From a57cfa3be6ee0fbce336dc98e2862ac39f2b1add Mon Sep 17 00:00:00 2001 From: Arun Persaud Date: Sat, 25 Apr 2009 00:33:14 -0700 Subject: [PATCH 1/1] NEW FEATURE: added OpenID support Users can add and delete OpenIDs on the settings page and then log in user those OpenIds. They can also use their OpenIDs to register. --- config.php_template | 18 ++++- create_database.sql | 8 ++ css/openid-icon-small.gif | Bin 0 -> 237 bytes css/standard020.css | 9 +++ include/login.php | 62 ++++++++++++++- include/openid.php | 162 ++++++++++++++++++++++++++++++++++++++ include/preferences.php | 48 +++++++++++ include/register.php | 103 +++++++++++++++++------- include/welcome.php | 9 +++ 9 files changed, 386 insertions(+), 33 deletions(-) create mode 100644 css/openid-icon-small.gif create mode 100644 include/openid.php diff --git a/config.php_template b/config.php_template index 50f731a..93e951c 100644 --- a/config.php_template +++ b/config.php_template @@ -28,7 +28,7 @@ $EMAIL_REPLY=""; /* this should point to your index.file and to your domain. - * The HOST variable is also used to test, if files are called + * The HOST variable is also used to test, if files are called * from within e-DoKo, so it needs to be set. */ $INDEX = "/index.php"; @@ -39,4 +39,20 @@ /* the default timezone for you domain */ $defaulttimezone = date_default_timezone_get(); + + /* OpenId + * + * we use the php-openid library (tested with version 2.1.3) + * E-DoKo needs to know where to find the file examples/consumer/common.php + * that comes with the library. That file also needs to be modified the + * function getReturnTo(), change: + - return sprintf("%s://%s:%s%s/finish_auth.php", + + return sprintf("%s://%s:%s%s/index.php?action=login", + + */ + + /* Openidpath that points to the top php-openid directory */ + //$OPENIDPATH = "..fill in correct path here.../openid/php-openid-2.1.3/" + // leave empty if not used. + $OPENIDPATH = ''; ?> \ No newline at end of file diff --git a/create_database.sql b/create_database.sql index 319cdd3..339c337 100644 --- a/create_database.sql +++ b/create_database.sql @@ -457,3 +457,11 @@ UNLOCK TABLES; /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; +DROP TABLE IF EXISTS `user_openids`; +create table user_openids ( + openid_url varchar(255) not null, + primary key (openid_url), + + user_id int not null, + index (user_id) +); diff --git a/css/openid-icon-small.gif b/css/openid-icon-small.gif new file mode 100644 index 0000000000000000000000000000000000000000..cde836c893f64bcfec04b9c817e3371ff122fe19 GIT binary patch literal 237 zcmVb{bmUKcqz}))c5uC(7v?)v4a2P)ZNa- z@$&T2)z|&~{r~^}A^8LV00000EC2ui01yBW000GQ;3tk`X`bk)Wk@<6#nZYULKH{p zEx|?+kif!I0vIL|#ZMubBmjWH2OtmxIFVa~6JQ7!1CK!f5W#StOTv&C3=E8h2vI1s n+#cd5;2fT3B_0kF0v!+!GARoV78n&7dMN`JIW(4+BOw4gP{MS* literal 0 HcmV?d00001 diff --git a/css/standard020.css b/css/standard020.css index cb1e1c0..6488b8f 100644 --- a/css/standard020.css +++ b/css/standard020.css @@ -618,6 +618,15 @@ fieldset { .login .submitbutton { background-color: #fff;} .login .submitbutton:hover { background-color: #aaa;} +#openid_url { + background: #FFFFFF url('openid-icon-small.gif') no-repeat scroll 0pt 50%; + padding-left: 18px; +} + +table.openid td, table.openid th{ + padding: 0.0em 0.3em;; +} + .newbiehint { background-color: #fee; } diff --git a/include/login.php b/include/login.php index c1a0e42..3c3f6be 100644 --- a/include/login.php +++ b/include/login.php @@ -5,12 +5,62 @@ if(!isset($HOST)) exit; -/* check if login information is present */ -if(!myisset('email','password')) +include_once('openid.php'); + +function escape($thing) { + return htmlentities($thing); +} + +/* check for openid stuff */ +if($OPENIDPATH && myisset('openid_identity') && $_REQUEST['openid_identity']!='') { - echo "can't log you in... missing login information."; + /* what openid is being used? */ + $openid_url = OpenIDUrlEncode($_REQUEST['openid_identity']); + /* get the userid from the database, openids need to be registered within E-DoKo */ + $data = OpenIDVerify(); + $ok = 0; + + /* verify ok? */ + if($data) + { + /* do we know this openid?*/ + $myid = DB_GetUserId($openid_url); + + if(!$myid) + { + /* openid unknown, perhaps not registered? */ + echo "

