• Main Page
  • Related Pages
  • Namespaces
  • Data Structures
  • Files
  • Examples
  • File List
  • Globals

cms/openid/index.php

Go to the documentation of this file.
00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 { 
00004         header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005         echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006         echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007         exit(1);
00008 }
00033 /*
00034 * Example uses default PHP sessions.
00035 * Feel free to use whatever session management you prefer.
00036 */
00037 session_start();
00038 
00039 
00040 require 'class.dopeopenid.php';
00041 /*
00042 * If $_POST['process'] is set, begin OpenID login form processing.
00043 */
00044 //echo "hello";
00045 
00046 function openid_endpoint($openid_url){
00047     
00048   /*
00049    * If running PHP 5, use the built-in URL validator.
00050    * Else use something like the following regex to validate input.
00051    */
00052   echo $openid_url;
00053   if(function_exists('filter_input')) {
00054     if( ! filter_input(INPUT_POST, "openid_identifier", FILTER_VALIDATE_URL)) {
00055       $error = "Error: OpenID Identifier is not in proper format.";
00056     }
00057   }
00058   else 
00059     {
00060       // Found this on Google. Seems to match most valid URLs. Feel free to modify or replace.
00061       if( ! eregi("^((https?)://)?(((www\.)?[^ ]+\.[com|org|net|edu|gov|us]))([^ ]+)?$",$openid_url)) {
00062         $error = "Error: OpenID Identifier is not in proper format.";
00063       }
00064     }   
00065   // Proceed if we made it through without setting $error
00066   if ( ! isset($error)) {
00067     /*
00068      * Store the user's submitted OpenID Identity for later use.
00069      */
00070     $_SESSION['openid_url'] = $openid_url;
00071 
00072     /*
00073      * Create a new Dope_OpenID object
00074      */
00075     $openid = new Dope_OpenID($openid_url);
00076     /*
00077      * YOU MUST EDIT THIS LINE.
00078      * The user's OpenID provider will return them to the URL that you provide here.
00079      * It could be a separate verify.php script, or just pass a parameter to tell a
00080      * single processing script what to do (like I've done with this file you're reading).
00081      */
00082     $openid->setReturnURL("http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."../../../index.php?action=login&subaction=openid_verify");
00083         
00084     /*
00085      * YOU MUST EDIT THIS LINE
00086      * Set the trust root. This is the URL or set of URLs the user will be asked
00087      * to trust when signing in with their OpenID Provider. It could be your base
00088      * URL or a subdirectory thereof. Up to you.
00089      */
00090     $openid->SetTrustRoot("http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."../../../");
00091     //            echo "http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."../../";
00092     //    exit;
00093     /*
00094      * EDIT THIS LINE (OPTIONAL)
00095      * When the user signs in with their OpenID Provider, these are
00096      * the details you would like sent back for your own use.
00097      * Dope OpenID attempts to get this information using both Simple Registration
00098      * and Attribute Exchange protocols. The type that is returned depends on the
00099      * user's Provider. Each provider chooses what they wish to provide and all 
00100      * defined attributes may not be available. To see where these two types of
00101      *  attributes intersect, see the following: http://www.axschema.org/types/
00102      */
00103     $openid->setOptionalInfo(array('nickname','fullname','email'));
00104                 
00105     /*
00106      * EDIT THIS LINE (OPTIONAL)
00107      * This is the same as above, except much stricter. By using this method, you
00108      * are telling the OpenID Provider you *must* have this information. If the Provider
00109      * will not give you the information the transaction should logically fail, either 
00110      * at the Provider's end or yours. No info, no sign in. Uncomment to use it.
00111      */
00112     //$openid->setRequiredInfo(array('email','http://axschema.org/contact/email','contact/email'));
00113                 
00114     /*
00115      * EDIT THIS LINE (OPTIONAL)
00116      * PAPE Policies help protect users and you against phishing and other authentication
00117      * forgeries. It's an optional extension, so not all OpenID Providers will be using it.
00118      * Uncomment to use it.
00119      * More info and possible policy values here: http://openid.net/specs/openid-provider-authentication-policy-extension-1_0-01.html
00120      */
00121     //$openid->setPapePolicies('http://schemas.openid.net/pape/policies/2007/06/phishing-resistant ');
00122                 
00123     /*
00124      * EDIT THIS LINE (OPTIONAL)
00125      * Also part of the PAPE extension, you can set a time limit for users to
00126      * authenticate themselves with their OpenID Provider. If it takes too long,
00127      * authentication will fail and the user will not be allowed access to your site.
00128      * Uncomment and set a value in seconds to use.
00129      */
00130     //$openid->setPapeMaxAuthAge(120);
00131                 
00132     /*
00133      * Attempt to discover the user's OpenID provider endpoint
00134      */
00135     $endpoint_url = $openid->getOpenIDEndpoint();
00136     if($endpoint_url){
00137       // If we find the endpoint, you might want to store it for later use.
00138       $_SESSION['openid_endpoint_url'] = $endpoint_url;
00139       // Redirect the user to their OpenID Provider
00140       $openid->redirect();
00141       // Call exit so the script stops executing while we wait to redirect.
00142       exit;
00143     }
00144     else{
00145       /*
00146        * Else we couldn't find an OpenID Provider endpoint for the user.
00147        * You can report this error any way you like, but just for demonstration
00148        * purposes we'll get the error as reported by Dope OpenID. It will be
00149        * displayed farther down in this file with the HTML.
00150        */
00151       $the_error = $openid->getError();
00152       $error = "Error Code: {$the_error['code']}<br />";
00153       $error .= "Error Description: {$the_error['description']}<br />";
00154     }
00155   }
00156   
00157 }
00158 
00159  
00160 if(isset($_POST['process']))
00161   {
00162     $openid_url = trim($_POST['openid_identifier']);
00163     openid_endpoint($openid_url);
00164   }

Generated on Sun Jan 2 2011 04:55:32 for Pragyan CMS by  doxygen 1.7.1