diff options
Diffstat (limited to 'examples/server')
| -rw-r--r-- | examples/server/about.php | 18 | ||||
| -rw-r--r-- | examples/server/common.php | 337 | ||||
| -rw-r--r-- | examples/server/config.php | 65 | ||||
| -rw-r--r-- | examples/server/default.css | 24 | ||||
| -rw-r--r-- | examples/server/failure.php | 11 | ||||
| -rw-r--r-- | examples/server/idpage.inc | 29 | ||||
| -rw-r--r-- | examples/server/login.php | 64 | ||||
| -rw-r--r-- | examples/server/logout.php | 12 | ||||
| -rw-r--r-- | examples/server/server.php | 33 | ||||
| -rw-r--r-- | examples/server/success.php | 11 | ||||
| -rw-r--r-- | examples/server/trust.php | 23 |
11 files changed, 464 insertions, 163 deletions
diff --git a/examples/server/about.php b/examples/server/about.php deleted file mode 100644 index b8c7063..0000000 --- a/examples/server/about.php +++ /dev/null @@ -1,18 +0,0 @@ -<?php $title = 'PHP OpenID Server Example'; ?> -<html> - <head> - <title><?php print $title; ?></title> - </head> - <body> - <h1><?php print $title; ?></h1> - <p> - This is an example PHP OpenID server. It is using the <a - href="http://www.openidenabled.com/openid/libraries/php">JanRain - PHP OpenID library</a>. This server will approve any request - for the URL <?php -$esc_id = htmlspecialchars($success_identity, ENT_QUOTES); -print "<a href='$esc_id'>$esc_id</a>"; - ?> and reject requests for any other URL. - </p> - </body> -</html> diff --git a/examples/server/common.php b/examples/server/common.php index b4efda1..33e936f 100644 --- a/examples/server/common.php +++ b/examples/server/common.php @@ -1,109 +1,314 @@ <?php -$path_extra = dirname(dirname(dirname(__FILE__))); -$path = ini_get('include_path'); -$path = $path_extra . ':' . $path; -ini_set('include_path', $path); - +require_once "config.php"; require_once "Auth/OpenID/Server.php"; -require_once "Auth/OpenID/Store/FileStore.php"; +require_once "Auth/OpenID/HMACSHA1.php"; -define('DEFAULT_STORE_DIR', '/tmp/php_example_store'); +/** + * Instantiate a new OpenID server object + */ +function getServer() +{ + global $server_url; + static $server = null; + if (!isset($server)) { + $server = new Auth_OpenID_Server($server_url, getOpenIDStore()); + } + return $server; +} -function serverRootURL() +/** + * Respond to an OpenID consumer POST request + */ +function returnKV($kv, $success=true) { - $server = $_SERVER['SERVER_NAME']; - $req_port = $_SERVER['SERVER_PORT']; + if (!$success) { + header('400 Bad Request'); + } + header('Content-Type: text/plain; charset=us-ascii'); + print $kv; +} - list($proto, $_) = explode('/', $_SERVER['SERVER_PROTOCOL'], 2); - $proto = strtolower($proto); +/** + * Perform an HTTP redirect + */ +function redirect($redir_url) +{ + header('HTTP/1.1 302 Found'); + header('Location: ' . $redir_url); + header('Content-Type: text/plain; charset=us-ascii'); + print 'Please wait; you are being redirected to ' . $redir_url; +} - if ($proto != 'http') { - trigger_error("I don't know how to build a URL for $proto", - E_USER_WARNING); - return false; +/** + * Display an error page + */ +function showError($error, $status, $message) +{ + header('HTTP/1.1 ' . $status . ' ' . $message); + header('Content-Type: text/plain; charset=us-ascii'); + print "An error occurred when processing your request:\n$error\n"; +} + +/** + * Return a string containing an anchor tag containing the given URL + * + * The URL does not need to be quoted, but if text is passed in, then + * it does. + */ +function linkURL($url, $text=null) { + $esc_url = htmlspecialchars($url, ENT_QUOTES); + if ($text === null) { + $text = $esc_url; } + return "<a href='$esc_url'>$text</a>"; +} + +function hashPassword($password) +{ + return bin2hex(Auth_OpenID_SHA1($password)); +} + +/** + * Set up the session + */ +function init() +{ + session_name('openid_server'); + session_start(); +} - if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") { - $proto .