From bfd123c59a61be1d667648263aa44c4a9e14a5fc Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 11 Mar 2015 01:03:14 -0700 Subject: openid server --- mod/id.php | 237 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 237 insertions(+) create mode 100644 mod/id.php (limited to 'mod/id.php') diff --git a/mod/id.php b/mod/id.php new file mode 100644 index 000000000..852c73163 --- /dev/null +++ b/mod/id.php @@ -0,0 +1,237 @@ +dh = false; + * However, the latter one would disable stateful mode, unless connecting via HTTPS. + */ +require 'library/openid/provider/provider.php'; + + +function getUserData($handle=null) +{ + if(! local_channel()) { + notice( t('Permission denied.') . EOL); + get_app()->page['content'] = login(); + } + + + if($handle) { + $r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_hash = '%s' limit 1", + dbesc($handle) + ); + } + else { + $r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_id = %d", + intval(local_channel()) + ); + } + + return $r; + +/* + if(isset($_POST['login'],$_POST['password'])) { + $login = mysql_real_escape_string($_POST['login']); + $password = sha1($_POST['password']); + $q = mysql_query("SELECT * FROM Users WHERE login = '$login' AND password = '$password'"); + if($data = mysql_fetch_assoc($q)) { + return $data; + } + if($handle) { + echo 'Wrong login/password.'; + } + } + if($handle) { + ?> +
+ + Login:
+ Password:
+ +
+ 'First name', + 'namePerson/last' => 'Last name', + 'namePerson/friendly' => 'Nickname (login)' + ); + + private $attrFieldMap = array( + 'namePerson/first' => 'firstName', + 'namePerson/last' => 'lastName', + 'namePerson/friendly' => 'login' + ); + + function setup($identity, $realm, $assoc_handle, $attributes) + { + $data = getUserData($assoc_handle); + $o .= '
' + . '' + . '' + . '' + . "$realm wishes to authenticate you."; + if($attributes['required'] || $attributes['optional']) { + $o .= " It also requests following information (required fields marked with *):" + . ''; + } + $o .= '
' + . ' ' + . ' ' + . ' ' + . '
'; + + get_app()->page['content'] = $o; + + } + + function checkid($realm, &$attributes) + { + if(isset($_POST['cancel'])) { + $this->cancel(); + } + + $data = getUserData(); + if(!$data) { + return false; + } + $realm = mysql_real_escape_string($realm); + + + $q = mysql_query("SELECT attributes FROM AllowedSites WHERE user = '{$data['id']}' AND realm = '$realm'"); + + $attrs = array(); + if($attrs = mysql_fetch_row($q)) { + $attrs = explode(',', $attributes[0]); + } elseif(isset($_POST['attributes'])) { + $attrs = array_keys($_POST['attributes']); + } elseif(!isset($_POST['once']) && !isset($_POST['always'])) { + return false; + } + + $attributes = array(); + foreach($attrs as $attr) { + if(isset($this->attrFieldMap[$attr])) { + $attributes[$attr] = $data[$this->attrFieldMap[$attr]]; + } + } + + if(isset($_POST['always'])) { + $attrs = mysql_real_escape_string(implode(',', array_keys($attributes))); + mysql_query("REPLACE INTO AllowedSites VALUES('{$data['id']}', '$realm', '$attrs')"); + } + + return $this->serverLocation . '?' . $data['login']; + } + + function assoc_handle() + { + # We generate an integer assoc handle, because it's just faster to look up an integer later. + $q = mysql_query("SELECT MAX(id) FROM Associations"); + $result = mysql_fetch_row($q); + return $q[0]+1; + } + + function setAssoc($handle, $data) + { + $data = mysql_real_escape_string(serialize($data)); + mysql_query("REPLACE INTO Associations VALUES('$handle', '$data')"); + } + + function getAssoc($handle) + { + if(!is_numeric($handle)) { + return false; + } + $q = mysql_query("SELECT data FROM Associations WHERE id = '$handle'"); + $data = mysql_fetch_row($q); + if(!$data) { + return false; + } + return unserialize($data[0]); + } + + function delAssoc($handle) + { + if(!is_numeric($handle)) { + return false; + } + mysql_query("DELETE FROM Associations WHERE id = '$handle'"); + } + +} +$op = new MysqlProvider; +$op->server(); + +} + + + + + + + + + + + -- cgit v1.2.3 From 76fedfe1f89e671c625598d48508195bab98e969 Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 11 Mar 2015 21:49:29 -0700 Subject: openid stuff --- mod/id.php | 84 ++++++++++++++++++++++++++++++++++++-------------------------- 1 file changed, 49 insertions(+), 35 deletions(-) (limited to 'mod/id.php') diff --git a/mod/id.php b/mod/id.php index 852c73163..760a29c01 100644 --- a/mod/id.php +++ b/mod/id.php @@ -51,9 +51,10 @@ function getUserData($handle=null) get_app()->page['content'] = login(); } + logger('handle: ' . $handle); if($handle) { - $r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_hash = '%s' limit 1", + $r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_address = '%s' limit 1", dbesc($handle) ); } @@ -63,7 +64,7 @@ function getUserData($handle=null) ); } - return $r; + return $r[0]; /* if(isset($_POST['login'],$_POST['password'])) { @@ -108,6 +109,12 @@ class MysqlProvider extends LightOpenIDProvider function setup($identity, $realm, $assoc_handle, $attributes) { + + logger('identity: ' . $identity); + logger('realm: ' . $realm); + logger('assoc_handle: ' . $assoc_handle); + logger('attributes: ' . print_r($attributes,true)); + $data = getUserData($assoc_handle); $o .= '
