ // If there is a query string, then use identity as is + return $u['host'] . $u['path'] . '?' . $u['query']; + }else{ + return $u['host'] . $u['path']; + } + } + + function array2url($arr){ // converts associated array to URL Query String + if (!is_array($arr)){ + return false; + } + $query = ''; + foreach($arr as $key => $value){ + $query .= $key . "=" . $value . "&"; + } + return $query; + } + function FSOCK_Request($url, $method="GET", $params = ""){ + $fp = fsockopen("ssl://www.myopenid.com", 443, $errno, $errstr, 3); // Connection timeout is 3 seconds + if (!$fp) { + $this->ErrorStore('OPENID_SOCKETERROR', $errstr); + return false; + } else { + $request = $method . " /server HTTP/1.0\r\n"; + $request .= "User-Agent: Simple OpenID PHP Class (http://www.phpclasses.org/simple_openid)\r\n"; + $request .= "Connection: close\r\n\r\n"; + fwrite($fp, $request); + stream_set_timeout($fp, 4); // Connection response timeout is 4 seconds + $res = fread($fp, 2000); + $info = stream_get_meta_data($fp); + fclose($fp); + + if ($info['timed_out']) { + $this->ErrorStore('OPENID_SOCKETTIMEOUT'); + } else { + return $res; + } + } + } + function CURL_Request($url, $method="GET", $params = "") { // Remember, SSL MUST BE SUPPORTED + if (is_array($params)) $params = $this->array2url($params); + $curl = curl_init($url . ($method == "GET" && $params != "" ? "?" . $params : "")); + curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true); + curl_setopt($curl, CURLOPT_HEADER, false); + curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); + curl_setopt($curl, CURLOPT_HTTPGET, ($method == "GET")); + curl_setopt($curl, CURLOPT_POST, ($method == "POST")); + if ($method == "POST") curl_setopt($curl, CURLOPT_POSTFIELDS, $params); + curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); + $response = curl_exec($curl); + + if (curl_errno($curl) == 0){ + $response; + }else{ + $this->ErrorStore('OPENID_CURL', curl_error($curl)); + } + return $response; + } + + function HTML2OpenIDServer($content) { + $get = array(); + + // Get details of their OpenID server and (optional) delegate + preg_match_all('/]*rel=[\'"](openid2.provider )?openid.server[\'"][^>]*href=[\'"]([^\'"]+)[\'"][^>]*\/?>/i', $content, $matches1); + preg_match_all('/]*href=\'"([^\'"]+)[\'"][^>]*rel=[\'"](openid2.provider )?openid.server[\'"][^>]*\/?>/i', $content, $matches2); + $servers = array_merge($matches1[2], $matches2[1]); + + preg_match_all('/]*rel=[\'"]openid.delegate[\'"][^>]*href=[\'"]([^\'"]+)[\'"][^>]*\/?>/i', $content, $matches1); + + preg_match_all('/]*href=[\'"]([^\'"]+)[\'"][^>]*rel=[\'"]openid.delegate[\'"][^>]*\/?>/i', $content, $matches2); + + $delegates = array_merge($matches1[1], $matches2[1]); + + $ret = array($servers, $delegates); + return $ret; + } + + function GetOpenIDServer(){ + $response = $this->CURL_Request($this->openid_url_identity); + list($servers, $delegates) = $this->HTML2OpenIDServer($response); + if (count($servers) == 0){ + $this->ErrorStore('OPENID_NOSERVERSFOUND'); + return false; + } + if (isset($delegates[0]) + && ($delegates[0] != "")){ + $this->SetIdentity($delegates[0]); + } + $this->SetOpenIDServer($servers[0]); + return $servers[0]; + } + + function GetRedirectURL(){ + $params = array(); + $params['openid.return_to'] = urlencode($this->URLs['approved']); + $params['openid.mode'] = 'checkid_setup'; + $params['openid.identity'] = urlencode($this->openid_url_identity); + $params['openid.trust_root'] = urlencode($this->URLs['trust_root']); + + if (isset($this->fields['required']) + && (count($this->fields['required']) > 0)) { + $params['openid.sreg.required'] = implode(',',$this->fields['required']); + } + if (isset($this->fields['optional']) + && (count($this->fields['optional']) > 0)) { + $params['openid.sreg.optional'] = implode(',',$this->fields['optional']); + } + return $this->URLs['openid_server'] . "?". $this->array2url($params); + } + + function Redirect(){ + $redirect_to = $this->GetRedirectURL(); + if (headers_sent()){ // Use JavaScript to redirect if content has been previously sent (not recommended, but safe) + echo ''; + }else{ // Default Header Redirect + header('Location: ' . $redirect_to); + } + } + + function ValidateWithServer(){ + $params = array( + 'openid.assoc_handle' => urlencode($_GET['openid_assoc_handle']), + 'openid.signed' => urlencode($_GET['openid_signed']), + 'openid.sig' => urlencode($_GET['openid_sig']) + ); + // Send only required parameters to confirm validity + $arr_signed = explode(",",str_replace('sreg.','sreg_',$_GET['openid_signed'])); + for ($i=0; $iGetOpenIDServer(); + if ($openid_server == false){ + return false; + } + $response = $this->CURL_Request($openid_server,'POST',$params); + $data = $this->splitResponse($response); + + if ($data['is_valid'] == "true") { + return true; + }else{ + return false; + } + } +} + +?> \ No newline at end of file diff --git a/apps/user_openid/phpmyid.php b/apps/user_openid/phpmyid.php new file mode 100644 index 00000000000..719bbd954c0 --- /dev/null +++ b/apps/user_openid/phpmyid.php @@ -0,0 +1,1723 @@ + + * @copyright 2006-2008 + * @license http://www.gnu.org/licenses/gpl.html GNU Public License + * @url http://siege.org/projects/phpMyID + * @version 0.9 + */ + + +/** + * Set a constant to indicate that phpMyID is running + */ +define('PHPMYID_STARTED', true); + +/** + * List the known types and modes + * @name $known + * @global array $GLOBALS['known'] + */ +$GLOBALS['known'] = array( + 'assoc_types' => array('HMAC-SHA1'), + + 'openid_modes' => array('accept', + 'associate', + 'authorize', + 'cancel', + 'checkid_immediate', + 'checkid_setup', + 'check_authentication', + 'error', + 'id_res', + 'login', + 'logout', + 'test'), + + 'session_types' => array('', + 'DH-SHA1'), + + 'bigmath_types' => array('DH-SHA1'), +); + +/** + * Defined by OpenID spec + * @name $g + * @global integer $GLOBALS['g'] + */ +$GLOBALS['g'] = 2; + +/** + * Defined by OpenID spec + * @name $p + * @global integer $GLOBALS['p'] + */ +$GLOBALS['p'] = '155172898181473697471232257763715539915724801966915404479707' . +'7953140576293785419175806512274236981889937278161526466314385615958256881888' . +'8995127215884267541995034125870655654980358010487053768147672651325574704076' . +'5857479291291572334510643245094715007229621094194349783925984760375594985848' . +'253359305585439638443'; + + +// Runmode functions + +/** + * Allow the user to accept trust on a URL + * @global array $profile + */ +function accept_mode () { + global $profile; + + // this is a user session + user_session(); + + // the user needs refresh urls in their session to access this mode + if (! isset($_SESSION['post_accept_url']) || ! isset($_SESSION['cancel_accept_url']) || ! isset($_SESSION['unaccepted_url'])) + error_500('You may not access this mode directly.'); + + // has the user accepted the trust_root? + $accepted = @strlen($_REQUEST['accepted']) + ? $_REQUEST['accepted'] + : null; + + // if so, refresh back to post_accept_url + if ($accepted === 'yes') { + $_SESSION['accepted_url'] = $_SESSION['unaccepted_url']; + wrap_redirect($_SESSION['post_accept_url']); + + // if they rejected it, return to the client + } elseif ($accepted === 'no') { + wrap_redirect($_SESSION['cancel_accept_url']); + } + + // if neither, offer the trust request + $q = strpos($profile['req_url'], '?') ? '&' : '?'; + $yes = $profile['req_url'] . $q . 'accepted=yes'; + $no = $profile['req_url'] . $q . 'accepted=no'; + + wrap_html('The client site you are attempting to log into has requested that you trust the following URL:
' . $_SESSION['unaccepted_url'] . '

