diff options
| author | Arun Persaud <arun@nubati.net> | 2009-04-25 00:33:14 -0700 |
|---|---|---|
| committer | Arun Persaud <arun@nubati.net> | 2009-04-25 11:32:25 -0700 |
| commit | a57cfa3be6ee0fbce336dc98e2862ac39f2b1add (patch) | |
| tree | b7e4fc46ca06b6147c005700fb2a092c5b13a080 /include | |
| parent | 4cbc3848a891ac9addf10264d24a9f4273c5e355 (diff) | |
| download | e-DoKo-a57cfa3be6ee0fbce336dc98e2862ac39f2b1add.tar.gz e-DoKo-a57cfa3be6ee0fbce336dc98e2862ac39f2b1add.tar.bz2 e-DoKo-a57cfa3be6ee0fbce336dc98e2862ac39f2b1add.zip | |
NEW FEATURE: added OpenID support
Users can add and delete OpenIDs on the settings page and then log in
user those OpenIds.
They can also use their OpenIDs to register.
Diffstat (limited to 'include')
| -rw-r--r-- | include/login.php | 62 | ||||
| -rw-r--r-- | include/openid.php | 162 | ||||
| -rw-r--r-- | include/preferences.php | 48 | ||||
| -rw-r--r-- | include/register.php | 103 | ||||
| -rw-r--r-- | include/welcome.php | 9 |
5 files changed, 352 insertions, 32 deletions
diff --git a/include/login.php b/include/login.php index c1a0e42..3c3f6be 100644 --- a/include/login.php +++ b/include/login.php @@ -5,12 +5,62 @@ if(!isset($HOST)) exit; -/* check if login information is present */ -if(!myisset('email','password')) +include_once('openid.php'); + +function escape($thing) { + return htmlentities($thing); +} + +/* check for openid stuff */ +if($OPENIDPATH && myisset('openid_identity') && $_REQUEST['openid_identity']!='') { - echo "can't log you in... missing login information."; + /* what openid is being used? */ + $openid_url = OpenIDUrlEncode($_REQUEST['openid_identity']); + /* get the userid from the database, openids need to be registered within E-DoKo */ + $data = OpenIDVerify(); + $ok = 0; + + /* verify ok? */ + if($data) + { + /* do we know this openid?*/ + $myid = DB_GetUserId($openid_url); + + if(!$myid) + { + /* openid unknown, perhaps not registered? */ + echo "<p>Openid ok, but not registered with any account. If you have an account ". + "on E-DoKo, please log in and add your openid in your preferences first. </p>\n"; + + + /* or perhaps a new user...*/ + $email = $data['email']; + $name = $data['fullname']; + echo "<p>If you wan to register a new account with this OpenID, please follow this ". + "<a href=\"index.php?action=register&openid_url=".$openid_url. + "&openidname=$name&openidemail=$email\">link</a>.</p>"; + } + else + $ok=1; + } + + if($ok) + { + /* user information is ok, set session variabel */ + $email = DB_get_email('userid',$myid); + $myname = DB_get_name('email',$email); + $password = DB_get_passwd_by_userid($myid); + $_SESSION['name'] = $myname; + $_SESSION['id'] = $myid; + $_SESSION['pass'] = $password; + } } -else +else if($OPENIDPATH && myisset('openid_url') && $_REQUEST['openid_url']!='') + { + OpenIDAskForVerification(OpenIDUrlEncode($_REQUEST['openid_url'])); + } +/* check if normal login information is present */ +else if(myisset('email','password')) { $email = $_REQUEST['email']; $password = $_REQUEST['password']; @@ -33,4 +83,8 @@ else $_SESSION['pass'] = $password; } } +else + { + echo "can't log you in... missing login information."; + } ?>
\ No newline at end of file diff --git a/include/openid.php b/include/openid.php new file mode 100644 index 0000000..6ad5fed --- /dev/null +++ b/include/openid.php @@ -0,0 +1,162 @@ +<?php +require_once("db.php"); + + /* provide OpenID support + * + * taken from http://www.plaxo.com/api/openid_recipe + */ + +function OpenIDVerify() +{ + global $OPENIDPATH; + + /* need the openip library */ + require_once $OPENIDPATH."examples/consumer/common.php"; + + $consumer = getConsumer(); + + $return_to = getReturnTo(); + $response = $consumer->complete($return_to); + + // Check the response status. + if ($response->status == Auth_OpenID_CANCEL) { + // This means the authentication was cancelled. + echo 'Verification cancelled.'; + return False; + } else if ($response->status == Auth_OpenID_FAILURE) { + // Authentication