Openid ok, but not registered with any account. If you have an account ". + "on E-DoKo, please log in and add your openid in your preferences first.

\n"; + + + /* or perhaps a new user...*/ + $email = $data['email']; + $name = $data['fullname']; + echo "

If you wan to register a new account with this OpenID, please follow this ". + "link.

"; + } + else + $ok=1; + } + + if($ok) + { + /* user information is ok, set session variabel */ + $email = DB_get_email('userid',$myid); + $myname = DB_get_name('email',$email); + $password = DB_get_passwd_by_userid($myid); + $_SESSION['name'] = $myname; + $_SESSION['id'] = $myid; + $_SESSION['pass'] = $password; + } } -else +else if($OPENIDPATH && myisset('openid_url') && $_REQUEST['openid_url']!='') + { + OpenIDAskForVerification(OpenIDUrlEncode($_REQUEST['openid_url'])); + } +/* check if normal login information is present */ +else if(myisset('email','password')) { $email = $_REQUEST['email']; $password = $_REQUEST['password']; @@ -33,4 +83,8 @@ else $_SESSION['pass'] = $password; } } +else + { + echo "can't log you in... missing login information."; + } ?> \ No newline at end of file diff --git a/include/openid.php b/include/openid.php new file mode 100644 index 0000000..6ad5fed --- /dev/null +++ b/include/openid.php @@ -0,0 +1,162 @@ +complete($return_to); + + // Check the response status. + if ($response->status == Auth_OpenID_CANCEL) { + // This means the authentication was cancelled. + echo 'Verification cancelled.'; + return False; + } else if ($response->status == Auth_OpenID_FAILURE) { + // Authentication failed; display the error message. + echo "OpenID authentication failed: " . $response->message; + return False; + } else if ($response->status == Auth_OpenID_SUCCESS) { + // This means the authentication succeeded; extract the + // identity URL and Simple Registration data (if it was + // returned). + $openid = $response->getDisplayIdentifier(); + + $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response); + $sreg = $sreg_resp->contents(); + } + + if(isset($sreg)) + return $sreg; + else + return "ok"; +} + +function OpenIDAskForVerification($openid_url) +{ + global $OPENIDPATH; + + /* ask for openid verification */ + require_once $OPENIDPATH."examples/consumer/common.php"; + + $openid =$_REQUEST['openid_url']; + $consumer = getConsumer(); + + /* check for authentication */ + // Begin the OpenID authentication process. + $auth_request = $consumer->begin($openid); + + // No auth request means we can't begin OpenID. + if (!$auth_request) { + echo "Authentication error; not a valid OpenID."; + } + + $sreg_request = Auth_OpenID_SRegRequest::build(array(),array('fullname','email', 'nickname')); + + if ($sreg_request) { + $auth_request->addExtension($sreg_request); + } + + // Redirect the user to the OpenID server for authentication. + // Store the token for this authentication so we can verify the + // response. + + // For OpenID 1, send a redirect. For OpenID 2, use a Javascript + // form to send a POST request to the server. + if ($auth_request->shouldSendRedirect()) { + $redirect_url = $auth_request->redirectURL(getTrustRoot(), + getReturnTo()); + + // If the redirect URL can't be built, display an error + // message. + if (Auth_OpenID::isFailure($redirect_url)) { + displayError("Could not redirect to server: " . $redirect_url->message); + } else { + // Send redirect. + header("Location: ".$redirect_url); + } + } else { + // Generate form markup and render it. + $form_id = 'openid_message'; + $form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), + false, array('id' => $form_id)); + + // Display an error if the form markup couldn't be generated; + // otherwise, render the HTML. + if (Auth_OpenID::isFailure($form_html)) { + displayError("Could not redirect to server: " . $form_html->message); + } else { + print $form_html; + } + } +} + +function OpenIDUrlEncode($openid_url) +{ + /* this converts each url to a standard form + * (domain lowercase and http at the beginning) + */ + + $return = ""; + + $parts = explode("/",$openid_url); + $return .= "http://"; + + /* check for http:// */ + if( strtolower($parts[0]) == "http:" ) + array_shift($parts); + if( $parts[0] == "") + array_shift($parts); + + /* next part is the server*/ + $return .= strtolower( $parts[0] ); + array_shift($parts); + + foreach ($parts as $t) + $return .