[project @ Updated server example to require config, but have a UI]

author: Josh Hoyt <josh@janrain.com> 2006-02-07 07:55:25 +0000
committer: Josh Hoyt <josh@janrain.com> 2006-02-07 07:55:25 +0000
commit: 72891e2151d48641dba3c7e54b92f770c940439a (patch)
tree: 88607f13e487c086063b2dcdc654ecbd3784cdf2 /examples/server
parent: baf98ce3caaae821d68934fdb0410ea30e3124cf (diff)
download: php-openid-72891e2151d48641dba3c7e54b92f770c940439a.zip
php-openid-72891e2151d48641dba3c7e54b92f770c940439a.tar.gz
php-openid-72891e2151d48641dba3c7e54b92f770c940439a.tar.bz2
11 files changed, 464 insertions, 163 deletions
diff --git a/examples/server/about.php b/examples/server/about.php
deleted file mode 100644
index b8c7063..0000000
--- a/examples/server/about.php
+++ /dev/null
@@ -1,18 +0,0 @@
-<?php $title = 'PHP OpenID Server Example'; ?>
-<html>
-  <head>
-    <title><?php print $title; ?></title>
-  </head>
-  <body>
-    <h1><?php print $title; ?></h1>
-    <p>
-      This is an example PHP OpenID server. It is using the <a
-          href="http://www.openidenabled.com/openid/libraries/php">JanRain
-      PHP OpenID library</a>. This server will approve any request
-      for the URL <?php
-$esc_id = htmlspecialchars($success_identity, ENT_QUOTES);
-print "<a href='$esc_id'>$esc_id</a>";
-      ?> and reject requests for any other URL.
-    </p>
-  </body>
-</html>
diff --git a/examples/server/common.php b/examples/server/common.php
index b4efda1..33e936f 100644
--- a/examples/server/common.php
+++ b/examples/server/common.php
@@ -1,109 +1,314 @@
 <?php
 
-$path_extra = dirname(dirname(dirname(__FILE__)));
-$path = ini_get('include_path');
-$path = $path_extra . ':' . $path;
-ini_set('include_path', $path);
-
+require_once "config.php";
 require_once "Auth/OpenID/Server.php";
-require_once "Auth/OpenID/Store/FileStore.php";
+require_once "Auth/OpenID/HMACSHA1.php";
 
-define('DEFAULT_STORE_DIR', '/tmp/php_example_store');
+/**
+ * Instantiate a new OpenID server object
+ */
+function getServer()
+{
+    global $server_url;
+    static $server = null;
+    if (!isset($server)) {
+        $server = new Auth_OpenID_Server($server_url, getOpenIDStore());
+    }
+    return $server;
+}
 
-function serverRootURL()
+/**
+ * Respond to an OpenID consumer POST request
+ */
+function returnKV($kv, $success=true)
 {
-    $server = $_SERVER['SERVER_NAME'];
-    $req_port = $_SERVER['SERVER_PORT'];
+    if (!$success) {
+        header('400 Bad Request');
+    }
+    header('Content-Type: text/plain; charset=us-ascii');
+    print $kv;
+}
 
-    list($proto, $_) = explode('/', $_SERVER['SERVER_PROTOCOL'], 2);
-    $proto = strtolower($proto);
+/**
+ * Perform an HTTP redirect
+ */
+function redirect($redir_url)
+{
+    header('HTTP/1.1 302 Found');
+    header('Location: ' . $redir_url);
+    header('Content-Type: text/plain; charset=us-ascii');
+    print 'Please wait; you are being redirected to ' . $redir_url;
+}
 
-    if ($proto != 'http') {
-        trigger_error("I don't know how to build a URL for $proto",
-                      E_USER_WARNING);
-        return false;
+/**
+ * Display an error page
+ */
+function showError($error, $status, $message)
+{
+    header('HTTP/1.1 ' . $status . ' ' . $message);
+    header('Content-Type: text/plain; charset=us-ascii');
+    print "An error occurred when processing your request:\n$error\n";
+}
+
+/**
+ * Return a string containing an anchor tag containing the given URL
+ *
+ * The URL does not need to be quoted, but if text is passed in, then
+ * it does.
+ */
+function linkURL($url, $text=null) {
+    $esc_url = htmlspecialchars($url, ENT_QUOTES);
+    if ($text === null) {
+        $text = $esc_url;
     }
+    return "<a href='$esc_url'>$text</a>";
+}
+
+function hashPassword($password)
+{
+    return bin2hex(Auth_OpenID_SHA1($password));
+}
+
+/**
+ * Set up the session
+ */
+function init()
+{
+    session_name('openid_server');
+    session_start();
+}
 