' . '' @@ -141,34 +148,42 @@ class MysqlProvider extends LightOpenIDProvider . ' ' . '
'; - get_app()->page['content'] = $o; + get_app()->page['content'] .= $o; } function checkid($realm, &$attributes) { + + logger('checkid: ' . $realm); + + logger('checkid attrs: ' . print_r($attributes,true)); + + if(isset($_POST['cancel'])) { $this->cancel(); } $data = getUserData(); - if(!$data) { + if(! $data) { return false; } - $realm = mysql_real_escape_string($realm); - - $q = mysql_query("SELECT attributes FROM AllowedSites WHERE user = '{$data['id']}' AND realm = '$realm'"); - - $attrs = array(); - if($attrs = mysql_fetch_row($q)) { - $attrs = explode(',', $attributes[0]); + + logger('checkid: checkpoint1'); + + + $q = get_pconfig(local_channel(),'openid',$realm); + + $attrs = array(); + if($q) { + $attrs = $q; } elseif(isset($_POST['attributes'])) { $attrs = array_keys($_POST['attributes']); } elseif(!isset($_POST['once']) && !isset($_POST['always'])) { return false; } - + $attributes = array(); foreach($attrs as $attr) { if(isset($this->attrFieldMap[$attr])) { @@ -177,46 +192,45 @@ class MysqlProvider extends LightOpenIDProvider } if(isset($_POST['always'])) { - $attrs = mysql_real_escape_string(implode(',', array_keys($attributes))); - mysql_query("REPLACE INTO AllowedSites VALUES('{$data['id']}', '$realm', '$attrs')"); + set_pconfig(local_channel(),'openid',$realm,array_keys($attributes)); } - - return $this->serverLocation . '?' . $data['login']; + + return z_root() . '/id/' . $data['channel_address']; } function assoc_handle() { - # We generate an integer assoc handle, because it's just faster to look up an integer later. - $q = mysql_query("SELECT MAX(id) FROM Associations"); - $result = mysql_fetch_row($q); - return $q[0]+1; + + $channel = get_app()->get_channel(); + return z_root() . '/id/' . $channel['channel_address']; + } function setAssoc($handle, $data) { - $data = mysql_real_escape_string(serialize($data)); - mysql_query("REPLACE INTO Associations VALUES('$handle', '$data')"); + logger('setAssoc'); + $channel = channelx_by_nick(basename($handle)); + if($channel) + set_pconfig($channel['channel_id'],'openid','associate',$data); + } function getAssoc($handle) { - if(!is_numeric($handle)) { - return false; - } - $q = mysql_query("SELECT data FROM Associations WHERE id = '$handle'"); - $data = mysql_fetch_row($q); - if(!$data) { - return false; - } - return unserialize($data[0]); + logger('getAssoc: ' . $handle); + + $channel = channelx_by_nick(basename($handle)); + if($channel) + return get_pconfig($channel['channel_id'],'openid','associate'); + return false; } function delAssoc($handle) { - if(!is_numeric($handle)) { - return false; - } - mysql_query("DELETE FROM Associations WHERE id = '$handle'"); + logger('delAssoc'); + $channel = channelx_by_nick(basename($handle)); + if($channel) + return del_pconfig($channel['channel_id'],'openid','associate'); } } -- cgit v1.2.3 From f2d84608af74e66fe6c5d21369cd5d3cfe4803de Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 12 Mar 2015 18:48:32 -0700 Subject: Add some AX vars to openid server. --- mod/id.php | 39 ++++++++++++++++++++++++++++----------- 1 file changed, 28 insertions(+), 11 deletions(-) (limited to 'mod/id.php') diff --git a/mod/id.php b/mod/id.php index 760a29c01..4a6f5683c 100644 --- a/mod/id.php +++ b/mod/id.php @@ -49,9 +49,10 @@ function getUserData($handle=null) if(! local_channel()) { notice( t('Permission denied.') . EOL); get_app()->page['content'] = login(); + return false; } - logger('handle: ' . $handle); +// logger('handle: ' . $handle); if($handle) { $r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_address = '%s' limit 1", @@ -64,6 +65,19 @@ function getUserData($handle=null) ); } + if(! r) + return false; + + $x = q("select * from account where account_id = %d limit 1", + intval($r[0]['channel_account_id']) + ); + if($x) + $r[0]['email'] = $x[0]['account_email']; + + $r[0]['firstName'] = ((strpos($r[0]['channel_name'],' ')) ? substr($r[0]['channel_name'],0,strpos($r[0]['channel_name'],' ')) : $r[0]['channel_name']); + $r[0]['lastName'] = ((strpos($r[0]['channel_name'],' ')) ? substr($r[0]['channel_name'],strpos($r[0]['channel_name'],' ')+1) : ''); + + return $r[0]; /* @@ -96,26 +110,29 @@ function getUserData($handle=null) class