= 's'; - $default_port = '443'; +/** + * Check the user's login information + */ +function checkLogin($openid_url, $password) +{ + global $openid_users; + $hash = hashPassword($password); + + return isset($openid_users[$openid_url]) + && $hash == $openid_users[$openid_url]; +} + +/** + * Get the openid_url out of the cookie + * + * @return mixed $openid_url The URL that was stored in the cookie or + * false if there is none present or if the cookie is bad. + */ +function getLoggedInUser() +{ + return isset($_SESSION['openid_url']) + ? $_SESSION['openid_url'] + : false; +} + +/** + * Set the openid_url in the cookie + * + * @param mixed $identity_url The URL to set. If set to null, the + * value will be unset. + */ +function setLoggedInUser($identity_url=null) +{ + if (!isset($identity_url)) { + unset($_SESSION['openid_url']); } else { - $default_port = '80'; - $port = ($req_port == '443') ? '' : (':' . $req_port); + $_SESSION['openid_url'] = $identity_url; } +} - $port = ($req_port == $default_port) ? "" : (":" . $req_port); +function pageHeader($user, $title, $h1=null, $login=false) +{ + if (!$h1) { + $h1 = $title; + } + + if ($user) { + $head = sprintf(logged_in_pat, linkURL($user)); + } else { + if (!$login) { + $head = logged_out_pat; + } + } - $pat = "%s://%s%s"; - return sprintf($pat, $proto, $server, $port); + return sprintf(html_start, $title, $h1, $head); } -function getCurrentURL($full=false) +function pageFoot() { - $tail = $full ? $_SERVER['REQUEST_URI'] : $_SERVER['SCRIPT_NAME']; - return serverRootURL() . $tail; + return html_end; } -function getParentURL() +function succeed($info) { - return serverRootURL() . dirname($_SERVER['SCRIPT_NAME']); + $server = getServer(); + $resp = $server->getAuthResponse(&$info, true); + handleResponse($resp, 'badAuth'); } -function relURL($path) +function doAuth($info) { - if (substr($path, 0, 1) != '/') { - $path = '/' . $path; + $req_url = $info->getIdentityURL(); + $user = getLoggedInUser(); + if ($req_url == $user) { + if (isTrusted($info->getTrustRoot())) { + // This is a trusted site, so continue + succeed($info); + } else { + $_SESSION['request'] = serialize($info); + trustPage($info); + } + } else { + $_SESSION['request'] = serialize($info); + if ($user) { + $msg = sprintf(bad_user_pat, linkURL($user), linkURL($req_url)); + } else { + $msg = sprintf(no_user_pat, linkURL($req_url)); + } + loginPage(array($msg), $req_url); } - return getParentURL() . $path; } -function newServer($store_dir=DEFAULT_STORE_DIR, $server_url=null) +function isTrusted($trust_root) { - if (!isset($server_url)) { - $server_url = getCurrentURL(); - } - if (!file_exists($store_dir) && !mkdir($store_dir)) { - print "Could not create the FileStore directory '$store_path'. ". - " Please check the effective permissions."; - exit(0); + global $trusted_sites; + return in_array($trust_root, $trusted_sites); +} + +function doError($error) +{ + showError($error, '500', 'Internal error'); + exit(1); +} + +function badAuth($info) +{ + doError('Unexpectedly got DO_AUTH inside of DO_AUTH'); +} + +function handleResponse($response, $do_auth) +{ + list ($status, $info) = $response; + switch($status) { + case Auth_OpenID_REMOTE_ERROR: + case Auth_OpenID_REMOTE_OK: + returnKV($info); + break; + case Auth_OpenID_REDIRECT: + redirect($info); + break; + case Auth_OpenID_DO_AUTH: + $do_auth($info); + break; + case Auth_OpenID_DO_ABOUT: + aboutPage(); + break; + case Auth_OpenID_LOCAL_ERROR: + showError($info, '400', 'Bad request'); + break; + default: + $repr = var_export($status, true); + doError("Internal error: unknown status $repr"); } + exit(0); +} + - $store = new Auth_OpenID_FileStore($store_dir); - return new Auth_OpenID_Server($server_url, &$store); +function loginForm($identity_url='') +{ + return sprintf(login_form_pat, $identity_url); } -function returnKV($kv) +function showErrors($errors) { - header('Content-Type: text/plain; charset=us-ascii'); - print $kv; + if ($errors) { + foreach ($errors as $error) { + print '<div class="error">' . $error . "</div>\n"; + } + } } -function redirect($redir_url) +function loginPage($errors=null, $input=null) { - header('Location: ' . $redir_url); - header('Content-Type: text/plain; charset=us-ascii'); - print 'Please wait; you are being redirected to ' . $redir_url; + $current_user = getLoggedInUser(); + if ($input === null) { + $input = $current_user; + } + print pageHeader($current_user, 'Log In', null, true); + showErrors($errors); + print loginForm(htmlspecialchars($input, ENT_QUOTES)); + print pageFoot(); } -function showError($error, $status, $message) +function trustPage($info) { - header('HTTP/1.1 ' . $status . ' ' . $message); - header('Content-Type: text/plain; charset=us-ascii'); - print "An error occurred when processing your request:\n$error\n\n"; - var_export($_SERVER); + $current_user = getLoggedInUser(); + print pageHeader($current_user, 'Trust This Site'); + print '<p>' . htmlspecialchars($info->getTrustRoot()) . '</p>'; + print '<form method="post" action="trust.php"> +<input type="submit" name="trust" value="Trust this site" /> +<input type="submit" value="Do not trust this site" /> +</form> +'; + print pageFoot(); } -function linkURL($url) { - $esc_url = htmlspecialchars($url, ENT_QUOTES); - return "<a href='$esc_url'>$esc_url</a>"; +function aboutPage() +{ + $current_user = getLoggedInUser(); + print pageHeader($current_user, 'OpenID Server Endpoint'); + print pageFoot(); } - -$parent = getParentURL(); -$success_identity = relURL('success.php'); -$failure_identity = relURL('failure.php'); -$server_url = relURL('server.php'); -$esc_server = htmlspecialchars($server_url, ENT_QUOTES); -$esc_success = htmlspecialchars($success_identity, ENT_QUOTES); -$esc_failure = htmlspecialchars($failure_identity, ENT_QUOTES); +define('login_form_pat', + '<div class="login"> + <p> + Enter your identity URL and password into this form to log in to + this server. This server must be configured to accept your identity URL. + </p> + + <form method="post" action="login.php"> + <table> + <tr> + <th><label for="openid_url">OpenID URL:</label></th> + <td><input type="text" name="openid_url" + value="%s" id="openid_url" /></td> + </tr> + <tr> + <th><label for="password">Password:</label></th> + <td><input type="password" name="password" id="password" /></td> + </tr> + <tr> + <td colspan="2"><input type="submit" value="Log in" /></td> + </tr> + </table> + </form> +</div> +'); +define('html_start', +'<html> + <head> + <title>%s</title> + <link rel="stylesheet" type="text/css" href="default.css" /> + </head> + <body> + <h2>PHP OpenID Server</h2> + <h1>%s</h1> + <div class="header">%s</div> +'); +define('html_end', + ' </body> +</html>'); + +define('bad_user_pat', + 'You are logged in as %s and this request is for %s.'); +define('no_user_pat', + 'You are not logged in and this request is for %s.'); + +define('logged_in_pat', + 'You are logged in as %s. <a href="logout.php">Log out</a>'); +define('logged_out_pat', + 'Not logged in. <a href="login.php">Log in</a>'); + ?>
