gnu-social/actions/openidlogin.php

<?php
/*
 * Laconica - a distributed open-source microblogging tool
 * Copyright (C) 2008, Controlez-Vous, Inc.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

if (!defined('LACONICA')) { exit(1); }

require_once(INSTALLDIR.'/lib/openid.php');

class OpenidloginAction extends Action
{

    function handle($args)
    {
        parent::handle($args);
        if (common_logged_in()) {
            common_user_error(_('Already logged in.'));
        } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
            $openid_url = $this->trimmed('openid_url');

            # CSRF protection
            $token = $this->trimmed('token');
            if (!$token || $token != common_session_token()) {
                $this->show_form(_('There was a problem with your session token. Try again, please.'), $openid_url);
                return;
            }

            $rememberme = $this->boolean('rememberme');
            
            common_ensure_session();
            
            $_SESSION['openid_rememberme'] = $rememberme;
            
            $result = oid_authenticate($openid_url,
                                       'finishopenidlogin');
            
            if (is_string($result)) { # error message
                unset($_SESSION['openid_rememberme']);
                $this->show_form($result, $openid_url);
            }
        } else {
            $openid_url = oid_get_last();
            $this->show_form(null, $openid_url);
        }
    }

    function get_instructions()
    {
        return _('Login with an [OpenID](%%doc.openid%%) account.');
    }

    function show_top($error=null)
    {
        if ($error) {
            $this->element('div', array('class' => 'error'), $error);
        } else {
            $instr = $this->get_instructions();
            $output = common_markup_to_html($instr);
            $this->elementStart('div', 'instructions');
            $this->raw($output);
            $this->elementEnd('div');
        }
    }

    function show_form($error=null, $openid_url)
    {
        common_show_header(_('OpenID Login'), null, $error, array($this, 'show_top'));
        $formaction = common_local_url('openidlogin');
        $this->elementStart('form', array('method' => 'post',
                                           'id' => 'openidlogin',
                                           'action' => $formaction));
        $this->hidden('token', common_session_token());
        $this->input('openid_url', _('OpenID URL'),
                     $openid_url,
                     _('Your OpenID URL'));
        $this->checkbox('rememberme', _('Remember me'), false,
                        _('Automatically login in the future; ' .
                           'not for shared computers!'));
        $this->submit('submit', _('Login'));
        $this->elementEnd('form');
        common_show_footer();
    }
}
start openid rp integration darcs-hash:20080617133501-84dde-adec156ac58b84cce41ae0e9bde58cf7637e6c42.gz 2008-06-17 09:35:01 -04:00			`<?php`
			`/*`
			`* Laconica - a distributed open-source microblogging tool`
			`* Copyright (C) 2008, Controlez-Vous, Inc.`
			`*`
			`* This program is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License as published by`
			`* the Free Software Foundation, either version 3 of the License, or`
			`* (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU Affero General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public License`
			`* along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*/`

			`if (!defined('LACONICA')) { exit(1); }`

inclusion of our local OpenID lib darcs-hash:20080617145140-84dde-76c88b7b9cc8caf54d8f8b60fe7fbd3bb0ad2c39.gz 2008-06-17 10:51:40 -04:00			`require_once(INSTALLDIR.'/lib/openid.php');`

move opening brace of class declaration to next line Another gigantor PEAR coding standards patch. Here, I've moved the opening curly bracket on a class statement to the following line. darcs-hash:20081223194923-84dde-77a93de314caadbcb5b70bf346a4648be77a864e.gz 2008-12-23 14:49:23 -05:00			`class OpenidloginAction extends Action`
			`{`
beginnings of OpenID login darcs-hash:20080617144942-84dde-a2a1040a42254903a64cff0aae3c1912ed951473.gz 2008-06-17 10:49:42 -04:00
change function headers to K&R style Another huge change, for PEAR code standards compliance. Function headers have to be in K&R style (opening brace on its own line), instead of having the opening brace on the same line as the function and parameters. So, a little perl magic found all the function definitions and move the opening brace to the next line (properly indented... usually). darcs-hash:20081223193323-84dde-a28e36ecc66672c783c2842d12fc11043c13ab28.gz 2008-12-23 14:33:23 -05:00			`function handle($args)`
			`{`
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz 2008-12-23 14:19:07 -05:00			`parent::handle($args);`
			`if (common_logged_in()) {`
			`common_user_error(_('Already logged in.'));`
			`} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {`
			`$openid_url = $this->trimmed('openid_url');`
swap around some stuff to show the form correctly on a CSRF error in openidlogin darcs-hash:20080829040925-84dde-7195734eeb3df6439c099c1139caf77e2c2ea3c1.gz 2008-08-29 00:09:25 -04:00
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz 2008-12-23 14:19:07 -05:00			`# CSRF protection`
			`$token = $this->trimmed('token');`
			`if (!$token \|\| $token != common_session_token()) {`
			`$this->show_form(_('There was a problem with your session token. Try again, please.'), $openid_url);`
			`return;`
			`}`
CSRF protection for OpenID form darcs-hash:20080829035934-84dde-cf36fd802bed76fdf15ac39b838494a414d5cc1e.gz 2008-08-28 23:59:34 -04:00
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz 2008-12-23 14:19:07 -05:00			`$rememberme = $this->boolean('rememberme');`

