Convert to Google static maps
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,4 @@
/labs/tiles/16
/labs/tiles/17
/labs/tiles/19
+/nbproject/private/
--- a/aws/busuiphp.sh
+++ b/aws/busuiphp.sh
@@ -1,16 +1,12 @@
cp /root/aws.php /tmp/
-mkdir /var/www/lib/staticmaplite/cache
+chmod 777 /var/cache/lighttpd/compress/
+
chcon -h system_u:object_r:httpd_sys_content_t /var/www
chcon -R -h root:object_r:httpd_sys_content_t /var/www/*
-
-chcon -R -t httpd_sys_content_rw_t /var/www/lib/staticmaplite/cache
-chmod -R 777 /var/www/lib/staticmaplite/cache
chcon -R -t httpd_sys_content_rw_t /var/www/labs/tiles
chmod -R 777 /var/www/labs/tiles
-chcon -R -t httpd_sys_content_rw_t /var/www/lib/openid-php/oid_store
-chmod -R 777 /var/www/lib/openid-php/oid_store
-
wget http://s3-ap-southeast-1.amazonaws.com/busresources/cbrfeed.zip \
-O /var/www/cbrfeed.zip
+
--- a/css/local.css.php
+++ b/css/local.css.php
@@ -1,13 +1,15 @@
<?php
- header('Content-type: text/css');
- ob_start("compress");
- function compress($buffer) {
+
+header('Content-type: text/css');
+ob_start("compress");
+
+function compress($buffer) {
/* remove comments */
$buffer = preg_replace('!/\*[^*]*\*+([^/][^*]*\*+)*/!', '', $buffer);
/* remove tabs, spaces, newlines, etc. */
$buffer = str_replace(array("\r\n", "\r", "\n", "\t", ' ', ' ', ' '), '', $buffer);
return $buffer;
- }
+}
echo '
.ui-li-thumb, .ui-li-icon { position: relative; }
@@ -86,7 +88,7 @@
}';
//if (false)
- echo '
+echo '
// adaptive layout from jQuery Mobile docs site
.type-interior .content-secondary {
border-right: 0;
@@ -113,7 +115,9 @@
padding:0;
margin: 0;
}
+ /* hires ahoy */
@media all and (min-width: 650px){
+
.content-secondary {
text-align: left;
float: left;
@@ -210,7 +214,8 @@
.type-interior .content-primary {
width: 60%;
}
-}';
- ob_end_flush();
+}
+';
+ob_end_flush();
?>
--- a/include/common-auth.inc.php
+++ b/include/common-auth.inc.php
@@ -1,101 +1,33 @@
<?php
+require $basePath.'lib/openid.php';
+$openid = new LightOpenID($_SERVER['HTTP_HOST']);
+
+function login()
+{
+ global $openid;
+ if(!$openid->mode) {
+ $openid->required = array('contact/email');
+ $openid->identity = 'https://www.google.com/accounts/o8/id';
+ header('Location: ' . $openid->authUrl());
+ }
+ }
-/*
- * Copyright 2010,2011 Alexander Sadleir
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
+function auth()
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- */
-
-function getScheme() {
- $scheme = 'http';
- if (isset($_SERVER['HTTPS']) and $_SERVER['HTTPS'] == 'on') {
- $scheme .= 's';
- }
- return $scheme;
-}
-
-function getTrustRoot() {
- return sprintf("%s://%s:%s%s/", getScheme(), $_SERVER['SERVER_NAME'], $_SERVER['SERVER_PORT'], dirname($_SERVER['PHP_SELF']));
-}
-
-// Includes required files
-set_include_path(get_include_path() . PATH_SEPARATOR . $basePath . "lib/openid-php/");
-require_once "Auth/OpenID/Consumer.php";
-require_once "Auth/OpenID/FileStore.php";
-require_once "Auth/OpenID/AX.php";
-
-function login() {
- global $basePath;
- // Just tested this with/for Google, needs trying with others ...
- $oid_identifier = 'https://www.google.com/accounts/o8/id';
- // Create file storage area for OpenID data
- $store = new Auth_OpenID_FileStore(realpath($basePath) . '/lib/openid-php/oid_store');
- // Create OpenID consumer
- $consumer = new Auth_OpenID_Consumer($store);
- // Create an authentication request to the OpenID provider
- $auth = $consumer->begin($oid_identifier);
-
- // Create attribute request object
- // See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters
- // Usage: make($type_uri, $count=1, $required=false, $alias=null)
- $attribute[] = Auth_OpenID_AX_AttrInfo :: make('http://axschema.org/contact/email', 2, 1, 'email');
- $attribute[] = Auth_OpenID_AX_AttrInfo :: make('http://axschema.org/namePerson/first', 1, 1, 'firstname');
- $attribute[] = Auth_OpenID_AX_AttrInfo :: make('http://axschema.org/namePerson/last', 1, 1, 'lastname');
-
- // Create AX fetch request
- $ax = new Auth_OpenID_AX_FetchRequest;
-
- // Add attributes to AX fetch request
- foreach ($attribute as $attr) {
- $ax->add($attr);
- }
-
- // Add AX fetch request to authentication request
- $auth->addExtension($ax);
- $_SESSION['returnURL'] = curPageURL();
- // Redirect to OpenID provider for authentication
- $url = $auth->redirectURL(getTrustRoot(), $_SESSION['returnURL']);
- header('Location: ' . $url);
-}
-
-function auth() {
- global $basePath;
- if ($_SESSION['authed'] == true)
- return true;
-
- // Create file storage area for OpenID data
- $store = new Auth_OpenID_FileStore(realpath($basePath) . '/lib/openid-php/oid_store');
- // Create OpenID consumer
- $consumer = new Auth_OpenID_Consumer($store);
- // Create an authentication request to the OpenID provider
- $response = $consumer->complete($_SESSION['returnURL']);
-
- if ($response->status == Auth_OpenID_SUCCESS) {
- // Get registration informations
- $ax = new Auth_OpenID_AX_FetchResponse();
- $obj = $ax->fromSuccessResponse($response);
- $email = $obj->data['http://axschema.org/contact/email'][0];
- var_dump($email);
- if ($email != "maxious@gmail.com") {
+{
+ if ($_SESSION['authed'] == true) return true;
+ global $openid;
+
+ if($openid->mode) {
+ $attr = $openid->getAttributes();
+ if ($attr["contact/email"] != "maxious@gmail.com") {
die("Access Denied");
+ } else {
+ $_SESSION['authed'] = true;
+ }
} else {
- $_SESSION['authed'] = true;
- }
- } else {
login();
- }
-}
-
-if ($_REQUEST['janrain_nonce'])
- auth();
+ }
+ }
?>
--- a/include/common-geo.inc.php
+++ b/include/common-geo.inc.php
@@ -18,58 +18,49 @@
// SELECT array_to_string(array(SELECT REPLACE(name_2006, ',', '\,') as name FROM suburbs order by name), ',')
$suburbs = explode(",", "Acton,Ainslie,Amaroo,Aranda,Banks,Barton,Belconnen,Bonner,Bonython,Braddon,Bruce,Calwell,Campbell,Chapman,Charnwood,Chifley,Chisholm,City,Conder,Cook,Curtin,Deakin,Dickson,Downer,Duffy,Dunlop,Evatt,Fadden,Farrer,Fisher,Florey,Flynn,Forrest,Franklin,Fraser,Fyshwick,Garran,Gilmore,Giralang,Gordon,Gowrie,Greenway,Griffith,Gungahlin,Hackett,Hall,Harrison,Hawker,Higgins,Holder,Holt,Hughes,Hume,Isaacs,Isabella Plains,Kaleen,Kambah,Kingston,Latham,Lawson,Lyneham,Lyons,Macarthur,Macgregor,Macquarie,Mawson,McKellar,Melba,Mitchell,Monash,Narrabundah,Ngunnawal,Nicholls,Oaks Estate,O'Connor,O'Malley,Oxley,Page,Palmerston,Parkes,Pearce,Phillip,Pialligo,Red Hill,Reid,Richardson,Rivett,Russell,Scullin,Spence,Stirling,Symonston,Tharwa,Theodore,Torrens,Turner,Wanniassa,Waramanga,Watson,Weetangera,Weston,Yarralumla");
-function staticmap($mapPoints, $zoom = 0, $markerImage = "iconb", $collapsible = true, $twotone = false) {
- global $basePath;
- $width = 300;
+function staticmap($mapPoints, $collapsible = true, $twotone = false, $path = false, $numbered = false) {
+
+ $markers = "";
$height = 300;
- $metersperpixel[9] = 305.492 * $width;
- $metersperpixel[10] = 152.746 * $width;
- $metersperpixel[11] = 76.373 * $width;
- $metersperpixel[12] = 38.187 * $width;
- $metersperpixel[13] = 19.093 * $width;
- $metersperpixel[14] = 9.547 * $width;
- $metersperpixel[15] = 4.773 * $width;
- //$metersperpixel[16] = 2.387 * $width;
- // $metersperpixel[17]=1.193*$width;
- $center = "";
- $markers = "";
- $mapwidthinmeters = 50;
+ $width = $height;
+ $index = 0;
if (sizeof($mapPoints) < 1)
return "map error";
if (sizeof($mapPoints) === 1) {
- if ($zoom == 0)
- $zoom = 14;
- $markers.= "{$mapPoints[0][0]},{$mapPoints[0][1]},$markerimage";
- $center = "{$mapPoints[0][0]},{$mapPoints[0][1]}";
- }
- else {
+ $markers = "markers={$mapPoints[0][0]},{$mapPoints[0][1]}";
+ } else {
+ if (!$numbered) {
+ $markers = "markers=";
+ }
+ if ($path) {
+ $markers.= "markers={$mapPoints[0][0]},{$mapPoints[0][1]}&path=";
+ }
foreach ($mapPoints as $index => $mapPoint) {
if ($twotone && $index == 0) {
- $markers.= $mapPoint[0] . "," . $mapPoint[1] . "," . "iconr" . ($index + 1);
- $center = "{$mapPoints[0][0]},{$mapPoints[0][1]}";
+ $markers = "markerd=color:red|".$mapPoint[0] . "," . $mapPoint[1]."&markers=";
} else {
- $markers.= $mapPoint[0] . "," . $mapPoint[1] . "," . $markerImage . ($index + 1);
- }
- if ($index + 1 != sizeof($mapPoints))
- $markers.= "|";
- $dist = distance($mapPoints[0][0], $mapPoint[0][1], $mapPoint[0], $mapPoint[1]);
- $mapwidthinmeters = ($dist > $mapwidthinmeters ? $dist : $mapwidthinmeters);
- $totalLat+= $mapPoint[0];
- $totalLon+= $mapPoint[1];
- }
- if ($zoom == 0) {
- $mapwidthinmeters = distance($minlat, $minlon, $minlat, $maxlon);
- foreach (array_reverse($metersperpixel, true) as $zoomLevel => $maxdistance) {
- if ($zoom == 0 && $mapwidthinmeters * 1.5 < ($maxdistance))
- $zoom = $zoomLevel;
+ if ($numbered) {
+ $label = ($index > 9 ? 9 : $index);
+ $markers.= "markers=label:$label|" . $mapPoint[0] . "," . $mapPoint[1];
+ if ($index + 1 != sizeof($mapPoints)) {
+ $markers.= "&";
+ }
+ } else {
+ $markers.= $mapPoint[0] . "," . $mapPoint[1];
+ if ($index + 1 != sizeof($mapPoints)) {
+ $markers.= "|";
+ }
+ }
+ $index++;
}
}
- $center = $totalLat / sizeof($mapPoints) . "," . $totalLon / sizeof($mapPoints);
}
$output = "";
if ($collapsible)
$output.= '<div class="map" data-role="collapsible" data-collapsed="true"><h3>Open Map...</h3>';
- $output.= '<img class="map" src="' . curPageURL() . '/' . $basePath . '/lib/staticmaplite/staticmap.php?center=' . $center . '&zoom=' . $zoom . '&size=' . $width . 'x' . $height . '&markers=' . $markers . '" width=' . $width . ' height=' . $height . '>';
+ if (isIOSDevice()) $output.= '<img class="hiresmap" src="http://maps.googleapis.com/maps/api/staticmap?size=' . $width . 'x' . $height . '&' . $markers . '&scale=2&sensor=true" width=' . $width . ' height=' . $height . '>';
+ else $output.= '<img class="lowresmap" src="http://maps.googleapis.com/maps/api/staticmap?size=' . $width . 'x' . $height . '&' . $markers . '&scale=1&format=jpg&sensor=true" width=' . $width . ' height=' . $height . '>';
+
if ($collapsible)
$output.= '</div>';
return $output;
--- a/include/common-request.inc.php
+++ b/include/common-request.inc.php
@@ -33,10 +33,18 @@
if (isset($_REQUEST['suburb'])) {
$suburb = $_REQUEST['suburb'];
}
-$pageKey = filter_var($_REQUEST['pageKey'], FILTER_SANITIZE_NUMBER_INT);
-$lat = filter_var($_REQUEST['lat'], FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
-$lon = filter_var($_REQUEST['lon'], FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
-$max_distance = filter_var($_REQUEST['radius'], FILTER_SANITIZE_NUMBER_INT);
+if (isset($_REQUEST['pageKey'])) {
+ $pageKey = filter_var($_REQUEST['pageKey'], FILTER_SANITIZE_NUMBER_INT);
+}
+if (isset($_REQUEST['lat'])) {
+ $lat = filter_var($_REQUEST['lat'], FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
+}
+if (isset($_REQUEST['lon'])) {
+ $lon = filter_var($_REQUEST['lon'], FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
+}
+if (isset($_REQUEST['radius'])) {
+ $max_distance = filter_var($_REQUEST['radius'], FILTER_SANITIZE_NUMBER_INT);
+}
if (isset($_REQUEST['numberSeries'])) {
$numberSeries = filter_var($_REQUEST['numberSeries'], FILTER_SANITIZE_NUMBER_INT);
}
--- a/include/common-template.inc.php
+++ b/include/common-template.inc.php
@@ -42,7 +42,7 @@
}
function include_header($pageTitle, $pageType, $opendiv = true, $geolocate = false, $datepicker = false) {
- global $basePath, $serviceAlertsEnabled;
+ global $basePath, $GTFSREnabled;
echo '
<!DOCTYPE html>
<html lang="en">
@@ -103,7 +103,7 @@
}';
echo '</style>';
echo '<link rel="stylesheet" href="' . $basePath . 'css/local.css.php" />';
- if (strstr($_SERVER['HTTP_USER_AGENT'], 'iPhone') || strstr($_SERVER['HTTP_USER_AGENT'], 'iPod') || strstr($_SERVER['HTTP_USER_AGENT'], 'iPad')) {
+ if (isIOSDevice()){
echo '<meta name="apple-mobile-web-app-capable" content="yes" />
<meta name="apple-mobile-web-app-status-bar-style" content="black" />
<link rel="apple-touch-startup-image" href="startup.png" />
@@ -179,9 +179,11 @@
}
if ($GTFSREnabled) {
$serviceAlerts = getServiceAlertsAsArray("agency", "0");
- foreach ($serviceAlerts['entity'] as $entity) {
- echo "<div id='servicewarning'>" . date("F j, g:i a", strtotime($entity['alert']['active_period'][0]['start'])) . " to " . date("F j, g:i a", strtotime($entity['alert']['active_period'][0]['end'])) . "{$entity['alert']['header_text']['translation'][0]['text']}<br>Warning: {$entity['alert']['description_text']['translation'][0]['text']}
- <br><a href='{$entity['alert']['url']['translation'][0]['text']}'>Source</a> </div>";
+ if (isset($serviceAlerts['entity']) && sizeof($serviceAlerts['entity']) > 0) {
+ foreach ($serviceAlerts['entity'] as $entity) {
+ echo "<div id='servicewarning'>" . date("F j, g:i a", strtotime($entity['alert']['active_period'][0]['start'])) . " to " . date("F j, g:i a", strtotime($entity['alert']['active_period'][0]['end'])) . "{$entity['alert']['header_text']['translation'][0]['text']}<br>Warning: {$entity['alert']['description_text']['translation'][0]['text']}
+ <br><a href='{$entity['alert']['url']['translation'][0]['text']}'>Source</a> </div>";
+ }
}
}
}
--- a/include/common.inc.php
+++ b/include/common.inc.php
@@ -48,6 +48,8 @@
$basePath = "";
if (strstr($_SERVER['PHP_SELF'], "labs/")
|| strstr($_SERVER['PHP_SELF'], "myway/")
+ || strstr($_SERVER['PHP_SELF'], "lib/")
+ || strstr($_SERVER['PHP_SELF'], "include/")
|| strstr($_SERVER['PHP_SELF'], "servicealerts/"))
$basePath = "../";
@@ -81,31 +83,15 @@
if (isDebug($debugReason))
echo "\n<!-- " . date(DATE_RFC822) . "\n $msg -->\n";
}
-
+function isIOSDevice() {
+ return strstr($_SERVER['HTTP_USER_AGENT'], 'iPhone') || strstr($_SERVER['HTTP_USER_AGENT'], 'iPod') || strstr($_SERVER['HTTP_USER_AGENT'], 'iPad');
+}
function isJQueryMobileDevice() {
// http://forum.jquery.com/topic/what-is-the-best-way-to-detect-all-useragents-which-can-handle-jquery-mobile#14737000002087897
$user_agent = $_SERVER['HTTP_USER_AGENT'];
return preg_match('/iphone/i', $user_agent) || preg_match('/android/i', $user_agent) || preg_match('/webos/i', $user_agent) || preg_match('/ios/i', $user_agent) || preg_match('/bada/i', $user_agent) || preg_match('/maemo/i', $user_agent) || preg_match('/meego/i', $user_agent) || preg_match('/fennec/i', $user_agent) || (preg_match('/symbian/i', $user_agent) && preg_match('/s60/i', $user_agent) && $browser['majorver'] >= 5) || (preg_match('/symbian/i', $user_agent) && preg_match('/platform/i', $user_agent) && $browser['majorver'] >= 3) || (preg_match('/blackberry/i', $user_agent) && $browser['majorver'] >= 5) || (preg_match('/opera mobile/i', $user_agent) && $browser['majorver'] >= 10) || (preg_match('/opera mini/i', $user_agent) && $browser['majorver'] >= 5);
}
-function isFastDevice() {
- $ua = $_SERVER['HTTP_USER_AGENT'];
- $fastDevices = Array(
- "Mozilla/5.0 (X11;",
- "Mozilla/5.0 (Windows;",
- "Mozilla/5.0 (iP",
- "Mozilla/5.0 (Linux; U; Android",
- "Mozilla/4.0 (compatible; MSIE"
- );
- $slowDevices = Array(
- "J2ME",
- "MIDP",
- "Opera/",
- "Mozilla/2.0 (compatible;",
- "Mozilla/3.0 (compatible;"
- );
- return true;
-}
function array_flatten($a, $f = array()) {
if (!$a || !is_array($a))
--- a/labs/stop.pdf.php
+++ b/labs/stop.pdf.php
@@ -34,7 +34,7 @@
$stop[2],
$stop[3]
)
- ), 0, "iconb", false) . "</td></tr>";
+ ), 0, false) . "</td></tr>";
$url = $APIurl . "/json/stoptrips?stop=" . $stopid . "&time=" . midnight_seconds() . "&service_period=" . service_period();
$trips = json_decode(getPage($url));
$html.= "</table><br><br><table>";
--- a/lib/autocomplete.php
+++ b/lib/autocomplete.php
@@ -3,7 +3,7 @@
$result = Array();
if (isset($_REQUEST['term'])) {
$term = filter_var($_REQUEST['term'], FILTER_SANITIZE_STRING);
- $query = "Select stop_name,min(stop_lat) as stop_lat,min(stop_lon) as stop_lon from stops where stop_name LIKE :term group by stop_name";
+ $query = "Select stop_name,min(stop_lat) as stop_lat,min(stop_lon) as stop_lon from stops where stop_name ILIKE :term group by stop_name";
$query = $conn->prepare($query);
$term = "$term%";
$query->bindParam(":term", $term);
--- a/lib/openid-php/Auth/OpenID.php
+++ /dev/null
@@ -1,564 +1,1 @@
-<?php
-/**
- * This is the PHP OpenID library by JanRain, Inc.