= "/$t"; + + return $return; +} + +function DB_GetUserId($openid_url) +{ + $result = DB_query_array("SELECT user_id FROM user_openids WHERE openid_url = ".DB_quote_smart(OpenIDUrlEncode($openid_url))); + + if($result) + return $result[0]; + else + return False; +} + +function DB_GetOpenIDsByUser($user_id) +{ + return DB_query_array_all("SELECT openid_url FROM user_openids WHERE user_id = '$user_id'"); +} + +function DB_AttachOpenID($openid_url, $user_id) +{ + DB_query("INSERT INTO user_openids VALUES (".DB_quote_smart(OpenIDUrlEncode($openid_url)).", '$user_id')"); +} + +function DB_DetachOpenID($openid_url, $user_id) +{ + DB_query("DELETE FROM user_openids WHERE openid_url = ".DB_quote_smart(OpenIDUrlEncode($openid_url))." AND user_id = '$user_id'"); +} + +function DB_DetachOpenIDsByUser($user_id) +{ + DB_query("DELETE FROM user_openids WHERE user_id = '$user_id'"); +} + +?> \ No newline at end of file diff --git a/include/preferences.php b/include/preferences.php index f42ae82..4abaf3b 100644 --- a/include/preferences.php +++ b/include/preferences.php @@ -5,6 +5,8 @@ if(!isset($HOST)) exit; +include_once('openid.php'); + $name = $_SESSION["name"]; $email = DB_get_email('name',$name); $myid = DB_get_userid('email',$email); @@ -20,6 +22,7 @@ $changed_autosetup = 0; $changed_sorting = 0; $changed_openforgames = 0; $changed_vacation = 0; +$changed_openid = 0; display_user_menu($myid); @@ -33,6 +36,20 @@ DB_update_user_timestamp($myid); * update the database and track changes with a variable, so that * we can later highlight the changed value */ + +/* check for deleted openids */ +foreach($_REQUEST as $key=>$value) +{ + if(strstr($key,"delete-openid-")) + { + /* found and openid to delete */ + $DelOpenID = substr(str_replace("_",".",$key),14); + DB_DetachOpenID($DelOpenID, $myid); + $changed_openid = 1; + } +} + + if(myisset('vacation_start','vacation_stop','vacation_comment') && ($_REQUEST['vacation_start']!='' || $_REQUEST['vacation_stop']!='') ) @@ -236,6 +253,12 @@ if(myisset("password0") && $_REQUEST["password0"]!="" ) /* error output below */ } +if(myisset("openid_url") && $_REQUEST['openid_url']!='') + { + $openid_url = OpenIDUrlEncode($_REQUEST['openid_url']); + DB_AttachOpenID($openid_url, $myid); + } + /* get infos again in case they have changed */ $PREF = DB_get_PREF($myid); $timezone = DB_get_user_timezone($myid); @@ -386,6 +409,31 @@ echo " Password(new, retype): ", " \n"; echo " \n"; echo " \n"; +echo "
\n"; +echo " OpenID\n"; + +$openids = array(); +$openids = DB_GetOpenIDsByUser($myid); + +if(sizeof($openids)) + { + echo " \n"; + echo " \n"; + echo " \n"; + foreach ($openids as $ids) + { + $id=($ids[0]); + echo " \n"; + } + echo " \n"; + echo "
Delete?OpenId
",$id, "
\n"; + } + +echo " add OpenID: ", + ""; +if($changed_openid) + echo " Deleted some OpenIDs!
\n"; +echo "
\n"; echo "
Submit
\n"; echo " \n"; echo "\n"; diff --git a/include/register.php b/include/register.php index 7f3266b..75ec309 100644 --- a/include/register.php +++ b/include/register.php @@ -6,7 +6,7 @@ if(!isset($HOST)) exit; /* new user wants to register */ -if(myisset("Rfullname","Remail","Rpassword","Rtimezone") ) +if(myisset("Rfullname","Remail","Rtimezone") ) { global $HOST,$INDEX; @@ -23,6 +23,13 @@ if(myisset("Rfullname","Remail","Rpassword","Rtimezone") ) echo "this email address is already used ?!
"; $ok=0; } + /* need either openid or password */ + if(!myisset('Rpassword') && !myisset('Ropenid')) + { + echo "I need either a Password or an Openid url.
"; + $ok=0; + } + /* check against robots */ $robots=0; /* at least one anti-robot question needs to be answered */ if(myisset('Robotproof0')) @@ -65,15 +72,34 @@ if(myisset("Rfullname","Remail","Rpassword","Rtimezone") ) echo "You answered the math question wrong.
\n"; $ok=0; } - /* everything ok, go ahead and create user */ if($ok) { - $r=DB_query("INSERT INTO User VALUES(NULL,".DB_quote_smart($_REQUEST["Rfullname"]). - ",".DB_quote_smart($_REQUEST["Remail"]). - ",".DB_quote_smart(md5($_REQUEST["Rpassword"])). - ",".DB_quote_smart($_REQUEST["Rtimezone"]).",NULL,NULL)"); - + if(myisset('Rpassword')) + { + $r=DB_query("INSERT INTO User VALUES(NULL,".DB_quote_smart($_REQUEST["Rfullname"]). + ",".DB_quote_smart($_REQUEST["Remail"]). + ",".DB_quote_smart(md5($_REQUEST["Rpassword"])). + ",".DB_quote_smart($_REQUEST["Rtimezone"]).",NULL,NULL)"); + } + else if(myisset('Ropenid')) + { + $password = $_REQUEST["Rfullname"].preg_replace('/([ ])/e', 'chr(rand(33,122))', ' '); + $r=DB_query("INSERT INTO User VALUES(NULL,".DB_quote_smart($_REQUEST["Rfullname"]). + ",".DB_quote_smart($_REQUEST["Remail"]). + ",".DB_quote_smart(md5($password)). + ",".DB_quote_smart($_REQUEST["Rtimezone"]).",NULL,NULL)"); + if($r) + { + include_once('openid.php'); + $myid = DB_get_userid('email',$_REQUEST['Remail']); + DB_AttachOpenID($_REQUEST['Ropenid'], $myid); + } + } + else + { + echo 'Error during registration, please contact '.$ADMIN_NAME.' at '.$ADMIN_EMAIL; + } if($r) { /* Set session, so that new user doesn't need to log in */ @@ -94,29 +120,50 @@ if(myisset("Rfullname","Remail","Rpassword","Rtimezone") ) else { /* No information for new user given, ouput a page for registration */ - echo "


