<?php
/**
* @version $Id: openid.auth.php 2204 2019-04-10 18:42:59Z IOS $
* @package Elxis
* @subpackage Component User / Authentication
* @copyright Copyright (c) 2006-2019 Elxis CMS (http://www.elxis.org). All rights reserved.
* @license Elxis Public License ( http://www.elxis.org/elxis-public-license.html )
* @author Elxis Team ( http://www.elxis.org )
* @description Elxis CMS is free software. Read the license for copyright notices and details
*/
defined('_ELXIS_') or die ('Direct access to this location is not allowed');
class openidAuthentication {
private $host = 'localhost';
private $providers = array();
/********************/
/* MAGIC CONTRUCTOR */
/********************/
public function __construct($params) {
$this->host = eFactory::getElxis()->secureBase();
$this->buildProviders();
}
/*******************************/
/* BUILT OPENID PROVIDERS LIST */
/*******************************/
private function buildProviders() {
$this->providers = array(
'openid' => array('name' => 'OpenId', 'userinput' => true, 'url' => 'https://{uname}'),
'livejournal' => array('name' => 'Live Journal', 'userinput' => true, 'url' => 'https://{uname}.livejournal.com/'),
'myspace' => array('name' => 'My Space', 'userinput' => true, 'url' => 'https://myspace.com/{uname}'),
'blogger' => array('name' => 'Blogger', 'userinput' => true, 'url' => 'http://{uname}.blogspot.com/'),
'flickr' => array('name' => 'Flickr', 'userinput' => true, 'url' => 'https://www.flickr.com/{uname}/'),
//'myopenid' => array('name' => 'MyOpenId', 'userinput' => true, 'url' => 'http://{uname}.myopenid.com/'),
'aol' => array('name' => 'AOL', 'userinput' => true, 'url' => 'http://openid.aol.com/{uname}'),
'yahoo' => array('name' => 'Yahoo', 'userinput' => false, 'url' => 'https://yahoo.com/'),
//'technorati' => array('name' => 'Technorati', 'userinput' => true, 'url' => 'http://technorati.com/people/technorati/{uname}/'),
//'verisign' => array('name' => 'Verisign', 'userinput' => true, 'url' => 'http://{uname}.pip.verisignlabs.com/'),
'wordpress' => array('name' => 'Wordpress', 'userinput' => true, 'url' => 'http://{uname}.wordpress.com'),
// 'claimid' => array('name' => 'ClaimId', 'userinput' => true, 'url' => 'http://claimid.com/{uname}'),
'google' => array('name' => 'Google', 'userinput' => false, 'url' => 'https://www.google.com/accounts/o8/id'),
'myvidoop' => array('name' => 'MyVidoop', 'userinput' => true, 'url' => 'http://{uname}.myvidoop.com/')
);
}
/***********************/
/* AUTHENTICATE A USER */
/***********************/
public function authenticate(&$response, $options=array()) {
$elxis = eFactory::getElxis();
if (!isset($_GET['eprov'])) {
$response->errormsg = 'No OpenID provider set!';
return false;
}
$provider = trim(filter_input(INPUT_GET, 'eprov', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH));
if (($provider == '') || !isset($this->providers[$provider])) {
$response->errormsg = 'Invalid OpenID provider!';
return false;
}
elxisLoader::loadFile('components/com_user/auth/openid/includes/openid.php');
try {
$openid = new LightOpenID($this->host);
if (!$openid->mode) {
$response->errormsg = eFactory::getLang()->get('AUTHFAILED');
return false;
} elseif ($openid->mode == 'cancel') {
$response->errormsg = eFactory::getLang()->get('AUTHFAILED');
return false;
} elseif($openid->validate()) {
$openid_identity = $openid->identity;
$user_profile = $openid->getAttributes();
if (!is_array($user_profile) || (count($user_profile) == 0)) {
$response->errormsg = 'Login succeed but your user information are empty!';
return false;
}
$response->uid = 0;
$response->gid = 6;
if (isset($user_profile['namePerson/first']) && ($user_profile['namePerson/first'] != '')) {
$response->firstname = $user_profile['namePerson/first'];
if (isset($user_profile['namePerson/last']) && ($user_profile['namePerson/last'] != '')) {
$response->lastname = $user_profile['namePerson/last'];
}
} else if (isset($user_profile['namePerson']) && ($user_profile['namePerson'] != '')) {
$parts = preg_split('/\s/', $user_profile['namePerson'], 2, PREG_SPLIT_NO_EMPTY);
$response->firstname = $parts[0];
if (isset($parts[1])) { $response->lastname = $parts[1]; }
} else if (isset($user_profile['fullname']) && ($user_profile['fullname'] != '')) {
$parts = preg_split('/\s/', $user_profile['fullname'], 2, PREG_SPLIT_NO_EMPTY);
$response->firstname = $parts[0];
if (isset($parts[1])) { $response->lastname = $parts[1]; }
} else if (isset($user_profile['company/name']) && ($user_profile['company/name'] != '')) {
$parts = preg_split('/\s/', $user_profile['company/name'], 2, PREG_SPLIT_NO_EMPTY);
$response->firstname = $parts[0];
if (isset($parts[1])) { $response->lastname = $parts[1]; }
} else if (isset($user_profile['company/title']) && ($user_profile['company/title'] != '')) {
$parts = preg_split('/\s/', $user_profile['company/title'], 2, PREG_SPLIT_NO_EMPTY);
$response->firstname = $parts[0];
if (isset($parts[1])) { $response->lastname = $parts[1]; }
}
if (isset($user_profile['contact/email']) && (strpos($user_profile['contact/email'], '@') !== false)) {