- *
- * This module contains core utility functionality used by the
- * library. See Consumer.php and Server.php for the consumer and
- * server implementations.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * The library version string
- */
-define('Auth_OpenID_VERSION', '2.2.2');
-
-/**
- * Require the fetcher code.
- */
-require_once "Auth/Yadis/PlainHTTPFetcher.php";
-require_once "Auth/Yadis/ParanoidHTTPFetcher.php";
-require_once "Auth/OpenID/BigMath.php";
-require_once "Auth/OpenID/URINorm.php";
-
-/**
- * Status code returned by the server when the only option is to show
- * an error page, since we do not have enough information to redirect
- * back to the consumer. The associated value is an error message that
- * should be displayed on an HTML error page.
- *
- * @see Auth_OpenID_Server
- */
-define('Auth_OpenID_LOCAL_ERROR', 'local_error');
-
-/**
- * Status code returned when there is an error to return in key-value
- * form to the consumer. The caller should return a 400 Bad Request
- * response with content-type text/plain and the value as the body.
- *
- * @see Auth_OpenID_Server
- */
-define('Auth_OpenID_REMOTE_ERROR', 'remote_error');
-
-/**
- * Status code returned when there is a key-value form OK response to
- * the consumer. The value associated with this code is the
- * response. The caller should return a 200 OK response with
- * content-type text/plain and the value as the body.
- *
- * @see Auth_OpenID_Server
- */
-define('Auth_OpenID_REMOTE_OK', 'remote_ok');
-
-/**
- * Status code returned when there is a redirect back to the
- * consumer. The value is the URL to redirect back to. The caller
- * should return a 302 Found redirect with a Location: header
- * containing the URL.
- *
- * @see Auth_OpenID_Server
- */
-define('Auth_OpenID_REDIRECT', 'redirect');
-
-/**
- * Status code returned when the caller needs to authenticate the
- * user. The associated value is a {@link Auth_OpenID_ServerRequest}
- * object that can be used to complete the authentication. If the user
- * has taken some authentication action, use the retry() method of the
- * {@link Auth_OpenID_ServerRequest} object to complete the request.
- *
- * @see Auth_OpenID_Server
- */
-define('Auth_OpenID_DO_AUTH', 'do_auth');
-
-/**
- * Status code returned when there were no OpenID arguments
- * passed. This code indicates that the caller should return a 200 OK
- * response and display an HTML page that says that this is an OpenID
- * server endpoint.
- *
- * @see Auth_OpenID_Server
- */
-define('Auth_OpenID_DO_ABOUT', 'do_about');
-
-/**
- * Defines for regexes and format checking.
- */
-define('Auth_OpenID_letters',
- "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ");
-
-define('Auth_OpenID_digits',
- "0123456789");
-
-define('Auth_OpenID_punct',
- "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~");
-
-Auth_OpenID_include_init();
-
-/**
- * The OpenID utility function class.
- *
- * @package OpenID
- * @access private
- */
-class Auth_OpenID {
-
- /**
- * Return true if $thing is an Auth_OpenID_FailureResponse object;
- * false if not.
- *
- * @access private
- */
- static function isFailure($thing)
- {
- return is_a($thing, 'Auth_OpenID_FailureResponse');
- }
-
- /**
- * Gets the query data from the server environment based on the
- * request method used. If GET was used, this looks at
- * $_SERVER['QUERY_STRING'] directly. If POST was used, this
- * fetches data from the special php://input file stream.
- *
- * Returns an associative array of the query arguments.
- *
- * Skips invalid key/value pairs (i.e. keys with no '=value'
- * portion).
- *
- * Returns an empty array if neither GET nor POST was used, or if
- * POST was used but php://input cannot be opened.
- *
- * See background:
- * http://lists.openidenabled.com/pipermail/dev/2007-March/000395.html
- *
- * @access private
- */
- static function getQuery($query_str=null)
- {
- $data = array();
-
- if ($query_str !== null) {
- $data = Auth_OpenID::params_from_string($query_str);
- } else if (!array_key_exists('REQUEST_METHOD', $_SERVER)) {
- // Do nothing.
- } else {
- // XXX HACK FIXME HORRIBLE.
- //
- // POSTing to a URL with query parameters is acceptable, but
- // we don't have a clean way to distinguish those parameters
- // when we need to do things like return_to verification
- // which only want to look at one kind of parameter. We're
- // going to emulate the behavior of some other environments
- // by defaulting to GET and overwriting with POST if POST
- // data is available.
- $data = Auth_OpenID::params_from_string($_SERVER['QUERY_STRING']);
-
- if ($_SERVER['REQUEST_METHOD'] == 'POST') {
- $str = file_get_contents('php://input');
-
- if ($str === false) {
- $post = array();
- } else {
- $post = Auth_OpenID::params_from_string($str);
- }
-
- $data = array_merge($data, $post);
- }
- }
-
- return $data;
- }
-
- static function params_from_string($str)
- {
- $chunks = explode("&", $str);
-
- $data = array();
- foreach ($chunks as $chunk) {
- $parts = explode("=", $chunk, 2);
-
- if (count($parts) != 2) {
- continue;
- }
-
- list($k, $v) = $parts;
- $data[urldecode($k)] = urldecode($v);
- }
-
- return $data;
- }
-
- /**
- * Create dir_name as a directory if it does not exist. If it
- * exists, make sure that it is, in fact, a directory. Returns
- * true if the operation succeeded; false if not.
- *
- * @access private
- */
- static function ensureDir($dir_name)
- {
- if (is_dir($dir_name) || @mkdir($dir_name)) {
- return true;
- } else {
- $parent_dir = dirname($dir_name);
-
- // Terminal case; there is no parent directory to create.
- if ($parent_dir == $dir_name) {
- return true;
- }
-
- return (Auth_OpenID::ensureDir($parent_dir) && @mkdir($dir_name));
- }
- }
-
- /**
- * Adds a string prefix to all values of an array. Returns a new
- * array containing the prefixed values.
- *
- * @access private
- */
- static function addPrefix($values, $prefix)
- {
- $new_values = array();
- foreach ($values as $s) {
- $new_values[] = $prefix . $s;
- }
- return $new_values;
- }
-
- /**
- * Convenience function for getting array values. Given an array
- * $arr and a key $key, get the corresponding value from the array
- * or return $default if the key is absent.
- *
- * @access private
- */
- static function arrayGet($arr, $key, $fallback = null)
- {
- if (is_array($arr)) {
- if (array_key_exists($key, $arr)) {
- return $arr[$key];
- } else {
- return $fallback;
- }
- } else {
- trigger_error("Auth_OpenID::arrayGet (key = ".$key.") expected " .
- "array as first parameter, got " .
- gettype($arr), E_USER_WARNING);
-
- return false;
- }
- }
-
- /**
- * Replacement for PHP's broken parse_str.
- */
- static function parse_str($query)
- {
- if ($query === null) {
- return null;
- }
-
- $parts = explode('&', $query);
-
- $new_parts = array();
- for ($i = 0; $i < count($parts); $i++) {
- $pair = explode('=', $parts[$i]);
-
- if (count($pair) != 2) {
- continue;
- }
-
- list($key, $value) = $pair;
- $new_parts[urldecode($key)] = urldecode($value);
- }
-
- return $new_parts;
- }
-
- /**
- * Implements the PHP 5 'http_build_query' functionality.
- *
- * @access private
- * @param array $data Either an array key/value pairs or an array
- * of arrays, each of which holding two values: a key and a value,
- * sequentially.
- * @return string $result The result of url-encoding the key/value
- * pairs from $data into a URL query string
- * (e.g. "username=bob&id=56").
- */
- static function httpBuildQuery($data)
- {
- $pairs = array();
- foreach ($data as $key => $value) {
- if (is_array($value)) {
- $pairs[] = urlencode($value[0])."=".urlencode($value[1]);
- } else {
- $pairs[] = urlencode($key)."=".urlencode($value);
- }
- }
- return implode("&", $pairs);
- }
-
- /**
- * "Appends" query arguments onto a URL. The URL may or may not
- * already have arguments (following a question mark).
- *
- * @access private
- * @param string $url A URL, which may or may not already have
- * arguments.
- * @param array $args Either an array key/value pairs or an array of
- * arrays, each of which holding two values: a key and a value,
- * sequentially. If $args is an ordinary key/value array, the
- * parameters will be added to the URL in sorted alphabetical order;
- * if $args is an array of arrays, their order will be preserved.
- * @return string $url The original URL with the new parameters added.
- *
- */
- static function appendArgs($url, $args)
- {
- if (count($args) == 0) {
- return $url;
- }
-
- // Non-empty array; if it is an array of arrays, use
- // multisort; otherwise use sort.
- if (array_key_exists(0, $args) &&
- is_array($args[0])) {
- // Do nothing here.
- } else {
- $keys = array_keys($args);
- sort($keys);
- $new_args = array();
- foreach ($keys as $key) {
- $new_args[] = array($key, $args[$key]);
- }
- $args = $new_args;
- }
-
- $sep = '?';
- if (strpos($url, '?') !== false) {
- $sep = '&';
- }
-
- return $url . $sep . Auth_OpenID::httpBuildQuery($args);
- }
-
- /**
- * Implements python's urlunparse, which is not available in PHP.
- * Given the specified components of a URL, this function rebuilds
- * and returns the URL.
- *
- * @access private
- * @param string $scheme The scheme (e.g. 'http'). Defaults to 'http'.
- * @param string $host The host. Required.
- * @param string $port The port.
- * @param string $path The path.
- * @param string $query The query.
- * @param string $fragment The fragment.
- * @return string $url The URL resulting from assembling the
- * specified components.
- */
- static function urlunparse($scheme, $host, $port = null, $path = '/',
- $query = '', $fragment = '')
- {
-
- if (!$scheme) {
- $scheme = 'http';
- }
-
- if (!$host) {
- return false;
- }
-
- if (!$path) {
- $path = '';
- }
-
- $result = $scheme . "://" . $host;
-
- if ($port) {
- $result .= ":" . $port;
- }
-
- $result .= $path;
-
- if ($query) {
- $result .= "?" . $query;
- }
-
- if ($fragment) {
- $result .= "#" . $fragment;
- }
-
- return $result;
- }
-
- /**
- * Given a URL, this "normalizes" it by adding a trailing slash
- * and / or a leading http:// scheme where necessary. Returns
- * null if the original URL is malformed and cannot be normalized.
- *
- * @access private
- * @param string $url The URL to be normalized.
- * @return mixed $new_url The URL after normalization, or null if
- * $url was malformed.
- */
- static function normalizeUrl($url)
- {
- @$parsed = parse_url($url);
-
- if (!$parsed) {
- return null;
- }
-
- if (isset($parsed['scheme']) &&
- isset($parsed['host'])) {
- $scheme = strtolower($parsed['scheme']);
- if (!in_array($scheme, array('http', 'https'))) {
- return null;
- }
- } else {
- $url = 'http://' . $url;
- }
-
- $normalized = Auth_OpenID_urinorm($url);
- if ($normalized === null) {
- return null;
- }
- list($defragged, $frag) = Auth_OpenID::urldefrag($normalized);
- return $defragged;
- }
-
- /**
- * Replacement (wrapper) for PHP's intval() because it's broken.
- *
- * @access private
- */
- static function intval($value)
- {
- $re = "/^\\d+$/";
-
- if (!preg_match($re, $value)) {
- return false;
- }
-
- return intval($value);
- }
-
- /**
- * Count the number of bytes in a string independently of
- * multibyte support conditions.
- *
- * @param string $str The string of bytes to count.
- * @return int The number of bytes in $str.
- */
- static function bytes($str)
- {
- return strlen(bin2hex($str)) / 2;
- }
-
- /**
- * Get the bytes in a string independently of multibyte support
- * conditions.
- */
- static function toBytes($str)
- {
- $hex = bin2hex($str);
-
- if (!$hex) {
- return array();
- }
-
- $b = array();
- for ($i = 0; $i < strlen($hex); $i += 2) {
- $b[] = chr(base_convert(substr($hex, $i, 2), 16, 10));
- }
-
- return $b;
- }
-
- static function urldefrag($url)
- {
- $parts = explode("#", $url, 2);
-
- if (count($parts) == 1) {
- return array($parts[0], "");
- } else {
- return $parts;
- }
- }
-
- static function filter($callback, &$sequence)
- {
- $result = array();
-
- foreach ($sequence as $item) {
- if (call_user_func_array($callback, array($item))) {
- $result[] = $item;
- }
- }
-
- return $result;
- }
-
- static function update(&$dest, &$src)
- {
- foreach ($src as $k => $v) {
- $dest[$k] = $v;
- }
- }
-
- /**
- * Wrap PHP's standard error_log functionality. Use this to
- * perform all logging. It will interpolate any additional
- * arguments into the format string before logging.
- *
- * @param string $format_string The sprintf format for the message
- */
- static function log($format_string)
- {
- $args = func_get_args();
- $message = call_user_func_array('sprintf', $args);
- error_log($message);
- }
-
- static function autoSubmitHTML($form, $title="OpenId transaction in progress")
- {
- return("<html>".
- "<head><title>".
- $title .
- "</title></head>".
- "<body onload='document.forms[0].submit();'>".
- $form .
- "<script>".
- "var elements = document.forms[0].elements;".
- "for (var i = 0; i < elements.length; i++) {".
- " elements[i].style.display = \"none\";".
- "}".
- "</script>".
- "</body>".
- "</html>");
- }
-}
-
-/*
- * Function to run when this file is included.