\ No newline at end of file diff --git a/examples/server/config.php b/examples/server/config.php new file mode 100644 index 0000000..ca2f492 --- /dev/null +++ b/examples/server/config.php @@ -0,0 +1,65 @@ +<?php +/** + * OpenID server example settings + * + * The variables in this file must be customized before you can use + * the server. + * + * @package OpenID.Examples + * @author JanRain, Inc. <openid@janrain.com> + * @copyright 2005 Janrain, Inc. + * @license http://www.gnu.org/copyleft/lesser.html LGPL + */ + +/** + * Set any extra include paths needed to use the library + */ +//$path_extra = dirname(dirname(dirname(__FILE__))); +//$path = ini_get('include_path'); +//$path = $path_extra . ':' . $path; +//ini_set('include_path', $path); + +/** + * The URL for the server. + * + * This is the location of server.php. For example: + * + * $server_url = 'http://example.com/~user/server.php'; + * + * This must be a full URL. + */ +$server_url = false; + +/** + * Initialize an OpenID store + * + * @return object $store an instance of OpenID store (see the + * documentation for how to create one) + */ +function getOpenIDStore() +{ + return false; +} + +/** + * Users who are allowed to log in to this OpenID server. + * + * This is an array from URL to password hash. The URL must include + * the proper OpenID server information in order to work with this + * server. + * + * This must be set for the server to be usable. If it is not set, no + * users will be able to log in. + */ +$openid_users = false; + +/** + * Trusted sites is an array of trust roots. + * + * Sites in this list will not have to be approved by the user in + * order to be used. It is OK to leave this value as-is. + * + * In a more robust server, this site should be a per-user setting. + */ +$trusted_sites = array(); +?>
\ No newline at end of file diff --git a/examples/server/default.css b/examples/server/default.css new file mode 100644 index 0000000..2565cef --- /dev/null +++ b/examples/server/default.css @@ -0,0 +1,24 @@ +div.error { + background: #ffeeee; + border: 1px solid red; + padding: 0.5em; +} + +.login th { + text-align: left; +} + +div.login { + border: thin solid #999999; + background: #eeeeee; + padding: 0.5em; + margin-top: 1em; +} + +div.login p { + margin-top: 0; +} + +body { + max-width: 50em; +}
\ No newline at end of file diff --git a/examples/server/failure.php b/examples/server/failure.php deleted file mode 100644 index 683ee24..0000000 --- a/examples/server/failure.php +++ /dev/null @@ -1,11 +0,0 @@ -<?php -require_once "common.php"; - -$target = $failure_identity; -$other_type = 'return success'; -$type = 'cancel'; -$title = 'Cancel Identity Page'; -$other = $success_identity; - -require "idpage.inc"; -?>
\ No newline at end of file diff --git a/examples/server/idpage.inc b/examples/server/idpage.inc deleted file mode 100644 index d7eda16..0000000 --- a/examples/server/idpage.inc +++ /dev/null @@ -1,29 +0,0 @@ -<?php -if (getCurrentURL(true) != $target) { - redirect($target); - return; -} - -$link_here = linkURL($target); -$link_there = linkURL($other); - -print "<html> - <head> - <title>$title</title> - <link rel='openid.server' href='$esc_server' /> - </head> - <body> - <h1>$title</h1> - <p> - This page is part of the - <a href='$esc_server'>PHP OpenID server example</a>. - Any requests to verify this URL ($link_here) will $type to consumers. - </p> - <p> - To test this server with a URL that will $other_type, use $link_there. - </p> - </body> -</html> -"; - -?>