Do you wish to continue?
Yes | No'); +} + +/** * Perform an association with a consumer + * @global array $known + * @global array $profile + * @global integer $g + * @global integer $p + */ +function associate_mode () { + global $g, $known, $p, $profile; + + // Validate the request + if (! isset($_REQUEST['openid_mode']) || $_REQUEST['openid_mode'] != 'associate') + error_400(); + + // Get the request options, using defaults as necessary + $assoc_type = (@strlen($_REQUEST['openid_assoc_type']) + && in_array($_REQUEST['openid_assoc_type'], $known['assoc_types'])) + ? $_REQUEST['openid_assoc_type'] + : 'HMAC-SHA1'; + + $session_type = (@strlen($_REQUEST['openid_session_type']) + && in_array($_REQUEST['openid_session_type'], $known['session_types'])) + ? $_REQUEST['openid_session_type'] + : ''; + + $dh_modulus = (@strlen($_REQUEST['openid_dh_modulus'])) + ? long(base64_decode($_REQUEST['openid_dh_modulus'])) + : ($session_type == 'DH-SHA1' + ? $p + : null); + + $dh_gen = (@strlen($_REQUEST['openid_dh_gen'])) + ? long(base64_decode($_REQUEST['openid_dh_gen'])) + : ($session_type == 'DH-SHA1' + ? $g + : null); + + $dh_consumer_public = (@strlen($_REQUEST['openid_dh_consumer_public'])) + ? $_REQUEST['openid_dh_consumer_public'] + : ($session_type == 'DH-SHA1' + ? error_post('dh_consumer_public was not specified') + : null); + + $lifetime = time() + $profile['lifetime']; + + // Create standard keys + $keys = array( + 'assoc_type' => $assoc_type, + 'expires_in' => $profile['lifetime'] + ); + + // If I can't handle bigmath, default to plaintext sessions + if (in_array($session_type, $known['bigmath_types']) && $profile['use_bigmath'] === false) + $session_type = null; + + // Add response keys based on the session type + switch ($session_type) { + case 'DH-SHA1': + // Create the associate id and shared secret now + list ($assoc_handle, $shared_secret) = new_assoc($lifetime); + + // Compute the Diffie-Hellman stuff + $private_key = random($dh_modulus); + $public_key = bmpowmod($dh_gen, $private_key, $dh_modulus); + $remote_key = long(base64_decode($dh_consumer_public)); + $ss = bmpowmod($remote_key, $private_key, $dh_modulus); + + $keys['assoc_handle'] = $assoc_handle; + $keys['session_type'] = $session_type; + $keys['dh_server_public'] = base64_encode(bin($public_key)); + $keys['enc_mac_key'] = base64_encode(x_or(sha1_20(bin($ss)), $shared_secret)); + + break; + + default: + // Create the associate id and shared secret now + list ($assoc_handle, $shared_secret) = new_assoc($lifetime); + + $keys['assoc_handle'] = $assoc_handle; + $keys['mac_key'] = base64_encode($shared_secret); + } + + // Return the keys + wrap_kv($keys); +} + + +/** + * Perform a user authorization + * @global array $profile + */ +function authorize_mode () { + global $profile; + global $USERNAME; + + // this is a user session + + // the user needs refresh urls in their session to access this mode + if (! isset($_SESSION['post_auth_url']) || ! isset($_SESSION['cancel_auth_url'])) + error_500('You may not access this mode directly.'); + + if (isset($_SERVER['PHP_AUTH_USER']) && $profile['authorized'] === false && $_SERVER['PHP_AUTH_USER']==$USERNAME) { + if (OC_USER::checkPassword($USERNAME, $_SERVER['PHP_AUTH_PW'])) {// successful login! + + // return to the refresh url if they get in + $_SESSION['openid_auth']=true; + $_SESSION['openid_user']=$USERNAME; + wrap_redirect($_SESSION['post_auth_url']); + + // failed login + } else { + $_SESSION['failures']++; + debug('Login failed'); + debug('Fail count: ' . $_SESSION['failures']); + } + + } + + // if we get this far the user is not authorized, so send the headers + $uid = uniqid(mt_rand(1,9)); + $_SESSION['uniqid'] = $uid; + +// debug('Prompting user to log in. Stale? ' . $stale); + header('HTTP/1.0 401 Unauthorized'); +// header(sprintf('WWW-Authenticate: Digest qop="auth-int, auth", realm="%s", domain="%s", nonce="%s", opaque="%s", stale="%s", algorithm="MD5"', $profile['auth_realm'], $profile['auth_domain'], $uid, md5($profile['auth_realm']), $stale ? 'true' : 'false')); + header('WWW-Authenticate: Basic realm="ownCloud"'); + $q = strpos($_SESSION['cancel_auth_url'], '?') ? '&' : '?'; + wrap_refresh($_SESSION['cancel_auth_url'] . $q . 'openid.mode=cancel'); +// die('401 Unauthorized'); +} + + +/** + * Handle a consumer's request for cancellation. + */ +function cancel_mode () { + wrap_html('Request cancelled.'); +} + + +/** + * Handle a consumer's request to see if the user is authenticated + */ +function check_authentication_mode () { + // Validate the request + if (! isset($_REQUEST['openid_mode']) || $_REQUEST['openid_mode'] != 'check_authentication') + error_400(); + + $assoc_handle = @strlen($_REQUEST['openid_assoc_handle']) + ? $_REQUEST['openid_assoc_handle'] + : error_post('Missing assoc_handle'); + + $sig = @strlen($_REQUEST['openid_sig']) + ? $_REQUEST['openid_sig'] + : error_post('Missing sig'); + + $signed = @strlen($_REQUEST['openid_signed']) + ? $_REQUEST['openid_signed'] + : error_post('Missing signed'); + + // Prepare the return keys + $keys = array( + 'openid.mode' => 'id_res' + ); + + // Invalidate the assoc handle if we need to + if (@strlen($_REQUEST['openid_invalidate_handle'])) { + destroy_assoc_handle($_REQUEST['openid_invalidate_handle']); + + $keys['invalidate_handle'] = $_REQUEST['openid_invalidate_handle']; + } + + // Validate the sig by recreating the kv pair and signing + $_REQUEST['openid_mode'] = 'id_res'; + $tokens = ''; + foreach (explode(',', $signed) as $param) { + $post = preg_replace('/\./', '_', $param); + $tokens .= sprintf("%s:%s\n", $param, $_REQUEST['openid_' . $post]); + } + + // Add the sreg stuff, if we've got it + if (isset($sreg_required)) { + foreach (explode(',', $sreg_required) as $key) { + if (! isset($sreg[$key])) + continue; + $skey = 'sreg.' . $key; + + $tokens .= sprintf("%s:%s\n", $skey, $sreg[$key]); + $keys[$skey] = $sreg[$key]; + $fields[] = $skey; + } + } + + // Look up the consumer's shared_secret and timeout + list ($shared_secret, $expires) = secret($assoc_handle); + + // if I can't verify the assoc_handle, or if it's expired + if ($shared_secret == false || (is_numeric($expires) && $expires < time())) { + $keys['is_valid'] = 'false'; + + } else { + $ok = base64_encode(hmac($shared_secret, $tokens)); + $keys['is_valid'] = ($sig == $ok) ? 'true' : 'false'; + } + + // Return the keys + wrap_kv($keys); +} + + +/** + * Handle a consumer's request to see if the end user is logged in + * @global array $known + * @global array $profile + * @global array $sreg + */ +function checkid ( $wait ) { + global $known, $profile, $sreg; + global $USERNAME; + + // This is a user session + user_session(); + + // Get the options, use defaults as necessary + $return_to = @strlen($_REQUEST['openid_return_to']) + ? $_REQUEST['openid_return_to'] + : error_400('Missing return1_to'); + + $identity = @strlen($_REQUEST['openid_identity']) + ? $_REQUEST['openid_identity'] + : error_get($return_to, 'Missing identity'); + + $assoc_handle = @strlen($_REQUEST['openid_assoc_handle']) + ? $_REQUEST['openid_assoc.handle'] + : null; + + $trust_root = @strlen($_REQUEST['openid_trust_root']) + ? $_REQUEST['openid_trust_root'] + : $return_to; + + $sreg_required = @strlen($_REQUEST['openid_sreg_required']) + ? $_REQUEST['openid_sreg.required'] + : ''; + + $sreg_optional = @strlen($_REQUEST['openid_sreg_optional']) + ? $_REQUEST['openid_sreg.optional'] + : ''; + + // determine the cancel url + $q = strpos($return_to, '?') ? '&' : '?'; + $cancel_url = $return_to . $q . 'openid.mode=cancel'; + + // required and optional make no difference to us + $sreg_required .= ',' . $sreg_optional; + // do the trust_root analysis + if ($trust_root != $return_to) { + // the urls are not the same, be sure return decends from trust + if (! url_descends($return_to, $trust_root)) + error_500('Invalid trust_root: "' . $trust_root . '"'); + + } + + // transfer the user to the url accept mode if they're paranoid + if ($wait == 1 && isset($profile['paranoid']) && $profile['paranoid'] === true && (! session_is_registered('accepted_url') || $_SESSION['accepted_url'] != $trust_root)) { + $_SESSION['cancel_accept_url'] = $cancel_url; + $_SESSION['post_accept_url'] = $profile['req_url']; + $_SESSION['unaccepted_url'] = $trust_root; + + debug('Transferring to acceptance mode.'); + debug('Cancel URL: ' . $_SESSION['cancel_accept_url']); + debug('Post URL: ' . $_SESSION['post_accept_url']); + + $q = strpos($profile['idp_url'], '?') ? '&' : '?'; + wrap_redirect($profile['idp_url'] . $q . 'openid.mode=accept'); + } + + // make sure i am this identifier + if ($identity != $profile['idp_url']) { + debug("Invalid identity: $identity"); + debug("IdP URL: " . $profile['idp_url']); + error_get($return_to, "Invalid identity: '$identity'"); + } + + // begin setting up return keys + $keys = array( + 'mode' => 'id_res' + ); + + // if the user is not logged in, transfer to the authorization mode + if ($_SESSION['openid_auth'] === false || $USERNAME != $_SESSION['openid_user']) { + // users can only be logged in to one url at a time + $_SESSION['auth_username'] = null; + $_SESSION['auth_url'] = null; + + if ($wait) { + unset($_SESSION['uniqid']); + + $_SESSION['cancel_auth_url'] = $cancel_url; + $_SESSION['post_auth_url'] = $profile['req_url']; + + debug('Transferring to authorization mode.'); + debug('Cancel URL: ' . $_SESSION['cancel_auth_url']); + debug('Post URL: ' . $_SESSION['post_auth_url']); + + $q = strpos($profile['idp_url'], '?') ? '&' : '?'; + wrap_redirect($profile['idp_url'] . $q . 'openid.mode=authorize'); + } else { + $keys['user_setup_url'] = $profile['idp_url']; + } + + // the user is logged in + } else { + // remove the refresh URLs if set + unset($_SESSION['cancel_auth_url']); + unset($_SESSION['post_auth_url']); + + // check the assoc handle + list($shared_secret, $expires) = secret($assoc_handle); + + // if I can't verify the assoc_handle, or if it's expired + if ($shared_secret == false || (is_numeric($expires) && $expires < time())) { + debug("Session expired or missing key: $expires < " . time()); + if ($assoc_handle != null) { + $keys['invalidate_handle'] = $assoc_handle; + destroy_assoc_handle($assoc_handle); + } + + $lifetime = time() + $profile['lifetime']; + list ($assoc_handle, $shared_secret) = new_assoc($lifetime); + } + + $keys['identity'] = $profile['idp_url']; + $keys['assoc_handle'] = $assoc_handle; + $keys['return_to'] = $return_to; + + $fields = array_keys($keys); + $tokens = ''; + foreach ($fields as $key) + $tokens .= sprintf("%s:%s\n", $key, $keys[$key]); + + // add sreg keys + foreach (explode(',', $sreg_required) as $key) { + if (! isset($sreg[$key])) + continue; + $skey = 'sreg.' . $key; + + $tokens .= sprintf("%s:%s\n", $skey, $sreg[$key]); + $keys[$skey] = $sreg[$key]; + $fields[] = $skey; + } + + $keys['signed'] = implode(',', $fields); + $keys['sig'] = base64_encode(hmac($shared_secret, $tokens)); + } + + wrap_keyed_redirect($return_to, $keys); +} + + +/** + * Handle a consumer's request to see if the user is already logged in + */ +function checkid_immediate_mode () { + if (! isset($_REQUEST['openid_mode']) || $_REQUEST['openid_mode'] != 'checkid_immediate') + error_500(); + + checkid(false); +} + + +/** + * Handle a consumer's request to see if the user is logged in, but be willing + * to wait for them to perform a login if they're not + */ +function checkid_setup_mode () { + if (! isset($_REQUEST['openid_mode']) || $_REQUEST['openid_mode'] != 'checkid_setup') + error_500(); + + checkid(true); +} + + +/** + * Handle errors + */ +function error_mode () { + isset($_REQUEST['openid_error']) + ? wrap_html($_REQUEST['openid_error']) + : error_500(); +} + + +/** + * Show a user if they are logged in or not + * @global array $profile + */ +function id_res_mode () { + global $profile; + + user_session(); + + if ($profile['authorized']) + wrap_html('You are logged in as ' . $_SESSION['auth_username']); + + wrap_html('You are not logged in'); +} + + +/** + * Allow a user to perform a static login + * @global array $profile + */ +function login_mode () { + global $profile; + + user_session(); + + if ($profile['authorized']) + id_res_mode(); + + $keys = array( + 'mode' => 'checkid_setup', + 'identity' => $profile['idp_url'], + 'return_to' => $profile['idp_url'] + ); + + wrap_keyed_redirect($profile['idp_url'], $keys); +} + + +/** + * Allow a user to perform a static logout + * @global array $profile + */ +function logout_mode () { + global $profile; + + user_session(); + + if (! $profile['authorized']) + wrap_html('You were not logged in'); + + $_SESSION = array(); + session_destroy(); + debug('User session destroyed.'); + + header('HTTP/1.0 401 Unauthorized'); + wrap_redirect($profile['idp_url']); +} + + +/** + * The default information screen + * @global array $profile + */ +function no_mode () { + global $profile; + + wrap_html('This is an OpenID server endpoint. For more information, see http://openid.net/
Server: ' . $profile['idp_url'] . '
Realm: ' . $profile['php_realm'] . '