- * Abstracted to a function to make life easier
- * for some PHP optimizers.
- */
-function Auth_OpenID_include_init() {
- if (Auth_OpenID_getMathLib() === null) {
- Auth_OpenID_setNoMathSupport();
- }
-}
-
--- a/lib/openid-php/Auth/OpenID/AX.php
+++ /dev/null
@@ -1,1023 +1,1 @@
-<?php
-/**
- * Implements the OpenID attribute exchange specification, version 1.0
- * as of svn revision 370 from openid.net svn.
- *
- * @package OpenID
- */
-
-/**
- * Require utility classes and functions for the consumer.
- */
-require_once "Auth/OpenID/Extension.php";
-require_once "Auth/OpenID/Message.php";
-require_once "Auth/OpenID/TrustRoot.php";
-
-define('Auth_OpenID_AX_NS_URI',
- 'http://openid.net/srv/ax/1.0');
-
-// Use this as the 'count' value for an attribute in a FetchRequest to
-// ask for as many values as the OP can provide.
-define('Auth_OpenID_AX_UNLIMITED_VALUES', 'unlimited');
-
-// Minimum supported alias length in characters. Here for
-// completeness.
-define('Auth_OpenID_AX_MINIMUM_SUPPORTED_ALIAS_LENGTH', 32);
-
-/**
- * AX utility class.
- *
- * @package OpenID
- */
-class Auth_OpenID_AX {
- /**
- * @param mixed $thing Any object which may be an
- * Auth_OpenID_AX_Error object.
- *
- * @return bool true if $thing is an Auth_OpenID_AX_Error; false
- * if not.
- */
- static function isError($thing)
- {
- return is_a($thing, 'Auth_OpenID_AX_Error');
- }
-}
-
-/**
- * Check an alias for invalid characters; raise AXError if any are
- * found. Return None if the alias is valid.
- */
-function Auth_OpenID_AX_checkAlias($alias)
-{
- if (strpos($alias, ',') !== false) {
- return new Auth_OpenID_AX_Error(sprintf(
- "Alias %s must not contain comma", $alias));
- }
- if (strpos($alias, '.') !== false) {
- return new Auth_OpenID_AX_Error(sprintf(
- "Alias %s must not contain period", $alias));
- }
-
- return true;
-}
-
-/**
- * Results from data that does not meet the attribute exchange 1.0
- * specification
- *
- * @package OpenID
- */
-class Auth_OpenID_AX_Error {
- function Auth_OpenID_AX_Error($message=null)
- {
- $this->message = $message;
- }
-}
-
-/**
- * Abstract class containing common code for attribute exchange
- * messages.
- *
- * @package OpenID
- */
-class Auth_OpenID_AX_Message extends Auth_OpenID_Extension {
- /**
- * ns_alias: The preferred namespace alias for attribute exchange
- * messages
- */
- var $ns_alias = 'ax';
-
- /**
- * mode: The type of this attribute exchange message. This must be
- * overridden in subclasses.
- */
- var $mode = null;
-
- var $ns_uri = Auth_OpenID_AX_NS_URI;
-
- /**
- * Return Auth_OpenID_AX_Error if the mode in the attribute
- * exchange arguments does not match what is expected for this
- * class; true otherwise.
- *
- * @access private
- */
- function _checkMode($ax_args)
- {
- $mode = Auth_OpenID::arrayGet($ax_args, 'mode');
- if ($mode != $this->mode) {
- return new Auth_OpenID_AX_Error(
- sprintf(
- "Expected mode '%s'; got '%s'",
- $this->mode, $mode));
- }
-
- return true;
- }
-
- /**
- * Return a set of attribute exchange arguments containing the
- * basic information that must be in every attribute exchange
- * message.
- *
- * @access private
- */
- function _newArgs()
- {
- return array('mode' => $this->mode);
- }
-}
-
-/**
- * Represents a single attribute in an attribute exchange
- * request. This should be added to an AXRequest object in order to
- * request the attribute.
- *
- * @package OpenID
- */
-class Auth_OpenID_AX_AttrInfo {
- /**
- * Construct an attribute information object. Do not call this
- * directly; call make(...) instead.
- *
- * @param string $type_uri The type URI for this attribute.
- *
- * @param int $count The number of values of this type to request.
- *
- * @param bool $required Whether the attribute will be marked as
- * required in the request.
- *
- * @param string $alias The name that should be given to this
- * attribute in the request.
- */
- function Auth_OpenID_AX_AttrInfo($type_uri, $count, $required,
- $alias)
- {
- /**
- * required: Whether the attribute will be marked as required
- * when presented to the subject of the attribute exchange
- * request.
- */
- $this->required = $required;
-
- /**
- * count: How many values of this type to request from the
- * subject. Defaults to one.
- */
- $this->count = $count;
-
- /**
- * type_uri: The identifier that determines what the attribute
- * represents and how it is serialized. For example, one type
- * URI representing dates could represent a Unix timestamp in
- * base 10 and another could represent a human-readable
- * string.
- */
- $this->type_uri = $type_uri;
-
- /**
- * alias: The name that should be given to this attribute in
- * the request. If it is not supplied, a generic name will be
- * assigned. For example, if you want to call a Unix timestamp
- * value 'tstamp', set its alias to that value. If two
- * attributes in the same message request to use the same
- * alias, the request will fail to be generated.
- */
- $this->alias = $alias;
- }
-
- /**
- * Construct an attribute information object. For parameter
- * details, see the constructor.
- */
- static function make($type_uri, $count=1, $required=false,
- $alias=null)
- {
- if ($alias !== null) {
- $result = Auth_OpenID_AX_checkAlias($alias);
-
- if (Auth_OpenID_AX::isError($result)) {
- return $result;
- }
- }
-
- return new Auth_OpenID_AX_AttrInfo($type_uri, $count, $required,
- $alias);
- }
-
- /**
- * When processing a request for this attribute, the OP should
- * call this method to determine whether all available attribute
- * values were requested. If self.count == UNLIMITED_VALUES, this
- * returns True. Otherwise this returns False, in which case
- * self.count is an integer.
- */
- function wantsUnlimitedValues()
- {
- return $this->count === Auth_OpenID_AX_UNLIMITED_VALUES;
- }
-}
-
-/**
- * Given a namespace mapping and a string containing a comma-separated
- * list of namespace aliases, return a list of type URIs that
- * correspond to those aliases.
- *
- * @param $namespace_map The mapping from namespace URI to alias
- * @param $alias_list_s The string containing the comma-separated
- * list of aliases. May also be None for convenience.
- *
- * @return $seq The list of namespace URIs that corresponds to the
- * supplied list of aliases. If the string was zero-length or None, an
- * empty list will be returned.
- *
- * return null If an alias is present in the list of aliases but
- * is not present in the namespace map.
- */
-function Auth_OpenID_AX_toTypeURIs($namespace_map, $alias_list_s)
-{
- $uris = array();
-
- if ($alias_list_s) {
- foreach (explode(',', $alias_list_s) as $alias) {
- $type_uri = $namespace_map->getNamespaceURI($alias);
- if ($type_uri === null) {
- // raise KeyError(
- // 'No type is defined for attribute name %r' % (alias,))
- return new Auth_OpenID_AX_Error(
- sprintf('No type is defined for attribute name %s',
- $alias)
- );
- } else {
- $uris[] = $type_uri;
- }
- }
- }
-
- return $uris;
-}
-
-/**
- * An attribute exchange 'fetch_request' message. This message is sent
- * by a relying party when it wishes to obtain attributes about the
- * subject of an OpenID authentication request.
- *
- * @package OpenID
- */
-class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message {
-
- var $mode = 'fetch_request';
-
- function Auth_OpenID_AX_FetchRequest($update_url=null)
- {
- /**
- * requested_attributes: The attributes that have been
- * requested thus far, indexed by the type URI.
- */
- $this->requested_attributes = array();
-
- /**
- * update_url: A URL that will accept responses for this
- * attribute exchange request, even in the absence of the user
- * who made this request.
- */
- $this->update_url = $update_url;
- }
-
- /**
- * Add an attribute to this attribute exchange request.
- *
- * @param attribute: The attribute that is being requested
- * @return true on success, false when the requested attribute is
- * already present in this fetch request.
- */
- function add($attribute)
- {
- if ($this->contains($attribute->type_uri)) {
- return new Auth_OpenID_AX_Error(
- sprintf("The attribute %s has already been requested",
- $attribute->type_uri));
- }
-
- $this->requested_attributes[$attribute->type_uri] = $attribute;
-
- return true;
- }
-
- /**
- * Get the serialized form of this attribute fetch request.
- *
- * @returns Auth_OpenID_AX_FetchRequest The fetch request message parameters
- */
- function getExtensionArgs()
- {
- $aliases = new Auth_OpenID_NamespaceMap();
-
- $required = array();
- $if_available = array();
-
- $ax_args = $this->_newArgs();
-
- foreach ($this->requested_attributes as $type_uri => $attribute) {
- if ($attribute->alias === null) {
- $alias = $aliases->add($type_uri);
- } else {
- $alias = $aliases->addAlias($type_uri, $attribute->alias);
-
- if ($alias === null) {
- return new Auth_OpenID_AX_Error(
- sprintf("Could not add alias %s for URI %s",
- $attribute->alias, $type_uri
- ));
- }
- }
-
- if ($attribute->required) {
- $required[] = $alias;
- } else {
- $if_available[] = $alias;
- }
-
- if ($attribute->count != 1) {
- $ax_args['count.' . $alias] = strval($attribute->count);
- }
-
- $ax_args['type.' . $alias] = $type_uri;
- }
-
- if ($required) {
- $ax_args['required'] = implode(',', $required);
- }
-
- if ($if_available) {
- $ax_args['if_available'] = implode(',', $if_available);
- }
-
- return $ax_args;
- }
-
- /**
- * Get the type URIs for all attributes that have been marked as
- * required.
- *
- * @return A list of the type URIs for attributes that have been
- * marked as required.
- */
- function getRequiredAttrs()
- {
- $required = array();
- foreach ($this->requested_attributes as $type_uri => $attribute) {
- if ($attribute->required) {
- $required[] = $type_uri;
- }
- }
-
- return $required;
- }
-
- /**
- * Extract a FetchRequest from an OpenID message
- *
- * @param request: The OpenID request containing the attribute
- * fetch request
- *
- * @returns mixed An Auth_OpenID_AX_Error or the
- * Auth_OpenID_AX_FetchRequest extracted from the request message if
- * successful
- */
- static function fromOpenIDRequest($request)
- {
- $m = $request->message;
- $obj = new Auth_OpenID_AX_FetchRequest();
- $ax_args = $m->getArgs($obj->ns_uri);
-
- $result = $obj->parseExtensionArgs($ax_args);
-
- if (Auth_OpenID_AX::isError($result)) {
- return $result;
- }
-
- if ($obj->update_url) {
- // Update URL must match the openid.realm of the
- // underlying OpenID 2 message.
- $realm = $m->getArg(Auth_OpenID_OPENID_NS, 'realm',
- $m->getArg(
- Auth_OpenID_OPENID_NS,
- 'return_to'));
-
- if (!$realm) {
- $obj = new Auth_OpenID_AX_Error(
- sprintf("Cannot validate update_url %s " .
- "against absent realm", $obj->update_url));
- } else if (!Auth_OpenID_TrustRoot::match($realm,
- $obj->update_url)) {
- $obj = new Auth_OpenID_AX_Error(
- sprintf("Update URL %s failed validation against realm %s",
- $obj->update_url, $realm));
- }
- }
-
- return $obj;
- }
-
- /**
- * Given attribute exchange arguments, populate this FetchRequest.
- *
- * @return $result Auth_OpenID_AX_Error if the data to be parsed
- * does not follow the attribute exchange specification. At least
- * when 'if_available' or 'required' is not specified for a
- * particular attribute type. Returns true otherwise.
- */
- function parseExtensionArgs($ax_args)
- {
- $result = $this->_checkMode($ax_args);
- if (Auth_OpenID_AX::isError($result)) {
- return $result;
- }
-
- $aliases = new Auth_OpenID_NamespaceMap();
-
- foreach ($ax_args as $key => $value) {
- if (strpos($key, 'type.') === 0) {
- $alias = substr($key, 5);
- $type_uri = $value;
-
- $alias = $aliases->addAlias($type_uri, $alias);
-
- if ($alias === null) {
- return new Auth_OpenID_AX_Error(
- sprintf("Could not add alias %s for URI %s",
- $alias, $type_uri)
- );
- }
-
- $count_s = Auth_OpenID::arrayGet($ax_args, 'count.' . $alias);
- if ($count_s) {
- $count = Auth_OpenID::intval($count_s);
- if (($count === false) &&
- ($count_s === Auth_OpenID_AX_UNLIMITED_VALUES)) {
- $count = $count_s;
- }
- } else {
- $count = 1;
- }
-
- if ($count === false) {
- return new Auth_OpenID_AX_Error(
- sprintf("Integer value expected for %s, got %s",
- 'count.' . $alias, $count_s));
- }
-
- $attrinfo = Auth_OpenID_AX_AttrInfo::make($type_uri, $count,
- false, $alias);
-
- if (Auth_OpenID_AX::isError($attrinfo)) {
- return $attrinfo;
- }
-
- $this->add($attrinfo);
- }
- }
-
- $required = Auth_OpenID_AX_toTypeURIs($aliases,
- Auth_OpenID::arrayGet($ax_args, 'required'));
-
- foreach ($required as $type_uri) {
- $attrib = $this->requested_attributes[$type_uri];
- $attrib->required = true;
- }
-
- $if_available = Auth_OpenID_AX_toTypeURIs($aliases,
- Auth_OpenID::arrayGet($ax_args, 'if_available'));
-
- $all_type_uris = array_merge($required, $if_available);
-
- foreach ($aliases->iterNamespaceURIs() as $type_uri) {
- if (!in_array($type_uri, $all_type_uris)) {
- return new Auth_OpenID_AX_Error(
- sprintf('Type URI %s was in the request but not ' .
- 'present in "required" or "if_available"',
- $type_uri));
-
- }
- }
-
- $this->update_url = Auth_OpenID::arrayGet($ax_args, 'update_url');
-
- return true;
- }
-
- /**
- * Iterate over the AttrInfo objects that are contained in this
- * fetch_request.
- */
- function iterAttrs()
- {
- return array_values($this->requested_attributes);
- }
-
- function iterTypes()
- {
- return array_keys($this->requested_attributes);
- }
-
- /**
- * Is the given type URI present in this fetch_request?
- */
- function contains($type_uri)
- {
- return in_array($type_uri, $this->iterTypes());
- }
-}
-
-/**
- * An abstract class that implements a message that has attribute keys
- * and values. It contains the common code between fetch_response and
- * store_request.
- *
- * @package OpenID
- */
-class Auth_OpenID_AX_KeyValueMessage extends Auth_OpenID_AX_Message {
-
- function Auth_OpenID_AX_KeyValueMessage()
- {
- $this->data = array();
- }
-
- /**
- * Add a single value for the given attribute type to the
- * message. If there are already values specified for this type,
- * this value will be sent in addition to the values already
- * specified.
- *
- * @param type_uri: The URI for the attribute
- * @param value: The value to add to the response to the relying
- * party for this attribute
- * @return null
- */
- function addValue($type_uri, $value)
- {
- if (!array_key_exists($type_uri, $this->data)) {
- $this->data[$type_uri] = array();
- }
-
- $values =& $this->data[$type_uri];
- $values[] = $value;
- }
-
- /**
- * Set the values for the given attribute type. This replaces any
- * values that have already been set for this attribute.
- *
- * @param type_uri: The URI for the attribute
- * @param values: A list of values to send for this attribute.
- */
- function setValues($type_uri, &$values)
- {
- $this->data[$type_uri] =& $values;
- }
-
- /**
- * Get the extension arguments for the key/value pairs contained
- * in this message.
- *
- * @param aliases: An alias mapping. Set to None if you don't care
- * about the aliases for this request.
- *
- * @access private
- */
- function _getExtensionKVArgs($aliases)
- {
- if ($aliases === null) {
- $aliases = new Auth_OpenID_NamespaceMap();
- }
-
- $ax_args = array();
-
- foreach ($this->data as $type_uri => $values) {
- $alias = $aliases->add($type_uri);
-
- $ax_args['type.' . $alias] = $type_uri;
- $ax_args['count.' . $alias] = strval(count($values));
-
- foreach ($values as $i => $value) {
- $key = sprintf('value.%s.%d', $alias, $i + 1);
- $ax_args[$key] = $value;
- }
- }
-
- return $ax_args;
- }
-
- /**
- * Parse attribute exchange key/value arguments into this object.
- *
- * @param ax_args: The attribute exchange fetch_response
- * arguments, with namespacing removed.
