openid_client/login.php

   1 <?php
   2
   3 require_once('openid_includes.php');
   4
   5 $passthru_url = optional_param('passthru_url');
   6
   7 if ($passthru_url) {
   8         $redirect_url = $passthru_url;
   9 } else {
  10         $redirect_url = $CFG->wwwroot . "index.php";
  11 }
  12
  13 if (logged_on) {
  14         // if we're already logged in, say so and do nothing
  15     $messages[] = __gettext("You are already logged in.");
  16 } else {
  17         $username = trim(optional_param('username'));
  18         $externalservice = optional_param('externalservice');
  19
  20         if (!empty($externalservice)) {
  21         switch($externalservice) {
  22
  23             case "livejournal":     $username = "http://" . $username . ".livejournal.com";
  24                                     break;
  25             case "aim":             $username = "http://openid.aol.com/" . $username;
  26                                     break;
  27             case "explode":         $username = "http://explode.elgg.org/" . $username;
  28                                     break;
  29             case "vox":             $username = "http://" . $username . ".vox.com";
  30                                     break;
  31             case "wordpress":       $username = "http://" . $username . ".wordpress.com";
  32                                     break;
  33             case "pip":             $username = "http://" . $username . ".pip.verisignlabs.com";
  34                                     break;
  35
  36         }
  37     }
  38
  39         if (!empty($username)) {
  40
  41                 // normalise username
  42
  43                 if (strpos($username,'.') === false) {
  44                         // appears to be a bare account name, so try for a default server
  45                         if ($CFG->openid_client_default_server) {
  46                                 $l = sprintf($CFG->openid_client_default_server,$username);
  47                         }
  48                 } elseif ((strpos($username,'http://') === false) && (strpos($username,'https://') === false)) {
  49                         // allow for OpenID URLs that are missing the "http://" prefix
  50                         $username = 'http://'.$username;
  51                 }
  52
  53                 // add closing slash to normalise URL
  54             //if (substr($username,-1,1) != "/") {
  55             //  $username .= "/";
  56             //}
  57
  58             // Remove any malformed entries
  59                 delete_records('users', 'alias', $username, 'email', '');
  60
  61             // try logging in
  62                 $ok = openid_client_authenticate_user_login($username);
  63             if ($ok) {
  64                 $messages[] = __gettext("You have been logged on.");
  65             }
  66         } else {
  67             $messages[] = __gettext("The username was not specified. The system could not log you in.");
  68         }
  69 }
  70
  71 $_SESSION['messages'] = $messages;
  72 header("Location: " . $redirect_url);
  73
  74 function openid_client_authenticate_user_login($username) {
  75
  76         global $CFG;
  77         global $messages;
  78
  79         // match username against green, yellow and red lists
  80
  81         $passed = true;
  82
  83         if ($CFG->openid_client_greenlist || $CFG->openid_client_yellowlist) {
  84                 $passed = false;
  85                 $yesarray = array_merge(explode("\n",$CFG->openid_client_greenlist),explode("\n",$CFG->openid_client_yellowlist));
  86                 foreach ( $yesarray as $entry ) {
  87                         if (fnmatch($entry,$username)) {
  88                                 $passed = true;
  89                                 break;
  90                         }
  91                 }
  92         }
  93
  94         if ($passed) {
  95                 if ($CFG->openid_client_redlist) {
  96                         foreach (explode("\n",$CFG->openid_client_redlist) as $entry ) {
  97                                 if (fnmatch($entry,$username)) {
  98                                         $passed = false;
  99                                         break;
 100                                 }
 101                         }
 102                 }
 103         }
 104
 105         if (!$passed) {
 106                 $messages[] = __gettext("This site does not allow the OpenID that you entered.");
 107                 $messages[] = __gettext("Please try another OpenID or contact the site administrator for more information.");
 108                 return false;
 109         }
 110
 111         $query = array_merge( $_GET, $_POST );
 112
 113     $identity_url = $username;
 114
 115     $consumer = new Auth_OpenID_Consumer(new OpenID_ElggStore());
 116
 117     $auth_request = $consumer->begin($identity_url);
 118
 119         if ($auth_request) {
 120         $trust_root = $CFG->wwwroot;
 121
 122         // Add simple registration arguments.
 123
 124         $auth_request->addExtensionArg('sreg', 'optional', 'email,fullname');
 125
 126         $app_url = $CFG->wwwroot.'mod/openid_client/return.php';
 127
 128         $redirect_url = $auth_request->redirectURL($trust_root, $app_url);
 129
 130                 session_write_close();
 131                 if (headers_sent()) {
 132                         die("headers sent!");
 133                 }
 134         header( "Location: " . $redirect_url );
 135         exit;
 136
 137     } else {
 138         $messages[] = 'OpenID authentication failed: '.$username. ' is not a valid OpenID URL.';
 139     }
 140
 141         return false;
 142
 143 }
 144 ?>