MysqlProvider extends LightOpenIDProvider { private $attrMap = array( - 'namePerson/first' => 'First name', - 'namePerson/last' => 'Last name', - 'namePerson/friendly' => 'Nickname (login)' + 'namePerson/first' => 'First name', + 'namePerson/last' => 'Last name', + 'namePerson/friendly' => 'Nickname', + 'contact/internet/email' => 'Email' ); private $attrFieldMap = array( - 'namePerson/first' => 'firstName', - 'namePerson/last' => 'lastName', - 'namePerson/friendly' => 'login' + 'namePerson/first' => 'firstName', + 'namePerson/last' => 'lastName', + 'namePerson/friendly' => 'channel_address', + 'contact/internet/email' => 'email' ); function setup($identity, $realm, $assoc_handle, $attributes) { - logger('identity: ' . $identity); - logger('realm: ' . $realm); - logger('assoc_handle: ' . $assoc_handle); - logger('attributes: ' . print_r($attributes,true)); +// logger('identity: ' . $identity); +// logger('realm: ' . $realm); +// logger('assoc_handle: ' . $assoc_handle); +// logger('attributes: ' . print_r($attributes,true)); $data = getUserData($assoc_handle); + $o .= '
' . '' . '' -- cgit v1.2.3 From d60cb14c2f23f372dec5fed78420f8ced3942ea6 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 12 Mar 2015 20:05:43 -0700 Subject: support a fair number of the common AX regs --- mod/id.php | 73 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 68 insertions(+), 5 deletions(-) (limited to 'mod/id.php') diff --git a/mod/id.php b/mod/id.php index 4a6f5683c..00138cd29 100644 --- a/mod/id.php +++ b/mod/id.php @@ -73,11 +73,36 @@ function getUserData($handle=null) ); if($x) $r[0]['email'] = $x[0]['account_email']; + + $p = q("select * from profile where is_default = 1 and uid = %d limit 1", + intval($r[0]['channel_account_id']) + ); + + $gender = ''; + if($p[0]['gender'] == t('Male')) + $gender = 'M'; + if($p[0]['gender'] == t('Female')) + $gender = 'F'; $r[0]['firstName'] = ((strpos($r[0]['channel_name'],' ')) ? substr($r[0]['channel_name'],0,strpos($r[0]['channel_name'],' ')) : $r[0]['channel_name']); $r[0]['lastName'] = ((strpos($r[0]['channel_name'],' ')) ? substr($r[0]['channel_name'],strpos($r[0]['channel_name'],' ')+1) : ''); + $r[0]['namePerson'] = $r[0]['channel_name']; + $r[0]['pphoto'] = $r[0]['xchan_photo_l']; + $r[0]['pphoto16'] = z_root() . '/photo/profile/16/' . $r[0]['channel_id'] . '.jpg'; + $r[0]['pphoto32'] = z_root() . '/photo/profile/32/' . $r[0]['channel_id'] . '.jpg'; + $r[0]['pphoto48'] = z_root() . '/photo/profile/48/' . $r[0]['channel_id'] . '.jpg'; + $r[0]['pphoto64'] = z_root() . '/photo/profile/64/' . $r[0]['channel_id'] . '.jpg'; + $r[0]['pphoto80'] = z_root() . '/photo/profile/80/' . $r[0]['channel_id'] . '.jpg'; + $r[0]['pphoto128'] = z_root() . '/photo/profile/128/' . $r[0]['channel_id'] . '.jpg'; + $r[0]['timezone'] = $r[0]['channel_timezone']; + $r[0]['url'] = $r[0]['xchan_url']; + $r[0]['language'] = (($x[0]['account_language']) ? $x[0]['account_language'] : 'en'); + $r[0]['birthyear'] = ((intval(substr($p[0]['dob'],0,4))) ? intval(substr($p[0]['dob'],0,4)) : ''); + $r[0]['birthmonth'] = ((intval(substr($p[0]['dob'],5,2))) ? intval(substr($p[0]['dob'],5,2)) : ''); + $r[0]['birthday'] = ((intval(substr($p[0]['dob'],8,2))) ? intval(substr($p[0]['dob'],8,2)) : ''); + $r[0]['birthdate'] = (($r[0]['birthyear'] && $r[0]['birthmonth'] && $r[0]['birthday']) ? $p[0]['dob'] : ''); + $r[0]['gender'] = $gender; - return $r[0]; /* @@ -110,17 +135,55 @@ function getUserData($handle=null) class MysqlProvider extends LightOpenIDProvider { private $attrMap = array( - 'namePerson/first' => 'First name', - 'namePerson/last' => 'Last name', + 'namePerson/first' => 'First Name', + 'namePerson/last' => 'Last Name', 'namePerson/friendly' => 'Nickname', - 'contact/internet/email' => 'Email' + 'namePerson' => 'Full Name', + 'contact/internet/email' => 'Email', + 'contact/email' => 'Email', + 'media/image/aspect11' => 'Profile Photo', + 'media/image' => 'Profile Photo', + 'media/image/default' => 'Profile Photo', + 'media/image/16x16' => 'Profile Photo 16px', + 'media/image/32x32' => 'Profile Photo 32px', + 'media/image/48x48' => 'Profile Photo 48px', + 'media/image/64x64' => 'Profile Photo 64px', + 'media/image/80x80' => 'Profile Photo 80px', + 'media/image/128x128' => 'Profile Photo 128px', + 'timezone' => 'Timezone', + 'contact/web/default' => 'Homepage URL', + 'language/pref' => 'Language', + 'birthDate/birthYear' => 'Birth Year', + 'birthDate/birthMonth' => 'Birth Month', + 'birthDate/birthday' => 'Birth Day', + 'birthDate' => 'Birthdate', + 'gender' => 'Gender', ); private $attrFieldMap = array( 'namePerson/first' => 'firstName', 'namePerson/last' => 'lastName', 'namePerson/friendly' => 'channel_address', - 'contact/internet/email' => 'email' + 'namePerson' => 