Login' . ($profile['allow_test'] === true ? ' | Test' : null)); +} + + +/** + * Testing for setup + * @global array $profile + */ +function test_mode () { + global $profile, $p, $g; + + if ($profile['allow_test'] != true) + error_403(); + + @ini_set('max_execution_time', 180); + + $test_expire = time() + 120; + $test_ss_enc = 'W7hvmld2yEYdDb0fHfSkKhQX+PM='; + $test_ss = base64_decode($test_ss_enc); + $test_token = "alpha:bravo\ncharlie:delta\necho:foxtrot"; + $test_server_private = '11263846781670293092494395517924811173145217135753406847875706165886322533899689335716152496005807017390233667003995430954419468996805220211293016296351031812246187748601293733816011832462964410766956326501185504714561648498549481477143603650090931135412673422192550825523386522507656442905243832471167330268'; + $test_client_public = base64_decode('AL63zqI5a5p8HdXZF5hFu8p+P9GOb816HcHuvNOhqrgkKdA3fO4XEzmldlb37nv3+xqMBgWj6gxT7vfuFerEZLBvuWyVvR7IOGZmx0BAByoq3fxYd3Fpe2Coxngs015vK37otmH8e83YyyGo5Qua/NAf13yz1PVuJ5Ctk7E+YdVc'); + + $res = array(); + + // bcmath + $res['bcmath'] = extension_loaded('bcmath') + ? 'pass' : 'warn - not loaded'; + + // gmp + if ($profile['allow_gmp']) { + $res['gmp'] = extension_loaded('gmp') + ? 'pass' : 'warn - not loaded'; + } else { + $res['gmp'] = 'pass - n/a'; + } + + // sys_get_temp_dir + $res['logfile'] = is_writable($profile['logfile']) + ? 'pass' : "warn - log is not writable"; + + // session & new_assoc + user_session(); + list($test_assoc, $test_new_ss) = new_assoc($test_expire); + $res['session'] = ($test_assoc != session_id()) + ? 'pass' : 'fail'; + + // secret + @session_unregister('shared_secret'); + list($check, $check2) = secret($test_assoc); + $res['secret'] = ($check == $test_new_ss) + ? 'pass' : 'fail'; + + // expire + $res['expire'] = ($check2 <= $test_expire) + ? 'pass' : 'fail'; + + // base64 + $res['base64'] = (base64_encode($test_ss) == $test_ss_enc) + ? 'pass' : 'fail'; + + // hmac + $test_sig = base64_decode('/VXgHvZAOdoz/OTa5+XJXzSGhjs='); + $check = hmac($test_ss, $test_token); + $res['hmac'] = ($check == $test_sig) + ? 'pass' : sprintf("fail - '%s'", base64_encode($check)); + + if ($profile['use_bigmath']) { + // bigmath powmod + $test_server_public = '102773334773637418574009974502372885384288396853657336911033649141556441102566075470916498748591002884433213640712303846640842555822818660704173387461364443541327856226098159843042567251113889701110175072389560896826887426539315893475252988846151505416694218615764823146765717947374855806613410142231092856731'; + $check = bmpowmod($g, $test_server_private, $p); + $res['bmpowmod-1'] = ($check == $test_server_public) + ? 'pass' : sprintf("fail - '%s'", $check); + + // long + $test_client_long = '133926731803116519408547886573524294471756220428015419404483437186057383311250738749035616354107518232016420809434801736658109316293127101479053449990587221774635063166689561125137927607200322073086097478667514042144489248048756916881344442393090205172004842481037581607299263456852036730858519133859409417564'; + $res['long'] = (long($test_client_public) == $test_client_long) + ? 'pass' : 'fail'; + + // bigmath powmod 2 + $test_client_share = '19333275433742428703546496981182797556056709274486796259858099992516081822015362253491867310832140733686713353304595602619444380387600756677924791671971324290032515367930532292542300647858206600215875069588627551090223949962823532134061941805446571307168890255137575975911397744471376862555181588554632928402'; + $check = bmpowmod($test_client_long, $test_server_private, $p); + $res['bmpowmod-2'] = ($check == $test_client_share) + ? 'pass' : sprintf("fail - '%s'", $check); + + // bin + $test_client_mac_s1 = base64_decode('G4gQQkYM6QmAzhKbVKSBahFesPL0nL3F2MREVwEtnVRRYI0ifl9zmPklwTcvURt3QTiGBd+9Dn3ESLk5qka6IO5xnILcIoBT8nnGVPiOZvTygfuzKp4tQ2mXuIATJoa7oXRGmBWtlSdFapH5Zt6NJj4B83XF/jzZiRwdYuK4HJI='); + $check = bin($test_client_share); + $res['bin'] = ($check == $test_client_mac_s1) + ? 'pass' : sprintf("fail - '%s'", base64_encode($check)); + + } else { + $res['bigmath'] = 'fail - big math functions are not available.'; + } + + // sha1_20 + $test_client_mac_s1 = base64_decode('G4gQQkYM6QmAzhKbVKSBahFesPL0nL3F2MREVwEtnVRRYI0ifl9zmPklwTcvURt3QTiGBd+9Dn3ESLk5qka6IO5xnILcIoBT8nnGVPiOZvTygfuzKp4tQ2mXuIATJoa7oXRGmBWtlSdFapH5Zt6NJj4B83XF/jzZiRwdYuK4HJI='); + $test_client_mac_s2 = base64_decode('0Mb2t9d/HvAZyuhbARJPYdx3+v4='); + $check = sha1_20($test_client_mac_s1); + $res['sha1_20'] = ($check == $test_client_mac_s2) + ? 'pass' : sprintf("fail - '%s'", base64_encode($check)); + + // x_or + $test_client_mac_s3 = base64_decode('i36ZLYAJ1rYEx1VEHObrS8hgAg0='); + $check = x_or($test_client_mac_s2, $test_ss); + $res['x_or'] = ($check == $test_client_mac_s3) + ? 'pass' : sprintf("fail - '%s'", base64_encode($check)); + + $out = "
\n"; + foreach ($res as $test => $stat) { + $code = substr($stat, 0, 4); + $color = ($code == 'pass') ? '#9f9' + : (($code == 'warn') ? '#ff9' : '#f99'); + $out .= sprintf("\n", $test, $color, $stat); + } + $out .= "
%s%s
"; + + wrap_html( $out ); +} + + +// Support functions + +/** + * Prefix the keys of an array with 'openid.' + * @param array $array + * @return array + */ +function append_openid ($array) { + $keys = array_keys($array); + $vals = array_values($array); + + $r = array(); + for ($i=0; $i $rl ) { + $r = str_repeat("0", $ll-$rl) . $r; + $o = $ll; + + } else { + $o = $ll; + } + + $v = ''; + $carry = 0; + + for ($i = $o-1; $i >= 0; $i--) { + $d = (int)$l[$i] + (int)$r[$i] + $carry; + if ($d <= 9) { + $carry = 0; + + } else { + $carry = 1; + $d -= 10; + } + $v = (string) $d . $v; + } + + if ($carry > 0) + $v = "1" . $v; + + return $v; +} + +/** + * Create a big math comparison function + * @param string $l + * @param string $r + * @return string + */ +function bmcomp($l, $r) { + if (function_exists('bccomp')) + return bccomp($l, $r); + + global $profile; + if ($profile['use_gmp']) + return gmp_strval(gmp_cmp($l, $r)); + + $l = strval($l); $r = strval($r); + $ll = strlen($l); $lr = strlen($r); + if ($ll != $lr) + return ($ll > $lr) ? 1 : -1; + + return strcmp($l, $r); +} + +/** + * Create a big math division function + * @param string $l + * @param string $r + * @param int $z + * @return string + * @url http://www.icosaedro.it/bigint Inspired by + */ +function bmdiv($l, $r, $z = 0) { + if (function_exists('bcdiv')) + return ($z == 0) ? bcdiv($l, $r) : bcmod($l, $r); + + global $profile; + if ($profile['use_gmp']) + return gmp_strval(($z == 0) ? gmp_div_q($l, $r) : gmp_mod($l, $r)); + + $l = strval($l); $r = strval($r); + $v = '0'; + + while (true) { + if( bmcomp($l, $r) < 0 ) + break; + + $delta = strlen($l) - strlen($r); + if ($delta >= 1) { + $zeroes = str_repeat("0", $delta); + $r2 = $r . $zeroes; + + if (strcmp($l, $r2) >= 0) { + $v = bmadd($v, "1" . $zeroes); + $l = bmsub($l, $r2); + + } else { + $zeroes = str_repeat("0", $delta - 1); + $v = bmadd($v, "1" . $zeroes); + $l = bmsub($l, $r . $zeroes); + } + + } else { + $l = bmsub($l, $r); + $v = bmadd($v, "1"); + } + } + + return ($z == 0) ? $v : $l; +} + +/** + * Create a big math multiplication function + * @param string $l + * @param string $r + * @return string + * @url http://www.icosaedro.it/bigint Inspired by + */ +function bmmul($l, $r) { + if (function_exists('bcmul')) + return bcmul($l, $r); + + global $profile; + if ($profile['use_gmp']) + return gmp_strval(gmp_mul($l, $r)); + + $l = strval($l); $r = strval($r); + + $v = '0'; + $z = ''; + + for( $i = strlen($r)-1; $i >= 0; $i-- ){ + $bd = (int) $r[$i]; + $carry = 0; + $p = ""; + for( $j = strlen($l)-1; $j >= 0; $j-- ){ + $ad = (int) $l[$j]; + $pd = $ad * $bd + $carry; + if( $pd <= 9 ){ + $carry = 0; + } else { + $carry = (int) ($pd / 10); + $pd = $pd % 10; + } + $p = (string) $pd . $p; + } + if( $carry > 0 ) + $p = (string) $carry . $p; + $p = $p . $z; + $z .= "0"; + $v = bmadd($v, $p); + } + + return $v; +} + +/** + * Create a big math modulus function + * @param string $value + * @param string $mod + * @return string + */ +function bmmod( $value, $mod ) { + if (function_exists('bcmod')) + return bcmod($value, $mod); + + global $profile; + if ($profile['use_gmp']) + return gmp_strval(gmp_mod($value, $mod)); + + $r = bmdiv($value, $mod, 1); + return $r; +} + +/** + * Create a big math power function + * @param string $value + * @param string $exponent + * @return string + */ +function bmpow ($value, $exponent) { + if (function_exists('bcpow')) + return bcpow($value, $exponent); + + global $profile; + if ($profile['use_gmp']) + return gmp_strval(gmp_pow($value, $exponent)); + + $r = '1'; + while ($exponent) { + $r = bmmul($r, $value, 100); + $exponent--; + } + return (string)rtrim($r, '0.'); +} + +/** + * Create a big math 'powmod' function + * @param string $value + * @param string $exponent + * @param string $mod + * @return string + * @url http://php.net/manual/en/function.bcpowmod.php#72704 Borrowed from + */ +function bmpowmod ($value, $exponent, $mod) { + if (function_exists('bcpowmod')) + return bcpowmod($value, $exponent, $mod); + + global $profile; + if ($profile['use_gmp']) + return gmp_strval(gmp_powm($value, $exponent, $mod)); + + $r = ''; + while ($exponent != '0') { + $t = bmmod($exponent, '4096'); + $r = substr("000000000000" . decbin(intval($t)), -12) . $r; + $exponent = bmdiv($exponent, '4096'); + } + + $r = preg_replace("!^0+!","",$r); + + if ($r == '') + $r = '0'; + $value = bmmod($value, $mod); + $erb = strrev($r); + $q = '1'; + $a[0] = $value; + + for ($i = 1; $i < strlen($erb); $i++) { + $a[$i] = bmmod( bmmul($a[$i-1], $a[$i-1]), $mod ); + } + + for ($i = 0; $i < strlen($erb); $i++) { + if ($erb[$i] == "1") { + $q = bmmod( bmmul($q, $a[$i]), $mod ); + } + } + + return($q); +} + +/** + * Create a big math subtraction function + * @param string $l + * @param string $r + * @return string + * @url http://www.icosaedro.it/bigint Inspired by + */ +function bmsub($l, $r) { + if (function_exists('bcsub')) + return bcsub($l, $r); + + global $profile; + if ($profile['use_gmp']) + return gmp_strval(gmp_sub($l, $r)); + + + $l = strval($l); $r = strval($r); + $ll = strlen($l); $rl = strlen($r); + + if ($ll < $rl) { + $l = str_repeat("0", $rl-$ll) . $l; + $o = $rl; + } elseif ( $ll > $rl ) { + $r = str_repeat("0", $ll-$rl) . (string)$r; + $o = $ll; + } else { + $o = $ll; + } + + if (strcmp($l, $r) >= 0) { + $sign = ''; + } else { + $x = $l; $l = $r; $r = $x; + $sign = '-'; + } + + $v = ''; + $carry = 0; + + for ($i = $o-1; $i >= 0; $i--) { + $d = ($l[$i] - $r[$i]) - $carry; + if ($d < 0) { + $carry = 1; + $d += 10; + } else { + $carry = 0; + } + $v = (string) $d . $v; + } + + return $sign . ltrim($v, '0'); +} + + +/** + * Get a binary value + * @param integer $n + * @return string + * @url http://openidenabled.com Borrowed from PHP-OpenID + */ +function bin ($n) { + $bytes = array(); + while (bmcomp($n, 0) > 0) { + array_unshift($bytes, bmmod($n, 256)); + $n = bmdiv($n, bmpow(2,8)); + } + + if ($bytes && ($bytes[0] > 127)) + array_unshift($bytes, 0); + + $b = ''; + foreach ($bytes as $byte) + $b .= pack('C', $byte); + + return $b; +} + + +/** + * Debug logging + * @param mixed $x + * @param string $m + */ +function debug ($x, $m = null) { + global $profile; + + if (! isset($profile['debug']) || $profile['debug'] === false) + return true; + + if (! is_writable(dirname($profile['logfile'])) &! is_writable($profile['logfile'])) + error_500('Cannot write to debug log: ' . $profile['logfile']); + + if (is_array($x)) { + ob_start(); + print_r($x); + $x = $m . ($m != null ? "\n" : '') . ob_get_clean(); + + } else { + $x .= "\n"; + } + + error_log($x . "\n", 3, $profile['logfile']); +} + + +/** + * Destroy a consumer's assoc handle + * @param string $id + */ +function destroy_assoc_handle ( $id ) { + debug("Destroying session: $id"); + + $sid = session_id(); + session_write_close(); + + session_id($id); + session_start(); + session_destroy(); + + session_id($sid); + session_start(); +} + + +/** + * Return an error message to the user + * @param string $message + */ +function error_400 ( $message = 'Bad Request' ) { + header("HTTP/1.1 400 Bad Request"); + wrap_html($message); +} + + +/** + * Return an error message to the user + * @param string $message + */ +function error_403 ( $message = 'Forbidden' ) { + header("HTTP/1.1 403 Forbidden"); + wrap_html($message); +} + + +/** + * Return an error message to the user + * @param string $message + */ +function error_500 ( $message = 'Internal Server Error' ) { + header("HTTP/1.1 500 Internal Server Error"); + wrap_html($message); +} + + +/** + * Return an error message to the consumer + * @param string $message + */ +function error_get ( $url, $message = 'Bad Request') { + wrap_keyed_redirect($url, array('mode' => 'error', 'error' => $message)); +} + + +/** + * Return an error message to the consumer + * @param string $message + */ +function error_post ( $message = 'Bad Request' ) { + header("HTTP/1.1 400 Bad Request"); + echo ('error:' . $message); + exit(0); +} + + +/** + * Do an HMAC + * @param string $key + * @param string $data + * @param string $hash + * @return string + * @url http://php.net/manual/en/function.sha1.php#39492 Borrowed from + */ +function hmac($key, $data, $hash = 'sha1_20') { + $blocksize=64; + + if (strlen($key) > $blocksize) + $key = $hash($key); + + $key = str_pad($key, $blocksize,chr(0x00)); + $ipad = str_repeat(chr(0x36),$blocksize); + $opad = str_repeat(chr(0x5c),$blocksize); + + $h1 = $hash(($key ^ $ipad) . $data); + $hmac = $hash(($key ^ $opad) . $h1); + return $hmac; +} + + +if (! function_exists('http_build_query')) { +/** + * Create function if missing + * @param array $array + * @return string + */ +function http_build_query ($array) { + $r = array(); + foreach ($array as $key => $val) + $r[] = sprintf('%s=%s', urlencode($key), urlencode($val)); + return implode('&', $r); +}} + + +/** + * Turn a binary back into a long + * @param string $b + * @return integer + * @url http://openidenabled.com Borrowed from PHP-OpenID + */ +function long($b) { + $bytes = array_merge(unpack('C*', $b)); + $n = 0; + foreach ($bytes as $byte) { + $n = bmmul($n, bmpow(2,8)); + $n = bmadd($n, $byte); + } + return $n; +} + + +/** + * Create a new consumer association + * @param integer $expiration + * @return array + */ +function new_assoc ( $expiration ) { + if (isset($_SESSION) && is_array($_SESSION)) { + $sid = session_id(); + $dat = session_encode(); + session_write_close(); + } + + session_start(); + session_regenerate_id('false'); + + $id = session_id(); + $shared_secret = new_secret(); + debug('Started new assoc session: ' . $id); + + $_SESSION = array(); + $_SESSION['expiration'] = $expiration; + $_SESSION['shared_secret'] = base64_encode($shared_secret); + + session_write_close(); + + if (isset($sid)) { + session_id($sid); + session_start(); + $_SESSION = array(); + session_decode($dat); + } + + return array($id, $shared_secret); +} + + +/** + * Create a new shared secret + * @return string + */ +function new_secret () { + $r = ''; + for($i=0; $i<20; $i++) + $r .= chr(mt_rand(0, 255)); + + debug("Generated new key: hash = '" . md5($r) . "', length = '" . strlen($r) . "'"); + return $r; +} + + +/** + * Random number generation + * @param integer max + * @return integer + */ +function random ( $max ) { + if (strlen($max) < 4) + return mt_rand(1, $max - 1); + + $r = ''; + for($i=1; $i= 0 && ($pr_host[$break] != '*' || substr_count(substr($pr_host, 0, $break), '.') < 2)) + return false; + + // now compare the paths + $break = str_diff_at($parts['child']['path'], $parts['parent']['path']); + if ($break >= 0 + && ($break < strlen($parts['parent']['path']) && $parts['parent']['path'][$break] != '*') + || ($break > strlen($parts['child']['path']))) + return false; + + return true; +} + + +/** + * Create a user session + * @global array $profile + * @global array $proto + */ +function user_session () { + global $proto, $profile; + + session_name('phpMyID_Server'); + @session_start(); + + $profile['authorized'] = (isset($_SESSION['auth_username']) + && $_SESSION['auth_username'] == $profile['auth_username']) + ? true + : false; + + debug('Started user session: ' . session_id() . ' Auth? ' . $profile['authorized']); +} + + +/** + * Return HTML + * @global string $charset + * @param string $message + */ +function wrap_html ( $message ) { + global $charset, $profile; + header('Content-Type: text/html; charset=' . $charset); + $html= ' + + +phpMyID + + +' . implode("\n", $profile['opt_headers']) . ' + + + + +

