<?phprequire_once 'Validate.php';require_once 'Net/URL2.php';class Aut

1. <?php
2.  
3. require_once 'Validate.php';
4. require_once 'Net/URL2.php';
5.  
6. class Auth_OpenID
7. {
8. protected $fields = array(
9. 'required' => array(),
10. 'optional' => array(),
11. );
12.  
13. protected $params = array(
14. 'ns' => '',
15. 'claimed_id' => '',
16. 'cancel' => '',
17. 'identity' => '',
18. 'assoc_handle' => '',
19. 'return_to' => '',
20. 'realm' => '',
21. 'mode' => 'checkid_setup',
22. 'trust_root' => '',
23. 'server' => ''
24. );
25.  
26. public function __get($var)
27. {
28. if (isset($this->params[$var])) {
29. return $this->params[$var];
30. }
31. }
32.  
33. public function __set($var, $val)
34. {
35. switch ($var) {
36. case 'required':
37. case 'optional':
38. $this->fields[$var] = $val;
39. return;
40. default:
41. break;
42. }
43.  
44. if (isset($this->params[$var])) {
45. $func = '_set_' . $var;
46. if (method_exists($this, $func)) {
47. $this->params[$var] = $this->$func($val);
48. } else {
49. $this->params[$var] = $val;
50. }
51. } else {
52. throw new Auth_OpenID_Exception($var . ' is invalid');
53. }
54. }
55.  
56. protected function _set_identify($val)
57. {
58. if (!strlen($val) || !Validate::uri($val)) {
59. throw new Auth_OpenID_Exception($val . ' is an invalid identifier');
60. }
61.  
62. $url = new Net_URL2($val);
63. return $url->getURL();
64. }
65.  
66. public function redirect()
67. {
68. $info = $this->getIdentityInfo();
69. if (isset($info['delegate'])) {
70. $this->identity = $info['delegate'];
71. }
72.  
73. if (isset($info['server'])) {
74. $this->server = $info['server'];
75. }
76.  
77. $sets = array();
78. foreach ($this->params as $var => $val) {
79. if (!strlen($val)) {
80. continue;
81. }
82.  
83. $sets[] = 'openid.' . $var . '=' . urlencode($val);
84. }
85.  
86. foreach ($this->fields as $type => $val) {
87. if ((is_array($val) && !count($val)) || !strlen($val)) {
88. continue;
89. }
90.  
91. if (is_array($val)) {
92. $val = implode(',', $val);
93. }
94.  
95. $sets[] = 'openid.sreg.' . $type . '=' . urlencode($val);
96. }
97.  
98. return $this->server . '?' . implode('&', $sets);
99. }
100.  
101. public function validate($req)
102. {
103. if (!isset($req['openid_identity'])) {
104. throw new Auth_OpenID_Exception('No identity in request');
105. } else {
106. $this->identity = $req['openid_identity'];
107. }
108.  
109. static $import = array(
110. 'assoc_handle', 'signed', 'sig'
111. );
112.  
113. $params = array(
114. 'openid.mode' => 'check_authentication'
115. );
116.  
117. foreach ($import as $f) {
118. if (isset($req['openid_' . $f]) && strlen($req['openid_' . $f])) {
119. $params['openid.' . $f] = $req['openid_' . $f];
120. }
121. }
122.  
123. $fields = explode(',', str_replace('sreg.', 'sreg_', $req['openid_signed']));
124. foreach ($fields as $f) {
125. $p = str_replace('sreg_', 'sreg.', $f);
126. if (isset($req['openid_' . $f]) && $f != 'mode') {
127. $params['openid.' . $p] = $req['openid_' . $f];
128. }
129. }
130.  
131. $info = $this->getIdentityInfo();
132. if (!isset($info['server'])) {
133. throw new Auth_OpenID_Exception('Could not look up server');
134. }
135.  
136. $response = $this->sendRequest($info['server'], $params, 'POST');
137. $ret = $this->parseResponse($response);
138. if ($ret['is_valid'] != 'true') {
139. throw new Auth_OpenID_Exception('Could not validate authentication');
140. }
141.  
142. return $ret;
143. }
144.  
145. protected function sendRequest($url, $params = array(), $method = 'GET')
146. {
147. $ch = curl_init();
148. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
149. curl_setopt($ch, CURLOPT_USERAGENT, 'Auth_OpenID');
150. curl_setopt($ch, CURLOPT_HEADER, false);
151. curl_setopt($ch, CURLOPT_URL, $url);
152. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
153. curl_setopt($ch, CURLOPT_MAXREDIRS, 10);
154. curl_setopt($ch, CURLOPT_TIMEOUT, 5);
155.  
156. $sets = array();
157. foreach ($params as $key => $val) {
158. $sets[] = $key . '=' . urlencode($val);
159. }
160.  
161. if ($method == 'POST') {
162. curl_setopt($ch, CURLOPT_POST, 1);
163. curl_setopt($ch, CURLOPT_POSTFIELDS, implode('&', $sets));
164. } else {
165. if (count($sets)) {
166. $url .= '?' . implode('&', $sets);
167. }
168. }
169.  
170. $res = trim(curl_exec($ch));
171.  
172. $err = curl_errno($ch);
173. if ($err !== CURLE_OK) {
174. throw new Auth_OpenID_Exception(curl_error($ch), $err);
175. }
176.  
177. $code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
178. if (substr($code, 0, 1) != '2') {
179. echo '<pre>' . htmlspecialchars($res) . '</pre>';
180. throw new Auth_OpenID_Exception('Unrecognized HTTP status: ' . $code, $code);
181. }
182.  
183. curl_close($ch);
184. return $res;
185. }
186.  
187. protected function getIdentityInfo()
188. {
189. if (!strlen($this->identity)) {
190. throw new Auth_OpenID_Exception('Identity is required');
191. }
192.  
193. $res = $this->sendRequest($this->identity);
194.  
195. $m = array();
196. if (preg_match_all('/<link[^>]+rel=["\']openid\.[^>]+>/i', $res, $m)) {
197. $openID = array();
198. foreach ($m[0] as $match) {
199. $a = array();
200. if (preg_match('/openid\.(server|delegate)/i', $match, $a)) {
201. $h = array();
202. if (preg_match('/href=[\'"]([^\'"]+)[\'"]/', $match, $h)) {
203. $openID[$a[1]] = $h[1];
204. }
205. }
206. }
207. }
208.  
209. return $openID;
210. }
211.  
212. protected function parseResponse($response)
213. {
214. $res = array();
215. $response = explode("\n", $response);
216. foreach($response as $line) {
217. $line = trim($line);
218. if ($line != "") {
219. list($key, $value) = explode(":", $line, 2);
220. $ret[trim($key)] = trim($value);
221. }
222. }
223.  
224. return $ret;
225. }
226. }
227.  
228. ?>