$response->email = $user_profile['contact/email'];
} else if (isset($user_profile['contact/internet/email']) && (strpos($user_profile['contact/internet/email'], '@') !== false)) {
$response->email = $user_profile['contact/internet/email'];
}
if (isset($user_profile['media/image']) && ($user_profile['media/image'] != '')) {
$response->avatar = $user_profile['media/image'];
} else if (isset($user_profile['media/image/default']) && ($user_profile['media/image/default'] != '')) {
$response->avatar = $user_profile['media/image/default'];
} else if (isset($user_profile['media/image/64x64']) && ($user_profile['media/image/64x64'] != '')) {
$response->avatar = $user_profile['media/image/64x64'];
} else if (isset($user_profile['media/image/80x80']) && ($user_profile['media/image/80x80'] != '')) {
$response->avatar = $user_profile['media/image/80x80'];
} else if (isset($user_profile['media/image/128x128']) && ($user_profile['media/image/128x128'] != '')) {
$response->avatar = $user_profile['media/image/128x128'];
}
if (isset($user_profile['namePerson/friendly']) && ($user_profile['namePerson/friendly'] != '')) {
$response->uname = $user_profile['namePerson/friendly'];
} else if (isset($user_profile['nickname']) && ($user_profile['nickname'] != '')) {
$response->uname = $user_profile['nickname'];
} else {
$open_user = trim(eFactory::getSession()->get('open_user'));
if ($open_user != '') {
$n = strpos($open_user, '@');
if (($n !== false) && ($n !== 0)) {
$response->uname = substr($open_user, 0, $n);
} else {
$response->uname = $open_user;
}
} else {
if ($response->email != '') {
$parts = preg_split('/\@/', $response->email, 2, PREG_SPLIT_NO_EMPTY);
$response->uname = $parts[0];
} else {
$response->uname = $provider.'_'.rand(10000, 99999);
}
}
}
return true;
} else {
$response->errormsg = eFactory::getLang()->get('AUTHFAILED');
return false;
}
} catch(ErrorException $e) {
$this->showError($e->getMessage());
return false;
}
}
/*******************/
/* SHOW LOGIN FORM */
/*******************/
public function loginForm() {
$eLang = eFactory::getLang();
$elxis = eFactory::getElxis();
$eDoc = eFactory::getDocument();
if (!function_exists('curl_init') && !in_array('https', stream_get_wrappers())) {
echo '<div class="elx5_error">You must have either https wrappers or CURL enabled to use OpenId authentication!</div>'."\n";
return;
}
$baseurl = $elxis->secureBase().'/components/com_user/auth/openid';
$eDoc->addScriptLink($baseurl.'/includes/openid.js');
$action = $elxis->makeURL('user:login/openid.html', 'inner.php', true, false);
$return = base64_encode($elxis->makeURL('user:/'));
$token = md5(uniqid(rand(), true));
eFactory::getSession()->set('token_fmopenid', $token);
echo '<p style="color:#666; font-weight:bold; margin:10px 0; padding:0;">'.$eLang->get('SEL_OPENID_PROVIDER')."</p>\n";
echo "<div>\n";
foreach ($this->providers as $provider => $data) {
$bgcolor = ($provider == 'openid') ? '#FFFF99;' : 'transparent';
echo '<div id="open_'.$provider.'" style="margin:0 10px 10px 0; padding:2px; width:64px; float:left; text-align:center; background-color:'.$bgcolor.';">'."\n";
echo '<a href="javascript:void(null);" onclick="setoidProvider(\''.$provider.'\')" title="'.$data['name'].'">';
echo '<img src="'.$baseurl.'/includes/images/'.$provider.'.png" alt="'.$data['name'].'" /></a>'."\n";
echo "</div>\n";
}
echo '<div class="clear"></div>'."\n";
echo "</div>\n";
?>
<div class="elx5_vlspace">
<div id="open_label" style="font-weight:bold;"><?php printf($eLang->get('LOGIN_WITH'), 'OpenID'); ?></div>
<form name="fmopenid" id="fmopenid" class="elx5_form" method="post" action="<?php echo $action; ?>" onsubmit="return elxformvalopenid();">
<div style="background-color:#f1f1f1; border:1px solid #ddd; color:#555; padding:5px; margin:0 0 10px 0">
<span id="lblock">http://</span>
<input type="text" name="openid_identifier" id="openid_identifier" value="" class="elx5_text elx5_mediumtext" dir="ltr" />
<span id="rblock"></span>
</div>
<input type="hidden" name="provider" id="openid_provider" value="openid" dir="ltr" />
<input type="hidden" name="auth_method" value="openid" dir="ltr" />
<input type="hidden" name="return" value="<?php echo $return; ?>" dir="ltr" />
<input type="hidden" name="etask" value="sbm" dir="ltr" />
<input type="hidden" name="token" value="<?php echo $token; ?>" />
<button type="submit" name="sbmlog" title="<?php echo $eLang->get('LOGIN'); ?>" class="elx5_btn"><?php echo $eLang->get('LOGIN'); ?></button>
</form>
<div id="lng_openid_loginwith" class="elx5_invisible"><?php printf($eLang->get('LOGIN_WITH'), 'zzz'); ?></div>
<div id="lng_openid_reqfempty" class="elx5_invisible"><?php echo $eLang->get('REQFIELDEMPTY'); ?></div>
</div>
<p style="margin:40px 0 0 0; padding:5px; border-top:1px solid #ddd; font-size:11px; color:#555; text-align:justify;">
<strong>What is OpenID?</strong><br />
OpenID allows you to use an existing account to sign in to multiple websites, without needing to create
new accounts. You can also control how much of that information is shared with the websites you visit.