- *
- * @return Auth_OpenID_AX_Error or true
- */
- function parseExtensionArgs($ax_args)
- {
- $result = $this->_checkMode($ax_args);
- if (Auth_OpenID_AX::isError($result)) {
- return $result;
- }
-
- $aliases = new Auth_OpenID_NamespaceMap();
-
- foreach ($ax_args as $key => $value) {
- if (strpos($key, 'type.') === 0) {
- $type_uri = $value;
- $alias = substr($key, 5);
-
- $result = Auth_OpenID_AX_checkAlias($alias);
-
- if (Auth_OpenID_AX::isError($result)) {
- return $result;
- }
-
- $alias = $aliases->addAlias($type_uri, $alias);
-
- if ($alias === null) {
- return new Auth_OpenID_AX_Error(
- sprintf("Could not add alias %s for URI %s",
- $alias, $type_uri)
- );
- }
- }
- }
-
- foreach ($aliases->iteritems() as $pair) {
- list($type_uri, $alias) = $pair;
-
- if (array_key_exists('count.' . $alias, $ax_args) && ($ax_args['count.' . $alias] !== Auth_OpenID_AX_UNLIMITED_VALUES)) {
-
- $count_key = 'count.' . $alias;
- $count_s = $ax_args[$count_key];
-
- $count = Auth_OpenID::intval($count_s);
-
- if ($count === false) {
- return new Auth_OpenID_AX_Error(
- sprintf("Integer value expected for %s, got %s",
- 'count. %s' . $alias, $count_s,
- Auth_OpenID_AX_UNLIMITED_VALUES)
- );
- }
-
- $values = array();
- for ($i = 1; $i < $count + 1; $i++) {
- $value_key = sprintf('value.%s.%d', $alias, $i);
-
- if (!array_key_exists($value_key, $ax_args)) {
- return new Auth_OpenID_AX_Error(
- sprintf(
- "No value found for key %s",
- $value_key));
- }
-
- $value = $ax_args[$value_key];
- $values[] = $value;
- }
- } else {
- $key = 'value.' . $alias;
-
- if (!array_key_exists($key, $ax_args)) {
- return new Auth_OpenID_AX_Error(
- sprintf(
- "No value found for key %s",
- $key));
- }
-
- $value = $ax_args['value.' . $alias];
-
- if ($value == '') {
- $values = array();
- } else {
- $values = array($value);
- }
- }
-
- $this->data[$type_uri] = $values;
- }
-
- return true;
- }
-
- /**
- * Get a single value for an attribute. If no value was sent for
- * this attribute, use the supplied default. If there is more than
- * one value for this attribute, this method will fail.
- *
- * @param type_uri: The URI for the attribute
- * @param default: The value to return if the attribute was not
- * sent in the fetch_response.
- *
- * @return $value Auth_OpenID_AX_Error on failure or the value of
- * the attribute in the fetch_response message, or the default
- * supplied
- */
- function getSingle($type_uri, $default=null)
- {
- $values = Auth_OpenID::arrayGet($this->data, $type_uri);
- if (!$values) {
- return $default;
- } else if (count($values) == 1) {
- return $values[0];
- } else {
- return new Auth_OpenID_AX_Error(
- sprintf('More than one value present for %s',
- $type_uri)
- );
- }
- }
-
- /**
- * Get the list of values for this attribute in the
- * fetch_response.
- *
- * XXX: what to do if the values are not present? default
- * parameter? this is funny because it's always supposed to return
- * a list, so the default may break that, though it's provided by
- * the user's code, so it might be okay. If no default is
- * supplied, should the return be None or []?
- *
- * @param type_uri: The URI of the attribute
- *
- * @return $values The list of values for this attribute in the
- * response. May be an empty list. If the attribute was not sent
- * in the response, returns Auth_OpenID_AX_Error.
- */
- function get($type_uri)
- {
- if (array_key_exists($type_uri, $this->data)) {
- return $this->data[$type_uri];
- } else {
- return new Auth_OpenID_AX_Error(
- sprintf("Type URI %s not found in response",
- $type_uri)
- );
- }
- }
-
- /**
- * Get the number of responses for a particular attribute in this
- * fetch_response message.
- *
- * @param type_uri: The URI of the attribute
- *
- * @returns int The number of values sent for this attribute. If
- * the attribute was not sent in the response, returns
- * Auth_OpenID_AX_Error.
- */
- function count($type_uri)
- {
- if (array_key_exists($type_uri, $this->data)) {
- return count($this->get($type_uri));
- } else {
- return new Auth_OpenID_AX_Error(
- sprintf("Type URI %s not found in response",
- $type_uri)
- );
- }
- }
-}
-
-/**
- * A fetch_response attribute exchange message.
- *
- * @package OpenID
- */
-class Auth_OpenID_AX_FetchResponse extends Auth_OpenID_AX_KeyValueMessage {
- var $mode = 'fetch_response';
-
- function Auth_OpenID_AX_FetchResponse($update_url=null)
- {
- $this->Auth_OpenID_AX_KeyValueMessage();
- $this->update_url = $update_url;
- }
-
- /**
- * Serialize this object into arguments in the attribute exchange
- * namespace
- *
- * @return $args The dictionary of unqualified attribute exchange
- * arguments that represent this fetch_response, or
- * Auth_OpenID_AX_Error on error.
- */
- function getExtensionArgs($request=null)
- {
- $aliases = new Auth_OpenID_NamespaceMap();
-
- $zero_value_types = array();
-
- if ($request !== null) {
- // Validate the data in the context of the request (the
- // same attributes should be present in each, and the
- // counts in the response must be no more than the counts
- // in the request)
-
- foreach ($this->data as $type_uri => $unused) {
- if (!$request->contains($type_uri)) {
- return new Auth_OpenID_AX_Error(
- sprintf("Response attribute not present in request: %s",
- $type_uri)
- );
- }
- }
-
- foreach ($request->iterAttrs() as $attr_info) {
- // Copy the aliases from the request so that reading
- // the response in light of the request is easier
- if ($attr_info->alias === null) {
- $aliases->add($attr_info->type_uri);
- } else {
- $alias = $aliases->addAlias($attr_info->type_uri,
- $attr_info->alias);
-
- if ($alias === null) {
- return new Auth_OpenID_AX_Error(
- sprintf("Could not add alias %s for URI %s",
- $attr_info->alias, $attr_info->type_uri)
- );
- }
- }
-
- if (array_key_exists($attr_info->type_uri, $this->data)) {
- $values = $this->data[$attr_info->type_uri];
- } else {
- $values = array();
- $zero_value_types[] = $attr_info;
- }
-
- if (($attr_info->count != Auth_OpenID_AX_UNLIMITED_VALUES) &&
- ($attr_info->count < count($values))) {
- return new Auth_OpenID_AX_Error(
- sprintf("More than the number of requested values " .
- "were specified for %s",
- $attr_info->type_uri)
- );
- }
- }
- }
-
- $kv_args = $this->_getExtensionKVArgs($aliases);
-
- // Add the KV args into the response with the args that are
- // unique to the fetch_response
- $ax_args = $this->_newArgs();
-
- // For each requested attribute, put its type/alias and count
- // into the response even if no data were returned.
- foreach ($zero_value_types as $attr_info) {
- $alias = $aliases->getAlias($attr_info->type_uri);
- $kv_args['type.' . $alias] = $attr_info->type_uri;
- $kv_args['count.' . $alias] = '0';
- }
-
- $update_url = null;
- if ($request) {
- $update_url = $request->update_url;
- } else {
- $update_url = $this->update_url;
- }
-
- if ($update_url) {
- $ax_args['update_url'] = $update_url;
- }
-
- Auth_OpenID::update($ax_args, $kv_args);
-
- return $ax_args;
- }
-
- /**
- * @return $result Auth_OpenID_AX_Error on failure or true on
- * success.
- */
- function parseExtensionArgs($ax_args)
- {
- $result = parent::parseExtensionArgs($ax_args);
-
- if (Auth_OpenID_AX::isError($result)) {
- return $result;
- }
-
- $this->update_url = Auth_OpenID::arrayGet($ax_args, 'update_url');
-
- return true;
- }
-
- /**
- * Construct a FetchResponse object from an OpenID library
- * SuccessResponse object.
- *
- * @param success_response: A successful id_res response object
- *
- * @param signed: Whether non-signed args should be processsed. If
- * True (the default), only signed arguments will be processsed.
- *
- * @return $response A FetchResponse containing the data from the
- * OpenID message
- */
- static function fromSuccessResponse($success_response, $signed=true)
- {
- $obj = new Auth_OpenID_AX_FetchResponse();
- if ($signed) {
- $ax_args = $success_response->getSignedNS($obj->ns_uri);
- } else {
- $ax_args = $success_response->message->getArgs($obj->ns_uri);
- }
- if ($ax_args === null || Auth_OpenID::isFailure($ax_args) ||
- sizeof($ax_args) == 0) {
- return null;
- }
-
- $result = $obj->parseExtensionArgs($ax_args);
- if (Auth_OpenID_AX::isError($result)) {
- #XXX log me
- return null;
- }
- return $obj;
- }
-}
-
-/**
- * A store request attribute exchange message representation.
- *
- * @package OpenID
- */
-class Auth_OpenID_AX_StoreRequest extends Auth_OpenID_AX_KeyValueMessage {
- var $mode = 'store_request';
-
- /**
- * @param array $aliases The namespace aliases to use when making
- * this store response. Leave as None to use defaults.
- */
- function getExtensionArgs($aliases=null)
- {
- $ax_args = $this->_newArgs();
- $kv_args = $this->_getExtensionKVArgs($aliases);
- Auth_OpenID::update($ax_args, $kv_args);
- return $ax_args;
- }
-}
-
-/**
- * An indication that the store request was processed along with this
- * OpenID transaction. Use make(), NOT the constructor, to create
- * response objects.
- *
- * @package OpenID
- */
-class Auth_OpenID_AX_StoreResponse extends Auth_OpenID_AX_Message {
- var $SUCCESS_MODE = 'store_response_success';
- var $FAILURE_MODE = 'store_response_failure';
-
- /**
- * Returns Auth_OpenID_AX_Error on error or an
- * Auth_OpenID_AX_StoreResponse object on success.
- */
- function make($succeeded=true, $error_message=null)
- {
- if (($succeeded) && ($error_message !== null)) {
- return new Auth_OpenID_AX_Error('An error message may only be '.
- 'included in a failing fetch response');
- }
-
- return new Auth_OpenID_AX_StoreResponse($succeeded, $error_message);
- }
-
- function Auth_OpenID_AX_StoreResponse($succeeded=true, $error_message=null)
- {
- if ($succeeded) {
- $this->mode = $this->SUCCESS_MODE;
- } else {
- $this->mode = $this->FAILURE_MODE;
- }
-
- $this->error_message = $error_message;
- }
-
- /**
- * Was this response a success response?
- */
- function succeeded()
- {
- return $this->mode == $this->SUCCESS_MODE;
- }
-
- function getExtensionArgs()
- {
- $ax_args = $this->_newArgs();
- if ((!$this->succeeded()) && $this->error_message) {
- $ax_args['error'] = $this->error_message;
- }
-
- return $ax_args;
- }
-}
-
-
--- a/lib/openid-php/Auth/OpenID/Association.php
+++ /dev/null
@@ -1,611 +1,1 @@
-<?php
-/**
- * This module contains code for dealing with associations between
- * consumers and servers.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * @access private
- */
-require_once 'Auth/OpenID/CryptUtil.php';
-
-/**
- * @access private
- */
-require_once 'Auth/OpenID/KVForm.php';
-
-/**
- * @access private
- */
-require_once 'Auth/OpenID/HMAC.php';
-
-/**
- * This class represents an association between a server and a
- * consumer. In general, users of this library will never see
- * instances of this object. The only exception is if you implement a
- * custom {@link Auth_OpenID_OpenIDStore}.
- *
- * If you do implement such a store, it will need to store the values
- * of the handle, secret, issued, lifetime, and assoc_type instance
- * variables.
- *
- * @package OpenID
- */
-class Auth_OpenID_Association {
-
- /**
- * This is a HMAC-SHA1 specific value.
- *
- * @access private
- */
- var $SIG_LENGTH = 20;
-
- /**
- * The ordering and name of keys as stored by serialize.
- *
- * @access private
- */
- var $assoc_keys = array(
- 'version',
- 'handle',
- 'secret',
- 'issued',
- 'lifetime',
- 'assoc_type'
- );
-
- var $_macs = array(
- 'HMAC-SHA1' => 'Auth_OpenID_HMACSHA1',
- 'HMAC-SHA256' => 'Auth_OpenID_HMACSHA256'
- );
-
- /**
- * This is an alternate constructor (factory method) used by the
- * OpenID consumer library to create associations. OpenID store
- * implementations shouldn't use this constructor.
- *
- * @access private
- *
- * @param integer $expires_in This is the amount of time this
- * association is good for, measured in seconds since the
- * association was issued.
- *
- * @param string $handle This is the handle the server gave this
- * association.
- *
- * @param string secret This is the shared secret the server
- * generated for this association.
- *
- * @param assoc_type This is the type of association this
- * instance represents. The only valid values of this field at
- * this time is 'HMAC-SHA1' and 'HMAC-SHA256', but new types may
- * be defined in the future.
- *
- * @return association An {@link Auth_OpenID_Association}
- * instance.
- */
- static function fromExpiresIn($expires_in, $handle, $secret, $assoc_type)
- {
- $issued = time();
- $lifetime = $expires_in;
- return new Auth_OpenID_Association($handle, $secret,
- $issued, $lifetime, $assoc_type);
- }
-
- /**
- * This is the standard constructor for creating an association.
- * The library should create all of the necessary associations, so
- * this constructor is not part of the external API.
- *
- * @access private
- *
- * @param string $handle This is the handle the server gave this
- * association.
- *
- * @param string $secret This is the shared secret the server
- * generated for this association.
- *
- * @param integer $issued This is the time this association was
- * issued, in seconds since 00:00 GMT, January 1, 1970. (ie, a
- * unix timestamp)
- *
- * @param integer $lifetime This is the amount of time this
- * association is good for, measured in seconds since the
- * association was issued.
- *
- * @param string $assoc_type This is the type of association this
- * instance represents. The only valid values of this field at
- * this time is 'HMAC-SHA1' and 'HMAC-SHA256', but new types may
- * be defined in the future.
- */
- function Auth_OpenID_Association(
- $handle, $secret, $issued, $lifetime, $assoc_type)
- {
- if (!in_array($assoc_type,
- Auth_OpenID_getSupportedAssociationTypes(), true)) {
- $fmt = 'Unsupported association type (%s)';
- trigger_error(sprintf($fmt, $assoc_type), E_USER_ERROR);
- }
-
- $this->handle = $handle;
- $this->secret = $secret;
- $this->issued = $issued;
- $this->lifetime = $lifetime;
- $this->assoc_type = $assoc_type;
- }
-
- /**
- * This returns the number of seconds this association is still
- * valid for, or 0 if the association is no longer valid.
- *
- * @return integer $seconds The number of seconds this association
- * is still valid for, or 0 if the association is no longer valid.
- */
- function getExpiresIn($now = null)
- {
- if ($now == null) {
- $now = time();
- }
-
- return max(0, $this->issued + $this->lifetime - $now);
- }
-
- /**
- * This checks to see if two {@link Auth_OpenID_Association}
- * instances represent the same association.
- *
- * @return bool $result true if the two instances represent the
- * same association, false otherwise.
- */
- function equal($other)
- {
- return ((gettype($this) == gettype($other))
- && ($this->handle == $other->handle)
- && ($this->secret == $other->secret)
- && ($this->issued == $other->issued)
- && ($this->lifetime == $other->lifetime)
- && ($this->assoc_type == $other->assoc_type));
- }
-
- /**
- * Convert an association to KV form.
- *
- * @return string $result String in KV form suitable for
- * deserialization by deserialize.
- */
- function serialize()
- {
- $data = array(
- 'version' => '2',
- 'handle' => $this->handle,
- 'secret' => base64_encode($this->secret),
- 'issued' => strval(intval($this->issued)),
- 'lifetime' => strval(intval($this->lifetime)),
- 'assoc_type' => $this->assoc_type
- );
-
- assert(array_keys($data) == $this->assoc_keys);
-
- return Auth_OpenID_KVForm::fromArray($data, $strict = true);
- }
-
- /**
- * Parse an association as stored by serialize(). This is the
- * inverse of serialize.