IMPORTANT: passwords are going over the net as clear text, so pick an easy password. ". - "No need to pick anything complicated here ;)
"; + + /* check for openid information */ + $openid_url = ''; + $name = ''; + $email = ''; + if(myisset('openid_url')) + $openid_url = $_REQUEST['openid_url']; + if(myisset('openidname')) + $name = $_REQUEST['openidname']; + if(myisset('openidemail')) + $email = $_REQUEST['openidemail']; + + if($openid_url=='') + echo "


IMPORTANT: passwords are going over the net as clear text, so pick an easy password. ". + "No need to pick anything complicated here ;)
"; echo "N.B. Your email address will be exposed to other players whom you play games with. "; echo "

"; - ?> -
-
- Register - - - - - - - - - - - - -
-'; + echo '
'; + echo ' Register'; + echo ' '; + echo ' '; + echo ' '; + echo " "; + echo ' '; + echo ' '; + echo " "; + echo ' '; + if($openid_url=='') + { + echo ' '; + echo ' '; + echo ' '; + } + else + { + echo ' '; + echo ' '; + echo ' '; + } + echo ' '; + echo ' diff --git a/include/welcome.php b/include/welcome.php index 5dd267c..2ff4fdf 100644 --- a/include/welcome.php +++ b/include/welcome.php @@ -77,6 +77,15 @@ if($done==0)
+ +
+

Have an OpenID account? Sign in below
+ +
+ e.g. http://username.openid.net. See openid.net for more information.

+ -- 2.17.1
'; + + output_select_timezone("Rtimezone"); ?>