1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 | <?php /** * This file supplies a dumb store backend for OpenID servers and * consumers. * * PHP versions 4 and 5 * * LICENSE: See the COPYING file included in this distribution. * * @package OpenID * @author JanRain, Inc. <openid@janrain.com> * @copyright 2005-2008 Janrain, Inc. * @license http://www.apache.org/licenses/LICENSE-2.0 Apache */ /** * Import the interface for creating a new store class. */ require_once 'Auth/OpenID/Interface.php'; require_once 'Auth/OpenID/HMAC.php'; /** * This is a store for use in the worst case, when you have no way of * saving state on the consumer site. Using this store makes the * consumer vulnerable to replay attacks, as it's unable to use * nonces. Avoid using this store if it is at all possible. * * Most of the methods of this class are implementation details. * Users of this class need to worry only about the constructor. * * @package OpenID */ class Auth_OpenID_DumbStore extends Auth_OpenID_OpenIDStore { /** * Creates a new {@link Auth_OpenID_DumbStore} instance. For the security * of the tokens generated by the library, this class attempts to * at least have a secure implementation of getAuthKey. * * When you create an instance of this class, pass in a secret * phrase. The phrase is hashed with sha1 to make it the correct * length and form for an auth key. That allows you to use a long * string as the secret phrase, which means you can make it very * difficult to guess. * * Each {@link Auth_OpenID_DumbStore} instance that is created for use by * your consumer site needs to use the same $secret_phrase. * * @param string secret_phrase The phrase used to create the auth * key returned by getAuthKey */ function Auth_OpenID_DumbStore($secret_phrase) { $this->auth_key = Auth_OpenID_SHA1($secret_phrase); } /** * This implementation does nothing. */ function storeAssociation($server_url, $association) { } /** * This implementation always returns null. */ function getAssociation($server_url, $handle = null) { return null; } /** * This implementation always returns false. */ function removeAssociation($server_url, $handle) { return false; } /** * In a system truly limited to dumb mode, nonces must all be * accepted. This therefore always returns true, which makes * replay attacks feasible. */ function useNonce($server_url, $timestamp, $salt) { return true; } /** * This method returns the auth key generated by the constructor. */ function getAuthKey() { return $this->auth_key; } } |