			`common_ensure_session();`

			`$_SESSION['openid_rememberme'] = $rememberme;`

			`$result = oid_authenticate($openid_url,`
			`'finishopenidlogin');`

			`if (is_string($result)) { # error message`
			`unset($_SESSION['openid_rememberme']);`
			`$this->show_form($result, $openid_url);`
			`}`
			`} else {`
			`$openid_url = oid_get_last();`
replace NULL with null Another global search-and-replace update. Here, I've replaced the PHP keyword 'NULL' with its lowercase version. This is another PEAR code standards change. darcs-hash:20081223192129-84dde-4a0182e0ec16a01ad88745ad3e08f7cb501aee0b.gz 2008-12-23 14:21:29 -05:00			`$this->show_form(null, $openid_url);`
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz 2008-12-23 14:19:07 -05:00			`}`
			`}`
start openid rp integration darcs-hash:20080617133501-84dde-adec156ac58b84cce41ae0e9bde58cf7637e6c42.gz 2008-06-17 09:35:01 -04:00
change function headers to K&R style Another huge change, for PEAR code standards compliance. Function headers have to be in K&R style (opening brace on its own line), instead of having the opening brace on the same line as the function and parameters. So, a little perl magic found all the function definitions and move the opening brace to the next line (properly indented... usually). darcs-hash:20081223193323-84dde-a28e36ecc66672c783c2842d12fc11043c13ab28.gz 2008-12-23 14:33:23 -05:00			`function get_instructions()`
			`{`
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz 2008-12-23 14:19:07 -05:00			`return _('Login with an [OpenID](%%doc.openid%%) account.');`
			`}`
add OpenID documentation darcs-hash:20080701172429-84dde-94b70a726459e7309f179c18788f2a7de8d233f1.gz 2008-07-01 13:24:29 -04:00
change function headers to K&R style Another huge change, for PEAR code standards compliance. Function headers have to be in K&R style (opening brace on its own line), instead of having the opening brace on the same line as the function and parameters. So, a little perl magic found all the function definitions and move the opening brace to the next line (properly indented... usually). darcs-hash:20081223193323-84dde-a28e36ecc66672c783c2842d12fc11043c13ab28.gz 2008-12-23 14:33:23 -05:00			`function show_top($error=null)`
			`{`
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz 2008-12-23 14:19:07 -05:00			`if ($error) {`
Convert all actions to use new UI functions I did a massive search-and-replace to get all the action subclasses to use the new output function (common_element() -> $this->element(), etc.) There's still a lot to do, but it's a first step 2009-01-15 22:57:15 +00:00			`$this->element('div', array('class' => 'error'), $error);`
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz 2008-12-23 14:19:07 -05:00			`} else {`
			`$instr = $this->get_instructions();`
			`$output = common_markup_to_html($instr);`
Convert all actions to use new UI functions I did a massive search-and-replace to get all the action subclasses to use the new output function (common_element() -> $this->element(), etc.) There's still a lot to do, but it's a first step 2009-01-15 22:57:15 +00:00			`$this->elementStart('div', 'instructions');`
			`$this->raw($output);`
			`$this->elementEnd('div');`
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz 2008-12-23 14:19:07 -05:00			`}`
			`}`
add OpenID documentation darcs-hash:20080701172429-84dde-94b70a726459e7309f179c18788f2a7de8d233f1.gz 2008-07-01 13:24:29 -04:00
change function headers to K&R style Another huge change, for PEAR code standards compliance. Function headers have to be in K&R style (opening brace on its own line), instead of having the opening brace on the same line as the function and parameters. So, a little perl magic found all the function definitions and move the opening brace to the next line (properly indented... usually). darcs-hash:20081223193323-84dde-a28e36ecc66672c783c2842d12fc11043c13ab28.gz 2008-12-23 14:33:23 -05:00			`function show_form($error=null, $openid_url)`
			`{`
replace NULL with null Another global search-and-replace update. Here, I've replaced the PHP keyword 'NULL' with its lowercase version. This is another PEAR code standards change. darcs-hash:20081223192129-84dde-4a0182e0ec16a01ad88745ad3e08f7cb501aee0b.gz 2008-12-23 14:21:29 -05:00			`common_show_header(_('OpenID Login'), null, $error, array($this, 'show_top'));`
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz 2008-12-23 14:19:07 -05:00			`$formaction = common_local_url('openidlogin');`
Convert all actions to use new UI functions I did a massive search-and-replace to get all the action subclasses to use the new output function (common_element() -> $this->element(), etc.) There's still a lot to do, but it's a first step 2009-01-15 22:57:15 +00:00			`$this->elementStart('form', array('method' => 'post',`
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz 2008-12-23 14:19:07 -05:00			`'id' => 'openidlogin',`
			`'action' => $formaction));`
Convert all actions to use new UI functions I did a massive search-and-replace to get all the action subclasses to use the new output function (common_element() -> $this->element(), etc.) There's still a lot to do, but it's a first step 2009-01-15 22:57:15 +00:00			`$this->hidden('token', common_session_token());`
			`$this->input('openid_url', _('OpenID URL'),`
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz 2008-12-23 14:19:07 -05:00			`$openid_url,`
			`_('Your OpenID URL'));`
Convert all actions to use new UI functions I did a massive search-and-replace to get all the action subclasses to use the new output function (common_element() -> $this->element(), etc.) There's still a lot to do, but it's a first step 2009-01-15 22:57:15 +00:00			`$this->checkbox('rememberme', _('Remember me'), false,`
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz 2008-12-23 14:19:07 -05:00			`_('Automatically login in the future; ' .`
			`'not for shared computers!'));`
Convert all actions to use new UI functions I did a massive search-and-replace to get all the action subclasses to use the new output function (common_element() -> $this->element(), etc.) There's still a lot to do, but it's a first step 2009-01-15 22:57:15 +00:00			`$this->submit('submit', _('Login'));`
			`$this->elementEnd('form');`
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz 2008-12-23 14:19:07 -05:00			`common_show_footer();`
			`}`
start openid rp integration darcs-hash:20080617133501-84dde-adec156ac58b84cce41ae0e9bde58cf7637e6c42.gz 2008-06-17 09:35:01 -04:00			`}`