-    if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") {
-        $proto .= 's';
-        $default_port = '443';
+/**
+ * Check the user's login information
+ */
+function checkLogin($openid_url, $password)
+{
+    global $openid_users;
+    $hash = hashPassword($password);
+
+    return isset($openid_users[$openid_url])
+        && $hash == $openid_users[$openid_url];
+}
+
+/**
+ * Get the openid_url out of the cookie
+ *
+ * @return mixed $openid_url The URL that was stored in the cookie or
+ * false if there is none present or if the cookie is bad.
+ */
+function getLoggedInUser()
+{
+    return isset($_SESSION['openid_url'])
+        ? $_SESSION['openid_url']
+        : false;
+}
+
+/**
+ * Set the openid_url in the cookie
+ *
+ * @param mixed $identity_url The URL to set. If set to null, the
+ * value will be unset.
+ */
+function setLoggedInUser($identity_url=null)
+{
+    if (!isset($identity_url)) {
+        unset($_SESSION['openid_url']);
     } else {
-        $default_port = '80';
-        $port = ($req_port == '443') ? '' : (':' . $req_port);
+        $_SESSION['openid_url'] = $identity_url;
     }
+}
 
-    $port = ($req_port == $default_port) ? "" : (":" . $req_port);
+function pageHeader($user, $title, $h1=null, $login=false)
+{
+    if (!$h1) {
+        $h1 = $title;
+    }
+
+    if ($user) {
+        $head = sprintf(logged_in_pat, linkURL($user));
+    } else {
+        if (!$login) {
+            $head = logged_out_pat;
+        }
+    }
 
-    $pat = "%s://%s%s";
-    return sprintf($pat, $proto, $server, $port);
+    return sprintf(html_start, $title, $h1, $head);
 }
 
-function getCurrentURL($full=false)
+function pageFoot()
 {
-    $tail = $full ? $_SERVER['REQUEST_URI'] : $_SERVER['SCRIPT_NAME'];
-    return serverRootURL() . $tail;
+    return html_end;
 }
 
-function getParentURL()
+function succeed($info)
 {
-    return serverRootURL() . dirname($_SERVER['SCRIPT_NAME']);
+    $server = getServer();
+    $resp = $server->getAuthResponse(&$info, true);
+    handleResponse($resp, 'badAuth');
 }
 
-function relURL($path)
+function doAuth($info)
 {
-    if (substr($path, 0, 1) != '/') {
-        $path = '/' . $path;
+    $req_url = $info->getIdentityURL();
+    $user = getLoggedInUser();
+    if ($req_url == $user) {
+        if (isTrusted($info->getTrustRoot())) {
+            // This is a trusted site, so continue
+            succeed($info);
+        } else {
+            $_SESSION['request'] = serialize($info);
+            trustPage($info);
+        }
+    } else {
+        $_SESSION['request'] = serialize($info);
+        if ($user) {
+            $msg = sprintf(bad_user_pat, linkURL($user), linkURL($req_url));
+        } else {
+            $msg = sprintf(no_user_pat, linkURL($req_url));
+        }
+        loginPage(array($msg), $req_url);
     }
-    return getParentURL() . $path;
 }
 
-function newServer($store_dir=DEFAULT_STORE_DIR, $server_url=null)
+function isTrusted($trust_root)
 {
-    if (!isset($server_url)) {
-        $server_url = getCurrentURL();
-    }
-    if (!file_exists($store_dir) && !mkdir($store_dir)) {
-        print "Could not create the FileStore directory '$store_path'. ".
-            " Please check the effective permissions.";
-        exit(0);
+    global $trusted_sites;
+    return in_array($trust_root, $trusted_sites);
+}
+
+function doError($error)
+{
+    showError($error, '500', 'Internal error');
+    exit(1);
+}
+
+function badAuth($info)
+{
+    doError('Unexpectedly got DO_AUTH inside of DO_AUTH');
+}
+
+function handleResponse($response, $do_auth)
+{
+    list ($status, $info) = $response;
+    switch($status) {
+    case Auth_OpenID_REMOTE_ERROR:
+    case Auth_OpenID_REMOTE_OK:
+        returnKV($info);
+        break;
+    case Auth_OpenID_REDIRECT:
+        redirect($info);
+        break;
+    case Auth_OpenID_DO_AUTH:
+        $do_auth($info);
+        break;
+    case Auth_OpenID_DO_ABOUT:
+        aboutPage();
+        break;
+    case Auth_OpenID_LOCAL_ERROR:
+        showError($info, '400', 'Bad request');
+        break;
+    default:
+        $repr = var_export($status, true);
+        doError("Internal error: unknown status $repr");
     }
+    exit(0);
+}
+
 
