00001 <?php 00002 if(!defined('__PRAGYAN_CMS')) 00003 { 00004 header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden'); 00005 echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>"; 00006 echo '<hr/>'.$_SERVER['SERVER_SIGNATURE']; 00007 exit(1); 00008 } 00033 /* 00034 * Example uses default PHP sessions. 00035 * Feel free to use whatever session management you prefer. 00036 */ 00037 session_start(); 00038 00039 00040 require 'class.dopeopenid.php'; 00041 /* 00042 * If $_POST['process'] is set, begin OpenID login form processing. 00043 */ 00044 //echo "hello"; 00045 00046 function openid_endpoint($openid_url){ 00047 00048 /* 00049 * If running PHP 5, use the built-in URL validator. 00050 * Else use something like the following regex to validate input. 00051 */ 00052 echo $openid_url; 00053 if(function_exists('filter_input')) { 00054 if( ! filter_input(INPUT_POST, "openid_identifier", FILTER_VALIDATE_URL)) { 00055 $error = "Error: OpenID Identifier is not in proper format."; 00056 } 00057 } 00058 else 00059 { 00060 // Found this on Google. Seems to match most valid URLs. Feel free to modify or replace. 00061 if( ! eregi("^((https?)://)?(((www\.)?[^ ]+\.[com|org|net|edu|gov|us]))([^ ]+)?$",$openid_url)) { 00062 $error = "Error: OpenID Identifier is not in proper format."; 00063 } 00064 } 00065 // Proceed if we made it through without setting $error 00066 if ( ! isset($error)) { 00067 /* 00068 * Store the user's submitted OpenID Identity for later use. 00069 */ 00070 $_SESSION['openid_url'] = $openid_url; 00071 00072 /* 00073 * Create a new Dope_OpenID object 00074 */ 00075 $openid = new Dope_OpenID($openid_url); 00076 /* 00077 * YOU MUST EDIT THIS LINE. 00078 * The user's OpenID provider will return them to the URL that you provide here. 00079 * It could be a separate verify.php script, or just pass a parameter to tell a 00080 * single processing script what to do (like I've done with this file you're reading). 00081 */ 00082 $openid->setReturnURL("http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."../../../index.php?action=login&subaction=openid_verify"); 00083 00084 /* 00085 * YOU MUST EDIT THIS LINE 00086 * Set the trust root. This is the URL or set of URLs the user will be asked 00087 * to trust when signing in with their OpenID Provider. It could be your base 00088 * URL or a subdirectory thereof. Up to you. 00089 */ 00090 $openid->SetTrustRoot("http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."../../../"); 00091 // echo "http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."../../"; 00092 // exit; 00093 /* 00094 * EDIT THIS LINE (OPTIONAL) 00095 * When the user signs in with their OpenID Provider, these are 00096 * the details you would like sent back for your own use. 00097 * Dope OpenID attempts to get this information using both Simple Registration 00098 * and Attribute Exchange protocols. The type that is returned depends on the 00099 * user's Provider. Each provider chooses what they wish to provide and all 00100 * defined attributes may not be available. To see where these two types of 00101 * attributes intersect, see the following: http://www.axschema.org/types/ 00102 */ 00103 $openid->setOptionalInfo(array('nickname','fullname','email')); 00104 00105 /* 00106 * EDIT THIS LINE (OPTIONAL) 00107 * This is the same as above, except much stricter. By using this method, you 00108 * are telling the OpenID Provider you *must* have this information. If the Provider 00109 * will not give you the information the transaction should logically fail, either 00110 * at the Provider's end or yours. No info, no sign in. Uncomment to use it. 00111 */ 00112 //$openid->setRequiredInfo(array('email','http://axschema.org/contact/email','contact/email')); 00113 00114 /* 00115 * EDIT THIS LINE (OPTIONAL) 00116 * PAPE Policies help protect users and you against phishing and other authentication 00117 * forgeries. It's an optional extension, so not all OpenID Providers will be using it. 00118 * Uncomment to use it. 00119 * More info and possible policy values here: http://openid.net/specs/openid-provider-authentication-policy-extension-1_0-01.html 00120 */ 00121 //$openid->setPapePolicies('http://schemas.openid.net/pape/policies/2007/06/phishing-resistant '); 00122 00123 /* 00124 * EDIT THIS LINE (OPTIONAL) 00125 * Also part of the PAPE extension, you can set a time limit for users to 00126 * authenticate themselves with their OpenID Provider. If it takes too long, 00127 * authentication will fail and the user will not be allowed access to your site. 00128 * Uncomment and set a value in seconds to use. 00129 */ 00130 //$openid->setPapeMaxAuthAge(120); 00131 00132 /* 00133 * Attempt to discover the user's OpenID provider endpoint 00134 */ 00135 $endpoint_url = $openid->getOpenIDEndpoint(); 00136 if($endpoint_url){ 00137 // If we find the endpoint, you might want to store it for later use. 00138 $_SESSION['openid_endpoint_url'] = $endpoint_url; 00139 // Redirect the user to their OpenID Provider 00140 $openid->redirect(); 00141 // Call exit so the script stops executing while we wait to redirect. 00142 exit; 00143 } 00144 else{ 00145 /* 00146 * Else we couldn't find an OpenID Provider endpoint for the user. 00147 * You can report this error any way you like, but just for demonstration 00148 * purposes we'll get the error as reported by Dope OpenID. It will be 00149 * displayed farther down in this file with the HTML. 00150 */ 00151 $the_error = $openid->getError(); 00152 $error = "Error Code: {$the_error['code']}<br />"; 00153 $error .= "Error Description: {$the_error['description']}<br />"; 00154 } 00155 } 00156 00157 } 00158 00159 00160 if(isset($_POST['process'])) 00161 { 00162 $openid_url = trim($_POST['openid_identifier']); 00163 openid_endpoint($openid_url); 00164 }