failed; display the error message. + echo "OpenID authentication failed: " . $response->message; + return False; + } else if ($response->status == Auth_OpenID_SUCCESS) { + // This means the authentication succeeded; extract the + // identity URL and Simple Registration data (if it was + // returned). + $openid = $response->getDisplayIdentifier(); + + $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response); + $sreg = $sreg_resp->contents(); + } + + if(isset($sreg)) + return $sreg; + else + return "ok"; +} + +function OpenIDAskForVerification($openid_url) +{ + global $OPENIDPATH; + + /* ask for openid verification */ + require_once $OPENIDPATH."examples/consumer/common.php"; + + $openid =$_REQUEST['openid_url']; + $consumer = getConsumer(); + + /* check for authentication */ + // Begin the OpenID authentication process. + $auth_request = $consumer->begin($openid); + + // No auth request means we can't begin OpenID. + if (!$auth_request) { + echo "Authentication error; not a valid OpenID."; + } + + $sreg_request = Auth_OpenID_SRegRequest::build(array(),array('fullname','email', 'nickname')); + + if ($sreg_request) { + $auth_request->addExtension($sreg_request); + } + + // Redirect the user to the OpenID server for authentication. + // Store the token for this authentication so we can verify the + // response. + + // For OpenID 1, send a redirect. For OpenID 2, use a Javascript + // form to send a POST request to the server. + if ($auth_request->shouldSendRedirect()) { + $redirect_url = $auth_request->redirectURL(getTrustRoot(), + getReturnTo()); + + // If the redirect URL can't be built, display an error + // message. + if (Auth_OpenID::isFailure($redirect_url)) { + displayError("Could not redirect to server: " . $redirect_url->message); + } else { + // Send redirect. + header("Location: ".$redirect_url); + } + } else { + // Generate form markup and render it. + $form_id = 'openid_message'; + $form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), + false, array('id' => $form_id)); + + // Display an error if the form markup couldn't be generated; + // otherwise, render the HTML. + if (Auth_OpenID::isFailure($form_html)) { + displayError("Could not redirect to server: " . $form_html->message); + } else { + print $form_html; + } + } +} + +function OpenIDUrlEncode($openid_url) +{ + /* this converts each url to a standard form + * (domain lowercase and http at the beginning) + */ + + $return = ""; + + $parts = explode("/",$openid_url); + $return .= "http://"; + + /* check for http:// */ + if( strtolower($parts[0]) == "http:" ) + array_shift($parts); + if( $parts[0] == "") + array_shift($parts); + + /* next part is the server*/ + $return .= strtolower( $parts[0] ); + array_shift($parts); + + foreach ($parts as $t) + $return .= "/$t"; + + return $return; +} + +function DB_GetUserId($openid_url) +{ + $result = DB_query_array("SELECT user_id FROM user_openids WHERE openid_url = ".DB_quote_smart(OpenIDUrlEncode($openid_url))); + + if($result) + return $result[0]; + else + return False; +} + +function DB_GetOpenIDsByUser($user_id) +{ + return DB_query_array_all("SELECT openid_url FROM user_openids WHERE user_id = '$user_id'"); +} + +function DB_AttachOpenID($openid_url, $user_id) +{ + DB_query("INSERT INTO user_openids VALUES (".DB_quote_smart(OpenIDUrlEncode($openid_url)).", '$user_id')"); +} + +function DB_DetachOpenID($openid_url, $user_id) +{ + DB_query("DELETE FROM user_openids WHERE openid_url = ".DB_quote_smart(OpenIDUrlEncode($openid_url))." AND user_id = '$user_id'"); +} + +function DB_DetachOpenIDsByUser($user_id) +{ + DB_query("DELETE FROM user_openids WHERE user_id = '$user_id'"); +} + +?>
