dh = false; * However, the latter one would disable stateful mode, unless connecting via HTTPS. */ require 'provider.php'; mysql_connect(); mysql_select_db('test'); function getUserData($handle=null) { if(isset($_POST['login'],$_POST['password'])) { $login = mysql_real_escape_string($_POST['login']); $password = sha1($_POST['password']); $q = mysql_query("SELECT * FROM Users WHERE login = '$login' AND password = '$password'"); if($data = mysql_fetch_assoc($q)) { return $data; } if($handle) { echo 'Wrong login/password.'; } } if($handle) { ?>

Login:
Password:
Submit

'First name', 'namePerson/last' => 'Last name', 'namePerson/friendly' => 'Nickname (login)' ); private $attrFieldMap = array( 'namePerson/first' => 'firstName', 'namePerson/last' => 'lastName', 'namePerson/friendly' => 'login' ); function setup($identity, $realm, $assoc_handle, $attributes) { $data = getUserData($assoc_handle); echo '

' . '' . '' . '' . "$realm wishes to authenticate you."; if($attributes['required'] || $attributes['optional']) { echo " It also requests following information (required fields marked with *):" . '

'; foreach($attributes['required'] as $attr) { if(isset($this->attrMap[$attr])) { echo '
• ' . ' ' . $this->attrMap[$attr] . '(*)
'; } } foreach($attributes['optional'] as $attr) { if(isset($this->attrMap[$attr])) { echo '
• ' . ' ' . $this->attrMap[$attr] . '
'; } } echo '

'; } echo '
' . 'Allow once ' . 'Always allow ' . 'cancel ' . '

'; } function checkid($realm, &$attributes) { if(isset($_POST['cancel'])) { $this->cancel(); } $data = getUserData(); if(!$data) { return false; } $realm = mysql_real_escape_string($realm); $q = mysql_query("SELECT attributes FROM AllowedSites WHERE user = '{$data['id']}' AND realm = '$realm'"); $attrs = array(); if($attrs = mysql_fetch_row($q)) { $attrs = explode(',', $attributes[0]); } elseif(isset($_POST['attributes'])) { $attrs = array_keys($_POST['attributes']); } elseif(!isset($_POST['once']) && !isset($_POST['always'])) { return false; } $attributes = array(); foreach($attrs as $attr) { if(isset($this->attrFieldMap[$attr])) { $attributes[$attr] = $data[$this->attrFieldMap[$attr]]; } } if(isset($_POST['always'])) { $attrs = mysql_real_escape_string(implode(',', array_keys($attributes))); mysql_query("REPLACE INTO AllowedSites VALUES('{$data['id']}', '$realm', '$attrs')"); } return $this->serverLocation . '?' . $data['login']; } function assoc_handle() { # We generate an integer assoc handle, because it's just faster to look up an integer later. $q = mysql_query("SELECT MAX(id) FROM Associations"); $result = mysql_fetch_row($q); return $q[0]+1; } function setAssoc($handle, $data) { $data = mysql_real_escape_string(serialize($data)); mysql_query("REPLACE INTO Associations VALUES('$handle', '$data')"); } function getAssoc($handle) { if(!is_numeric($handle)) { return false; } $q = mysql_query("SELECT data FROM Associations WHERE id = '$handle'"); $data = mysql_fetch_row($q); if(!$data) { return false; } return unserialize($data[0]); } function delAssoc($handle) { if(!is_numeric($handle)) { return false; } mysql_query("DELETE FROM Associations WHERE id = '$handle'"); } } $op = new MysqlProvider; $op->server();