' . $message . '

+ + +'; + error_log($html); + echo $html; + exit(0); +} + + +/** + * Return a key-value pair in plain text + * @global string $charset + * @param array $keys + */ +function wrap_kv ( $keys ) { + global $charset; + + debug($keys, 'Wrapped key/vals'); + header('Content-Type: text/plain; charset=' . $charset); + foreach ($keys as $key => $value) + printf("%s:%s\n", $key, $value); + + exit(0); +} + + +/** + * Redirect, with OpenID keys + * @param string $url + * @param array @keys + */ +function wrap_keyed_redirect ($url, $keys) { + $keys = append_openid($keys); + debug($keys, 'Location keys'); + + $q = strpos($url, '?') ? '&' : '?'; + wrap_redirect($url . $q . http_build_query($keys)); +} + + +/** + * Redirect the browser + * @global string $charset + * @param string $url + */ +function wrap_redirect ($url) { + header('HTTP/1.1 302 Found'); + header('Location: ' . $url); + debug('Location: ' . $url); + exit(0); +} + +/** + * Return an HTML refresh + * @global string $charset + * @param string $url + */ +function wrap_refresh ($url) { + global $charset; + + header('Content-Type: text/html; charset=' . $charset); + echo ' + + +phpMyID + + + +

Redirecting to ' . $url . '