-    $store = new Auth_OpenID_FileStore($store_dir);
-    return new Auth_OpenID_Server($server_url, &$store);
+function loginForm($identity_url='')
+{
+    return sprintf(login_form_pat, $identity_url);
 }
 
-function returnKV($kv)
+function showErrors($errors)
 {
-    header('Content-Type: text/plain; charset=us-ascii');
-    print $kv;
+    if ($errors) {
+        foreach ($errors as $error) {
+            print '<div class="error">' . $error . "</div>\n";
+        }
+    }
 }
 
-function redirect($redir_url)
+function loginPage($errors=null, $input=null)
 {
-    header('Location: ' . $redir_url);
-    header('Content-Type: text/plain; charset=us-ascii');
-    print 'Please wait; you are being redirected to ' . $redir_url;
+    $current_user = getLoggedInUser();
+    if ($input === null) {
+        $input = $current_user;
+    }
+    print pageHeader($current_user, 'Log In', null, true);
+    showErrors($errors);
+    print loginForm(htmlspecialchars($input, ENT_QUOTES));
+    print pageFoot();
 }
 
-function showError($error, $status, $message)
+function trustPage($info)
 {
-    header('HTTP/1.1 ' . $status . ' ' . $message);
-    header('Content-Type: text/plain; charset=us-ascii');
-    print "An error occurred when processing your request:\n$error\n\n";
-    var_export($_SERVER);
+    $current_user = getLoggedInUser();
+    print pageHeader($current_user, 'Trust This Site');
+    print '<p>' . htmlspecialchars($info->getTrustRoot()) . '</p>';
+    print '<form method="post" action="trust.php">
+<input type="submit" name="trust" value="Trust this site" />
+<input type="submit" value="Do not trust this site" />
+</form>
+';
+    print pageFoot();
 }
 
-function linkURL($url) {
-    $esc_url = htmlspecialchars($url, ENT_QUOTES);
-    return "<a href='$esc_url'>$esc_url</a>";
+function aboutPage()
+{
+    $current_user = getLoggedInUser();
+    print pageHeader($current_user, 'OpenID Server Endpoint');
+    print pageFoot();
 }
-    
-$parent = getParentURL();
-$success_identity = relURL('success.php');
-$failure_identity = relURL('failure.php');
-$server_url = relURL('server.php');
 