- *
- * @param string $assoc_s Association as serialized by serialize()
- * @return Auth_OpenID_Association $result instance of this class
- */
- static function deserialize($class_name, $assoc_s)
- {
- $pairs = Auth_OpenID_KVForm::toArray($assoc_s, $strict = true);
- $keys = array();
- $values = array();
- foreach ($pairs as $key => $value) {
- if (is_array($value)) {
- list($key, $value) = $value;
- }
- $keys[] = $key;
- $values[] = $value;
- }
-
- $class_vars = get_class_vars($class_name);
- $class_assoc_keys = $class_vars['assoc_keys'];
-
- sort($keys);
- sort($class_assoc_keys);
-
- if ($keys != $class_assoc_keys) {
- trigger_error('Unexpected key values: ' . var_export($keys, true),
- E_USER_WARNING);
- return null;
- }
-
- $version = $pairs['version'];
- $handle = $pairs['handle'];
- $secret = $pairs['secret'];
- $issued = $pairs['issued'];
- $lifetime = $pairs['lifetime'];
- $assoc_type = $pairs['assoc_type'];
-
- if ($version != '2') {
- trigger_error('Unknown version: ' . $version, E_USER_WARNING);
- return null;
- }
-
- $issued = intval($issued);
- $lifetime = intval($lifetime);
- $secret = base64_decode($secret);
-
- return new $class_name(
- $handle, $secret, $issued, $lifetime, $assoc_type);
- }
-
- /**
- * Generate a signature for a sequence of (key, value) pairs
- *
- * @access private
- * @param array $pairs The pairs to sign, in order. This is an
- * array of two-tuples.
- * @return string $signature The binary signature of this sequence
- * of pairs
- */
- function sign($pairs)
- {
- $kv = Auth_OpenID_KVForm::fromArray($pairs);
-
- /* Invalid association types should be caught at constructor */
- $callback = $this->_macs[$this->assoc_type];
-
- return call_user_func_array($callback, array($this->secret, $kv));
- }
-
- /**
- * Generate a signature for some fields in a dictionary
- *
- * @access private
- * @param array $fields The fields to sign, in order; this is an
- * array of strings.
- * @param array $data Dictionary of values to sign (an array of
- * string => string pairs).
- * @return string $signature The signature, base64 encoded
- */
- function signMessage($message)
- {
- if ($message->hasKey(Auth_OpenID_OPENID_NS, 'sig') ||
- $message->hasKey(Auth_OpenID_OPENID_NS, 'signed')) {
- // Already has a sig
- return null;
- }
-
- $extant_handle = $message->getArg(Auth_OpenID_OPENID_NS,
- 'assoc_handle');
-
- if ($extant_handle && ($extant_handle != $this->handle)) {
- // raise ValueError("Message has a different association handle")
- return null;
- }
-
- $signed_message = $message;
- $signed_message->setArg(Auth_OpenID_OPENID_NS, 'assoc_handle',
- $this->handle);
-
- $message_keys = array_keys($signed_message->toPostArgs());
- $signed_list = array();
- $signed_prefix = 'openid.';
-
- foreach ($message_keys as $k) {
- if (strpos($k, $signed_prefix) === 0) {
- $signed_list[] = substr($k, strlen($signed_prefix));
- }
- }
-
- $signed_list[] = 'signed';
- sort($signed_list);
-
- $signed_message->setArg(Auth_OpenID_OPENID_NS, 'signed',
- implode(',', $signed_list));
- $sig = $this->getMessageSignature($signed_message);
- $signed_message->setArg(Auth_OpenID_OPENID_NS, 'sig', $sig);
- return $signed_message;
- }
-
- /**
- * Given a {@link Auth_OpenID_Message}, return the key/value pairs
- * to be signed according to the signed list in the message. If
- * the message lacks a signed list, return null.
- *
- * @access private
- */
- function _makePairs($message)
- {
- $signed = $message->getArg(Auth_OpenID_OPENID_NS, 'signed');
- if (!$signed || Auth_OpenID::isFailure($signed)) {
- // raise ValueError('Message has no signed list: %s' % (message,))
- return null;
- }
-
- $signed_list = explode(',', $signed);
- $pairs = array();
- $data = $message->toPostArgs();
- foreach ($signed_list as $field) {
- $pairs[] = array($field, Auth_OpenID::arrayGet($data,
- 'openid.' .
- $field, ''));
- }
- return $pairs;
- }
-
- /**
- * Given an {@link Auth_OpenID_Message}, return the signature for
- * the signed list in the message.
- *
- * @access private
- */
- function getMessageSignature($message)
- {
- $pairs = $this->_makePairs($message);
- return base64_encode($this->sign($pairs));
- }
-
- /**
- * Confirm that the signature of these fields matches the
- * signature contained in the data.
- *
- * @access private
- */
- function checkMessageSignature($message)
- {
- $sig = $message->getArg(Auth_OpenID_OPENID_NS,
- 'sig');
-
- if (!$sig || Auth_OpenID::isFailure($sig)) {
- return false;
- }
-
- $calculated_sig = $this->getMessageSignature($message);
- return Auth_OpenID_CryptUtil::constEq($calculated_sig, $sig);
- }
-}
-
-function Auth_OpenID_getSecretSize($assoc_type)
-{
- if ($assoc_type == 'HMAC-SHA1') {
- return 20;
- } else if ($assoc_type == 'HMAC-SHA256') {
- return 32;
- } else {
- return null;
- }
-}
-
-function Auth_OpenID_getAllAssociationTypes()
-{
- return array('HMAC-SHA1', 'HMAC-SHA256');
-}
-
-function Auth_OpenID_getSupportedAssociationTypes()
-{
- $a = array('HMAC-SHA1');
-
- if (Auth_OpenID_HMACSHA256_SUPPORTED) {
- $a[] = 'HMAC-SHA256';
- }
-
- return $a;
-}
-
-function Auth_OpenID_getSessionTypes($assoc_type)
-{
- $assoc_to_session = array(
- 'HMAC-SHA1' => array('DH-SHA1', 'no-encryption'));
-
- if (Auth_OpenID_HMACSHA256_SUPPORTED) {
- $assoc_to_session['HMAC-SHA256'] =
- array('DH-SHA256', 'no-encryption');
- }
-
- return Auth_OpenID::arrayGet($assoc_to_session, $assoc_type, array());
-}
-
-function Auth_OpenID_checkSessionType($assoc_type, $session_type)
-{
- if (!in_array($session_type,
- Auth_OpenID_getSessionTypes($assoc_type))) {
- return false;
- }
-
- return true;
-}
-
-function Auth_OpenID_getDefaultAssociationOrder()
-{
- $order = array();
-
- if (!Auth_OpenID_noMathSupport()) {
- $order[] = array('HMAC-SHA1', 'DH-SHA1');
-
- if (Auth_OpenID_HMACSHA256_SUPPORTED) {
- $order[] = array('HMAC-SHA256', 'DH-SHA256');
- }
- }
-
- $order[] = array('HMAC-SHA1', 'no-encryption');
-
- if (Auth_OpenID_HMACSHA256_SUPPORTED) {
- $order[] = array('HMAC-SHA256', 'no-encryption');
- }
-
- return $order;
-}
-
-function Auth_OpenID_getOnlyEncryptedOrder()
-{
- $result = array();
-
- foreach (Auth_OpenID_getDefaultAssociationOrder() as $pair) {
- list($assoc, $session) = $pair;
-
- if ($session != 'no-encryption') {
- if (Auth_OpenID_HMACSHA256_SUPPORTED &&
- ($assoc == 'HMAC-SHA256')) {
- $result[] = $pair;
- } else if ($assoc != 'HMAC-SHA256') {
- $result[] = $pair;
- }
- }
- }
-
- return $result;
-}
-
-function Auth_OpenID_getDefaultNegotiator()
-{
- return new Auth_OpenID_SessionNegotiator(
- Auth_OpenID_getDefaultAssociationOrder());
-}
-
-function Auth_OpenID_getEncryptedNegotiator()
-{
- return new Auth_OpenID_SessionNegotiator(
- Auth_OpenID_getOnlyEncryptedOrder());
-}
-
-/**
- * A session negotiator controls the allowed and preferred association
- * types and association session types. Both the {@link
- * Auth_OpenID_Consumer} and {@link Auth_OpenID_Server} use
- * negotiators when creating associations.
- *
- * You can create and use negotiators if you:
-
- * - Do not want to do Diffie-Hellman key exchange because you use
- * transport-layer encryption (e.g. SSL)
- *
- * - Want to use only SHA-256 associations
- *
- * - Do not want to support plain-text associations over a non-secure
- * channel
- *
- * It is up to you to set a policy for what kinds of associations to
- * accept. By default, the library will make any kind of association
- * that is allowed in the OpenID 2.0 specification.
- *
- * Use of negotiators in the library
- * =================================
- *
- * When a consumer makes an association request, it calls {@link
- * getAllowedType} to get the preferred association type and
- * association session type.
- *
- * The server gets a request for a particular association/session type
- * and calls {@link isAllowed} to determine if it should create an
- * association. If it is supported, negotiation is complete. If it is
- * not, the server calls {@link getAllowedType} to get an allowed
- * association type to return to the consumer.
- *
- * If the consumer gets an error response indicating that the
- * requested association/session type is not supported by the server
- * that contains an assocation/session type to try, it calls {@link
- * isAllowed} to determine if it should try again with the given
- * combination of association/session type.
- *
- * @package OpenID
- */
-class Auth_OpenID_SessionNegotiator {
- function Auth_OpenID_SessionNegotiator($allowed_types)
- {
- $this->allowed_types = array();
- $this->setAllowedTypes($allowed_types);
- }
-
- /**
- * Set the allowed association types, checking to make sure each
- * combination is valid.
- *
- * @access private
- */
- function setAllowedTypes($allowed_types)
- {
- foreach ($allowed_types as $pair) {
- list($assoc_type, $session_type) = $pair;
- if (!Auth_OpenID_checkSessionType($assoc_type, $session_type)) {
- return false;
- }
- }
-
- $this->allowed_types = $allowed_types;
- return true;
- }
-
- /**
- * Add an association type and session type to the allowed types
- * list. The assocation/session pairs are tried in the order that
- * they are added.
- *
- * @access private
- */
- function addAllowedType($assoc_type, $session_type = null)
- {
- if ($this->allowed_types === null) {
- $this->allowed_types = array();
- }
-
- if ($session_type === null) {
- $available = Auth_OpenID_getSessionTypes($assoc_type);
-
- if (!$available) {
- return false;
- }
-
- foreach ($available as $session_type) {
- $this->addAllowedType($assoc_type, $session_type);
- }
- } else {
- if (Auth_OpenID_checkSessionType($assoc_type, $session_type)) {
- $this->allowed_types[] = array($assoc_type, $session_type);
- } else {
- return false;
- }
- }
-
- return true;
- }
-
- // Is this combination of association type and session type allowed?
- function isAllowed($assoc_type, $session_type)
- {
- $assoc_good = in_array(array($assoc_type, $session_type),
- $this->allowed_types);
-
- $matches = in_array($session_type,
- Auth_OpenID_getSessionTypes($assoc_type));
-
- return ($assoc_good && $matches);
- }
-
- /**
- * Get a pair of assocation type and session type that are
- * supported.
- */
- function getAllowedType()
- {
- if (!$this->allowed_types) {
- return array(null, null);
- }
-
- return $this->allowed_types[0];
- }
-}
-
-
--- a/lib/openid-php/Auth/OpenID/BigMath.php
+++ /dev/null
@@ -1,452 +1,1 @@
-<?php
-/**
- * BigMath: A math library wrapper that abstracts out the underlying
- * long integer library.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @access private
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * Needed for random number generation
- */
-require_once 'Auth/OpenID/CryptUtil.php';
-
-/**
- * Need Auth_OpenID::bytes().
- */
-require_once 'Auth/OpenID.php';
-
-/**
- * The superclass of all big-integer math implementations
- * @access private
- * @package OpenID
- */
-class Auth_OpenID_MathLibrary {
- /**
- * Given a long integer, returns the number converted to a binary
- * string. This function accepts long integer values of arbitrary
- * magnitude and uses the local large-number math library when
- * available.
- *
- * @param integer $long The long number (can be a normal PHP
- * integer or a number created by one of the available long number
- * libraries)
- * @return string $binary The binary version of $long
- */
- function longToBinary($long)
- {
- $cmp = $this->cmp($long, 0);
- if ($cmp < 0) {
- $msg = __FUNCTION__ . " takes only positive integers.";
- trigger_error($msg, E_USER_ERROR);
- return null;
- }
-
- if ($cmp == 0) {
- return "\x00";
- }
-
- $bytes = array();
-
- while ($this->cmp($long, 0) > 0) {
- array_unshift($bytes, $this->mod($long, 256));
- $long = $this->div($long, pow(2, 8));
- }
-
- if ($bytes && ($bytes[0] > 127)) {
- array_unshift($bytes, 0);
- }
-
- $string = '';
- foreach ($bytes as $byte) {
- $string .= pack('C', $byte);
- }
-
- return $string;
- }
-
- /**
- * Given a binary string, returns the binary string converted to a
- * long number.
- *
- * @param string $binary The binary version of a long number,
- * probably as a result of calling longToBinary
- * @return integer $long The long number equivalent of the binary
- * string $str
- */
- function binaryToLong($str)
- {
- if ($str === null) {
- return null;
- }
-
- // Use array_merge to return a zero-indexed array instead of a
- // one-indexed array.
- $bytes = array_merge(unpack('C*', $str));
-
- $n = $this->init(0);
-
- if ($bytes && ($bytes[0] > 127)) {
- trigger_error("bytesToNum works only for positive integers.",
- E_USER_WARNING);
- return null;
- }
-
- foreach ($bytes as $byte) {
- $n = $this->mul($n, pow(2, 8));
- $n = $this->add($n, $byte);
- }
-
- return $n;
- }
-
- function base64ToLong($str)
- {
- $b64 = base64_decode($str);
-
- if ($b64 === false) {
- return false;
- }
-
- return $this->binaryToLong($b64);
- }
-
- function longToBase64($str)
- {
- return base64_encode($this->longToBinary($str));
- }
-
- /**
- * Returns a random number in the specified range. This function
- * accepts $start, $stop, and $step values of arbitrary magnitude
- * and will utilize the local large-number math library when
- * available.
- *
- * @param integer $start The start of the range, or the minimum
- * random number to return
- * @param integer $stop The end of the range, or the maximum
- * random number to return
- * @param integer $step The step size, such that $result - ($step
- * * N) = $start for some N
- * @return integer $result The resulting randomly-generated number
- */
- function rand($stop)
- {
- static $duplicate_cache = array();
-
- // Used as the key for the duplicate cache
- $rbytes = $this->longToBinary($stop);
-
- if (array_key_exists($rbytes, $duplicate_cache)) {
- list($duplicate, $nbytes) = $duplicate_cache[$rbytes];
- } else {
- if ($rbytes[0] == "\x00") {
- $nbytes = Auth_OpenID::bytes($rbytes) - 1;
- } else {
- $nbytes = Auth_OpenID::bytes($rbytes);
- }
-
- $mxrand = $this->pow(256, $nbytes);
-
- // If we get a number less than this, then it is in the
- // duplicated range.
- $duplicate = $this->mod($mxrand, $stop);
-
- if (count($duplicate_cache) > 10) {
- $duplicate_cache = array();
- }
-
- $duplicate_cache[$rbytes] = array($duplicate, $nbytes);
- }
-
- do {
- $bytes = "\x00" . Auth_OpenID_CryptUtil::getBytes($nbytes);
- $n = $this->binaryToLong($bytes);
- // Keep looping if this value is in the low duplicated range
- } while ($this->cmp($n, $duplicate) < 0);
-
- return $this->mod($n, $stop);
- }
-}
-
-/**
- * Exposes BCmath math library functionality.
- *
- * {@link Auth_OpenID_BcMathWrapper} wraps the functionality provided
- * by the BCMath extension.
- *
- * @access private
- * @package OpenID
- */
-class Auth_OpenID_BcMathWrapper extends Auth_OpenID_MathLibrary{
- var $type = 'bcmath';
-
- function add($x, $y)
- {
- return bcadd($x, $y);
- }
-
- function sub($x, $y)
- {
- return bcsub($x, $y);
- }
-
- function pow($base, $exponent)
- {
- return bcpow($base, $exponent);
- }
-
- function cmp($x, $y)
- {
- return bccomp($x, $y);
- }
-
- function init($number, $base = 10)
- {
- return $number;
- }
-
- function mod($base, $modulus)
- {
- return bcmod($base, $modulus);
- }
-
- function mul($x, $y)
- {
- return bcmul($x, $y);
- }
-
- function div($x, $y)
- {
- return bcdiv($x, $y);
- }
-
- /**
- * Same as bcpowmod when bcpowmod is missing
- *
- * @access private
- */
- function _powmod($base, $exponent, $modulus)
- {
- $square = $this->mod($base, $modulus);
- $result = 1;
- while($this->cmp($exponent, 0) > 0) {
- if ($this->mod($exponent, 2)) {
- $result = $this->mod($this->mul($result, $square), $modulus);
- }
- $square = $this->mod($this->mul($square, $square), $modulus);
- $exponent = $this->div($exponent, 2);
- }
- return $result;
- }
-
- function powmod($base, $exponent, $modulus)
- {
- if (function_exists('bcpowmod')) {
- return bcpowmod($base, $exponent, $modulus);
- } else {
- return $this->_powmod($base, $exponent, $modulus);
- }
- }
-
- function toString($num)
- {
- return $num;
- }
-}
-
-/**
- * Exposes GMP math library functionality.