+ + +'; + + debug('Refresh: ' . $url); + exit(0); +} + + +/** + * Implement binary x_or + * @param string $a + * @param string $b + * @return string + */ +function x_or ($a, $b) { + $r = ""; + + for ($i = 0; $i < strlen($b); $i++) + $r .= $a[$i] ^ $b[$i]; + debug("Xor size: " . strlen($r)); + return $r; +} + + + +/* + * App Initialization + */ +// Determine the charset to use +$GLOBALS['charset'] = 'iso-8859-1'; + +// Set the internal encoding +if (function_exists('mb_internal_encoding')) + mb_internal_encoding($charset); + +// Avoid problems with non-default arg_separator.output settings +// Credit for this goes to user 'prelog' on the forums +ini_set('arg_separator.output', '&'); + +// Do a check to be sure everything is set up correctly +self_check(); + + +/** + * Determine the HTTP request port + * @name $port + * @global integer $GLOBALS['port'] + */ +$GLOBALS['port'] = ((isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == 'on' && $_SERVER['SERVER_PORT'] == 443) + || $_SERVER['SERVER_PORT'] == 80) + ? '' + : ':' . $_SERVER['SERVER_PORT']; + + +error_log($_SERVER['HTTP_HOST']); +/** + * Determine the HTTP request protocol + * @name $proto + * @global string $GLOBALS['proto'] + */ +$GLOBALS['proto'] = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == 'on') ? 'https' : 'http'; + +// Set the authorization state - DO NOT OVERRIDE +$profile['authorized'] = false; + +// Set a default IDP URL +if (! array_key_exists('idp_url', $profile)) + $profile['idp_url'] = sprintf("%s://%s%s%s", + $proto, + $_SERVER['SERVER_NAME'], + $port, + $_SERVER['PHP_SELF']); + +// Determine the requested URL - DO NOT OVERRIDE +$profile['req_url'] = sprintf("%s://%s%s", + $proto, + $_SERVER['HTTP_HOST'], +// $port,//host already includes the path + $_SERVER["REQUEST_URI"]); + +error_log($profile['req_url']); + +// Set the default allowance for testing +if (! array_key_exists('allow_test', $profile)) + $profile['allow_test'] = false; + +// Set the default allowance for gmp +if (! array_key_exists('allow_gmp', $profile)) + $profile['allow_gmp'] = false; + +// Set the default force bigmath - BAD IDEA to override this +if (! array_key_exists('force_bigmath', $profile)) + $profile['force_bigmath'] = false; + +// Determine if GMP is usable +$profile['use_gmp'] = (extension_loaded('gmp') && $profile['allow_gmp']) ? true : false; + +// Determine if I can perform big math functions +$profile['use_bigmath'] = (extension_loaded('bcmath') || $profile['use_gmp'] || $profile['force_bigmath']) ? true : false; + +// Set a default authentication domain +if (! array_key_exists('auth_domain', $profile)) + $profile['auth_domain'] = $profile['req_url'] . ' ' . $profile['idp_url']; + +// Set a default authentication realm +if (! array_key_exists('auth_realm', $profile)) + $profile['auth_realm'] = 'phpMyID'; + +// Determine the realm for digest authentication - DO NOT OVERRIDE +$profile['php_realm'] = $profile['auth_realm'] . (ini_get('safe_mode') ? '-' . getmyuid() : ''); + +// Set a default lifetime - the lesser of GC and cache time +if (! array_key_exists('lifetime', $profile)) { + $sce = session_cache_expire() * 60; + $gcm = ini_get('session.gc_maxlifetime'); + $profile['lifetime'] = $sce < $gcm ? $sce : $gcm; +} + +// Set a default log file +if (! array_key_exists('logfile', $profile)) + $profile['logfile'] = sys_get_temp_dir() . DIRECTORY_SEPARATOR . $profile['auth_realm'] . '.debug.log'; + + +/* + * Optional Initialization + */ +// Setup optional headers +$profile['opt_headers'] = array(); + +// Determine if I should add microid stuff +if (array_key_exists('microid', $profile)) { + $hash = sha1($profile['idp_url']); + $values = is_array($profile['microid']) ? $profile['microid'] : array($profile['microid']); + + foreach ($values as $microid) { + preg_match('/^([a-z]+)/i', $microid, $mtx); + $profile['opt_headers'][] = sprintf('', $mtx[1], $proto, sha1(sha1($microid) . $hash)); + } +} + +// Determine if I should add pavatar stuff +if (array_key_exists('pavatar', $profile)) + $profile['opt_headers'][] = sprintf('', $profile['pavatar']); + + +/* + * Do it + */ +// Decide which runmode, based on user request or default +$run_mode = (isset($_REQUEST['openid_mode']) + && in_array($_REQUEST['openid_mode'], $known['openid_modes'])) + ? $_REQUEST['openid_mode'] + : 'no'; + +// Run in the determined runmode +debug("Run mode: $run_mode at: " . time()); +debug($_REQUEST, 'Request params'); +call_user_func($run_mode . '_mode'); +?> diff --git a/apps/user_openid/settings.php b/apps/user_openid/settings.php new file mode 100644 index 00000000000..76316de100c --- /dev/null +++ b/apps/user_openid/settings.php @@ -0,0 +1,24 @@ +assign('identity',$identity); +$tmpl->assign('user',OC_USER::getUser()); + +$tmpl->printPage(); + +?> diff --git a/apps/user_openid/templates/settings.php b/apps/user_openid/templates/settings.php new file mode 100644 index 00000000000..7a1b530fbca --- /dev/null +++ b/apps/user_openid/templates/settings.php @@ -0,0 +1,7 @@ +
+
+ t( 'OpenID identity' );?> +
+ +
+
diff --git a/apps/user_openid/user.php b/apps/user_openid/user.php new file mode 100644 index 00000000000..9ca1fd47c92 --- /dev/null +++ b/apps/user_openid/user.php @@ -0,0 +1,34 @@ +. +* +*/ + +$USERNAME=substr($_SERVER["REQUEST_URI"],strpos($_SERVER["REQUEST_URI"],'.php/')+5); +if(strpos($USERNAME,'?')){ + $USERNAME=substr($USERNAME,0,strpos($USERNAME,'?')); +} + +require_once '../../lib/base.php'; + +require_once 'phpmyid.php'; + + +?> \ No newline at end of file diff --git a/apps/user_openid/user_openid.php b/apps/user_openid/user_openid.php new file mode 100644 index 00000000000..d4bcefeb26f --- /dev/null +++ b/apps/user_openid/user_openid.php @@ -0,0 +1,73 @@ +. + * + */ + +require_once('User/backend.php'); +require_once('class.openid.v3.php'); + +/** + * Class for user management in a SQL Database (e.g. MySQL, SQLite) + */ +class OC_USER_OPENID extends OC_USER_BACKEND { + /** + * @brief Check if the password is correct + * @param $uid The username + * @param $password The password + * @returns true/false + * + * Check if the password is correct without logging in the user + */ + public function checkPassword( $uid, $password ){ + global $WEBROOT; + // Get identity from user and redirect browser to OpenID Server + $openid = new SimpleOpenID; + $openid->SetIdentity($uid); + $openid->SetTrustRoot('http://' . $_SERVER["HTTP_HOST"]); + if ($openid->GetOpenIDServer()){ + $openid->SetApprovedURL('http://' . $_SERVER["HTTP_HOST"] . $WEBROOT); // Send Response from OpenID server to this script + $openid->Redirect(); // This will redirect user to OpenID Server + exit; + }else{ + $error = $openid->GetError(); + echo "ERROR CODE: " . $error['code'] . "
"; + echo "ERROR DESCRIPTION: " . $error['description'] . "
"; + } + exit; + } + + /** + * find the user that can be authenticated with an openid identity + */ + public static function findUserForIdentity($identity){ + $query=OC_DB::prepare('SELECT userid FROM *PREFIX*preferences WHERE appid=? AND configkey=? AND configvalue=?'); + $result=$query->execute(array('user_openid','identity',$identity))->fetchAll(); + if(count($result)>0){ + return $result[0]['userid']; + }else{ + return false; + } + } +} + + + +?> \ No newline at end of file -- cgit v1.2.3 From 1ce24d892b0e1ebb568930cee882d2be68c32240 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Thu, 23 Jun 2011 17:58:27 +0200 Subject: don't show errors when the login isn't an openid identity --- apps/user_openid/user_openid.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'apps') diff --git a/apps/user_openid/user_openid.php b/apps/user_openid/user_openid.php index d4bcefeb26f..ddf5cc9bc23 100644 --- a/apps/user_openid/user_openid.php +++ b/apps/user_openid/user_openid.php @@ -47,9 +47,7 @@ class OC_USER_OPENID extends OC_USER_BACKEND { $openid->Redirect(); // This will redirect user to OpenID Server exit; }else{ - $error = $openid->GetError(); - echo "ERROR CODE: " . $error['code'] . "
"; - echo "ERROR DESCRIPTION: " . $error['description'] . "
"; + return false; } exit; } -- cgit v1.2.3 From 6452f5b5cb76b4a26ae8f114a55d09cfd482be52 Mon Sep 17 00:00:00 2001 From: Kamil Domanski Date: Thu, 23 Jun 2011 18:18:48 +0200 Subject: OpenID now won't load if curl is not available --- apps/user_openid/appinfo/app.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'apps') diff --git a/apps/user_openid/appinfo/app.php b/apps/user_openid/appinfo/app.php index fb3de10e2a8..2e238ed3f27 100644 --- a/apps/user_openid/appinfo/app.php +++ b/apps/user_openid/appinfo/app.php @@ -1,5 +1,10 @@ "user_openid_settings", 'order'=>1, "href" => OC_HELPER::linkTo( "user_openid", "settings.php" ), "name" => "OpenID")); -- cgit v1.2.3 From c8e57d5460e9b6b94f5730bcc5ca8197c42188ab Mon Sep 17 00:00:00 2001 From: Dominik Schmidt Date: Thu, 23 Jun 2011 22:51:25 +0200 Subject: Add user_ldap plugin --- apps/user_ldap/appinfo/app.php | 36 ++++++++++++++++++++ apps/user_ldap/appinfo/info.xml | 10 ++++++ apps/user_ldap/settings.php | 48 +++++++++++++++++++++++++++ apps/user_ldap/templates/settings.php | 24 ++++++++++++++ apps/user_ldap/user_ldap.php | 62 +++++++++++++++++++++++++++++++++++ 5 files changed, 180 insertions(+) create mode 100644 apps/user_ldap/appinfo/app.php create mode 100644 apps/user_ldap/appinfo/info.xml create mode 100644 apps/user_ldap/settings.php create mode 100644 apps/user_ldap/templates/settings.php create mode 100644 apps/user_ldap/user_ldap.php (limited to 'apps') diff --git a/apps/user_ldap/appinfo/app.php b/apps/user_ldap/appinfo/app.php new file mode 100644 index 00000000000..f7ce4f87a62 --- /dev/null +++ b/apps/user_ldap/appinfo/app.php @@ -0,0 +1,36 @@ +. +* +*/ + +require_once('apps/user_ldap/user_ldap.php'); + +// register user backend +OC_USER::useBackend( "LDAP" ); + +// add settings page to navigation +$entry = array( + 'id' => "user_ldap_settings", + 'order'=>1, + 'href' => OC_HELPER::linkTo( "user_ldap", "settings.php" ), + 'name' => 'LDAP' +); +OC_APP::addNavigationSubEntry( "core_users", $entry); diff --git a/apps/user_ldap/appinfo/info.xml b/apps/user_ldap/appinfo/info.xml new file mode 100644 index 00000000000..9a6ee1436fc --- /dev/null +++ b/apps/user_ldap/appinfo/info.xml @@ -0,0 +1,10 @@ + + + user_ldap + LDAP user backend + Authenticate Users by LDAP + 0.1 + AGPL + Dominik Schmidt + 2 + diff --git a/apps/user_ldap/settings.php b/apps/user_ldap/settings.php new file mode 100644 index 00000000000..22f817e7ca9 --- /dev/null +++ b/apps/user_ldap/settings.php @@ -0,0 +1,48 @@ +. + * + */ + +require_once('../../lib/base.php'); +require( 'template.php' ); + +if( !OC_USER::isLoggedIn() || !OC_GROUP::inGroup( OC_USER::getUser(), 'admin' )){ + header( "Location: ".OC_HELPER::linkTo( "index.php" )); + exit(); +} + +$params = array('ldap_host', 'ldap_dn', 'ldap_password', 'ldap_base', 'ldap_filter'); + +foreach($params as $param){ + if(isset($_POST[$param])){ + OC_APPCONFIG::setValue('user_ldap', $param, $_POST[$param]); + } +} +OC_APP::setActiveNavigationEntry( "user_ldap_settings" ); + + +// fill template +$tmpl = new OC_TEMPLATE( 'user_ldap', 'settings', 'admin' ); +foreach($params as $param){ + $value = OC_APPCONFIG::getValue('user_ldap', $param,''); + $tmpl->assign($param, $value); +} +$tmpl->printPage(); diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php new file mode 100644 index 00000000000..5f7ee671ce9 --- /dev/null +++ b/apps/user_ldap/templates/settings.php @@ -0,0 +1,24 @@ +