'namePerson', + 'contact/internet/email' => 'email', + 'contact/email' => 'email', + 'media/image/aspect11' => 'pphoto', + 'media/image' => 'pphoto', + 'media/image/default' => 'pphoto', + 'media/image/16x16' => 'pphoto16', + 'media/image/32x32' => 'pphoto32', + 'media/image/48x48' => 'pphoto48', + 'media/image/64x64' => 'pphoto64', + 'media/image/80x80' => 'pphoto80', + 'media/image/128x128' => 'pphoto128', + 'timezone' => 'timezone', + 'contact/web/default' => 'url', + 'language/pref' => 'language', + 'birthDate/birthYear' => 'birthyear', + 'birthDate/birthMonth' => 'birthmonth', + 'birthDate/birthday' => 'birthday', + 'birthDate' => 'birthdate', + 'gender' => 'gender', ); function setup($identity, $realm, $assoc_handle, $attributes) -- cgit v1.2.3 From 93caead072e3b5f1623fe0c61206e57da7ca20b3 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 12 Mar 2015 20:43:53 -0700 Subject: try to allow translation of ax regs --- mod/id.php | 81 ++++++++++++++++++++++++++++++++++++++++---------------------- 1 file changed, 52 insertions(+), 29 deletions(-) (limited to 'mod/id.php') diff --git a/mod/id.php b/mod/id.php index 00138cd29..d2776830d 100644 --- a/mod/id.php +++ b/mod/id.php @@ -78,6 +78,9 @@ function getUserData($handle=null) intval($r[0]['channel_account_id']) ); + + + $gender = ''; if($p[0]['gender'] == t('Male')) $gender = 'M'; @@ -132,34 +135,50 @@ function getUserData($handle=null) } + +function translate_regs() { + + // This exists to get around scoping rules + + $attrMap = array( + 'namePerson/first' => t('First Name'), + 'namePerson/last' => t('Last Name'), + 'namePerson/friendly' => t('Nickname'), + 'namePerson' => t('Full Name'), + 'contact/internet/email' => t('Email'), + 'contact/email' => t('Email'), + 'media/image/aspect11' => t('Profile Photo'), + 'media/image' => t('Profile Photo'), + 'media/image/default' => t('Profile Photo'), + 'media/image/16x16' => t('Profile Photo 16px'), + 'media/image/32x32' => t('Profile Photo 32px'), + 'media/image/48x48' => t('Profile Photo 48px'), + 'media/image/64x64' => t('Profile Photo 64px'), + 'media/image/80x80' => t('Profile Photo 80px'), + 'media/image/128x128' => t('Profile Photo 128px'), + 'timezone' => t('Timezone'), + 'contact/web/default' => t('Homepage URL'), + 'language/pref' => t('Language'), + 'birthDate/birthYear' => t('Birth Year'), + 'birthDate/birthMonth' => t('Birth Month'), + 'birthDate/birthday' => t('Birth Day'), + 'birthDate' => t('Birthdate'), + 'gender' => t('Gender'), + ); + + return $attrMap; +} + + class MysqlProvider extends LightOpenIDProvider { - private $attrMap = array( - 'namePerson/first' => 'First Name', - 'namePerson/last' => 'Last Name', - 'namePerson/friendly' => 'Nickname', - 'namePerson' => 'Full Name', - 'contact/internet/email' => 'Email', - 'contact/email' => 'Email', - 'media/image/aspect11' => 'Profile Photo', - 'media/image' => 'Profile Photo', - 'media/image/default' => 'Profile Photo', - 'media/image/16x16' => 'Profile Photo 16px', - 'media/image/32x32' => 'Profile Photo 32px', - 'media/image/48x48' => 'Profile Photo 48px', - 'media/image/64x64' => 'Profile Photo 64px', - 'media/image/80x80' => 'Profile Photo 80px', - 'media/image/128x128' => 'Profile Photo 128px', - 'timezone' => 'Timezone', - 'contact/web/default' => 'Homepage URL', - 'language/pref' => 'Language', - 'birthDate/birthYear' => 'Birth Year', - 'birthDate/birthMonth' => 'Birth Month', - 'birthDate/birthday' => 'Birth Day', - 'birthDate' => 'Birthdate', - 'gender' => 'Gender', - ); - + + // See http://openid.net/specs/openid-attribute-properties-list-1_0-01.html + // This list contains a few variations of these attributes to maintain + // compatibility with legacy clients + + private $attrMap; + private $attrFieldMap = array( 'namePerson/first' => 'firstName', 'namePerson/last' => 'lastName', @@ -181,11 +200,15 @@ class MysqlProvider extends LightOpenIDProvider 'language/pref' => 'language', 'birthDate/birthYear' => 'birthyear', 'birthDate/birthMonth' => 'birthmonth', - 'birthDate/birthday' => 'birthday', + 'birthDate/birthday' => 'birthday', 'birthDate' => 'birthdate', 'gender' => 'gender', ); - + + function __construct() { + $this->attrMap = translate_regs(); + } + function setup($identity, $realm, $assoc_handle, $attributes) { @@ -209,7 +232,7 @@ class MysqlProvider extends LightOpenIDProvider if(isset($this->attrMap[$attr])) { $o .= '
  • ' . ' ' - . $this->attrMap[$attr] . '(*)
