gnu-social/actions/openidlogin.php

<?php
/*
 * Laconica - a distributed open-source microblogging tool
 * Copyright (C) 2008, Controlez-Vous, Inc.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

if (!defined('LACONICA')) { exit(1); }

require_once(INSTALLDIR.'/lib/openid.php');

class OpenidloginAction extends Action {

    function handle($args) {
        parent::handle($args);
        if (common_logged_in()) {
            common_user_error(_('Already logged in.'));
        } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
            $openid_url = $this->trimmed('openid_url');

            # CSRF protection
            $token = $this->trimmed('token');
            if (!$token || $token != common_session_token()) {
                $this->show_form(_('There was a problem with your session token. Try again, please.'), $openid_url);
                return;
            }

            $rememberme = $this->boolean('rememberme');
            
            common_ensure_session();
            
            $_SESSION['openid_rememberme'] = $rememberme;
            
            $result = oid_authenticate($openid_url,
                                       'finishopenidlogin');
            
            if (is_string($result)) { # error message
                unset($_SESSION['openid_rememberme']);
                $this->show_form($result, $openid_url);
            }
        } else {
            $openid_url = oid_get_last();
            $this->show_form(null, $openid_url);
        }
    }

    function get_instructions() {
        return _('Login with an [OpenID](%%doc.openid%%) account.');
    }

    function show_top($error=null) {
        if ($error) {
            common_element('div', array('class' => 'error'), $error);
        } else {
            $instr = $this->get_instructions();
            $output = common_markup_to_html($instr);
            common_element_start('div', 'instructions');
            common_raw($output);
            common_element_end('div');
        }
    }

    function show_form($error=null, $openid_url) {
        common_show_header(_('OpenID Login'), null, $error, array($this, 'show_top'));
        $formaction = common_local_url('openidlogin');
        common_element_start('form', array('method' => 'post',
                                           'id' => 'openidlogin',
                                           'action' => $formaction));
        common_hidden('token', common_session_token());
        common_input('openid_url', _('OpenID URL'),
                     $openid_url,
                     _('Your OpenID URL'));
        common_checkbox('rememberme', _('Remember me'), false,
                        _('Automatically login in the future; ' .
                           'not for shared computers!'));
        common_submit('submit', _('Login'));
        common_element_end('form');
        common_show_footer();
    }
}
start openid rp integration darcs-hash:20080617133501-84dde-adec156ac58b84cce41ae0e9bde58cf7637e6c42.gz 2008-06-17 14:35:01 +01:00			`<?php`
			`/*`
			`* Laconica - a distributed open-source microblogging tool`
			`* Copyright (C) 2008, Controlez-Vous, Inc.`
			`*`
			`* This program is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License as published by`
			`* the Free Software Foundation, either version 3 of the License, or`
			`* (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU Affero General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public License`
			`* along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*/`

			`if (!defined('LACONICA')) { exit(1); }`

inclusion of our local OpenID lib darcs-hash:20080617145140-84dde-76c88b7b9cc8caf54d8f8b60fe7fbd3bb0ad2c39.gz 2008-06-17 15:51:40 +01:00			`require_once(INSTALLDIR.'/lib/openid.php');`

start openid rp integration darcs-hash:20080617133501-84dde-adec156ac58b84cce41ae0e9bde58cf7637e6c42.gz 2008-06-17 14:35:01 +01:00			`class OpenidloginAction extends Action {`
beginnings of OpenID login darcs-hash:20080617144942-84dde-a2a1040a42254903a64cff0aae3c1912ed951473.gz 2008-06-17 15:49:42 +01:00
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz 2008-12-23 19:19:07 +00:00			`function handle($args) {`
			`parent::handle($args);`
			`if (common_logged_in()) {`
			`common_user_error(_('Already logged in.'));`
			`} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {`
			`$openid_url = $this->trimmed('openid_url');`
swap around some stuff to show the form correctly on a CSRF error in openidlogin darcs-hash:20080829040925-84dde-7195734eeb3df6439c099c1139caf77e2c2ea3c1.gz 2008-08-29 05:09:25 +01:00
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz 2008-12-23 19:19:07 +00:00			`# CSRF protection`
			`$token = $this->trimmed('token');`
			`if (!$token \|\| $token != common_session_token()) {`
			`$this->show_form(_('There was a problem with your session token. Try again, please.'), $openid_url);`
			`return;`
			`}`
CSRF protection for OpenID form darcs-hash:20080829035934-84dde-cf36fd802bed76fdf15ac39b838494a414d5cc1e.gz 2008-08-29 04:59:34 +01:00
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz 2008-12-23 19:19:07 +00:00			`$rememberme = $this->boolean('rememberme');`