With OpenID, your password is only given to your identity provider, and that
provider then confirms your identity to the websites you visit. Other than your provider, no website ever sees
your password, so you don't need to worry about an unscrupulous or insecure website compromising your identity.
</p>
<?php
}
/***********************/
/* EXECUTE CUSTOM TASK */
/***********************/
public function runTask($etask) {
$elxis = eFactory::getElxis();
$eLang = eFactory::getLang();
$errormsg = '';
if ($etask != 'sbm') {
$this->showError();
return;
}
$sess_token = trim(eFactory::getSession()->get('token_fmopenid'));
$token = trim(filter_input(INPUT_POST, 'token', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW));
if (($token == '') || ($sess_token == '') || ($sess_token != $token)) {
$this->showError($eLang->get('REQDROPPEDSEC'));
return;
}
$provider = trim(filter_input(INPUT_POST, 'provider', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH));
if (($provider == '') || !isset($this->providers[$provider])) {
$this->showError('Invalid OpenID provider!');
return;
}
$open_user = '';
if ($this->providers[$provider]['userinput'] == true) {
$openid_identifier = trim(filter_input(INPUT_POST, 'openid_identifier', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH));
if ($provider == 'openid') {
if (!preg_match('#^http(s?)\:\/\/#i', $openid_identifier)) {
$openid_identifier = 'http://'.$openid_identifier;
}
if (!filter_var($openid_identifier, FILTER_VALIDATE_URL, FILTER_FLAG_PATH_REQUIRED)) {
$this->showError('Invalid OpenID provider URL!');
return;
}
$openlink = $openid_identifier;
} else {
if ($openid_identifier == '') {
$this->showError($eLang->get('REQFIELDEMPTY'));
return;
}
$openlink = $this->providers[$provider]['url'];
$openlink = str_replace('{uname}', $openid_identifier, $openlink);
$open_user = $openid_identifier;
}
} else {
$openlink = $this->providers[$provider]['url'];
}
if ($open_user != '') {
eFactory::getSession()->set('open_user', $open_user);
}
$returnurl = $elxis->makeURL('user:login/openid.html?etask=auth&eprov='.$provider, 'inner.php', true, false);
elxisLoader::loadFile('components/com_user/auth/openid/includes/openid.php');
try {
$openid = new LightOpenID($this->host);
if (!$openid->mode) {
$openid->identity = $openlink;
$openid->required = array(
'namePerson',
'namePerson/friendly',
'namePerson/last',
'contact/email',
'namePerson/first',
'nickname',
'fullname',
'contact/internet/email',
'media/image',
'media/image/default',
'media/image/64x64',
'media/image/80x80',
'media/image/128x128',
'company/name',
'company/title'
);
$openid->returnUrl = $returnurl;
if (ob_get_length() > 0) { @ob_end_clean(); }
header('Location: '.$openid->authUrl());
} elseif ($openid->mode == 'cancel') {
$this->showError('User has canceled authentication!');
return;
} elseif($openid->validate()) {
$elxis->redirect($returnurl);
} else {
$this->showError('Something is wrong!');
return;
}
} catch(ErrorException $e) {
$this->showError($e->getMessage());
return;
}
}
/**********************/
/* SHOW ERROR MESSAGE */
/**********************/
private function showError($msg='') {
$eLang = eFactory::getLang();
if ($msg == '') { $msg = $eLang->get('REQUEST_DROP'); }
$link = eFactory::getElxis()->makeURL('user:login/openid.html', 'inner.php', true);
echo '<h2>'.$eLang->get('ERROR')."</h2>\n";
echo '<div class="elx5_error">'.$msg."</div>\n";
echo '<div class="elx5_vspace">'."\n";
echo '<a href="'.$link.'">'.$eLang->get('RETRY')."</a>\n";
echo "</div>\n";
}
/***************************************/
/* CUSTOM ACTIONS TO PERFORM ON LOGOUT */
/***************************************/
public function logout() {
}
}
?>