path: root/mod/id.php



<?php

function id_init(&$a) {

logger('id: ' . print_r($_REQUEST,true));

/**
 * This example shows several things:
 * - How a setup interface should look like.
 * - How to use a mysql table for authentication
 * - How to store associations in mysql table, instead of php sessions.
 * - How to store realm authorizations.
 * - How to send AX/SREG parameters.
 * For the example to work, you need to create the necessary tables:
CREATE TABLE Users (
    id INT NOT NULL auto_increment PRIMARY KEY,
    login VARCHAR(32) NOT NULL,
    password CHAR(40) NOT NULL,
    firstName VARCHAR(32) NOT NULL,
    lastName VARCHAR(32) NOT NULL
);

CREATE TABLE AllowedSites (
    user INT NOT NULL,
    realm TEXT NOT NULL,
    attributes TEXT NOT NULL,
    INDEX(user)
);

CREATE TABLE Associations (
    id INT NOT NULL PRIMARY KEY,
    data TEXT NOT NULL
);
 *
 * This is only an example. Don't use it in your code as-is.
 * It has several security flaws, which you shouldn't copy (like storing plaintext login and password in forms).
 *
 * This setup could be very easily flooded with many associations, 
 * since non-private ones aren't automatically deleted.
 * You could prevent this by storing a date of association and removing old ones,
 * or by setting $this->dh = false;
 * However, the latter one would disable stateful mode, unless connecting via HTTPS.
 */
require 'library/openid/provider/provider.php';


function getUserData($handle=null)
{
	if(! local_channel()) {
		notice( t('Permission denied.') . EOL);
		get_app()->page['content'] =  login();
	}

	logger('handle: ' . $handle);

	if($handle) {
		$r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_address = '%s' limit 1",
			dbesc($handle)
		);
	}
	else {
		$r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_id = %d",
			intval(local_channel())
		);
	}

	return $r[0];

/*
    if(isset($_POST['login'],$_POST['password'])) {
        $login = mysql_real_escape_string($_POST['login']);
        $password = sha1($_POST['password']);
        $q = mysql_query("SELECT * FROM Users WHERE login = '$login' AND password = '$password'");
        if($data = mysql_fetch_assoc($q)) {
            return $data;
        }
        if($handle) {
            echo 'Wrong login/password.';
        }
    }
    if($handle) {
    ?>
    <form action="" method="post">
    <input type="hidden" name="openid.assoc_handle" value="<?php echo $handle?>">
    Login: <input type="text" name="login"><br>
    Password: <input type="password" name="password"><br>
    <button>Submit</button>
    </form>
    <?php
    die();
    }
*/

}

class MysqlProvider extends LightOpenIDProvider
{
    private $attrMap = array(
        'namePerson/first'    => 'First name',
        'namePerson/last'     => 'Last name',
        'namePerson/friendly' => 'Nickname (login)'
        );
    
    private $attrFieldMap = array(
        'namePerson/first'    => 'firstName',
        'namePerson/last'     => 'lastName',
        'namePerson/friendly' => 'login'
        );
    
    function setup($identity, $realm, $assoc_handle, $attributes)
    {

		logger('identity: ' . $identity);
		logger('realm: ' . $realm);
		logger('assoc_handle: ' . $assoc_handle);
		logger('attributes: ' . print_r($attributes,true));

        $data = getUserData($assoc_handle);
        $o .= '<form action="" method="post">'
           . '<input type="hidden" name="openid.assoc_handle" value="' . $assoc_handle . '">'
           . '<input type="hidden" name="login" value="' . $_POST['login'] .'">'
           . '<input type="hidden" name="password" value="' . $_POST['password'] .'">'
           . "<b>$realm</b> wishes to authenticate you.";
        if($attributes['required'] || $attributes['optional']) {
            $o .= " It also requests following information (required fields marked with *):"
               . '<ul>';
            
            foreach($attributes['required'] as $attr) {
                if(isset($this->attrMap[$attr])) {
                    $o .= '<li>'
                       . '<input type="checkbox" name="attributes[' . $attr . ']"> '
                       . $this->attrMap[$attr] . '(*)</li>';
                }
            }
            
            foreach($attributes['optional'] as $attr) {
                if(isset($this->attrMap[$attr])) {
                    $o .= '<li>'
                       . '<input type="checkbox" name="attributes[' . $attr . ']"> '
                       . $this->attrMap[$attr] . '</li>';
                }
            }
            $o .= '</ul>';
        }
        $o .= '<br>'
           . '<button name="once">Allow once</button> '
           . '<button name="always">Always allow</button> '
           . '<button name="cancel">cancel</button> '
           . '</form>';

		get_app()->page['content'] .= $o;