-$esc_server = htmlspecialchars($server_url, ENT_QUOTES);
-$esc_success = htmlspecialchars($success_identity, ENT_QUOTES);
-$esc_failure = htmlspecialchars($failure_identity, ENT_QUOTES);
+define('login_form_pat',
+       '<div class="login">
+  <p>
+    Enter your identity URL and password into this form to log in to
+    this server. This server must be configured to accept your identity URL.
+  </p>
+
+  <form method="post" action="login.php">
+    <table>
+      <tr>
+        <th><label for="openid_url">OpenID URL:</label></th>
+        <td><input type="text" name="openid_url"
+                   value="%s" id="openid_url" /></td>
+      </tr>
+      <tr>
+        <th><label for="password">Password:</label></th>
+        <td><input type="password" name="password" id="password" /></td>
+      </tr>
+      <tr>
+        <td colspan="2"><input type="submit" value="Log in" /></td>
+      </tr>
+    </table>
+  </form>
+</div>
+');
+define('html_start',
+'<html>
+  <head>
+    <title>%s</title>
+    <link rel="stylesheet" type="text/css" href="default.css" />
+  </head>
+  <body>
+    <h2>PHP OpenID Server</h2>
+    <h1>%s</h1>
+    <div class="header">%s</div>
+');
+define('html_end',
+       '  </body>
+</html>');
+
+define('bad_user_pat',
+       'You are logged in as %s and this request is for %s.');
+define('no_user_pat',
+       'You are not logged in and this request is for %s.');
+
+define('logged_in_pat',
+       'You are logged in as %s. <a href="logout.php">Log out</a>');
+define('logged_out_pat',
+       'Not logged in. <a href="login.php">Log in</a>');
+
 ?>
 \ No newline at end of file
diff --git a/examples/server/config.php b/examples/server/config.php
new file mode 100644
index 0000000..ca2f492
--- /dev/null
+++ b/examples/server/config.php
@@ -0,0 +1,65 @@
+<?php
+/**
+ * OpenID server example settings
+ *
+ * The variables in this file must be customized before you can use
+ * the server.
+ *
+ * @package OpenID.Examples
+ * @author JanRain, Inc. <openid@janrain.com>
+ * @copyright 2005 Janrain, Inc.
+ * @license http://www.gnu.org/copyleft/lesser.html LGPL
+ */
+
+/**
+ * Set any extra include paths needed to use the library
+ */
+//$path_extra = dirname(dirname(dirname(__FILE__)));
+//$path = ini_get('include_path');
+//$path = $path_extra . ':' . $path;
+//ini_set('include_path', $path);
+
+/**
+ * The URL for the server.
+ *
+ * This is the location of server.php. For example:
+ *
+ * $server_url = 'http://example.com/~user/server.php';
+ *
+ * This must be a full URL.
+ */
+$server_url = false;
+
+/**
+ * Initialize an OpenID store
+ *
+ * @return object $store an instance of OpenID store (see the
+ * documentation for how to create one)
+ */
+function getOpenIDStore()
+{
+    return false;
+}
+
+/**
+ * Users who are allowed to log in to this OpenID server.
+ *
+ * This is an array from URL to password hash. The URL must include
+ * the proper OpenID server information in order to work with this
+ * server.
+ *
+ * This must be set for the server to be usable. If it is not set, no
+ * users will be able to log in.
+ */
+$openid_users = false;
+
+/**
+ * Trusted sites is an array of trust roots.
+ *
+ * Sites in this list will not have to be approved by the user in
+ * order to be used. It is OK to leave this value as-is.
+ *
+ * In a more robust server, this site should be a per-user setting.
+ */
+$trusted_sites = array();
+?>
+\ No newline at end of file
diff --git a/examples/server/default.css b/examples/server/default.css
new file mode 100644
index 0000000..2565cef
--- /dev/null
+++ b/examples/server/default.css
@@ -0,0 +1,24 @@
+div.error {
+    background: #ffeeee;
+    border: 1px solid red;
+    padding: 0.5em;
+}
+
+.login th {
+    text-align: left;
+}
+
+div.login {
+    border: thin solid #999999;
+    background: #eeeeee;
+    padding: 0.5em;
+    margin-top: 1em;
+}
+
+div.login p {
+    margin-top: 0;
+}
+
+body {
+    max-width: 50em;
+}
+\ No newline at end of file
diff --git a/examples/server/failure.php b/examples/server/failure.php
deleted file mode 100644
index 683ee24..0000000
--- a/examples/server/failure.php
+++ /dev/null
@@ -1,11 +0,0 @@
-<?php
-require_once "common.php";
-
-$target = $failure_identity;
-$other_type = 'return success';
-$type = 'cancel';
-$title = 'Cancel Identity Page';
-$other = $success_identity;
-
-require "idpage.inc";
-?>
-\ No newline at end of file
diff --git a/examples/server/idpage.inc b/examples/server/idpage.inc
deleted file mode 100644
index d7eda16..0000000
--- a/examples/server/idpage.inc
+++ /dev/null
@@ -1,29 +0,0 @@
-<?php
-if (getCurrentURL(true) != $target) {
-    redirect($target);
-    return;
-}
-
-$link_here = linkURL($target);
-$link_there = linkURL($other);
-
-print "<html>
-  <head>
-    <title>$title</title>
-    <link rel='openid.server' href='$esc_server' />
-  </head>
-  <body>
-    <h1>$title</h1>
-    <p>
-      This page is part of the
-      <a href='$esc_server'>PHP OpenID server example</a>.
-      Any requests to verify this URL ($link_here) will $type to consumers.
-    </p>
-    <p>
-      To test this server with a URL that will $other_type, use $link_there.
-    </p>
-  </body>
-</html>
-";
-
-?>
-\ No newline at end of file
diff --git a/examples/server/login.php b/examples/server/login.php
new file mode 100644
index 0000000..9dd022e
--- /dev/null
+++ b/examples/server/login.php
@@ -0,0 +1,64 @@
+<?php
+
+require_once 'common.php';
+
+function processForm($fields)
+{
+    global $server_url;
+    $errors = array();
+    $openid_url = checkInput($fields, $errors);
+    if ($openid_url) {
+        setLoggedInUser($openid_url);
+        if (isset($_SESSION['request'])) {
+            $info = unserialize($_SESSION['request']);
+            trustPage($info);
+        } else {
+            redirect($server_url);
+        }
+    } else {
+        loginPage($errors, @$_POST['openid_url'], null, true);
+    }
+}
+
+function checkInput($input, &$errors)
+{
+    $errors = array();
+    if (!isset($input['openid_url'])) {
+        $errors[] = 'Enter an OpenID URL to continue';
+    }
+    if (!isset($input['password'])) {
+        $errors[] = 'Enter a password to continue';
+    }
+    if (count($errors) == 0) {
+        $openid_url = $input['openid_url'];
+        $password = $input['password'];
+        if (!checkLogin($openid_url, $password)) {
+            $errors[] = 'Password does not match identity URL';
+        } else {
+            return $openid_url;
+        }
+    }
+    return false;
+}
+
+function process()
+{
+    $method = $_SERVER['REQUEST_METHOD'];
+    switch ($method) {
+    case 'GET':
+        loginPage();
+        break;
+    case 'POST':
+        processForm($_POST);
+        break;
+    default:
+        loginPage(array('Unsupported HTTP method: $method'));
+        break;
+    }
+}
+
+// Set up the current session
+init();
+
+process();
+?>
+\ No newline at end of file
diff --git a/examples/server/logout.php b/examples/server/logout.php
new file mode 100644
index 0000000..1ff893c
--- /dev/null
+++ b/examples/server/logout.php
@@ -0,0 +1,12 @@
+<?php
+
+require_once "common.php";
+
+// Set up the current session
+init();
+
+setLoggedInUser(null);
+unset($_SESSION['request']);
+redirect($server_url);
+
+?>
+\ No newline at end of file
diff --git a/examples/server/server.php b/examples/server/server.php
index 38b0c19..166d5d3 100644
--- a/examples/server/server.php
+++ b/examples/server/server.php
@@ -2,34 +2,11 @@
 