    • '; + . $this->attrMap[$attr] . ' *'; } } -- cgit v1.2.3 From c412e6e640af11a51ff569fe86fcc381291683b9 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 12 Mar 2015 20:51:36 -0700 Subject: revert that --- mod/id.php | 29 +++++++++++++++++++++++++---- 1 file changed, 25 insertions(+), 4 deletions(-) (limited to 'mod/id.php') diff --git a/mod/id.php b/mod/id.php index d2776830d..378022717 100644 --- a/mod/id.php +++ b/mod/id.php @@ -177,7 +177,31 @@ class MysqlProvider extends LightOpenIDProvider // This list contains a few variations of these attributes to maintain // compatibility with legacy clients - private $attrMap; + private $attrMap = array( + 'namePerson/first' => 'First Name', + 'namePerson/last' => 'Last Name', + 'namePerson/friendly' => 'Nickname', + 'namePerson' => 'Full Name', + 'contact/internet/email' => 'Email', + 'contact/email' => 'Email', + 'media/image/aspect11' => 'Profile Photo', + 'media/image' => 'Profile Photo', + 'media/image/default' => 'Profile Photo', + 'media/image/16x16' => 'Profile Photo 16px', + 'media/image/32x32' => 'Profile Photo 32px', + 'media/image/48x48' => 'Profile Photo 48px', + 'media/image/64x64' => 'Profile Photo 64px', + 'media/image/80x80' => 'Profile Photo 80px', + 'media/image/128x128' => 'Profile Photo 128px', + 'timezone' => 'Timezone', + 'contact/web/default' => 'Homepage URL', + 'language/pref' => 'Language', + 'birthDate/birthYear' => 'Birth Year', + 'birthDate/birthMonth' => 'Birth Month', + 'birthDate/birthday' => 'Birth Day', + 'birthDate' => 'Birthdate', + 'gender' => 'Gender', + ); private $attrFieldMap = array( 'namePerson/first' => 'firstName', @@ -205,9 +229,6 @@ class MysqlProvider extends LightOpenIDProvider 'gender' => 'gender', ); - function __construct() { - $this->attrMap = translate_regs(); - } function setup($identity, $realm, $assoc_handle, $attributes) { -- cgit v1.2.3 From 6da40fc559f540e67802f771411aa9f85dc8d64d Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 15 Mar 2015 16:48:45 -0700 Subject: mod_id: load profile so the sidebar profile will work --- mod/id.php | 54 +++++++++++++++--------------------------------------- 1 file changed, 15 insertions(+), 39 deletions(-) (limited to 'mod/id.php') diff --git a/mod/id.php b/mod/id.php index 378022717..6678004c5 100644 --- a/mod/id.php +++ b/mod/id.php @@ -2,45 +2,21 @@ function id_init(&$a) { -logger('id: ' . print_r($_REQUEST,true)); - -/** - * This example shows several things: - * - How a setup interface should look like. - * - How to use a mysql table for authentication - * - How to store associations in mysql table, instead of php sessions. - * - How to store realm authorizations. - * - How to send AX/SREG parameters. - * For the example to work, you need to create the necessary tables: -CREATE TABLE Users ( - id INT NOT NULL auto_increment PRIMARY KEY, - login VARCHAR(32) NOT NULL, - password CHAR(40) NOT NULL, - firstName VARCHAR(32) NOT NULL, - lastName VARCHAR(32) NOT NULL -); - -CREATE TABLE AllowedSites ( - user INT NOT NULL, - realm TEXT NOT NULL, - attributes TEXT NOT NULL, - INDEX(user) -); - -CREATE TABLE Associations ( - id INT NOT NULL PRIMARY KEY, - data TEXT NOT NULL -); - * - * This is only an example. Don't use it in your code as-is. - * It has several security flaws, which you shouldn't copy (like storing plaintext login and password in forms). - * - * This setup could be very easily flooded with many associations, - * since non-private ones aren't automatically deleted. - * You could prevent this by storing a date of association and removing old ones, - * or by setting $this->dh = false; - * However, the latter one would disable stateful mode, unless connecting via HTTPS. - */ + logger('id: ' . print_r($_REQUEST,true)); + + + if(argc() > 1) + $which = argv(1); + else { + $a->error = 404; + return; + } + + $profile = ''; + $channel = $a->get_channel(); + profile_load($a,$which,$profile); + + require 'library/openid/provider/provider.php'; -- cgit v1.2.3 From 178b768e3ce43f3c75abec1540fcdc909c8c2197 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 16 Mar 2015 17:08:50 -0700 Subject: openid cleanup --- mod/id.php | 164 +++++++++++++++++++++++++------------------------------------ 1 file changed, 67 insertions(+), 97 deletions(-) (limited to 'mod/id.php') diff --git a/mod/id.php b/mod/id.php index 6678004c5..05a2f3dc5 100644 --- a/mod/id.php +++ b/mod/id.php @@ -1,5 +1,37 @@ t('First Name'), + 'namePerson/last' => t('Last Name'), + 'namePerson/friendly' => t('Nickname'), + 'namePerson' => t('Full Name'), + 'contact/internet/email' => t('Email'), + 'contact/email' => t('Email'), + 'media/image/aspect11' => t('Profile Photo'), + 'media/image' => t('Profile Photo'), + 'media/image/default' => t('Profile Photo'), + 'media/image/16x16' => t('Profile Photo 16px'), + 'media/image/32x32' => t('Profile Photo 32px'), + 'media/image/48x48' => t('Profile Photo 48px'), + 'media/image/64x64' => t('Profile Photo 64px'), + 'media/image/80x80' => t('Profile Photo 80px'), + 'media/image/128x128' => t('Profile Photo 128px'), + 'timezone' => t('Timezone'), + 