\ No newline at end of file diff --git a/examples/server/login.php b/examples/server/login.php new file mode 100644 index 0000000..9dd022e --- /dev/null +++ b/examples/server/login.php @@ -0,0 +1,64 @@ +<?php + +require_once 'common.php'; + +function processForm($fields) +{ + global $server_url; + $errors = array(); + $openid_url = checkInput($fields, $errors); + if ($openid_url) { + setLoggedInUser($openid_url); + if (isset($_SESSION['request'])) { + $info = unserialize($_SESSION['request']); + trustPage($info); + } else { + redirect($server_url); + } + } else { + loginPage($errors, @$_POST['openid_url'], null, true); + } +} + +function checkInput($input, &$errors) +{ + $errors = array(); + if (!isset($input['openid_url'])) { + $errors[] = 'Enter an OpenID URL to continue'; + } + if (!isset($input['password'])) { + $errors[] = 'Enter a password to continue'; + } + if (count($errors) == 0) { + $openid_url = $input['openid_url']; + $password = $input['password']; + if (!checkLogin($openid_url, $password)) { + $errors[] = 'Password does not match identity URL'; + } else { + return $openid_url; + } + } + return false; +} + +function process() +{ + $method = $_SERVER['REQUEST_METHOD']; + switch ($method) { + case 'GET': + loginPage(); + break; + case 'POST': + processForm($_POST); + break; + default: + loginPage(array('Unsupported HTTP method: $method')); + break; + } +} + +// Set up the current session +init(); + +process(); +?>
\ No newline at end of file diff --git a/examples/server/logout.php b/examples/server/logout.php new file mode 100644 index 0000000..1ff893c --- /dev/null +++ b/examples/server/logout.php @@ -0,0 +1,12 @@ +<?php + +require_once "common.php"; + +// Set up the current session +init(); + +setLoggedInUser(null); +unset($_SESSION['request']); +redirect($server_url); + +?>
\ No newline at end of file diff --git a/examples/server/server.php b/examples/server/server.php index 38b0c19..166d5d3 100644 --- a/examples/server/server.php +++ b/examples/server/server.php @@ -2,34 +2,11 @@ require_once "common.php"; -$server = newServer(); +// Set up the current session +init(); -function isAuthorized($identity_url, $trust_root) { - global $success_identity; - return ($identity_url === $success_identity); -} +$server = getServer(); +$response = $server->getOpenIDResponse(); +handleResponse($response, 'doAuth'); -list($status, $info) = $server->getOpenIDResponse('isAuthorized'); - -switch($status) { -case Auth_OpenID_REMOTE_ERROR: -case Auth_OpenID_REMOTE_OK: - returnKV($info); - return; -case Auth_OpenID_REDIRECT: - redirect($info); - return; -case Auth_OpenID_DO_AUTH: - redirect($info->getCancelURL()); -case Auth_OpenID_DO_ABOUT: - include "about.php"; - return; -case Auth_OpenID_LOCAL_ERROR: - showError($info, '400', 'Bad request'); - return; -default: - $error = "Internal error: unknown status $status"; - showError($error, '500', 'Internal error'); - return; -} ?>
\ No newline at end of file diff --git a/examples/server/success.php b/examples/server/success.php deleted file mode 100644 index 70031c2..0000000 --- a/examples/server/success.php +++ /dev/null @@ -1,11 +0,0 @@ -<?php -require_once "common.php"; - -$target = $success_identity; -$type = 'return success'; -$other_type = 'cancel'; -$title = 'Success Identity Page'; -$other = $failure_identity; - -require "idpage.inc"; -?>
\ No newline at end of file diff --git a/examples/server/trust.php b/examples/server/trust.php new file mode 100644 index 0000000..62a860a --- /dev/null +++ b/examples/server/trust.php @@ -0,0 +1,23 @@ +<?php + +require_once "common.php"; + +init(); + +if (!isset($_SESSION['request'])) { + // Should not happen + redirect($server_url); +} + +$info = unserialize($_SESSION['request']); + +unset($_SESSION['request']); + +if (isset($_POST['trust'])) { + // This is a trusted site, so continue + succeed($info); +} else { + redirect($info->getCancelURL()); +} + +?>
\ No newline at end of file |