\ No newline at end of file diff --git a/include/preferences.php b/include/preferences.php index f42ae82..4abaf3b 100644 --- a/include/preferences.php +++ b/include/preferences.php @@ -5,6 +5,8 @@ if(!isset($HOST)) exit; +include_once('openid.php'); + $name = $_SESSION["name"]; $email = DB_get_email('name',$name); $myid = DB_get_userid('email',$email); @@ -20,6 +22,7 @@ $changed_autosetup = 0; $changed_sorting = 0; $changed_openforgames = 0; $changed_vacation = 0; +$changed_openid = 0; display_user_menu($myid); @@ -33,6 +36,20 @@ DB_update_user_timestamp($myid); * update the database and track changes with a variable, so that * we can later highlight the changed value */ + +/* check for deleted openids */ +foreach($_REQUEST as $key=>$value) +{ + if(strstr($key,"delete-openid-")) + { + /* found and openid to delete */ + $DelOpenID = substr(str_replace("_",".",$key),14); + DB_DetachOpenID($DelOpenID, $myid); + $changed_openid = 1; + } +} + + if(myisset('vacation_start','vacation_stop','vacation_comment') && ($_REQUEST['vacation_start']!='' || $_REQUEST['vacation_stop']!='') ) @@ -236,6 +253,12 @@ if(myisset("password0") && $_REQUEST["password0"]!="" ) /* error output below */ } +if(myisset("openid_url") && $_REQUEST['openid_url']!='') + { + $openid_url = OpenIDUrlEncode($_REQUEST['openid_url']); + DB_AttachOpenID($openid_url, $myid); + } + /* get infos again in case they have changed */ $PREF = DB_get_PREF($myid); $timezone = DB_get_user_timezone($myid); @@ -386,6 +409,31 @@ echo " <tr><td>Password(new, retype): </td><td>", " </td></tr>\n"; echo " </table>\n"; echo " </fieldset>\n"; +echo " <fieldset>\n"; +echo " <legend>OpenID</legend>\n"; + +$openids = array(); +$openids = DB_GetOpenIDsByUser($myid); + +if(sizeof($openids)) + { + echo " <table class=\"openid\">\n"; + echo " <thead><tr><th>Delete?</th><th>OpenId</th></tr></thead>\n"; + echo " <tbody>\n"; + foreach ($openids as $ids) + { + $id=($ids[0]); + echo " <tr><td><input type=\"checkbox\" name=\"delete-openid-$id\" /></td><td>",$id, "</td></tr>\n"; + } + echo " </tbody>\n"; + echo " </table>\n"; + } + +echo " add OpenID: ", + "<input type=\"text\" id=\"openid_url\" name=\"openid_url\" size=\"20\" maxlength=\"50\" />"; +if($changed_openid) + echo " Deleted some OpenIDs! <br />\n"; +echo " </fieldset>\n"; echo " <fieldset><legend>Submit</legend><input type=\"submit\" name=\"passwd\" value=\"set\" /></fieldset>\n"; echo " </form>\n"; echo "</div>\n"; diff --git a/include/register.php b/include/register.php index 7f3266b..75ec309 100644 --- a/include/register.php +++ b/include/register.php @@ -6,7 +6,7 @@ if(!isset($HOST)) exit; /* new user wants to register */ -if(myisset("Rfullname","Remail","Rpassword","Rtimezone") ) +if(myisset("Rfullname","Remail","Rtimezone") ) { global $HOST,$INDEX; @@ -23,6 +23,13 @@ if(myisset("Rfullname","Remail","Rpassword","Rtimezone") ) echo "this email address is already used ?!<br />"; $ok=0; } + /* need either openid or password */ + if(!myisset('Rpassword') && !myisset('Ropenid')) + { + echo "I need either a Password or an Openid url.<br />"; + $ok=0; + } + /* check against robots */ $robots=0; /* at least one anti-robot question needs to be answered */ if(myisset('Robotproof0')) @@ -65,15 +72,34 @@ if(myisset("Rfullname","Remail","Rpassword","Rtimezone") ) echo "You answered the math question wrong. <br />\n"; $ok=0; } - /* everything ok, go ahead and create user */ if($ok) { - $r=DB_query("INSERT INTO User VALUES(NULL,".DB_quote_smart($_REQUEST["Rfullname"]). - ",".DB_quote_smart($_REQUEST["Remail"]). - ",".DB_quote_smart(md5($_REQUEST["Rpassword"])). - ",".DB_quote_smart($_REQUEST["Rtimezone"]).",NULL,NULL)"); - + if(myisset('Rpassword')) + { + $r=DB_query("INSERT INTO User VALUES(NULL,".DB_quote_smart($_REQUEST["Rfullname"]). + ",".DB_quote_smart($_REQUEST["Remail"]). + ",".DB_quote_smart(md5($_REQUEST["Rpassword"])). + ",".DB_quote_smart($_REQUEST["Rtimezone"]).",NULL,NULL)"); + } + else if(myisset('Ropenid')) + { + $password = $_REQUEST["Rfullname"].preg_replace('/([ ])/e', 'chr(rand(33,122))', ' '); + $r=DB_query("INSERT INTO User VALUES(NULL,".DB_quote_smart($_REQUEST["Rfullname"]). + ",".DB_quote_smart($_REQUEST["Remail"]). + ",".DB_quote_smart(md5($password)). + ",".DB_quote_smart($_REQUEST["Rtimezone"]).",NULL,NULL)"); + if($r) + { + include_once('openid.php'); + $myid = DB_get_userid('email',$_REQUEST['Remail']); + DB_AttachOpenID($_REQUEST['Ropenid'], $myid); + } + } + else + { + echo 'Error during registration, please contact '.