'contact/web/default' => t('Homepage URL'), + 'language/pref' => t('Language'), + 'birthDate/birthYear' => t('Birth Year'), + 'birthDate/birthMonth' => t('Birth Month'), + 'birthDate/birthday' => t('Birth Day'), + 'birthDate' => t('Birthdate'), + 'gender' => t('Gender'), + ); + + + function id_init(&$a) { logger('id: ' . print_r($_REQUEST,true)); @@ -17,11 +49,14 @@ function id_init(&$a) { profile_load($a,$which,$profile); -require 'library/openid/provider/provider.php'; + $op = new MysqlProvider; + $op->server(); -function getUserData($handle=null) -{ +} + + +function getUserData($handle=null) { if(! local_channel()) { notice( t('Permission denied.') . EOL); get_app()->page['content'] = login(); @@ -54,9 +89,6 @@ function getUserData($handle=null) intval($r[0]['channel_account_id']) ); - - - $gender = ''; if($p[0]['gender'] == t('Male')) $gender = 'M'; @@ -85,100 +117,43 @@ function getUserData($handle=null) return $r[0]; /* - if(isset($_POST['login'],$_POST['password'])) { - $login = mysql_real_escape_string($_POST['login']); - $password = sha1($_POST['password']); - $q = mysql_query("SELECT * FROM Users WHERE login = '$login' AND password = '$password'"); - if($data = mysql_fetch_assoc($q)) { - return $data; - } - if($handle) { - echo 'Wrong login/password.'; - } - } - if($handle) { - ?> - - - Login:
    - Password:
    - - - +*
    +* +* Login:
    +* Password:
    +* +*
    +* t('First Name'), - 'namePerson/last' => t('Last Name'), - 'namePerson/friendly' => t('Nickname'), - 'namePerson' => t('Full Name'), - 'contact/internet/email' => t('Email'), - 'contact/email' => t('Email'), - 'media/image/aspect11' => t('Profile Photo'), - 'media/image' => t('Profile Photo'), - 'media/image/default' => t('Profile Photo'), - 'media/image/16x16' => t('Profile Photo 16px'), - 'media/image/32x32' => t('Profile Photo 32px'), - 'media/image/48x48' => t('Profile Photo 48px'), - 'media/image/64x64' => t('Profile Photo 64px'), - 'media/image/80x80' => t('Profile Photo 80px'), - 'media/image/128x128' => t('Profile Photo 128px'), - 'timezone' => t('Timezone'), - 'contact/web/default' => t('Homepage URL'), - 'language/pref' => t('Language'), - 'birthDate/birthYear' => t('Birth Year'), - 'birthDate/birthMonth' => t('Birth Month'), - 'birthDate/birthday' => t('Birth Day'), - 'birthDate' => t('Birthdate'), - 'gender' => t('Gender'), - ); - - return $attrMap; -} class MysqlProvider extends LightOpenIDProvider { + // See http://openid.net/specs/openid-attribute-properties-list-1_0-01.html // This list contains a few variations of these attributes to maintain // compatibility with legacy clients - private $attrMap = array( - 'namePerson/first' => 'First Name', - 'namePerson/last' => 'Last Name', - 'namePerson/friendly' => 'Nickname', - 'namePerson' => 'Full Name', - 'contact/internet/email' => 'Email', - 'contact/email' => 'Email', - 'media/image/aspect11' => 'Profile Photo', - 'media/image' => 'Profile Photo', - 'media/image/default' => 'Profile Photo', - 'media/image/16x16' => 'Profile Photo 16px', - 'media/image/32x32' => 'Profile Photo 32px', - 'media/image/48x48' => 'Profile Photo 48px', - 'media/image/64x64' => 'Profile Photo 64px', - 'media/image/80x80' => 'Profile Photo 80px', - 'media/image/128x128' => 'Profile Photo 128px', - 'timezone' => 'Timezone', - 'contact/web/default' => 'Homepage URL', - 'language/pref' => 'Language', - 'birthDate/birthYear' => 'Birth Year', - 'birthDate/birthMonth' => 'Birth Month', - 'birthDate/birthday' => 'Birth Day', - 'birthDate' => 'Birthdate', - 'gender' => 'Gender', - ); - private $attrFieldMap = array( 'namePerson/first' => 'firstName', 'namePerson/last' => 'lastName', @@ -208,6 +183,7 @@ class MysqlProvider extends LightOpenIDProvider function setup($identity, $realm, $assoc_handle, $attributes) { + global $attrMap; // logger('identity: ' . $identity); // logger('realm: ' . $realm); @@ -216,6 +192,9 @@ class MysqlProvider extends LightOpenIDProvider $data = getUserData($assoc_handle); + +// FIXME this needs to be a template with localised strings + $o .= '