- *
- * {@link Auth_OpenID_GmpMathWrapper} wraps the functionality provided
- * by the GMP extension.
- *
- * @access private
- * @package OpenID
- */
-class Auth_OpenID_GmpMathWrapper extends Auth_OpenID_MathLibrary{
- var $type = 'gmp';
-
- function add($x, $y)
- {
- return gmp_add($x, $y);
- }
-
- function sub($x, $y)
- {
- return gmp_sub($x, $y);
- }
-
- function pow($base, $exponent)
- {
- return gmp_pow($base, $exponent);
- }
-
- function cmp($x, $y)
- {
- return gmp_cmp($x, $y);
- }
-
- function init($number, $base = 10)
- {
- return gmp_init($number, $base);
- }
-
- function mod($base, $modulus)
- {
- return gmp_mod($base, $modulus);
- }
-
- function mul($x, $y)
- {
- return gmp_mul($x, $y);
- }
-
- function div($x, $y)
- {
- return gmp_div_q($x, $y);
- }
-
- function powmod($base, $exponent, $modulus)
- {
- return gmp_powm($base, $exponent, $modulus);
- }
-
- function toString($num)
- {
- return gmp_strval($num);
- }
-}
-
-/**
- * Define the supported extensions. An extension array has keys
- * 'modules', 'extension', and 'class'. 'modules' is an array of PHP
- * module names which the loading code will attempt to load. These
- * values will be suffixed with a library file extension (e.g. ".so").
- * 'extension' is the name of a PHP extension which will be tested
- * before 'modules' are loaded. 'class' is the string name of a
- * {@link Auth_OpenID_MathWrapper} subclass which should be
- * instantiated if a given extension is present.
- *
- * You can define new math library implementations and add them to
- * this array.
- */
-function Auth_OpenID_math_extensions()
-{
- $result = array();
-
- if (!defined('Auth_OpenID_BUGGY_GMP')) {
- $result[] =
- array('modules' => array('gmp', 'php_gmp'),
- 'extension' => 'gmp',
- 'class' => 'Auth_OpenID_GmpMathWrapper');
- }
-
- $result[] = array('modules' => array('bcmath', 'php_bcmath'),
- 'extension' => 'bcmath',
- 'class' => 'Auth_OpenID_BcMathWrapper');
-
- return $result;
-}
-
-/**
- * Detect which (if any) math library is available
- */
-function Auth_OpenID_detectMathLibrary($exts)
-{
- $loaded = false;
-
- foreach ($exts as $extension) {
- if (extension_loaded($extension['extension'])) {
- return $extension;
- }
- }
-
- return false;
-}
-
-/**
- * {@link Auth_OpenID_getMathLib} checks for the presence of long
- * number extension modules and returns an instance of
- * {@link Auth_OpenID_MathWrapper} which exposes the module's
- * functionality.
- *
- * Checks for the existence of an extension module described by the
- * result of {@link Auth_OpenID_math_extensions()} and returns an
- * instance of a wrapper for that extension module. If no extension
- * module is found, an instance of {@link Auth_OpenID_MathWrapper} is
- * returned, which wraps the native PHP integer implementation. The
- * proper calling convention for this method is $lib =
- * Auth_OpenID_getMathLib().
- *
- * This function checks for the existence of specific long number
- * implementations in the following order: GMP followed by BCmath.
- *
- * @return Auth_OpenID_MathWrapper $instance An instance of
- * {@link Auth_OpenID_MathWrapper} or one of its subclasses
- *
- * @package OpenID
- */
-function Auth_OpenID_getMathLib()
-{
- // The instance of Auth_OpenID_MathWrapper that we choose to
- // supply will be stored here, so that subseqent calls to this
- // method will return a reference to the same object.
- static $lib = null;
-
- if (isset($lib)) {
- return $lib;
- }
-
- if (Auth_OpenID_noMathSupport()) {
- $null = null;
- return $null;
- }
-
- // If this method has not been called before, look at
- // Auth_OpenID_math_extensions and try to find an extension that
- // works.
- $ext = Auth_OpenID_detectMathLibrary(Auth_OpenID_math_extensions());
- if ($ext === false) {
- $tried = array();
- foreach (Auth_OpenID_math_extensions() as $extinfo) {
- $tried[] = $extinfo['extension'];
- }
- $triedstr = implode(", ", $tried);
-
- Auth_OpenID_setNoMathSupport();
-
- $result = null;
- return $result;
- }
-
- // Instantiate a new wrapper
- $class = $ext['class'];
- $lib = new $class();
-
- return $lib;
-}
-
-function Auth_OpenID_setNoMathSupport()
-{
- if (!defined('Auth_OpenID_NO_MATH_SUPPORT')) {
- define('Auth_OpenID_NO_MATH_SUPPORT', true);
- }
-}
-
-function Auth_OpenID_noMathSupport()
-{
- return defined('Auth_OpenID_NO_MATH_SUPPORT');
-}
-
-
-
--- a/lib/openid-php/Auth/OpenID/CryptUtil.php
+++ /dev/null
@@ -1,123 +1,1 @@
-<?php
-/**
- * CryptUtil: A suite of wrapper utility functions for the OpenID
- * library.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @access private
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-if (!defined('Auth_OpenID_RAND_SOURCE')) {
- /**
- * The filename for a source of random bytes. Define this yourself
- * if you have a different source of randomness.
- */
- define('Auth_OpenID_RAND_SOURCE', '/dev/urandom');
-}
-
-class Auth_OpenID_CryptUtil {
- /**
- * Get the specified number of random bytes.
- *
- * Attempts to use a cryptographically secure (not predictable)
- * source of randomness if available. If there is no high-entropy
- * randomness source available, it will fail. As a last resort,
- * for non-critical systems, define
- * <code>Auth_OpenID_RAND_SOURCE</code> as <code>null</code>, and
- * the code will fall back on a pseudo-random number generator.
- *
- * @param int $num_bytes The length of the return value
- * @return string $bytes random bytes
- */
- static function getBytes($num_bytes)
- {
- static $f = null;
- $bytes = '';
- if ($f === null) {
- if (Auth_OpenID_RAND_SOURCE === null) {
- $f = false;
- } else {
- $f = @fopen(Auth_OpenID_RAND_SOURCE, "r");
- /*if ($f === false) {
- $msg = 'Define Auth_OpenID_RAND_SOURCE as null to ' .
- ' continue with an insecure random number generator.';
- trigger_error($msg, E_USER_ERROR);
- }*/
- }
- }
- if ($f === false) {
- // pseudorandom used
- $bytes = '';
- for ($i = 0; $i < $num_bytes; $i += 4) {
- $bytes .= pack('L', mt_rand());
- }
- $bytes = substr($bytes, 0, $num_bytes);
- } else {
- $bytes = fread($f, $num_bytes);
- }
- return $bytes;
- }
-
- /**
- * Produce a string of length random bytes, chosen from chrs. If
- * $chrs is null, the resulting string may contain any characters.
- *
- * @param integer $length The length of the resulting
- * randomly-generated string
- * @param string $chrs A string of characters from which to choose
- * to build the new string
- * @return string $result A string of randomly-chosen characters
- * from $chrs
- */
- static function randomString($length, $population = null)
- {
- if ($population === null) {
- return Auth_OpenID_CryptUtil::getBytes($length);
- }
-
- $popsize = strlen($population);
-
- if ($popsize > 256) {
- $msg = 'More than 256 characters supplied to ' . __FUNCTION__;
- trigger_error($msg, E_USER_ERROR);
- }
-
- $duplicate = 256 % $popsize;
-
- $str = "";
- for ($i = 0; $i < $length; $i++) {
- do {
- $n = ord(Auth_OpenID_CryptUtil::getBytes(1));
- } while ($n < $duplicate);
-
- $n %= $popsize;
- $str .= $population[$n];
- }
-
- return $str;
- }
-
- static function constEq($s1, $s2)
- {
- if (strlen($s1) != strlen($s2)) {
- return false;
- }
-
- $result = true;
- $length = strlen($s1);
- for ($i = 0; $i < $length; $i++) {
- $result &= ($s1[$i] == $s2[$i]);
- }
- return $result;
- }
-}
-
-
--- a/lib/openid-php/Auth/OpenID/DatabaseConnection.php
+++ /dev/null
@@ -1,131 +1,1 @@
-<?php
-/**
- * The Auth_OpenID_DatabaseConnection class, which is used to emulate
- * a PEAR database connection.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * An empty base class intended to emulate PEAR connection
- * functionality in applications that supply their own database
- * abstraction mechanisms. See {@link Auth_OpenID_SQLStore} for more
- * information. You should subclass this class if you need to create
- * an SQL store that needs to access its database using an
- * application's database abstraction layer instead of a PEAR database
- * connection. Any subclass of Auth_OpenID_DatabaseConnection MUST
- * adhere to the interface specified here.
- *
- * @package OpenID
- */
-class Auth_OpenID_DatabaseConnection {
- /**
- * Sets auto-commit mode on this database connection.
- *
- * @param bool $mode True if auto-commit is to be used; false if
- * not.
- */
- function autoCommit($mode)
- {
- }
-
- /**
- * Run an SQL query with the specified parameters, if any.
- *
- * @param string $sql An SQL string with placeholders. The
- * placeholders are assumed to be specific to the database engine
- * for this connection.
- *
- * @param array $params An array of parameters to insert into the
- * SQL string using this connection's escaping mechanism.
- *
- * @return mixed $result The result of calling this connection's
- * internal query function. The type of result depends on the
- * underlying database engine. This method is usually used when
- * the result of a query is not important, like a DDL query.
- */
- function query($sql, $params = array())
- {
- }
-
- /**
- * Starts a transaction on this connection, if supported.
- */
- function begin()
- {
- }
-
- /**
- * Commits a transaction on this connection, if supported.
- */
- function commit()
- {
- }
-
- /**
- * Performs a rollback on this connection, if supported.
- */
- function rollback()
- {
- }
-
- /**
- * Run an SQL query and return the first column of the first row
- * of the result set, if any.
- *
- * @param string $sql An SQL string with placeholders. The
- * placeholders are assumed to be specific to the database engine
- * for this connection.
- *
- * @param array $params An array of parameters to insert into the
- * SQL string using this connection's escaping mechanism.
- *
- * @return mixed $result The value of the first column of the
- * first row of the result set. False if no such result was
- * found.
- */
- function getOne($sql, $params = array())
- {
- }
-
- /**
- * Run an SQL query and return the first row of the result set, if
- * any.
- *
- * @param string $sql An SQL string with placeholders. The
- * placeholders are assumed to be specific to the database engine
- * for this connection.
- *
- * @param array $params An array of parameters to insert into the
- * SQL string using this connection's escaping mechanism.
- *
- * @return array $result The first row of the result set, if any,
- * keyed on column name. False if no such result was found.
- */
- function getRow($sql, $params = array())
- {
- }
-
- /**
- * Run an SQL query with the specified parameters, if any.
- *
- * @param string $sql An SQL string with placeholders. The
- * placeholders are assumed to be specific to the database engine
- * for this connection.
- *
- * @param array $params An array of parameters to insert into the
- * SQL string using this connection's escaping mechanism.
- *
- * @return array $result An array of arrays representing the
- * result of the query; each array is keyed on column name.
- */
- function getAll($sql, $params = array())
- {
- }
-}
-
-
--- a/lib/openid-php/Auth/OpenID/DiffieHellman.php
+++ /dev/null
@@ -1,114 +1,1 @@
-<?php
-/**
- * The OpenID library's Diffie-Hellman implementation.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @access private
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-require_once 'Auth/OpenID.php';
-require_once 'Auth/OpenID/BigMath.php';
-
-function Auth_OpenID_getDefaultMod()
-{
- return '155172898181473697471232257763715539915724801'.
- '966915404479707795314057629378541917580651227423'.
- '698188993727816152646631438561595825688188889951'.
- '272158842675419950341258706556549803580104870537'.
- '681476726513255747040765857479291291572334510643'.
- '245094715007229621094194349783925984760375594985'.
- '848253359305585439638443';
-}
-
-function Auth_OpenID_getDefaultGen()
-{
- return '2';
-}
-
-/**
- * The Diffie-Hellman key exchange class. This class relies on
- * {@link Auth_OpenID_MathLibrary} to perform large number operations.
- *
- * @access private
- * @package OpenID
- */
-class Auth_OpenID_DiffieHellman {
-
- var $mod;
- var $gen;
- var $private;
- var $lib = null;
-
- function Auth_OpenID_DiffieHellman($mod = null, $gen = null,
- $private = null, $lib = null)
- {
- if ($lib === null) {
- $this->lib = Auth_OpenID_getMathLib();
- } else {
- $this->lib = $lib;
- }
-
- if ($mod === null) {
- $this->mod = $this->lib->init(Auth_OpenID_getDefaultMod());
- } else {
- $this->mod = $mod;
- }
-
- if ($gen === null) {
- $this->gen = $this->lib->init(Auth_OpenID_getDefaultGen());
- } else {
- $this->gen = $gen;
- }
-
- if ($private === null) {
- $r = $this->lib->rand($this->mod);
- $this->private = $this->lib->add($r, 1);
- } else {
- $this->private = $private;
- }
-
- $this->public = $this->lib->powmod($this->gen, $this->private,
- $this->mod);
- }
-
- function getSharedSecret($composite)
- {
- return $this->lib->powmod($composite, $this->private, $this->mod);
- }
-
- function getPublicKey()
- {
- return $this->public;
- }
-
- function usingDefaultValues()
- {
- return ($this->mod == Auth_OpenID_getDefaultMod() &&
- $this->gen == Auth_OpenID_getDefaultGen());
- }
-
- function xorSecret($composite, $secret, $hash_func)
- {
- $dh_shared = $this->getSharedSecret($composite);
- $dh_shared_str = $this->lib->longToBinary($dh_shared);
- $hash_dh_shared = $hash_func($dh_shared_str);
-
- $xsecret = "";
- for ($i = 0; $i < Auth_OpenID::bytes($secret); $i++) {
- $xsecret .= chr(ord($secret[$i]) ^ ord($hash_dh_shared[$i]));
- }
-
- return $xsecret;
- }
-}
-
-
-
--- a/lib/openid-php/Auth/OpenID/Discover.php
+++ /dev/null
@@ -1,607 +1,1 @@
-<?php
-/**
- * The OpenID and Yadis discovery implementation for OpenID 1.2.
- */
-
-require_once "Auth/OpenID.php";
-require_once "Auth/OpenID/Parse.php";
-require_once "Auth/OpenID/Message.php";
-require_once "Auth/Yadis/XRIRes.php";
-require_once "Auth/Yadis/Yadis.php";
-
-// XML namespace value
-define('Auth_OpenID_XMLNS_1_0', 'http://openid.net/xmlns/1.0');
-
-// Yadis service types
-define('Auth_OpenID_TYPE_1_2', 'http://openid.net/signon/1.2');
-define('Auth_OpenID_TYPE_1_1', 'http://openid.net/signon/1.1');
-define('Auth_OpenID_TYPE_1_0', 'http://openid.net/signon/1.0');
-define('Auth_OpenID_TYPE_2_0_IDP', 'http://specs.openid.net/auth/2.0/server');
-define('Auth_OpenID_TYPE_2_0', 'http://specs.openid.net/auth/2.0/signon');
-define('Auth_OpenID_RP_RETURN_TO_URL_TYPE',
- 'http://specs.openid.net/auth/2.0/return_to');
-
-function Auth_OpenID_getOpenIDTypeURIs()
-{
- return array(Auth_OpenID_TYPE_2_0_IDP,
- Auth_OpenID_TYPE_2_0,
- Auth_OpenID_TYPE_1_2,
- Auth_OpenID_TYPE_1_1,
- Auth_OpenID_TYPE_1_0);
-}
-
-function Auth_OpenID_getOpenIDConsumerTypeURIs()
-{
- return array(Auth_OpenID_RP_RETURN_TO_URL_TYPE);
-}
-
-
-/*
- * Provides a user-readable interpretation of a type uri.
- * Useful for error messages.
- */
-function Auth_OpenID_getOpenIDTypeName($type_uri) {
- switch ($type_uri) {
- case Auth_OpenID_TYPE_2_0_IDP:
- return 'OpenID 2.0 IDP';
- case Auth_OpenID_TYPE_2_0:
- return 'OpenID 2.0';
- case Auth_OpenID_TYPE_1_2:
- return 'OpenID 1.2';
- case Auth_OpenID_TYPE_1_1:
- return 'OpenID 1.1';
- case Auth_OpenID_TYPE_1_0:
- return 'OpenID 1.0';
- case Auth_OpenID_RP_RETURN_TO_URL_TYPE:
- return 'OpenID relying party';
- }
-}
-
-/**
- * Object representing an OpenID service endpoint.
