Namespaces | Functions

cms/login.lib.php File Reference

Go to the source code of this file.

Namespaces

namespace  pragyan
 

Widget Framework for Pragyan CMS (c) 2010 Pragyan Team http://www.gnu.org/licenses/ GNU Public License For more details, see README Add support for File Upload/Download via the widget's configurations Reload Widgets ,Get Widget Instances. see bottom.


Functions

 resetPasswd ($allow_login)
 openid_endpoint ($openid_url)
 openid_login ($userdata)
 loginForm ($allow_login=1)
 login ()

Function Documentation

login (  ) 

Undocumented Function. Basically performs the whole login routine

Todo:
Document it

Definition at line 531 of file login.lib.php.

loginForm ( allow_login = 1  ) 

Definition at line 427 of file login.lib.php.

openid_endpoint ( openid_url  ) 

This function takes the OpenID given by the user and try to find out the final endpoint by parsing the OpenID URL. It will check if the OpenID URL supplied is a valid URL or not. OpenID is stored in $_SESSION['openid_url'] for later use. It Uses the Dope_OpenID class found in cms/openid/. After the Endpoint URL has being found out, this function redirects the user to the OpenID provider's website for authentication

Parameters:
$openid_url The OpenID of the user as string.
Returns:
Nothing

If running PHP 5, use the built-in URL validator. Else use something like the following regex to validate input.

Proceed if we made it through without setting $error

Store the user's submitted OpenID Identity for later use.

Create a new Dope_OpenID object

ReturnURL: The URL to which the OpenID provider should return the user to, after the authentication has been done. This Line might require editing: The user's OpenID provider will return them to the URL that you provide here.

if rewriteEngine is enabled, then write explicit name index.php (direct filename are saved from being processed by rewrite engine) since rewriteEngine is poorly coded. It doesn't allow longer GET queries. if rewriteEngine is off, we can remove the index.php part to make the url look non-php

TrustRoot: The URL to which your user would be asked to trust. This is usually the parent directory of ReturnURL Set the trust root. This is the URL or set of URLs the user will be asked to trust when signing in with their OpenID Provider. It could be your base URL or a subdirectory thereof. Up to you.

OptionalInfo: The information you need to fetch form the Provider When the user signs in with their OpenID Provider, these are the details you would like sent back for your own use. Dope OpenID attempts to get this information using both Simple Registration and Attribute Exchange protocols. The type that is returned depends on the user's Provider. Each provider chooses what they wish to provide and all defined attributes may not be available. To see where these two types of attributes intersect, see the following: http://www.axschema.org/types/

EDIT THIS LINE (OPTIONAL) PAPE Policies help protect users and you against phishing and other authentication forgeries. It's an optional extension, so not all OpenID Providers will be using it. Uncomment to use it. More info and possible policy values here: http://openid.net/specs/openid-provider-authentication-policy-extension-1_0-01.html

EDIT THIS LINE (OPTIONAL) Also part of the PAPE extension, you can set a time limit for users to authenticate themselves with their OpenID Provider. If it takes too long, authentication will fail and the user will not be allowed access to your site. Uncomment and set a value in seconds to use.

Attempt to discover the user's OpenID provider endpoint

If we find the endpoint, you might want to store it for later use.

Redirect the user to their OpenID Provider

Call exit so the script stops executing while we wait to redirect.

Else we couldn't find an OpenID Provider endpoint for the user. You can report this error any way you like. but just for demonstration purposes we'll get the error as reported by Dope OpenID. It will be displayed farther down in this file with the HTML.

Definition at line 123 of file login.lib.php.

openid_login ( userdata  ) 

Performs the actual openid login once the authentication has been confirmed from the Provider. Basically deals with four cases: 1. The user has used this OpenID before: This means that this OpenID entry is there in the _openid_users table and thus the user has previously used this OpenID before. In such case, the authentication is done and the user logs in. 2. When the OpenID provider didn't returned the user's email address: We currently do not support such OpenID provider, and thus an error message is recieved by the user. 3. When OpenID provider returns an Email which is already there in our records: This means that the user of this OpenID is already being registered also as a normal Pragyan User (or other OpenID user). The main thing is that the there is an entry for this particular EmailID in _users table. When this happens, user is asked to give the password of the pre-existing account at the PragyanCMS so that it can be linked to this OpenID

Todo:
Check what happen if the entry in _users is because of another OpenID entry and not because of a Pragyan user. I suspect that the code will still ask for the password (which it shouldn't). The code shouldn't check Pre-existing email ID for those entries which have login_method as openid. 4. When OpenID proovider returns an Email which is not there in our records: In this case, the system demands the user to give their full name and thus it registers themselves as a dummy openid user in _users (with login_method = openid) and create entries in _openid_users too. After this, the user can start using his account.
Parameters:
$userdata user information returned by the OpenID provider. Can be fetched by the ->filteruserinfo() function in DopeOpenID class

Build a query to check if the OpenID already exits in openid_users table

the record exists, this user has already used his OpenID before

Fetch the user_id that corresponds to user_id in the _users table

the OpenID provider did sent us the email of the user. Check if it exists in our database and is activated

ASSUMPTION : the `user_activated' column in _users table is 1 if and only if his email is verified.

Assign the value to $_SESSION['last_to_last_login_datetime']

update the last login

logging in the user

This user is first time using the OpenID display a small form to input User's Details System should now check if the email ID is provided by the openID provider is already there in Our records. If yes, the current account should be linked up to the account in the database after accepting the password. Else, User should provide few details about him/her like Full name, and Email. Now after he provides the email, The System again has to check if the email is under records and if it is, ask the password from user to link it else, just make a new user in table _users

the OpenID provider did sent us the email of the user. Check if it exists in our database and is activated

ASSUMPTION : the `user_activated' column in _users table is 1 if and only if his email is verified.

if the Email was found in the records Display a Form to capture the Password and connect it

User have not used this OpenID before. The EmailID returned wasn't found in our records. Hence now we will have to get the full name of the user and then create a dummy user in _users table with the login_method as `openid'. Then we also have to make entries in the _openid_users table and add the user there appropriately.

The OpenID provider didn't sent us the Email. Tell the user that he can't authenticate using such providers

Definition at line 266 of file login.lib.php.

resetPasswd ( allow_login  ) 

Definition at line 16 of file login.lib.php.