ident_url = 'http://' . $_SERVER['HTTP_HOST'] . $path; } public static function checkUrl($url) { return true; } public static function redirect($url, $params=array()) { if (!empty($params)) { if (strpos($url, '?')) $url .= '&'; else $url .= '?'; $query = array(); foreach ($params as $key=>$value) { $query[] = $key . '=' . $value; } $url .= implode('&', $query); } die("redir: ".$url); header('Location: '.$url); exit; } private function initUser($url) { $this->user = new OpenID_User($url); } public function getMode() { if (empty($_REQUEST['openid_mode'])) return false; switch ($_REQUEST['openid_mode']) { case 'checkid_immediate': case 'checkid_setup': case 'associate': case 'check_authentication': return $_REQUEST['openid_mode']; default: throw new OpenIDProtocolException("Unknown mode '".$_REQUEST['openid_mode']."'"); } } public function handleMode() { $mode = $this->getMode(); if (!$mode) { if ($this->throwErrors) throw new OpenIDProtocolException("No openid.mode supplied"); else { echo "This is an OpenID server endpoint. For more information, see openid.net."; exit; } } switch ($mode) { case 'checkid_immediate': { if (empty($_GET['openid_identify'])) throw new OpenIDProtocolException("Must provide an identity URL (openid.identify)"); if (empty($_GET['openid_return_to'])) throw new OpenIDProtocolException("Must provide a return URL (openid.return_to)"); $identify = $_GET['openid_identify']; $return = $_GET['openid_return_to']; $assoc = false; if (!empty($_GET['openid_assoc_handle'])) $assoc = $_GET['openid_assoc_handle']; $trust_root = ''; if (!empty($_GET['openid_trust_root'])) $assoc = $_GET['openid_trust_root']; return $this->mode_checkid_immediate($identify, $return, $assoc, $trust_root); } case 'associate': { // Fallback to default assoc type $assoc_type = $this->assoc_types[0]; if (!empty($_POST['openid_assoc_type'])) $assoc_type = $_POST['openid_assoc_type']; // Fallback to default session type $session_type = $this->session_types[0]; if (empty($_POST['openid_session_type'])) $session_type = ''; $params = array(); if (!empty($_POST['openid_dh_modulus']) && $session_type == 'DH-SHA1') $params['dh_modulus'] = $_POST['openid_dh_modulus']; if (!empty($_POST['openid_dh_gen']) && $session_type == 'DH-SHA1') $params['dh_gen'] = $_POST['openid_dh_gen']; if (!empty($_POST['openid_dh_consumer_public']) && $session_type == 'DH-SHA1') $params['dh_consumer_public'] = $_POST['openid_dh_consumer_public']; $this->mode_associate($assoc_type, $session_type, $params); } default: { throw new OpenIDProtocolException("Unknown mode ?!"); } } } private function mode_associate($assoc_type, $session_type, $params) { if (!in_array($assoc_type, $this->assoc_types)) { throw new OpenIDProtocolException('Unknown openid.assoc_type "'.$assoc_type.'"'); return false; } if (!in_array($session_type, $this->session_types)) { $session_type = $this->session_types[0]; } /* Not implemented if ($session_type == 'DH-SHA1') { if (empty($params['dh_consumer_public'])) { throw new OpenIDProtocolException( 'You have to provide openid.dh_consumer_public if you want a DH-SHA1 session.'); } if (!empty($params['dh_gen'])) $params['dh_gen'] = long(base64_decode($params['dh_gen'])); if (!empty($params['dh_modulus'])) $params['dh_modulus'] = long(base64_decode($params['dh_modulus'])); if (empty($params['dh_gen'])) $params['dh_gen'] = $this->default_dh_gen; if (empty($params['dh_modulus'])) $params['dh_modulus'] = $this->default_dh_modulus; $params['dh_consumer_public'] = long(base64_decode($params['dh_consumer_public'])); }*/ $assoc_handle = $this->getHandle(); $expires } private function mode_checkid_immediate($identify, $return, $assoc=false, $trust_root=null) { if (!self::checkUrl($return)) { if ($this->throwErrors) { throw new OpenIDProtocolException("openid.return_to URL isn't valid."); } else { header("HTTP/1.0 400 Not Found"); echo "openid.return_to URL isn't valid."; exit; } } if (!self::checkUrl($identify)) { if ($this->throwErrors) { throw new OpenIDProtocolException("openid.identify URL isn't valid."); } else { self::redirect($return, array( 'openid.mode' => 'error', 'openid.error' => "openid.identify URL isn't valid." ) ); } } $this->initUser($identify); if (!$this->user->allows($return, $trust_root)) { self::redirect($return, array( 'openid.mode' => 'id_res', 'openid.user_setup_url' => $this->ident_url, ) ); } else { $handle = $this->getHandle(); self::redirect($return, array( 'openid.mode' => 'id_res', 'openid.identity' => $identify, 'openid.assoc_handle'=> $handle, 'openid.return_to' => $return, 'openid.signed' => 'mode,identity,return_to', 'openid.sig' => $this->getSignature($handle, array( 'mode' => 'checkid_immediate', 'identity' => $identify, 'return_to' => $return, )) // FIXME: TODO: implémenter openid.invalidate_handle ) ); } } private function getHandle() { return; } private function getSignature($handle, $fields) { return ''; } } ?>