From a57cfa3be6ee0fbce336dc98e2862ac39f2b1add Mon Sep 17 00:00:00 2001
From: Arun Persaud <arun@nubati.net>
Date: Sat, 25 Apr 2009 00:33:14 -0700
Subject: NEW FEATURE: added OpenID support

Users can add and delete OpenIDs on the settings page and then log in
user those OpenIds.

They can also use their OpenIDs to register.
---
 include/login.php | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 58 insertions(+), 4 deletions(-)

(limited to 'include/login.php')

diff --git a/include/login.php b/include/login.php
index c1a0e42..3c3f6be 100644
--- a/include/login.php
+++ b/include/login.php
@@ -5,12 +5,62 @@
 if(!isset($HOST))
   exit;
 
-/* check if login information is present */
-if(!myisset('email','password'))
+include_once('openid.php');
+
+function escape($thing) {
+    return htmlentities($thing);
+}
+
+/* check for openid stuff */
+if($OPENIDPATH && myisset('openid_identity') && $_REQUEST['openid_identity']!='')
   {
-    echo "can't log you in... missing login information.";
+    /* what openid is being used? */
+    $openid_url = OpenIDUrlEncode($_REQUEST['openid_identity']);
+    /* get the userid from the database, openids need to be registered within E-DoKo */
+    $data = OpenIDVerify();
+    $ok  = 0;
+
+    /* verify ok? */
+    if($data)
+      {
+	/* do we know this openid?*/
+	$myid = DB_GetUserId($openid_url);
+
+	if(!$myid)
+	  {
+	    /* openid unknown, perhaps not registered? */
+	    echo "<p>Openid ok, but not registered with any account. If you have an account ".
+	      "on E-DoKo, please log in and add your openid in your preferences first. </p>\n";
+
+
+	    /* or perhaps a new user...*/
+	    $email = $data['email'];
+	    $name  = $data['fullname'];
+	    echo "<p>If you wan to register a new account with this OpenID, please follow this ".
+	      "<a href=\"index.php?action=register&amp;openid_url=".$openid_url.
+	      "&amp;openidname=$name&amp;openidemail=$email\">link</a>.</p>";
+	  }
+	else
+	  $ok=1;
+      }
+
+    if($ok)
+      {
+	/* user information is ok, set session variabel */
+	$email  = DB_get_email('userid',$myid);
+	$myname = DB_get_name('email',$email);
+	$password =  DB_get_passwd_by_userid($myid);
+	$_SESSION['name'] = $myname;
+	$_SESSION['id']   = $myid;
+	$_SESSION['pass'] = $password;
+      }
   }
-else
+else if($OPENIDPATH && myisset('openid_url') && $_REQUEST['openid_url']!='')
+  {
+    OpenIDAskForVerification(OpenIDUrlEncode($_REQUEST['openid_url']));
+  }
+/* check if normal login information is present */
+else if(myisset('email','password'))
   {
     $email     = $_REQUEST['email'];
     $password  = $_REQUEST['password'];
@@ -33,4 +83,8 @@ else
 	$_SESSION['pass'] = $password;
       }
   }
+else
+  {
+    echo "can't log you in... missing login information.";
+  }
 ?>
\ No newline at end of file
-- 
cgit v1.2.3-18-g5258