+
+ LDAP +
+
+ Host: * +
+
+ DN: +
+
+ Password: +
+
+ Base: * +
+
+ Filter * (use %uid placeholder): +
+
+ +
* required +
+
\ No newline at end of file diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php new file mode 100644 index 00000000000..52f88064292 --- /dev/null +++ b/apps/user_ldap/user_ldap.php @@ -0,0 +1,62 @@ +. + * + */ + +require_once('User/backend.php'); + +class OC_USER_LDAP extends OC_USER_BACKEND { + + public function checkPassword( $uid, $password ) { + $ldap_host = OC_APPCONFIG::getValue('user_ldap', 'ldap_host',''); + $ldap_dn = OC_APPCONFIG::getValue('user_ldap', 'ldap_dn',''); + $ldap_password = OC_APPCONFIG::getValue('user_ldap', 'ldap_password',''); + $ldap_base = OC_APPCONFIG::getValue('user_ldap', 'ldap_base',''); + $ldap_filter = OC_APPCONFIG::getValue('user_ldap', 'ldap_filter',''); + + // connect to server + $ds = ldap_connect( $ldap_host ); + if( !$ds ) + return false; + + // login for search + if(!empty($ldap_dn)) { + $ldap_login = @ldap_bind( $ds, $ldap_dn, $ldap_password ); + if(!$ldap_login) + return false; + } + + // get dn + $filter = str_replace("%uid", $uid, $ldap_filter); + $sr = ldap_search( $ds, $ldap_base, $filter ); + $entries = ldap_get_entries( $ds, $sr ); + + if( $entries["count"] == 0 ) + return false; + + $dn = $entries[0]["dn"]; + $result = @ldap_bind( $ds, $dn, $password ); + + return $result; + } +} + +?> -- cgit v1.2.3 From 612f8cb9546a0607defe7a0ff5fd8048bbfdf92c Mon Sep 17 00:00:00 2001 From: Dominik Schmidt Date: Thu, 23 Jun 2011 23:17:10 +0200 Subject: user_ldap: add port setting --- apps/user_ldap/appinfo/app.php | 3 +++ apps/user_ldap/settings.php | 6 +++++- apps/user_ldap/templates/settings.php | 3 +++ apps/user_ldap/user_ldap.php | 5 ++++- 4 files changed, 15 insertions(+), 2 deletions(-) (limited to 'apps') diff --git a/apps/user_ldap/appinfo/app.php b/apps/user_ldap/appinfo/app.php index f7ce4f87a62..67b61989f7f 100644 --- a/apps/user_ldap/appinfo/app.php +++ b/apps/user_ldap/appinfo/app.php @@ -23,6 +23,9 @@ require_once('apps/user_ldap/user_ldap.php'); +// define LDAP_DEFAULT_PORT +define("OC_USER_BACKEND_LDAP_DEFAULT_PORT", 389); + // register user backend OC_USER::useBackend( "LDAP" ); diff --git a/apps/user_ldap/settings.php b/apps/user_ldap/settings.php index 22f817e7ca9..f7aff1b4614 100644 --- a/apps/user_ldap/settings.php +++ b/apps/user_ldap/settings.php @@ -29,7 +29,7 @@ if( !OC_USER::isLoggedIn() || !OC_GROUP::inGroup( OC_USER::getUser(), 'admin' )) exit(); } -$params = array('ldap_host', 'ldap_dn', 'ldap_password', 'ldap_base', 'ldap_filter'); +$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_password', 'ldap_base', 'ldap_filter'); foreach($params as $param){ if(isset($_POST[$param])){ @@ -45,4 +45,8 @@ foreach($params as $param){ $value = OC_APPCONFIG::getValue('user_ldap', $param,''); $tmpl->assign($param, $value); } + +// ldap_port has a default value +$tmpl->assign( 'ldap_port', OC_APPCONFIG::getValue('user_ldap', 'ldap_port', OC_USER_BACKEND_LDAP_DEFAULT_PORT)); + $tmpl->printPage(); diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php index 5f7ee671ce9..0145736e803 100644 --- a/apps/user_ldap/templates/settings.php +++ b/apps/user_ldap/templates/settings.php @@ -5,6 +5,9 @@
Host: *
+
+ Port: * +
DN:
diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php index 52f88064292..cd4a92a7b16 100644 --- a/apps/user_ldap/user_ldap.php +++ b/apps/user_ldap/user_ldap.php @@ -25,15 +25,18 @@ require_once('User/backend.php'); class OC_USER_LDAP extends OC_USER_BACKEND { + + public function checkPassword( $uid, $password ) { $ldap_host = OC_APPCONFIG::getValue('user_ldap', 'ldap_host',''); + $ldap_port = OC_APPCONFIG::getValue('user_ldap', 'ldap_port', OC_USER_BACKEND_LDAP_DEFAULT_PORT); $ldap_dn = OC_APPCONFIG::getValue('user_ldap', 'ldap_dn',''); $ldap_password = OC_APPCONFIG::getValue('user_ldap', 'ldap_password',''); $ldap_base = OC_APPCONFIG::getValue('user_ldap', 'ldap_base',''); $ldap_filter = OC_APPCONFIG::getValue('user_ldap', 'ldap_filter',''); // connect to server - $ds = ldap_connect( $ldap_host ); + $ds = ldap_connect( $ldap_host, $ldap_port ); if( !$ds ) return false; -- cgit v1.2.3 From d4618d633a2240c15b19c8c2b40fb05f1d2d7334 Mon Sep 17 00:00:00 2001 From: Dominik Schmidt Date: Thu, 23 Jun 2011 23:19:04 +0200 Subject: user_ldap: use input-type-password for ldap_password --- apps/user_ldap/templates/settings.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'apps') diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php index 0145736e803..5dddb71a022 100644 --- a/apps/user_ldap/templates/settings.php +++ b/apps/user_ldap/templates/settings.php @@ -12,7 +12,7 @@ DN:
- Password: + Password:
Base: * -- cgit v1.2.3 From 5f29f8a8310823ed99b0d627ea03c9ff3e5efcb3 Mon Sep 17 00:00:00 2001 From: Dominik Schmidt Date: Thu, 23 Jun 2011 23:41:02 +0200 Subject: user_ldap: implement userExists --- apps/user_ldap/user_ldap.php | 68 +++++++++++++++++++++++++++++++------------- 1 file changed, 48 insertions(+), 20 deletions(-) (limited to 'apps') diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php index cd4a92a7b16..1718a307ccd 100644 --- a/apps/user_ldap/user_ldap.php +++ b/apps/user_ldap/user_ldap.php @@ -25,41 +25,69 @@ require_once('User/backend.php'); class OC_USER_LDAP extends OC_USER_BACKEND { + protected $ds; + // cached settings + protected $ldap_host; + protected $ldap_port; + protected $ldap_dn; + protected $ldap_password; + protected $ldap_base; + protected $ldap_filter; - public function checkPassword( $uid, $password ) { - $ldap_host = OC_APPCONFIG::getValue('user_ldap', 'ldap_host',''); - $ldap_port = OC_APPCONFIG::getValue('user_ldap', 'ldap_port', OC_USER_BACKEND_LDAP_DEFAULT_PORT); - $ldap_dn = OC_APPCONFIG::getValue('user_ldap', 'ldap_dn',''); - $ldap_password = OC_APPCONFIG::getValue('user_ldap', 'ldap_password',''); - $ldap_base = OC_APPCONFIG::getValue('user_ldap', 'ldap_base',''); - $ldap_filter = OC_APPCONFIG::getValue('user_ldap', 'ldap_filter',''); + function __construct() { + $this->ldap_host = OC_APPCONFIG::getValue('user_ldap', 'ldap_host',''); + $this->ldap_port = OC_APPCONFIG::getValue('user_ldap', 'ldap_port', OC_USER_BACKEND_LDAP_DEFAULT_PORT ); + $this->ldap_dn = OC_APPCONFIG::getValue('user_ldap', 'ldap_dn',''); + $this->ldap_password = OC_APPCONFIG::getValue('user_ldap', 'ldap_password',''); + $this->ldap_base = OC_APPCONFIG::getValue('user_ldap', 'ldap_base',''); + $this->ldap_filter = OC_APPCONFIG::getValue('user_ldap', 'ldap_filter',''); + } - // connect to server - $ds = ldap_connect( $ldap_host, $ldap_port ); - if( !$ds ) - return false; + private function getDs() { + if(!$this->ds) { + $this->ds = ldap_connect( $this->ldap_host, $this->ldap_port ); + } - // login for search - if(!empty($ldap_dn)) { - $ldap_login = @ldap_bind( $ds, $ldap_dn, $ldap_password ); + // login + if(!empty($this->ldap_dn)) { + $ldap_login = @ldap_bind( $this->ds, $this->ldap_dn, $this->ldap_password ); if(!$ldap_login) return false; } + return $this->ds; + } + + private function getDn( $uid ) { + // connect to server + $ds = $this->getDs(); + if( !$ds ) + return false; + // get dn - $filter = str_replace("%uid", $uid, $ldap_filter); - $sr = ldap_search( $ds, $ldap_base, $filter ); - $entries = ldap_get_entries( $ds, $sr ); + $filter = str_replace("%uid", $uid, $this->ldap_filter); + $sr = ldap_search( $this->getDs(), $this->ldap_base, $filter ); + $entries = ldap_get_entries( $this->getDs(), $sr ); if( $entries["count"] == 0 ) return false; - $dn = $entries[0]["dn"]; - $result = @ldap_bind( $ds, $dn, $password ); + return $entries[0]["dn"]; + } + public function checkPassword( $uid, $password ) { + $dn = $this->getDn( $uid ); + if( !$dn ) + return false; + + return @ldap_bind( $this->getDs(), $dn, $password ); + } - return $result; + public function userExists( $uid ) { + $dn = getDn($uid); + return !empty($dn); } + } ?> -- cgit v1.2.3 From 735738fe6fbdc3afb6a9fd1d5fbec36b5020f9aa Mon Sep 17 00:00:00 2001 From: Dominik Schmidt Date: Thu, 23 Jun 2011 23:54:39 +0200 Subject: user_ldap: close ldap connection in dtor --- apps/user_ldap/user_ldap.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'apps') diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php index 1718a307ccd..1ee9809b3bb 100644 --- a/apps/user_ldap/user_ldap.php +++ b/apps/user_ldap/user_ldap.php @@ -44,6 +44,12 @@ class OC_USER_LDAP extends OC_USER_BACKEND { $this->ldap_filter = OC_APPCONFIG::getValue('user_ldap', 'ldap_filter',''); } + function __destruct() { + // close the connection + if( $this->ds ) + ldap_unbind($this->ds); + } + private function getDs() { if(!$this->ds) { $this->ds = ldap_connect( $this->ldap_host, $this->ldap_port ); -- cgit v1.2.3 From 53cb4c16ed85b09706676540e8bf704188f32c41 Mon Sep 17 00:00:00 2001 From: Kamil Domanski Date: Fri, 24 Jun 2011 00:24:45 +0200 Subject: add template to openid request page --- apps/user_openid/phpmyid.php | 7 ++++--- apps/user_openid/templates/nomode.php | 23 +++++++++++++++++++++++ 2 files changed, 27 insertions(+), 3 deletions(-) create mode 100644 apps/user_openid/templates/nomode.php (limited to 'apps') diff --git a/apps/user_openid/phpmyid.php b/apps/user_openid/phpmyid.php index 719bbd954c0..330cd466c48 100644 --- a/apps/user_openid/phpmyid.php +++ b/apps/user_openid/phpmyid.php @@ -12,6 +12,8 @@ * @version 0.9 */ +require( 'template.php' ); + /** * Set a constant to indicate that phpMyID is running @@ -558,9 +560,8 @@ function logout_mode () { * @global array $profile */ function no_mode () { - global $profile; - - wrap_html('This is an OpenID server endpoint. For more information, see http://openid.net/
Server: ' . $profile['idp_url'] . '
Realm: ' . $profile['php_realm'] . '
Login' . ($profile['allow_test'] === true ? ' | Test' : null)); + $tmpl = new OC_TEMPLATE( 'user_openid', 'nomode', 'guest' ); + $tmpl->printPage(); } diff --git a/apps/user_openid/templates/nomode.php b/apps/user_openid/templates/nomode.php new file mode 100644 index 00000000000..13a1a894931 --- /dev/null +++ b/apps/user_openid/templates/nomode.php @@ -0,0 +1,23 @@ + + +
+ " alt="ownCloud" /> +
    +
  • +
    +

