From d6ab975b188778a0be936c3065b502e0c58b8c91 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Mon, 17 Feb 2014 19:48:05 -0800
Subject: operation snakebite continued. openid now works for local accounts
 using the rmagic module and after storing your openid in pconfig. This is
 just an interesting but trivial (in the bigger scheme of things) side effect
 of snakebite. The snake hasn't even waken up yet.

---
 include/auth.php |  10 ++++++
 include/text.php |   4 +++
 mod/openid.php   | 101 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 mod/rmagic.php   |  12 +++++--
 4 files changed, 125 insertions(+), 2 deletions(-)
 create mode 100644 mod/openid.php

diff --git a/include/auth.php b/include/auth.php
index 2b7c385fd..a4e859e0c 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -230,3 +230,13 @@ else {
 		authenticate_success($record, true, true);
 	}
 }
+
+
+function match_openid($authid) {
+	$r = q("select * from pconfig where cat = 'system' and k = 'openid' ");
+	if($r)
+		foreach($r as $rr)
+			if($rr['v'] === $authid)
+				return $rr['uid'];
+	return false;
+}					
diff --git a/include/text.php b/include/text.php
index 2f5accf6e..2bf760035 100755
--- a/include/text.php
+++ b/include/text.php
@@ -1924,3 +1924,7 @@ function in_arrayi($needle, $haystack) {
 	return in_array(strtolower($needle), array_map('strtolower', $haystack));
 }
 
+function normalise_openid($s) {
+	return trim(str_replace(array('http://','https://'),array('',''),$s),'/');
+}
+
diff --git a/mod/openid.php b/mod/openid.php
new file mode 100644
index 000000000..d59d671e7
--- /dev/null
+++ b/mod/openid.php
@@ -0,0 +1,101 @@
+<?php
+
+
+require_once('library/openid/openid.php');
+require_once('include/auth.php');
+
+function openid_content(&$a) {
+
+	$noid = get_config('system','no_openid');
+	if($noid)
+		goaway(z_root());
+
+	logger('mod_openid ' . print_r($_REQUEST,true), LOGGER_DATA);
+
+	if(x($_REQUEST,'openid_mode')) {
+
+		$openid = new LightOpenID(z_root());
+
+		if($openid->validate()) {
+
+			logger('openid: validate');
+
+			$authid = normalise_openid($_REQUEST['openid_identity']);
+
+			if(! strlen($authid)) {
+				logger( t('OpenID protocol error. No ID returned.') . EOL);
+				goaway(z_root());
+			}
+			
+			$x = match_openid($authid);
+			if($x) {	
+
+				$r = q("select * from channel where channel_id = %d limit 1",
+					intval($x)
+				);
+				if($r) {
+					$y = q("select * from account where account_id = %d limit 1",
+						intval($r[0]['channel_account_id'])
+					);
+					if($y) {
+					    foreach($y as $record) {
+					        if(($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED)) {
+			            		logger('mod_openid: openid success for ' . $x[0]['channel_name']);
+								$_SESSION['uid'] = $r[0]['channel_id'];
+								$_SESSION['authenticated'] = true;
+								authenticate_success($record,true,true,true,true);
+								goaway(z_root());
+							}
+						}
+					}
+				}
+			}
+
+			// Successful OpenID login - but we can't match it to an existing account.
+			// New registration?
+
+//			if($a->config['register_policy'] == REGISTER_CLOSED) {
+				notice( t('Account not found and OpenID registration is not permitted on this site.') . EOL);
+				goaway(z_root());
+//			}
+
+			unset($_SESSION['register']);
+			$args = '';
+			$attr = $openid->getAttributes();
+			if(is_array($attr) && count($attr)) {
+				foreach($attr as $k => $v) {
+					if($k === 'namePerson/friendly')
+						$nick = notags(trim($v));
+					if($k === 'namePerson/first')
+						$first = notags(trim($v));
+					if($k === 'namePerson')
+						$args .= '&username=' . notags(trim($v));
+					if($k === 'contact/email')
+						$args .= '&email=' . notags(trim($v));
+					if($k === 'media/image/aspect11')
+						$photosq = bin2hex(trim($v));
+					if($k === 'media/image/default')
+						$photo = bin2hex(trim($v));
+				}
+			}
+			if($nick)
+				$args .= '&nickname=' . $nick;
+			elseif($first)
+				$args .= '&nickname=' . $first;
+
+			if($photosq)
+				$args .= '&photo=' . $photosq;
+			elseif($photo)
+				$args .= '&photo=' . $photo;
+
+			$args .= '&openid_url=' . notags(trim($authid));
+
+			goaway($a->get_baseurl() . '/register' . $args);
+
+			// NOTREACHED
+		}
+	}
+	notice( t('Login failed.') . EOL);
+	goaway(z_root());
+	// NOTREACHED
+}
diff --git a/mod/rmagic.php b/mod/rmagic.php
index 093ccd328..946277327 100644
--- a/mod/rmagic.php
+++ b/mod/rmagic.php
@@ -23,12 +23,20 @@ function rmagic_init(&$a) {
 function rmagic_post(&$a) {
 
 	$address = trim($_REQUEST['address']);
-	$other = intval($_REQUEST['other']);
 
-	if($other) {
+	if(strpos($address,'@') === false) {
 		$arr = array('address' => $address);
 		call_hooks('reverse_magic_auth', $arr);		
 
+		try {
+			require_once('library/openid/openid.php');
+			$openid = new LightOpenID(z_root());
+			$openid->identity = $address;
+			$openid->returnUrl = z_root() . '/openid'; 
+			goaway($openid->authUrl());
+		} catch (Exception $e) {
+			notice( t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.').'<br /><br >'. t('The error message was:').' '.$e->getMessage());
+		}
 
 		// if they're still here...
 		notice( t('Authentication failed.') . EOL);		
-- 
cgit v1.2.3