 require_once "common.php";
 
-$server = newServer();
+// Set up the current session
+init();
 
-function isAuthorized($identity_url, $trust_root) {
-    global $success_identity;
-    return ($identity_url === $success_identity);
-}
+$server = getServer();
+$response = $server->getOpenIDResponse();
+handleResponse($response, 'doAuth');
 
-list($status, $info) = $server->getOpenIDResponse('isAuthorized');
-
-switch($status) {
-case Auth_OpenID_REMOTE_ERROR:
-case Auth_OpenID_REMOTE_OK:
-    returnKV($info);
-    return;
-case Auth_OpenID_REDIRECT:
-    redirect($info);
-    return;
-case Auth_OpenID_DO_AUTH:
-    redirect($info->getCancelURL());
-case Auth_OpenID_DO_ABOUT:
-    include "about.php";
-    return;
-case Auth_OpenID_LOCAL_ERROR:
-    showError($info, '400', 'Bad request');
-    return;
-default:
-    $error = "Internal error: unknown status $status";
-    showError($error, '500', 'Internal error');
-    return;
-}
 ?>
 \ No newline at end of file
diff --git a/examples/server/success.php b/examples/server/success.php
deleted file mode 100644
index 70031c2..0000000
--- a/examples/server/success.php
+++ /dev/null
@@ -1,11 +0,0 @@
-<?php
-require_once "common.php";
-
-$target = $success_identity;
-$type = 'return success';
-$other_type = 'cancel';
-$title = 'Success Identity Page';
-$other = $failure_identity;
-
-require "idpage.inc";
-?>
-\ No newline at end of file
diff --git a/examples/server/trust.php b/examples/server/trust.php
new file mode 100644
index 0000000..62a860a
--- /dev/null
+++ b/examples/server/trust.php
@@ -0,0 +1,23 @@
+<?php
+
+require_once "common.php";
+
+init();
+
+if (!isset($_SESSION['request'])) {
+    // Should not happen
+    redirect($server_url);
+}
+
+$info = unserialize($_SESSION['request']);
+
+unset($_SESSION['request']);
+
+if (isset($_POST['trust'])) {
+    // This is a trusted site, so continue
+    succeed($info);
+} else {
+    redirect($info->getCancelURL());
+}
+
+?>
+\ No newline at end of file
author	Josh Hoyt <josh@janrain.com>	2006-02-07 07:55:25 +0000
committer	Josh Hoyt <josh@janrain.com>	2006-02-07 07:55:25 +0000
commit	72891e2151d48641dba3c7e54b92f770c940439a (patch)
tree	88607f13e487c086063b2dcdc654ecbd3784cdf2 /examples/server
parent	baf98ce3caaae821d68934fdb0410ea30e3124cf (diff)
download	php-openid-72891e2151d48641dba3c7e54b92f770c940439a.zip php-openid-72891e2151d48641dba3c7e54b92f770c940439a.tar.gz php-openid-72891e2151d48641dba3c7e54b92f770c940439a.tar.bz2