    t('This is an OpenID server endpoint. For more information, see http://openid.net/'));?>

    +

    t('Server: ').$profile['idp_url']); ?> +

    t('Realm: ').$profile['php_realm']); ?> +

    t('Login')); ?> + + | Test + +

    +
  • +
+
+ -- cgit v1.2.3 From 1aa8399915bc6148fab3ad8e3eae736e9a135c09 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Fri, 24 Jun 2011 17:06:02 +0200 Subject: show error on openid request page when no user is selected --- apps/user_openid/phpmyid.php | 4 +++- apps/user_openid/templates/nomode.php | 21 +++++++++++++-------- apps/user_openid/user.php | 4 ++++ 3 files changed, 20 insertions(+), 9 deletions(-) (limited to 'apps') diff --git a/apps/user_openid/phpmyid.php b/apps/user_openid/phpmyid.php index 330cd466c48..5b04684cd7d 100644 --- a/apps/user_openid/phpmyid.php +++ b/apps/user_openid/phpmyid.php @@ -560,7 +560,9 @@ function logout_mode () { * @global array $profile */ function no_mode () { + global $USERNAME; $tmpl = new OC_TEMPLATE( 'user_openid', 'nomode', 'guest' ); + $tmpl->assign('user',$USERNAME); $tmpl->printPage(); } @@ -1669,7 +1671,7 @@ if (! array_key_exists('auth_domain', $profile)) // Set a default authentication realm if (! array_key_exists('auth_realm', $profile)) - $profile['auth_realm'] = 'phpMyID'; + $profile['auth_realm'] = 'ownCloud'; // Determine the realm for digest authentication - DO NOT OVERRIDE $profile['php_realm'] = $profile['auth_realm'] . (ini_get('safe_mode') ? '-' . getmyuid() : ''); diff --git a/apps/user_openid/templates/nomode.php b/apps/user_openid/templates/nomode.php index 13a1a894931..f85d28cdc9b 100644 --- a/apps/user_openid/templates/nomode.php +++ b/apps/user_openid/templates/nomode.php @@ -5,17 +5,22 @@ global $profile; ?>
- " alt="ownCloud" /> + " alt="ownCloud" />
  • -

    t('This is an OpenID server endpoint. For more information, see http://openid.net/'));?>

    -

    t('Server: ').$profile['idp_url']); ?> -

    t('Realm: ').$profile['php_realm']); ?> -

    t('Login')); ?> - - | Test - +

    t('This is an OpenID server endpoint. For more information, see '));?>http://openid.net/