- */
-class Auth_OpenID_ServiceEndpoint {
- function Auth_OpenID_ServiceEndpoint()
- {
- $this->claimed_id = null;
- $this->server_url = null;
- $this->type_uris = array();
- $this->local_id = null;
- $this->canonicalID = null;
- $this->used_yadis = false; // whether this came from an XRDS
- $this->display_identifier = null;
- }
-
- function getDisplayIdentifier()
- {
- if ($this->display_identifier) {
- return $this->display_identifier;
- }
- if (! $this->claimed_id) {
- return $this->claimed_id;
- }
- $parsed = parse_url($this->claimed_id);
- $scheme = $parsed['scheme'];
- $host = $parsed['host'];
- $path = $parsed['path'];
- if (array_key_exists('query', $parsed)) {
- $query = $parsed['query'];
- $no_frag = "$scheme://$host$path?$query";
- } else {
- $no_frag = "$scheme://$host$path";
- }
- return $no_frag;
- }
-
- function usesExtension($extension_uri)
- {
- return in_array($extension_uri, $this->type_uris);
- }
-
- function preferredNamespace()
- {
- if (in_array(Auth_OpenID_TYPE_2_0_IDP, $this->type_uris) ||
- in_array(Auth_OpenID_TYPE_2_0, $this->type_uris)) {
- return Auth_OpenID_OPENID2_NS;
- } else {
- return Auth_OpenID_OPENID1_NS;
- }
- }
-
- /*
- * Query this endpoint to see if it has any of the given type
- * URIs. This is useful for implementing other endpoint classes
- * that e.g. need to check for the presence of multiple versions
- * of a single protocol.
- *
- * @param $type_uris The URIs that you wish to check
- *
- * @return all types that are in both in type_uris and
- * $this->type_uris
- */
- function matchTypes($type_uris)
- {
- $result = array();
- foreach ($type_uris as $test_uri) {
- if ($this->supportsType($test_uri)) {
- $result[] = $test_uri;
- }
- }
-
- return $result;
- }
-
- function supportsType($type_uri)
- {
- // Does this endpoint support this type?
- return ((in_array($type_uri, $this->type_uris)) ||
- (($type_uri == Auth_OpenID_TYPE_2_0) &&
- $this->isOPIdentifier()));
- }
-
- function compatibilityMode()
- {
- return $this->preferredNamespace() != Auth_OpenID_OPENID2_NS;
- }
-
- function isOPIdentifier()
- {
- return in_array(Auth_OpenID_TYPE_2_0_IDP, $this->type_uris);
- }
-
- static function fromOPEndpointURL($op_endpoint_url)
- {
- // Construct an OP-Identifier OpenIDServiceEndpoint object for
- // a given OP Endpoint URL
- $obj = new Auth_OpenID_ServiceEndpoint();
- $obj->server_url = $op_endpoint_url;
- $obj->type_uris = array(Auth_OpenID_TYPE_2_0_IDP);
- return $obj;
- }
-
- function parseService($yadis_url, $uri, $type_uris, $service_element)
- {
- // Set the state of this object based on the contents of the
- // service element. Return true if successful, false if not
- // (if findOPLocalIdentifier returns false).
- $this->type_uris = $type_uris;
- $this->server_url = $uri;
- $this->used_yadis = true;
-
- if (!$this->isOPIdentifier()) {
- $this->claimed_id = $yadis_url;
- $this->local_id = Auth_OpenID_findOPLocalIdentifier(
- $service_element,
- $this->type_uris);
- if ($this->local_id === false) {
- return false;
- }
- }
-
- return true;
- }
-
- function getLocalID()
- {
- // Return the identifier that should be sent as the
- // openid.identity_url parameter to the server.
- if ($this->local_id === null && $this->canonicalID === null) {
- return $this->claimed_id;
- } else {
- if ($this->local_id) {
- return $this->local_id;
- } else {
- return $this->canonicalID;
- }
- }
- }
-
- /*
- * Parse the given document as XRDS looking for OpenID consumer services.
- *
- * @return array of Auth_OpenID_ServiceEndpoint or null if the
- * document cannot be parsed.
- */
- function consumerFromXRDS($uri, $xrds_text)
- {
- $xrds =& Auth_Yadis_XRDS::parseXRDS($xrds_text);
-
- if ($xrds) {
- $yadis_services =
- $xrds->services(array('filter_MatchesAnyOpenIDConsumerType'));
- return Auth_OpenID_makeOpenIDEndpoints($uri, $yadis_services);
- }
-
- return null;
- }
-
- /*
- * Parse the given document as XRDS looking for OpenID services.
- *
- * @return array of Auth_OpenID_ServiceEndpoint or null if the
- * document cannot be parsed.
- */
- static function fromXRDS($uri, $xrds_text)
- {
- $xrds = Auth_Yadis_XRDS::parseXRDS($xrds_text);
-
- if ($xrds) {
- $yadis_services =
- $xrds->services(array('filter_MatchesAnyOpenIDType'));
- return Auth_OpenID_makeOpenIDEndpoints($uri, $yadis_services);
- }
-
- return null;
- }
-
- /*
- * Create endpoints from a DiscoveryResult.
- *
- * @param discoveryResult Auth_Yadis_DiscoveryResult
- * @return array of Auth_OpenID_ServiceEndpoint or null if
- * endpoints cannot be created.
- */
- static function fromDiscoveryResult($discoveryResult)
- {
- if ($discoveryResult->isXRDS()) {
- return Auth_OpenID_ServiceEndpoint::fromXRDS(
- $discoveryResult->normalized_uri,
- $discoveryResult->response_text);
- } else {
- return Auth_OpenID_ServiceEndpoint::fromHTML(
- $discoveryResult->normalized_uri,
- $discoveryResult->response_text);
- }
- }
-
- static function fromHTML($uri, $html)
- {
- $discovery_types = array(
- array(Auth_OpenID_TYPE_2_0,
- 'openid2.provider', 'openid2.local_id'),
- array(Auth_OpenID_TYPE_1_1,
- 'openid.server', 'openid.delegate')
- );
-
- $services = array();
-
- foreach ($discovery_types as $triple) {
- list($type_uri, $server_rel, $delegate_rel) = $triple;
-
- $urls = Auth_OpenID_legacy_discover($html, $server_rel,
- $delegate_rel);
-
- if ($urls === false) {
- continue;
- }
-
- list($delegate_url, $server_url) = $urls;
-
- $service = new Auth_OpenID_ServiceEndpoint();
- $service->claimed_id = $uri;
- $service->local_id = $delegate_url;
- $service->server_url = $server_url;
- $service->type_uris = array($type_uri);
-
- $services[] = $service;
- }
-
- return $services;
- }
-
- function copy()
- {
- $x = new Auth_OpenID_ServiceEndpoint();
-
- $x->claimed_id = $this->claimed_id;
- $x->server_url = $this->server_url;
- $x->type_uris = $this->type_uris;
- $x->local_id = $this->local_id;
- $x->canonicalID = $this->canonicalID;
- $x->used_yadis = $this->used_yadis;
-
- return $x;
- }
-}
-
-function Auth_OpenID_findOPLocalIdentifier($service, $type_uris)
-{
- // Extract a openid:Delegate value from a Yadis Service element.
- // If no delegate is found, returns null. Returns false on
- // discovery failure (when multiple delegate/localID tags have
- // different values).
-
- $service->parser->registerNamespace('openid',
- Auth_OpenID_XMLNS_1_0);
-
- $service->parser->registerNamespace('xrd',
- Auth_Yadis_XMLNS_XRD_2_0);
-
- $parser = $service->parser;
-
- $permitted_tags = array();
-
- if (in_array(Auth_OpenID_TYPE_1_1, $type_uris) ||
- in_array(Auth_OpenID_TYPE_1_0, $type_uris)) {
- $permitted_tags[] = 'openid:Delegate';
- }
-
- if (in_array(Auth_OpenID_TYPE_2_0, $type_uris)) {
- $permitted_tags[] = 'xrd:LocalID';
- }
-
- $local_id = null;
-
- foreach ($permitted_tags as $tag_name) {
- $tags = $service->getElements($tag_name);
-
- foreach ($tags as $tag) {
- $content = $parser->content($tag);
-
- if ($local_id === null) {
- $local_id = $content;
- } else if ($local_id != $content) {
- return false;
- }
- }
- }
-
- return $local_id;
-}
-
-function filter_MatchesAnyOpenIDType($service)
-{
- $uris = $service->getTypes();
-
- foreach ($uris as $uri) {
- if (in_array($uri, Auth_OpenID_getOpenIDTypeURIs())) {
- return true;
- }
- }
-
- return false;
-}
-
-function filter_MatchesAnyOpenIDConsumerType(&$service)
-{
- $uris = $service->getTypes();
-
- foreach ($uris as $uri) {
- if (in_array($uri, Auth_OpenID_getOpenIDConsumerTypeURIs())) {
- return true;
- }
- }
-
- return false;
-}
-
-function Auth_OpenID_bestMatchingService($service, $preferred_types)
-{
- // Return the index of the first matching type, or something
- // higher if no type matches.
- //
- // This provides an ordering in which service elements that
- // contain a type that comes earlier in the preferred types list
- // come before service elements that come later. If a service
- // element has more than one type, the most preferred one wins.
-
- foreach ($preferred_types as $index => $typ) {
- if (in_array($typ, $service->type_uris)) {
- return $index;
- }
- }
-
- return count($preferred_types);
-}
-
-function Auth_OpenID_arrangeByType($service_list, $preferred_types)
-{
- // Rearrange service_list in a new list so services are ordered by
- // types listed in preferred_types. Return the new list.
-
- // Build a list with the service elements in tuples whose
- // comparison will prefer the one with the best matching service
- $prio_services = array();
- foreach ($service_list as $index => $service) {
- $prio_services[] = array(Auth_OpenID_bestMatchingService($service,
- $preferred_types),
- $index, $service);
- }
-
- sort($prio_services);
-
- // Now that the services are sorted by priority, remove the sort
- // keys from the list.
- foreach ($prio_services as $index => $s) {
- $prio_services[$index] = $prio_services[$index][2];
- }
-
- return $prio_services;
-}
-
-// Extract OP Identifier services. If none found, return the rest,
-// sorted with most preferred first according to
-// OpenIDServiceEndpoint.openid_type_uris.
-//
-// openid_services is a list of OpenIDServiceEndpoint objects.
-//
-// Returns a list of OpenIDServiceEndpoint objects."""
-function Auth_OpenID_getOPOrUserServices($openid_services)
-{
- $op_services = Auth_OpenID_arrangeByType($openid_services,
- array(Auth_OpenID_TYPE_2_0_IDP));
-
- $openid_services = Auth_OpenID_arrangeByType($openid_services,
- Auth_OpenID_getOpenIDTypeURIs());
-
- if ($op_services) {
- return $op_services;
- } else {
- return $openid_services;
- }
-}
-
-function Auth_OpenID_makeOpenIDEndpoints($uri, $yadis_services)
-{
- $s = array();
-
- if (!$yadis_services) {
- return $s;
- }
-
- foreach ($yadis_services as $service) {
- $type_uris = $service->getTypes();
- $uris = $service->getURIs();
-
- // If any Type URIs match and there is an endpoint URI
- // specified, then this is an OpenID endpoint
- if ($type_uris &&
- $uris) {
- foreach ($uris as $service_uri) {
- $openid_endpoint = new Auth_OpenID_ServiceEndpoint();
- if ($openid_endpoint->parseService($uri,
- $service_uri,
- $type_uris,
- $service)) {
- $s[] = $openid_endpoint;
- }
- }
- }
- }
-
- return $s;
-}
-
-function Auth_OpenID_discoverWithYadis($uri, $fetcher,
- $endpoint_filter='Auth_OpenID_getOPOrUserServices',
- $discover_function=null)
-{
- // Discover OpenID services for a URI. Tries Yadis and falls back
- // on old-style <link rel='...'> discovery if Yadis fails.
-
- // Might raise a yadis.discover.DiscoveryFailure if no document
- // came back for that URI at all. I don't think falling back to
- // OpenID 1.0 discovery on the same URL will help, so don't bother
- // to catch it.
- if ($discover_function === null) {
- $discover_function = array('Auth_Yadis_Yadis', 'discover');
- }
-
- $openid_services = array();
-
- $response = call_user_func_array($discover_function,
- array($uri, $fetcher));
-
- $yadis_url = $response->normalized_uri;
- $yadis_services = array();
-
- if ($response->isFailure() && !$response->isXRDS()) {
- return array($uri, array());
- }
-
- $openid_services = Auth_OpenID_ServiceEndpoint::fromXRDS(
- $yadis_url,
- $response->response_text);
-
- if (!$openid_services) {
- if ($response->isXRDS()) {
- return Auth_OpenID_discoverWithoutYadis($uri,
- $fetcher);
- }
-
- // Try to parse the response as HTML to get OpenID 1.0/1.1
- // <link rel="...">
- $openid_services = Auth_OpenID_ServiceEndpoint::fromHTML(
- $yadis_url,
- $response->response_text);
- }
-
- $openid_services = call_user_func_array($endpoint_filter,
- array($openid_services));
-
- return array($yadis_url, $openid_services);
-}
-
-function Auth_OpenID_discoverURI($uri, $fetcher)
-{
- $uri = Auth_OpenID::normalizeUrl($uri);
- return Auth_OpenID_discoverWithYadis($uri, $fetcher);
-}
-
-function Auth_OpenID_discoverWithoutYadis($uri, $fetcher)
-{
- $http_resp = @$fetcher->get($uri);
-
- if ($http_resp->status != 200 and $http_resp->status != 206) {
- return array($uri, array());
- }
-
- $identity_url = $http_resp->final_url;
-
- // Try to parse the response as HTML to get OpenID 1.0/1.1 <link
- // rel="...">
- $openid_services = Auth_OpenID_ServiceEndpoint::fromHTML(
- $identity_url,
- $http_resp->body);
-
- return array($identity_url, $openid_services);
-}
-
-function Auth_OpenID_discoverXRI($iname, $fetcher)
-{
- $resolver = new Auth_Yadis_ProxyResolver($fetcher);
- list($canonicalID, $yadis_services) =
- $resolver->query($iname,
- Auth_OpenID_getOpenIDTypeURIs(),
- array('filter_MatchesAnyOpenIDType'));
-
- $openid_services = Auth_OpenID_makeOpenIDEndpoints($iname,
- $yadis_services);
-
- $openid_services = Auth_OpenID_getOPOrUserServices($openid_services);
-
- for ($i = 0; $i < count($openid_services); $i++) {
- $openid_services[$i]->canonicalID = $canonicalID;
- $openid_services[$i]->claimed_id = $canonicalID;
- $openid_services[$i]->display_identifier = $iname;
- }
-
- // FIXME: returned xri should probably be in some normal form
- return array($iname, $openid_services);
-}
-
-function Auth_OpenID_discover($uri, $fetcher)
-{
- // If the fetcher (i.e., PHP) doesn't support SSL, we can't do
- // discovery on an HTTPS URL.
- if ($fetcher->isHTTPS($uri) && !$fetcher->supportsSSL()) {
- return array($uri, array());
- }
-
- if (Auth_Yadis_identifierScheme($uri) == 'XRI') {
- $result = Auth_OpenID_discoverXRI($uri, $fetcher);
- } else {
- $result = Auth_OpenID_discoverURI($uri, $fetcher);
- }
-
- // If the fetcher doesn't support SSL, we can't interact with
- // HTTPS server URLs; remove those endpoints from the list.
- if (!$fetcher->supportsSSL()) {
- $http_endpoints = array();
- list($new_uri, $endpoints) = $result;
-
- foreach ($endpoints as $e) {
- if (!$fetcher->isHTTPS($e->server_url)) {
- $http_endpoints[] = $e;
- }
- }
-
- $result = array($new_uri, $http_endpoints);
- }
-
- return $result;
-}
-
-
-
--- a/lib/openid-php/Auth/OpenID/DumbStore.php
+++ /dev/null
@@ -1,100 +1,1 @@
-<?php
-/**
- * This file supplies a dumb store backend for OpenID servers and
- * consumers.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * Import the interface for creating a new store class.
- */
-require_once 'Auth/OpenID/Interface.php';
-require_once 'Auth/OpenID/HMAC.php';
-
-/**
- * This is a store for use in the worst case, when you have no way of
- * saving state on the consumer site. Using this store makes the
- * consumer vulnerable to replay attacks, as it's unable to use
- * nonces. Avoid using this store if it is at all possible.
- *
- * Most of the methods of this class are implementation details.
- * Users of this class need to worry only about the constructor.
- *
- * @package OpenID
- */
-class Auth_OpenID_DumbStore extends Auth_OpenID_OpenIDStore {
-
- /**
- * Creates a new {@link Auth_OpenID_DumbStore} instance. For the security
- * of the tokens generated by the library, this class attempts to
- * at least have a secure implementation of getAuthKey.