    ' . '' . '' @@ -269,10 +248,6 @@ class MysqlProvider extends LightOpenIDProvider return false; } - - logger('checkid: checkpoint1'); - - $q = get_pconfig(local_channel(),'openid',$realm); $attrs = array(); @@ -300,9 +275,9 @@ class MysqlProvider extends LightOpenIDProvider function assoc_handle() { - + logger('assoc_handle'); $channel = get_app()->get_channel(); - return z_root() . '/id/' . $channel['channel_address']; + return z_root() . '/channel/' . $channel['channel_address']; } @@ -312,7 +287,6 @@ class MysqlProvider extends LightOpenIDProvider $channel = channelx_by_nick(basename($handle)); if($channel) set_pconfig($channel['channel_id'],'openid','associate',$data); - } function getAssoc($handle) @@ -334,10 +308,6 @@ class MysqlProvider extends LightOpenIDProvider } } -$op = new MysqlProvider; -$op->server(); - -} -- cgit v1.2.3 From d0361582b0b620064aff90bf88f01d1072b308fe Mon Sep 17 00:00:00 2001 From: Klaus Weidenbach Date: Sun, 22 Mar 2015 00:06:08 +0100 Subject: Correcting reported Doxygen syntax warnings. Fixed wrong Doxygen syntax and add some of the available FIXME to Doxygen documentation. Updated Doxygen configuration to add also all capital letter tags. Adding some more Doxygen documentation. --- mod/id.php | 231 +++++++++++++++++++++++++++++-------------------------------- 1 file changed, 110 insertions(+), 121 deletions(-) (limited to 'mod/id.php') diff --git a/mod/id.php b/mod/id.php index 05a2f3dc5..bd4c1fa89 100644 --- a/mod/id.php +++ b/mod/id.php @@ -1,45 +1,51 @@ t('First Name'), - 'namePerson/last' => t('Last Name'), - 'namePerson/friendly' => t('Nickname'), - 'namePerson' => t('Full Name'), - 'contact/internet/email' => t('Email'), - 'contact/email' => t('Email'), - 'media/image/aspect11' => t('Profile Photo'), - 'media/image' => t('Profile Photo'), - 'media/image/default' => t('Profile Photo'), - 'media/image/16x16' => t('Profile Photo 16px'), - 'media/image/32x32' => t('Profile Photo 32px'), - 'media/image/48x48' => t('Profile Photo 48px'), - 'media/image/64x64' => t('Profile Photo 64px'), - 'media/image/80x80' => t('Profile Photo 80px'), - 'media/image/128x128' => t('Profile Photo 128px'), - 'timezone' => t('Timezone'), - 'contact/web/default' => t('Homepage URL'), - 'language/pref' => t('Language'), - 'birthDate/birthYear' => t('Birth Year'), - 'birthDate/birthMonth' => t('Birth Month'), - 'birthDate/birthday' => t('Birth Day'), - 'birthDate' => t('Birthdate'), - 'gender' => t('Gender'), - ); - - - +/** + * @file mod/id.php + * @brief OpenID implementation + */ + +require 'library/openid/provider/provider.php'; + + +$attrMap = array( + 'namePerson/first' => t('First Name'), + 'namePerson/last' => t('Last Name'), + 'namePerson/friendly' => t('Nickname'), + 'namePerson' => t('Full Name'), + 'contact/internet/email' => t('Email'), + 'contact/email' => t('Email'), + 'media/image/aspect11' => t('Profile Photo'), + 'media/image' => t('Profile Photo'), + 'media/image/default' => t('Profile Photo'), + 'media/image/16x16' => t('Profile Photo 16px'), + 'media/image/32x32' => t('Profile Photo 32px'), + 'media/image/48x48' => t('Profile Photo 48px'), + 'media/image/64x64' => t('Profile Photo 64px'), + 'media/image/80x80' => t('Profile Photo 80px'), + 'media/image/128x128' => t('Profile Photo 128px'), + 'timezone' => t('Timezone'), + 'contact/web/default' => t('Homepage URL'), + 'language/pref' => t('Language'), + 'birthDate/birthYear' => t('Birth Year'), + 'birthDate/birthMonth' => t('Birth Month'), + 'birthDate/birthday' => t('Birth Day'), + 'birthDate' => t('Birthdate'), + 'gender' => t('Gender'), +); + + +/** + * @brief Entrypoint for the OpenID implementation. + * + * @param App &$a + */ function id_init(&$a) { - logger('id: ' . print_r($_REQUEST,true)); - + logger('id: ' . print_r($_REQUEST, true)); - if(argc() > 1) + if(argc() > 1) { $which = argv(1); - else { + } else { $a->error = 404; return; } @@ -48,41 +54,45 @@ function id_init(&$a) { $channel = $a->get_channel(); profile_load($a,$which,$profile); - - $op = new MysqlProvider; $op->server(); - } - -function getUserData($handle=null) { - if(! local_channel()) { +/** + * @brief Returns user data needed for OpenID. + * + * If no $handle is provided we will use local_channel() by default. + * + * @param string $handle (default null) + * @return boolean|array + */ +function getUserData($handle = null) { + if (! local_channel()) { notice( t('Permission denied.') . EOL); get_app()->page['content'] = login(); + return false; } // logger('handle: ' . $handle); - if($handle) { + if ($handle) { $r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_address = '%s' limit 1", dbesc($handle) ); - } - else { + } else { $r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_id = %d", intval(local_channel()) ); } - if(! r) + if (! r) return false; $x = q("select * from account where account_id = %d limit 1", intval($r[0]['channel_account_id']) ); - if($x) + if ($x) $r[0]['email'] = $x[0]['account_email']; $p = q("select * from profile where is_default = 1 and uid = %d limit 1", @@ -90,11 +100,11 @@ function getUserData($handle=null) { ); $gender = ''; - if($p[0]['gender'] == t('Male')) + if ($p[0]['gender'] == t('Male')) $gender = 'M'; - if($p[0]['gender'] == t('Female')) + if ($p[0]['gender'] == t('Female')) $gender = 