    }
    
    function checkid($realm, &$attributes)
    {

		logger('checkid: ' . $realm);

		logger('checkid attrs: ' . print_r($attributes,true));


        if(isset($_POST['cancel'])) {
            $this->cancel();
        }
        
        $data = getUserData();
        if(! $data) {
            return false;
        }


		logger('checkid: checkpoint1');


		$q = get_pconfig(local_channel(),'openid',$realm);

		$attrs = array();
		if($q) {
			$attrs = $q;
        } elseif(isset($_POST['attributes'])) {
            $attrs = array_keys($_POST['attributes']);
        } elseif(!isset($_POST['once']) && !isset($_POST['always'])) {
            return false;
        }

        $attributes = array();
        foreach($attrs as $attr) {
            if(isset($this->attrFieldMap[$attr])) {
                $attributes[$attr] = $data[$this->attrFieldMap[$attr]];
            }
        }
        
        if(isset($_POST['always'])) {
			set_pconfig(local_channel(),'openid',$realm,array_keys($attributes));
        }
  
		return z_root() . '/id/' . $data['channel_address'];      
    }
    
    function assoc_handle()
    {
		
		$channel = get_app()->get_channel();
		return z_root() . '/id/' . $channel['channel_address']; 

    }
    
    function setAssoc($handle, $data)
    {
		logger('setAssoc');
		$channel = channelx_by_nick(basename($handle));
		if($channel)
			set_pconfig($channel['channel_id'],'openid','associate',$data);

    }
    
    function getAssoc($handle)
    {
		logger('getAssoc: ' . $handle);

		$channel = channelx_by_nick(basename($handle));
		if($channel)
			return get_pconfig($channel['channel_id'],'openid','associate');
		return false;
    }
    
    function delAssoc($handle)
    {
		logger('delAssoc');
		$channel = channelx_by_nick(basename($handle));
		if($channel)
			return del_pconfig($channel['channel_id'],'openid','associate');
    }
    
}
$op = new MysqlProvider;
$op->server();

}
<?php

function id_init(&$a) {

logger('id: ' . print_r($_REQUEST,true));

/**
 * This example shows several things:
 * - How a setup interface should look like.
 * - How to use a mysql table for authentication
 * - How to store associations in mysql table, instead of php sessions.
 * - How to store realm authorizations.
 * - How to send AX/SREG parameters.
 * For the example to work, you need to create the necessary tables:
CREATE TABLE Users (
    id INT NOT NULL auto_increment PRIMARY KEY,
    login VARCHAR(32) NOT NULL,
    password CHAR(40) NOT NULL,
    firstName VARCHAR(32) NOT NULL,
    lastName VARCHAR(32) NOT NULL
);

CREATE TABLE AllowedSites (
    user INT NOT NULL,
    realm TEXT NOT NULL,
    attributes TEXT NOT NULL,
    INDEX(user)
);

CREATE TABLE Associations (
    id INT NOT NULL PRIMARY KEY,
    data TEXT NOT NULL
);
 *
 * This is only an example. Don't use it in your code as-is.
 * It has several security flaws, which you shouldn't copy (like storing plaintext login and password in forms).
 *
 * This setup could be very easily flooded with many associations, 
 * since non-private ones aren't automatically deleted.
 * You could prevent this by storing a date of association and removing old ones,
 * or by setting $this->dh = false;
 * However, the latter one would disable stateful mode, unless connecting via HTTPS.
 */
require 'library/openid/provider/provider.php';


function getUserData($handle=null)
{
	if(! local_channel()) {
		notice( t('Permission denied.') . EOL);
		get_app()->page['content'] =  login();
	}

	logger('handle: ' . $handle);

	if($handle) {
		$r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_address = '%s' limit 1",
			dbesc($handle)
		);
	}
	else {
		$r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_id = %d",
			intval(local_channel())
		);
	}

	return $r[0];