$ADMIN_NAME.' at '.$ADMIN_EMAIL; + } if($r) { /* Set session, so that new user doesn't need to log in */ @@ -94,29 +120,50 @@ if(myisset("Rfullname","Remail","Rpassword","Rtimezone") ) else { /* No information for new user given, ouput a page for registration */ - echo "<p><br /><strong> IMPORTANT: passwords are going over the net as clear text, so pick an easy password. ". - "No need to pick anything complicated here ;)<br />"; + + /* check for openid information */ + $openid_url = ''; + $name = ''; + $email = ''; + if(myisset('openid_url')) + $openid_url = $_REQUEST['openid_url']; + if(myisset('openidname')) + $name = $_REQUEST['openidname']; + if(myisset('openidemail')) + $email = $_REQUEST['openidemail']; + + if($openid_url=='') + echo "<p><br /><strong> IMPORTANT: passwords are going over the net as clear text, so pick an easy password. ". + "No need to pick anything complicated here ;)<br />"; echo "N.B. Your email address will be exposed to other players whom you play games with. "; echo "<br /><br /></strong></p>"; - ?> - <form action="index.php?action=register" method="post"> - <fieldset> - <legend>Register</legend> - <table> - <tr> - <td><label for="Rfullname">Full name:</label></td> - <td><input type="text" id="Rfullname" name="Rfullname" size="20" maxlength="30" /> </td> - </tr><tr> - <td><label for="Remail">Email:</label></td> - <td><input type="text" id="Remail" name="Remail" size="20" maxlength="30" /></td> - </tr><tr> - <td><label for="Rpassword">Password(will be displayed in cleartext on the next page):</label></td> - <td><input type="password" id="Rpassword" name="Rpassword" size="20" maxlength="30" /></td> - </tr><tr> - <td><label for="Rtimezone">Timezone:</label></td> - <td> -<?php - output_select_timezone("Rtimezone"); + echo ' <form action="index.php?action=register" method="post">'; + echo ' <fieldset>'; + echo ' <legend>Register</legend>'; + echo ' <table>'; + echo ' <tr>'; + echo ' <td><label for="Rfullname">Full name:</label></td>'; + echo " <td><input type=\"text\" id=\"Rfullname\" name=\"Rfullname\" size=\"20\" maxlength=\"30\" value=\"$name\" /> </td>"; + echo ' </tr><tr>'; + echo ' <td><label for="Remail">Email:</label></td>'; + echo " <td><input type=\"text\" id=\"Remail\" name=\"Remail\" size=\"20\" maxlength=\"30\" value=\"$email\" /></td>"; + echo ' </tr><tr>'; + if($openid_url=='') + { + echo ' <td><label for="Rpassword">Password(will be displayed in cleartext on the next page):</label></td>'; + echo ' <td><input type="password" id="Rpassword" name="Rpassword" size="20" maxlength="30" /></td>'; + echo ' </tr><tr>'; + } + else + { + echo ' <td><label for="Ropenid">OpenId:</label></td>'; + echo ' <td><input type="text" id="Ropenid" name="Ropenid" size="20" maxlength="50" value="'.htmlentities($openid_url).'" /></td>'; + echo ' </tr><tr>'; + } + echo ' <td><label for="Rtimezone">Timezone:</label></td>'; + echo ' <td>'; + + output_select_timezone("Rtimezone"); ?> </td> </tr><tr> diff --git a/include/welcome.php b/include/welcome.php index 5dd267c..2ff4fdf 100644 --- a/include/welcome.php +++ b/include/welcome.php @@ -77,6 +77,15 @@ if($done==0) <input type="password" id="password" name="password" size="20" maxlength="30" /> <br /> <input type="submit" class="submitbutton" name="login" value="login" /> <input type="submit" class="submitbutton" name="forgot" value="Forgot your password?" /> +<?php + if($OPENIDPATH) + {?> + <hr> + <p> Have an OpenID account? Sign in below <br /> + <input type="text" id="openid_url" name="openid_url" size="20" maxlength="50" /> + <input type="submit" class="submitbutton" name="login" value="Sign in" /><br /> + e.g. http://username.openid.net. See <a href="http://openid.net">openid.net</a> for more information.</p> +<?php }?> </fieldset> </form> </div> |