'F'; - + $r[0]['firstName'] = ((strpos($r[0]['channel_name'],' ')) ? substr($r[0]['channel_name'],0,strpos($r[0]['channel_name'],' ')) : $r[0]['channel_name']); $r[0]['lastName'] = ((strpos($r[0]['channel_name'],' ')) ? substr($r[0]['channel_name'],strpos($r[0]['channel_name'],' ')+1) : ''); $r[0]['namePerson'] = $r[0]['channel_name']; @@ -113,7 +123,7 @@ function getUserData($handle=null) { $r[0]['birthday'] = ((intval(substr($p[0]['dob'],8,2))) ? intval(substr($p[0]['dob'],8,2)) : ''); $r[0]['birthdate'] = (($r[0]['birthyear'] && $r[0]['birthmonth'] && $r[0]['birthday']) ? $p[0]['dob'] : ''); $r[0]['gender'] = $gender; - + return $r[0]; /* @@ -144,20 +154,20 @@ function getUserData($handle=null) { } - - -class MysqlProvider extends LightOpenIDProvider -{ - +/** + * @brief MySQL provider for OpenID implementation. + * + */ +class MysqlProvider extends LightOpenIDProvider { // See http://openid.net/specs/openid-attribute-properties-list-1_0-01.html // This list contains a few variations of these attributes to maintain // compatibility with legacy clients - private $attrFieldMap = array( - 'namePerson/first' => 'firstName', - 'namePerson/last' => 'lastName', - 'namePerson/friendly' => 'channel_address', + private $attrFieldMap = array( + 'namePerson/first' => 'firstName', + 'namePerson/last' => 'lastName', + 'namePerson/friendly' => 'channel_address', 'namePerson' => 'namePerson', 'contact/internet/email' => 'email', 'contact/email' => 'email', @@ -178,11 +188,9 @@ class MysqlProvider extends LightOpenIDProvider 'birthDate/birthday' => 'birthday', 'birthDate' => 'birthdate', 'gender' => 'gender', - ); - - - function setup($identity, $realm, $assoc_handle, $attributes) - { + ); + + function setup($identity, $realm, $assoc_handle, $attributes) { global $attrMap; // logger('identity: ' . $identity); @@ -190,10 +198,10 @@ class MysqlProvider extends LightOpenIDProvider // logger('assoc_handle: ' . $assoc_handle); // logger('attributes: ' . print_r($attributes,true)); - $data = getUserData($assoc_handle); + $data = getUserData($assoc_handle); -// FIXME this needs to be a template with localised strings +/** @FIXME this needs to be a template with localised strings */ $o .= '' . '' @@ -203,7 +211,7 @@ class MysqlProvider extends LightOpenIDProvider if($attributes['required'] || $attributes['optional']) { $o .= " It also requests following information (required fields marked with *):" . '
      '; - + foreach($attributes['required'] as $attr) { if(isset($this->attrMap[$attr])) { $o .= '
    • ' @@ -211,7 +219,7 @@ class MysqlProvider extends LightOpenIDProvider . $this->attrMap[$attr] . ' *
      • '; } } - + foreach($attributes['optional'] as $attr) { if(isset($this->attrMap[$attr])) { $o .= '
    • ' @@ -228,27 +236,23 @@ class MysqlProvider extends LightOpenIDProvider . '
      • '; get_app()->page['content'] .= $o; + } - } - - function checkid($realm, &$attributes) - { + function checkid($realm, &$attributes) { logger('checkid: ' . $realm); - logger('checkid attrs: ' . print_r($attributes,true)); + if(isset($_POST['cancel'])) { + $this->cancel(); + } - if(isset($_POST['cancel'])) { - $this->cancel(); - } - - $data = getUserData(); - if(! $data) { - return false; - } + $data = getUserData(); + if(! $data) { + return false; + } - $q = get_pconfig(local_channel(),'openid',$realm); + $q = get_pconfig(local_channel(), 'openid', $realm); $attrs = array(); if($q) { @@ -265,57 +269,42 @@ class MysqlProvider extends LightOpenIDProvider $attributes[$attr] = $data[$this->attrFieldMap[$attr]]; } } - - if(isset($_POST['always'])) { + + if(isset($_POST['always'])) { set_pconfig(local_channel(),'openid',$realm,array_keys($attributes)); - } - - return z_root() . '/id/' . $data['channel_address']; - } - - function assoc_handle() - { - logger('assoc_handle'); + } + + return z_root() . '/id/' . $data['channel_address']; + } + + function assoc_handle() { + logger('assoc_handle'); $channel = get_app()->get_channel(); + return z_root() . '/channel/' . $channel['channel_address']; + } - } - - function setAssoc($handle, $data) - { + function setAssoc($handle, $data) { logger('setAssoc'); $channel = channelx_by_nick(basename($handle)); if($channel) set_pconfig($channel['channel_id'],'openid','associate',$data); - } - - function getAssoc($handle) - { + } + + function getAssoc($handle) { logger('getAssoc: ' . $handle); $channel = channelx_by_nick(basename($handle)); if($channel) - return get_pconfig($channel['channel_id'],'openid','associate'); + return get_pconfig($channel['channel_id'], 'openid', 'associate'); + return false; - } - - function delAssoc($handle) - { + } + + function delAssoc($handle) { logger('delAssoc'); $channel = channelx_by_nick(basename($handle)); if($channel) - return del_pconfig($channel['channel_id'],'openid','associate'); - } - + return del_pconfig($channel['channel_id'], 'openid', 'associate'); + } } - - - - - - - - - - - -- cgit v1.2.3