    + +

    t('Identity: ').$profile['idp_url']); ?>

    +

    t('Realm: ').$profile['php_realm']); ?>

    +

    t('User: ').$_['user']); ?> +

    t('Login')); ?> + + Test + + +

    t('Error: No user Selected')); ?>

    +
diff --git a/apps/user_openid/user.php b/apps/user_openid/user.php index 9ca1fd47c92..2199e5f9e58 100644 --- a/apps/user_openid/user.php +++ b/apps/user_openid/user.php @@ -28,6 +28,10 @@ if(strpos($USERNAME,'?')){ require_once '../../lib/base.php'; +if(!OC_USER::userExists($USERNAME)){ + $USERNAME=''; +} + require_once 'phpmyid.php'; -- cgit v1.2.3 From 7d2784c4c3145c8dcf15fb357f2325ae29d65717 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Fri, 24 Jun 2011 18:02:51 +0200 Subject: add openid headers to openid request page --- apps/user_openid/phpmyid.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'apps') diff --git a/apps/user_openid/phpmyid.php b/apps/user_openid/phpmyid.php index 5b04684cd7d..69cd7111625 100644 --- a/apps/user_openid/phpmyid.php +++ b/apps/user_openid/phpmyid.php @@ -560,8 +560,10 @@ function logout_mode () { * @global array $profile */ function no_mode () { - global $USERNAME; + global $USERNAME, $profile; $tmpl = new OC_TEMPLATE( 'user_openid', 'nomode', 'guest' ); + $tmpl->addHeader('link',array('rel'=>'openid.server', 'href'=>$profile['req_url'])); + $tmpl->addHeader('link',array('rel'=>'openid.delegate', 'href'=>$profile['idp_url'])); $tmpl->assign('user',$USERNAME); $tmpl->printPage(); } -- cgit v1.2.3 From 4ac25942dee332b3227501e50525101a5f85fc6b Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Fri, 24 Jun 2011 22:07:26 +0200 Subject: you can now use your owncloud url as openid provider --- apps/user_openid/appinfo/app.php | 4 ++++ apps/user_openid/phpmyid.php | 50 +++++++++++++++++++++++++--------------- apps/user_openid/user.php | 11 ++++++++- 3 files changed, 45 insertions(+), 20 deletions(-) (limited to 'apps') diff --git a/apps/user_openid/appinfo/app.php b/apps/user_openid/appinfo/app.php index 2e238ed3f27..d6eacfc0a3a 100644 --- a/apps/user_openid/appinfo/app.php +++ b/apps/user_openid/appinfo/app.php @@ -5,6 +5,10 @@ if (!in_array ('curl', get_loaded_extensions())){ return; } +$urlBase=((isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == 'on') ? 'https' : 'http').'://'.$_SERVER['HTTP_HOST']; +OC_UTIL::addHeader('link',array('rel'=>'openid.server', 'href'=>$urlBase.OC_HELPER::linkTo( "user_openid", "user.php" ).'/')); +OC_UTIL::addHeader('link',array('rel'=>'openid.delegate', 'href'=>$urlBase.OC_HELPER::linkTo( "user_openid", "user.php" ).'/')); + require_once 'apps/user_openid/user_openid.php'; OC_APP::addSettingsPage( array( "id" => "user_openid_settings", 'order'=>1, "href" => OC_HELPER::linkTo( "user_openid", "settings.php" ), "name" => "OpenID")); diff --git a/apps/user_openid/phpmyid.php b/apps/user_openid/phpmyid.php index 69cd7111625..7991b87c6d8 100644 --- a/apps/user_openid/phpmyid.php +++ b/apps/user_openid/phpmyid.php @@ -198,16 +198,18 @@ function associate_mode () { function authorize_mode () { global $profile; global $USERNAME; + global $IDENTITY; // this is a user session // the user needs refresh urls in their session to access this mode if (! isset($_SESSION['post_auth_url']) || ! isset($_SESSION['cancel_auth_url'])) error_500('You may not access this mode directly.'); - + + $profile['idp_url']=$IDENTITY; if (isset($_SERVER['PHP_AUTH_USER']) && $profile['authorized'] === false && $_SERVER['PHP_AUTH_USER']==$USERNAME) { if (OC_USER::checkPassword($USERNAME, $_SERVER['PHP_AUTH_PW'])) {// successful login! - + error_log('success'); // return to the refresh url if they get in $_SESSION['openid_auth']=true; $_SESSION['openid_user']=$USERNAME; @@ -367,7 +369,7 @@ function checkid ( $wait ) { } // transfer the user to the url accept mode if they're paranoid - if ($wait == 1 && isset($profile['paranoid']) && $profile['paranoid'] === true && (! session_is_registered('accepted_url') || $_SESSION['accepted_url'] != $trust_root)) { + if ($wait == 1 && isset($profile['paranoid']) && $profile['paranoid'] === true && (! isset($_SESSION['accepted_url']) || $_SESSION['accepted_url'] != $trust_root)) { $_SESSION['cancel_accept_url'] = $cancel_url; $_SESSION['post_accept_url'] = $profile['req_url']; $_SESSION['unaccepted_url'] = $trust_root; @@ -381,11 +383,11 @@ function checkid ( $wait ) { } // make sure i am this identifier - if ($identity != $profile['idp_url']) { - debug("Invalid identity: $identity"); - debug("IdP URL: " . $profile['idp_url']); - error_get($return_to, "Invalid identity: '$identity'"); - } +// if ($identity != $profile['idp_url']) { +// debug("Invalid identity: $identity"); +// debug("IdP URL: " . $profile['idp_url']); +// error_get($return_to, "Invalid identity: '$identity'"); +// } // begin setting up return keys $keys = array( @@ -393,9 +395,9 @@ function checkid ( $wait ) { ); // if the user is not logged in, transfer to the authorization mode - if ($_SESSION['openid_auth'] === false || $USERNAME != $_SESSION['openid_user']) { + if ($USERNAME=='' || $_SESSION['openid_auth'] === false || $USERNAME != $_SESSION['openid_user']) { // users can only be logged in to one url at a time - $_SESSION['auth_username'] = null; + $_SESSION['openid_user'] = null; $_SESSION['auth_url'] = null; if ($wait) { @@ -562,6 +564,9 @@ function logout_mode () { function no_mode () { global $USERNAME, $profile; $tmpl = new OC_TEMPLATE( 'user_openid', 'nomode', 'guest' ); + if(substr($profile['req_url'],-1,1)!=='/'){//the identity should always end with a / + $profile['req_url'].='/'; + } $tmpl->addHeader('link',array('rel'=>'openid.server', 'href'=>$profile['req_url'])); $tmpl->addHeader('link',array('rel'=>'openid.delegate', 'href'=>$profile['idp_url'])); $tmpl->assign('user',$USERNAME); @@ -1267,11 +1272,11 @@ function secret ( $handle ) { session_start(); debug('Started session to acquire key: ' . session_id()); - $secret = session_is_registered('shared_secret') + $secret = isset($_SESSION['shared_secret']) ? base64_decode($_SESSION['shared_secret']) : false; - $expiration = session_is_registered('expiration') + $expiration = isset($_SESSION['expiration']) ? $_SESSION['expiration'] : null; @@ -1632,22 +1637,29 @@ $GLOBALS['proto'] = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == 'on') ? 'h // Set the authorization state - DO NOT OVERRIDE $profile['authorized'] = false; +global $IDENTITY; +global $USERNAME; + // Set a default IDP URL if (! array_key_exists('idp_url', $profile)) - $profile['idp_url'] = sprintf("%s://%s%s%s", - $proto, - $_SERVER['SERVER_NAME'], - $port, - $_SERVER['PHP_SELF']); + $profile['idp_url'] = $IDENTITY; -// Determine the requested URL - DO NOT OVERRIDE +//Determine the requested URL - DO NOT OVERRIDE $profile['req_url'] = sprintf("%s://%s%s", $proto, $_SERVER['HTTP_HOST'], // $port,//host already includes the path $_SERVER["REQUEST_URI"]); -error_log($profile['req_url']); +$fullId=urlencode('.php/'.$USERNAME); +$incompleteId=urlencode('.php/'); + +if(!strpos($profile['req_url'],$fullId)){ + $profile['req_url']=str_replace($incompleteId,$fullId,$profile['req_url']); +} + +error_log('inc id: '.$fullId); +error_log('req url: '.$profile['req_url']); // Set the default allowance for testing if (! array_key_exists('allow_test', $profile)) diff --git a/apps/user_openid/user.php b/apps/user_openid/user.php index 2199e5f9e58..52af9ba3a56 100644 --- a/apps/user_openid/user.php +++ b/apps/user_openid/user.php @@ -22,15 +22,24 @@ */ $USERNAME=substr($_SERVER["REQUEST_URI"],strpos($_SERVER["REQUEST_URI"],'.php/')+5); -if(strpos($USERNAME,'?')){ +if(strpos($USERNAME,'?')!==false){ $USERNAME=substr($USERNAME,0,strpos($USERNAME,'?')); } + +if($USERNAME=='' and isset($_SERVER['PHP_AUTH_USER'])){ + $USERNAME=$_SERVER['PHP_AUTH_USER']; +} + +$RUNTIME_NOAPPS=true; +$RUNTIME_NOAPPS=false; require_once '../../lib/base.php'; if(!OC_USER::userExists($USERNAME)){ $USERNAME=''; } +global $WEBROOT; +$IDENTITY=((isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == 'on') ? 'https' : 'http').'://'.$_SERVER['HTTP_HOST'].$WEBROOT.'/apps/user_openid/user.php/'.$USERNAME; require_once 'phpmyid.php'; -- cgit v1.2.3 From 7f0dc638ae5bb651baa171825921055d95cb1c63 Mon Sep 17 00:00:00 2001 From: Dominik Schmidt Date: Mon, 4 Jul 2011 19:04:15 +0200 Subject: Hopefully fix errors if ldap plugin is not configured --- apps/user_ldap/user_ldap.php | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'apps') diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php index 1ee9809b3bb..d6ed8c741e7 100644 --- a/apps/user_ldap/user_ldap.php +++ b/apps/user_ldap/user_ldap.php @@ -26,6 +26,7 @@ require_once('User/backend.php'); class OC_USER_LDAP extends OC_USER_BACKEND { protected $ds; + protected $configured = false; // cached settings protected $ldap_host; @@ -42,6 +43,17 @@ class OC_USER_LDAP extends OC_USER_BACKEND { $this->ldap_password = OC_APPCONFIG::getValue('user_ldap', 'ldap_password',''); $this->ldap_base = OC_APPCONFIG::getValue('user_ldap', 'ldap_base',''); $this->ldap_filter = OC_APPCONFIG::getValue('user_ldap', 'ldap_filter',''); + + if( !empty($this->ldap_host) + && !empty($this->ldap_port) + && !empty($this->ldap_dn) + && !empty($this->ldap_password) + && !empty($this->ldap_base) + && !empty($this->ldap_filter) + ) + { + $this->configured = true; + } } function __destruct() { @@ -66,6 +78,9 @@ class OC_USER_LDAP extends OC_USER_BACKEND { } private function getDn( $uid ) { + if(!$this->configured) + return false; + // connect to server $ds = $this->getDs(); if( !$ds ) @@ -90,7 +105,7 @@ class OC_USER_LDAP extends OC_USER_BACKEND { } public function userExists( $uid ) { - $dn = getDn($uid); + $dn = $this->getDn($uid); return !empty($dn); } -- cgit v1.2.3