			`common_ensure_session();`

			`$_SESSION['openid_rememberme'] = $rememberme;`

			`$result = oid_authenticate($openid_url,`
			`'finishopenidlogin');`

			`if (is_string($result)) { # error message`
			`unset($_SESSION['openid_rememberme']);`
			`$this->show_form($result, $openid_url);`
			`}`
			`} else {`
			`$openid_url = oid_get_last();`
replace NULL with null Another global search-and-replace update. Here, I've replaced the PHP keyword 'NULL' with its lowercase version. This is another PEAR code standards change. darcs-hash:20081223192129-84dde-4a0182e0ec16a01ad88745ad3e08f7cb501aee0b.gz 2008-12-23 19:21:29 +00:00			`$this->show_form(null, $openid_url);`
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz 2008-12-23 19:19:07 +00:00			`}`
			`}`
start openid rp integration darcs-hash:20080617133501-84dde-adec156ac58b84cce41ae0e9bde58cf7637e6c42.gz 2008-06-17 14:35:01 +01:00
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz 2008-12-23 19:19:07 +00:00			`function get_instructions() {`
			`return _('Login with an [OpenID](%%doc.openid%%) account.');`
			`}`
add OpenID documentation darcs-hash:20080701172429-84dde-94b70a726459e7309f179c18788f2a7de8d233f1.gz 2008-07-01 18:24:29 +01:00
replace NULL with null Another global search-and-replace update. Here, I've replaced the PHP keyword 'NULL' with its lowercase version. This is another PEAR code standards change. darcs-hash:20081223192129-84dde-4a0182e0ec16a01ad88745ad3e08f7cb501aee0b.gz 2008-12-23 19:21:29 +00:00			`function show_top($error=null) {`
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz 2008-12-23 19:19:07 +00:00			`if ($error) {`
			`common_element('div', array('class' => 'error'), $error);`
			`} else {`
			`$instr = $this->get_instructions();`
			`$output = common_markup_to_html($instr);`
			`common_element_start('div', 'instructions');`
			`common_raw($output);`
			`common_element_end('div');`
			`}`
			`}`
add OpenID documentation darcs-hash:20080701172429-84dde-94b70a726459e7309f179c18788f2a7de8d233f1.gz 2008-07-01 18:24:29 +01:00
replace NULL with null Another global search-and-replace update. Here, I've replaced the PHP keyword 'NULL' with its lowercase version. This is another PEAR code standards change. darcs-hash:20081223192129-84dde-4a0182e0ec16a01ad88745ad3e08f7cb501aee0b.gz 2008-12-23 19:21:29 +00:00			`function show_form($error=null, $openid_url) {`
			`common_show_header(_('OpenID Login'), null, $error, array($this, 'show_top'));`
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz 2008-12-23 19:19:07 +00:00			`$formaction = common_local_url('openidlogin');`
			`common_element_start('form', array('method' => 'post',`
			`'id' => 'openidlogin',`
			`'action' => $formaction));`
			`common_hidden('token', common_session_token());`
			`common_input('openid_url', _('OpenID URL'),`
			`$openid_url,`
			`_('Your OpenID URL'));`
			`common_checkbox('rememberme', _('Remember me'), false,`
			`_('Automatically login in the future; ' .`
			`'not for shared computers!'));`
			`common_submit('submit', _('Login'));`
			`common_element_end('form');`
			`common_show_footer();`
			`}`
start openid rp integration darcs-hash:20080617133501-84dde-adec156ac58b84cce41ae0e9bde58cf7637e6c42.gz 2008-06-17 14:35:01 +01:00			`}`