/*
    if(isset($_POST['login'],$_POST['password'])) {
        $login = mysql_real_escape_string($_POST['login']);
        $password = sha1($_POST['password']);
        $q = mysql_query("SELECT * FROM Users WHERE login = '$login' AND password = '$password'");
        if($data = mysql_fetch_assoc($q)) {
            return $data;
        }
        if($handle) {
            echo 'Wrong login/password.';
        }
    }
    if($handle) {
    ?>
    <form action="" method="post">
    <input type="hidden" name="openid.assoc_handle" value="<?php echo $handle?>">
    Login: <input type="text" name="login"><br>
    Password: <input type="password" name="password"><br>
    <button>Submit</button>
    </form>
    <?php
    die();
    }
*/

}

class MysqlProvider extends LightOpenIDProvider
{
    private $attrMap = array(
        'namePerson/first'    => 'First name',
        'namePerson/last'     => 'Last name',
        'namePerson/friendly' => 'Nickname (login)'
        );
    
    private $attrFieldMap = array(
        'namePerson/first'    => 'firstName',
        'namePerson/last'     => 'lastName',
        'namePerson/friendly' => 'login'
        );
    
    function setup($identity, $realm, $assoc_handle, $attributes)
    {

		logger('identity: ' . $identity);
		logger('realm: ' . $realm);
		logger('assoc_handle: ' . $assoc_handle);
		logger('attributes: ' . print_r($attributes,true));

        $data = getUserData($assoc_handle);
        $o .= '<form action="" method="post">'
           . '<input type="hidden" name="openid.assoc_handle" value="' . $assoc_handle . '">'
           . '<input type="hidden" name="login" value="' . $_POST['login'] .'">'
           . '<input type="hidden" name="password" value="' . $_POST['password'] .'">'
           . "<b>$realm</b> wishes to authenticate you.";
        if($attributes['required'] || $attributes['optional']) {
            $o .= " It also requests following information (required fields marked with *):"
               . '<ul>';
            
            foreach($attributes['required'] as $attr) {
                if(isset($this->attrMap[$attr])) {
                    $o .= '<li>'
                       . '<input type="checkbox" name="attributes[' . $attr . ']"> '
                       . $this->attrMap[$attr] . '(*)</li>';
                }
            }
            
            foreach($attributes['optional'] as $attr) {
                if(isset($this->attrMap[$attr])) {
                    $o .= '<li>'
                       . '<input type="checkbox" name="attributes[' . $attr . ']"> '
                       . $this->attrMap[$attr] . '</li>';
                }
            }
            $o .= '</ul>';
        }
        $o .= '<br>'
           . '<button name="once">Allow once</button> '
           . '<button name="always">Always allow</button> '
           . '<button name="cancel">cancel</button> '
           . '</form>';

		get_app()->page['content'] .= $o;

    }
    
    function checkid($realm, &$attributes)
    {

		logger('checkid: ' . $realm);

		logger('checkid attrs: ' . print_r($attributes,true));


        if(isset($_POST['cancel'])) {
            $this->cancel();
        }
        
        $data = getUserData();
        if(! $data) {
            return false;
        }


		logger('checkid: checkpoint1');


		$q = get_pconfig(local_channel(),'openid',$realm);

		$attrs = array();
		if($q) {
			$attrs = $q;
        } elseif(isset($_POST['attributes'])) {
            $attrs = array_keys($_POST['attributes']);
        } elseif(!isset($_POST['once']) && !isset($_POST['always'])) {
            return false;
        }

        $attributes = array();
        foreach($attrs as $attr) {
            if(isset($this->attrFieldMap[$attr])) {
                $attributes[$attr] = $data[$this->attrFieldMap[$attr]];
            }
        }
        
        if(isset($_POST['always'])) {
			set_pconfig(local_channel(),'openid',$realm,array_keys($attributes));
        }
  
		return z_root() . '/id/' . $data['channel_address'];      
    }
    
    function assoc_handle()
    {
		
		$channel = get_app()->get_channel();
		return z_root() . '/id/' . $channel['channel_address']; 

    }
    
    function setAssoc($handle, $data)
    {
		logger('setAssoc');
		$channel = channelx_by_nick(basename($handle));
		if($channel)
			set_pconfig($channel['channel_id'],'openid','associate',$data);

    }
    
    function getAssoc($handle)
    {
		logger('getAssoc: ' . $handle);

		$channel = channelx_by_nick(basename($handle));
		if($channel)
			return get_pconfig($channel['channel_id'],'openid','associate');
		return false;
    }
    
    function delAssoc($handle)
    {
		logger('delAssoc');
		$channel = channelx_by_nick(basename($handle));
		if($channel)
			return del_pconfig($channel['channel_id'],'openid','associate');
    }
    
}
$op = new MysqlProvider;
$op->server();

}