- *
- * When you create an instance of this class, pass in a secret
- * phrase. The phrase is hashed with sha1 to make it the correct
- * length and form for an auth key. That allows you to use a long
- * string as the secret phrase, which means you can make it very
- * difficult to guess.
- *
- * Each {@link Auth_OpenID_DumbStore} instance that is created for use by
- * your consumer site needs to use the same $secret_phrase.
- *
- * @param string secret_phrase The phrase used to create the auth
- * key returned by getAuthKey
- */
- function Auth_OpenID_DumbStore($secret_phrase)
- {
- $this->auth_key = Auth_OpenID_SHA1($secret_phrase);
- }
-
- /**
- * This implementation does nothing.
- */
- function storeAssociation($server_url, $association)
- {
- }
-
- /**
- * This implementation always returns null.
- */
- function getAssociation($server_url, $handle = null)
- {
- return null;
- }
-
- /**
- * This implementation always returns false.
- */
- function removeAssociation($server_url, $handle)
- {
- return false;
- }
-
- /**
- * In a system truly limited to dumb mode, nonces must all be
- * accepted. This therefore always returns true, which makes
- * replay attacks feasible.
- */
- function useNonce($server_url, $timestamp, $salt)
- {
- return true;
- }
-
- /**
- * This method returns the auth key generated by the constructor.
- */
- function getAuthKey()
- {
- return $this->auth_key;
- }
-}
-
-
--- a/lib/openid-php/Auth/OpenID/Extension.php
+++ /dev/null
@@ -1,62 +1,1 @@
-<?php
-/**
- * An interface for OpenID extensions.
- *
- * @package OpenID
- */
-
-/**
- * Require the Message implementation.
- */
-require_once 'Auth/OpenID/Message.php';
-
-/**
- * A base class for accessing extension request and response data for
- * the OpenID 2 protocol.
- *
- * @package OpenID
- */
-class Auth_OpenID_Extension {
- /**
- * ns_uri: The namespace to which to add the arguments for this
- * extension
- */
- var $ns_uri = null;
- var $ns_alias = null;
-
- /**
- * Get the string arguments that should be added to an OpenID
- * message for this extension.
- */
- function getExtensionArgs()
- {
- return null;
- }
-
- /**
- * Add the arguments from this extension to the provided message.
- *
- * Returns the message with the extension arguments added.
- */
- function toMessage($message)
- {
- $implicit = $message->isOpenID1();
- $added = $message->namespaces->addAlias($this->ns_uri,
- $this->ns_alias,
- $implicit);
-
- if ($added === null) {
- if ($message->namespaces->getAlias($this->ns_uri) !=
- $this->ns_alias) {
- return null;
- }
- }
-
- $message->updateArgs($this->ns_uri,
- $this->getExtensionArgs());
- return $message;
- }
-}
-
-
--- a/lib/openid-php/Auth/OpenID/FileStore.php
+++ /dev/null
@@ -1,619 +1,1 @@
-<?php
-/**
- * This file supplies a Memcached store backend for OpenID servers and
- * consumers.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * Require base class for creating a new interface.
- */
-require_once 'Auth/OpenID.php';
-require_once 'Auth/OpenID/Interface.php';
-require_once 'Auth/OpenID/HMAC.php';
-require_once 'Auth/OpenID/Nonce.php';
-
-/**
- * This is a filesystem-based store for OpenID associations and
- * nonces. This store should be safe for use in concurrent systems on
- * both windows and unix (excluding NFS filesystems). There are a
- * couple race conditions in the system, but those failure cases have
- * been set up in such a way that the worst-case behavior is someone
- * having to try to log in a second time.
- *
- * Most of the methods of this class are implementation details.
- * People wishing to just use this store need only pay attention to
- * the constructor.
- *
- * @package OpenID
- */
-class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore {
-
- /**
- * Initializes a new {@link Auth_OpenID_FileStore}. This
- * initializes the nonce and association directories, which are
- * subdirectories of the directory passed in.
- *
- * @param string $directory This is the directory to put the store
- * directories in.
- */
- function Auth_OpenID_FileStore($directory)
- {
- if (!Auth_OpenID::ensureDir($directory)) {
- trigger_error('Not a directory and failed to create: '
- . $directory, E_USER_ERROR);
- }
- $directory = realpath($directory);
-
- $this->directory = $directory;
- $this->active = true;
-
- $this->nonce_dir = $directory . DIRECTORY_SEPARATOR . 'nonces';
-
- $this->association_dir = $directory . DIRECTORY_SEPARATOR .
- 'associations';
-
- // Temp dir must be on the same filesystem as the assciations
- // $directory.
- $this->temp_dir = $directory . DIRECTORY_SEPARATOR . 'temp';
-
- $this->max_nonce_age = 6 * 60 * 60; // Six hours, in seconds
-
- if (!$this->_setup()) {
- trigger_error('Failed to initialize OpenID file store in ' .
- $directory, E_USER_ERROR);
- }
- }
-
- function destroy()
- {
- Auth_OpenID_FileStore::_rmtree($this->directory);
- $this->active = false;
- }
-
- /**
- * Make sure that the directories in which we store our data
- * exist.
- *
- * @access private
- */
- function _setup()
- {
- return (Auth_OpenID::ensureDir($this->nonce_dir) &&
- Auth_OpenID::ensureDir($this->association_dir) &&
- Auth_OpenID::ensureDir($this->temp_dir));
- }
-
- /**
- * Create a temporary file on the same filesystem as
- * $this->association_dir.
- *
- * The temporary directory should not be cleaned if there are any
- * processes using the store. If there is no active process using
- * the store, it is safe to remove all of the files in the
- * temporary directory.
- *
- * @return array ($fd, $filename)
- * @access private
- */
- function _mktemp()
- {
- $name = Auth_OpenID_FileStore::_mkstemp($dir = $this->temp_dir);
- $file_obj = @fopen($name, 'wb');
- if ($file_obj !== false) {
- return array($file_obj, $name);
- } else {
- Auth_OpenID_FileStore::_removeIfPresent($name);
- }
- }
-
- function cleanupNonces()
- {
- global $Auth_OpenID_SKEW;
-
- $nonces = Auth_OpenID_FileStore::_listdir($this->nonce_dir);
- $now = time();
-
- $removed = 0;
- // Check all nonces for expiry
- foreach ($nonces as $nonce_fname) {
- $base = basename($nonce_fname);
- $parts = explode('-', $base, 2);
- $timestamp = $parts[0];
- $timestamp = intval($timestamp, 16);
- if (abs($timestamp - $now) > $Auth_OpenID_SKEW) {
- Auth_OpenID_FileStore::_removeIfPresent($nonce_fname);
- $removed += 1;
- }
- }
- return $removed;
- }
-
- /**
- * Create a unique filename for a given server url and
- * handle. This implementation does not assume anything about the
- * format of the handle. The filename that is returned will
- * contain the domain name from the server URL for ease of human
- * inspection of the data directory.
- *
- * @return string $filename
- */
- function getAssociationFilename($server_url, $handle)
- {
- if (!$this->active) {
- trigger_error("FileStore no longer active", E_USER_ERROR);
- return null;
- }
-
- if (strpos($server_url, '://') === false) {
- trigger_error(sprintf("Bad server URL: %s", $server_url),
- E_USER_WARNING);
- return null;
- }
-
- list($proto, $rest) = explode('://', $server_url, 2);
- $parts = explode('/', $rest);
- $domain = Auth_OpenID_FileStore::_filenameEscape($parts[0]);
- $url_hash = Auth_OpenID_FileStore::_safe64($server_url);
- if ($handle) {
- $handle_hash = Auth_OpenID_FileStore::_safe64($handle);
- } else {
- $handle_hash = '';
- }
-
- $filename = sprintf('%s-%s-%s-%s', $proto, $domain, $url_hash,
- $handle_hash);
-
- return $this->association_dir. DIRECTORY_SEPARATOR . $filename;
- }
-
- /**
- * Store an association in the association directory.
- */
- function storeAssociation($server_url, $association)
- {
- if (!$this->active) {
- trigger_error("FileStore no longer active", E_USER_ERROR);
- return false;
- }
-
- $association_s = $association->serialize();
- $filename = $this->getAssociationFilename($server_url,
- $association->handle);
- list($tmp_file, $tmp) = $this->_mktemp();
-
- if (!$tmp_file) {
- trigger_error("_mktemp didn't return a valid file descriptor",
- E_USER_WARNING);
- return false;
- }
-
- fwrite($tmp_file, $association_s);
-
- fflush($tmp_file);
-
- fclose($tmp_file);
-
- if (@rename($tmp, $filename)) {
- return true;
- } else {
- // In case we are running on Windows, try unlinking the
- // file in case it exists.
- @unlink($filename);
-
- // Now the target should not exist. Try renaming again,
- // giving up if it fails.
- if (@rename($tmp, $filename)) {
- return true;
- }
- }
-
- // If there was an error, don't leave the temporary file
- // around.
- Auth_OpenID_FileStore::_removeIfPresent($tmp);
- return false;
- }
-
- /**
- * Retrieve an association. If no handle is specified, return the
- * association with the most recent issue time.
- *
- * @return mixed $association
- */
- function getAssociation($server_url, $handle = null)
- {
- if (!$this->active) {
- trigger_error("FileStore no longer active", E_USER_ERROR);
- return null;
- }
-
- if ($handle === null) {
- $handle = '';
- }
-
- // The filename with the empty handle is a prefix of all other
- // associations for the given server URL.
- $filename = $this->getAssociationFilename($server_url, $handle);
-
- if ($handle) {
- return $this->_getAssociation($filename);
- } else {
- $association_files =
- Auth_OpenID_FileStore::_listdir($this->association_dir);
- $matching_files = array();
-
- // strip off the path to do the comparison
- $name = basename($filename);
- foreach ($association_files as $association_file) {
- $base = basename($association_file);
- if (strpos($base, $name) === 0) {
- $matching_files[] = $association_file;
- }
- }
-
- $matching_associations = array();
- // read the matching files and sort by time issued
- foreach ($matching_files as $full_name) {
- $association = $this->_getAssociation($full_name);
- if ($association !== null) {
- $matching_associations[] = array($association->issued,
- $association);
- }
- }
-
- $issued = array();
- $assocs = array();
- foreach ($matching_associations as $key => $assoc) {
- $issued[$key] = $assoc[0];
- $assocs[$key] = $assoc[1];
- }
-
- array_multisort($issued, SORT_DESC, $assocs, SORT_DESC,
- $matching_associations);
-
- // return the most recently issued one.
- if ($matching_associations) {
- list($issued, $assoc) = $matching_associations[0];
- return $assoc;
- } else {
- return null;
- }
- }
- }
-
- /**
- * @access private
- */
- function _getAssociation($filename)
- {
- if (!$this->active) {
- trigger_error("FileStore no longer active", E_USER_ERROR);
- return null;
- }
-
- $assoc_file = @fopen($filename, 'rb');
-
- if ($assoc_file === false) {
- return null;
- }
-
- $assoc_s = fread($assoc_file, filesize($filename));
- fclose($assoc_file);
-
- if (!$assoc_s) {
- return null;
- }
-
- $association =
- Auth_OpenID_Association::deserialize('Auth_OpenID_Association',
- $assoc_s);
-
- if (!$association) {
- Auth_OpenID_FileStore::_removeIfPresent($filename);
- return null;
- }
-
- if ($association->getExpiresIn() == 0) {
- Auth_OpenID_FileStore::_removeIfPresent($filename);
- return null;
- } else {
- return $association;
- }
- }
-
- /**
- * Remove an association if it exists. Do nothing if it does not.
- *
- * @return bool $success
- */
- function removeAssociation($server_url, $handle)
- {
- if (!$this->active) {
- trigger_error("FileStore no longer active", E_USER_ERROR);
- return null;
- }
-
- $assoc = $this->getAssociation($server_url, $handle);
- if ($assoc === null) {
- return false;
- } else {
- $filename = $this->getAssociationFilename($server_url, $handle);
- return Auth_OpenID_FileStore::_removeIfPresent($filename);
- }
- }
-
- /**
- * Return whether this nonce is present. As a side effect, mark it
- * as no longer present.
- *
- * @return bool $present
- */
- function useNonce($server_url, $timestamp, $salt)
- {
- global $Auth_OpenID_SKEW;
-
- if (!$this->active) {
- trigger_error("FileStore no longer active", E_USER_ERROR);
- return null;
- }
-
- if ( abs($timestamp - time()) > $Auth_OpenID_SKEW ) {
- return false;
- }
-
- if ($server_url) {
- list($proto, $rest) = explode('://', $server_url, 2);
- } else {
- $proto = '';
- $rest = '';
- }
-
- $parts = explode('/', $rest, 2);
- $domain = $this->_filenameEscape($parts[0]);
- $url_hash = $this->_safe64($server_url);
- $salt_hash = $this->_safe64($salt);
-
- $filename = sprintf('%08x-%s-%s-%s-%s', $timestamp, $proto,
- $domain, $url_hash, $salt_hash);
- $filename = $this->nonce_dir . DIRECTORY_SEPARATOR . $filename;
-
- $result = @fopen($filename, 'x');
-
- if ($result === false) {
- return false;
- } else {
- fclose($result);
- return true;
- }
- }
-
- /**
- * Remove expired entries from the database. This is potentially
- * expensive, so only run when it is acceptable to take time.
- *
- * @access private
- */
- function _allAssocs()
- {
- $all_associations = array();
-
- $association_filenames =
- Auth_OpenID_FileStore::_listdir($this->association_dir);
-
- foreach ($association_filenames as $association_filename) {
- $association_file = fopen($association_filename, 'rb');
-
- if ($association_file !== false) {
- $assoc_s = fread($association_file,
- filesize($association_filename));
- fclose($association_file);
-
- // Remove expired or corrupted associations
- $association =
- Auth_OpenID_Association::deserialize(
- 'Auth_OpenID_Association', $assoc_s);
-
- if ($association === null) {
- Auth_OpenID_FileStore::_removeIfPresent(
- $association_filename);
- } else {
- if ($association->getExpiresIn() == 0) {
- $all_associations[] = array($association_filename,
- $association);
- }
- }
- }
- }
-
- return $all_associations;
- }
-
- function clean()
- {
- if (!$this->active) {
- trigger_error("FileStore no longer active", E_USER_ERROR);
- return null;
- }
-
- $nonces = Auth_OpenID_FileStore::_listdir($this->nonce_dir);
- $now = time();
-
- // Check all nonces for expiry
- foreach ($nonces as $nonce) {
- if (!Auth_OpenID_checkTimestamp($nonce, $now)) {
- $filename = $this->nonce_dir . DIRECTORY_SEPARATOR . $nonce;
- Auth_OpenID_FileStore::_removeIfPresent($filename);
- }
- }
-
- foreach ($this->_allAssocs() as $pair) {
- list($assoc_filename, $assoc) = $pair;
- if ($assoc->getExpiresIn() == 0) {
- Auth_OpenID_FileStore::_removeIfPresent($assoc_filename);
- }
- }
- }
-
- /**
- * @access private
- */
- function _rmtree($dir)
- {
- if ($dir[strlen($dir) - 1] != DIRECTORY_SEPARATOR) {
- $dir .= DIRECTORY_SEPARATOR;
- }
-
- if ($handle = opendir($dir)) {
- while ($item = readdir($handle)) {
- if (!in_array($item, array('.', '..'))) {
- if (is_dir($dir . $item)) {
-
- if (!Auth_OpenID_FileStore::_rmtree($dir . $item)) {
- return false;
- }
- } else if (is_file($dir . $item)) {
- if (!unlink($dir . $item)) {
- return false;
- }
- }
- }
- }
-
- closedir($handle);
-
- if (!@rmdir($dir)) {
- return false;
- }
-
- return true;
- } else {
- // Couldn't open directory.
- return false;
- }
- }
-
- /**
- * @access private
- */
- function _mkstemp($dir)
- {
- foreach (range(0, 4) as $i) {
- $name = tempnam($dir, "php_openid_filestore_");
-
- if ($name !== false) {
- return $name;
- }
- }
- return false;
- }
-
- /**
- * @access private
- */
- static function _mkdtemp($dir)
- {
- foreach (range(0, 4) as $i) {
- $name = $dir . strval(DIRECTORY_SEPARATOR) . strval(getmypid()) .
- "-" . strval(rand(1, time()));
- if (!mkdir($name, 0700)) {
- return false;
- } else {
- return $name;
- }
- }
- return false;
- }
-
- /**
- * @access private
- */
- function _listdir($dir)
- {
- $handle = opendir($dir);
- $files = array();
- while (false !== ($filename = readdir($handle))) {
- if (!in_array($filename, array('.', '..'))) {
- $files[] = $dir . DIRECTORY_SEPARATOR . $filename;
- }
- }
- return $files;
- }
-
- /**
- * @access private
- */
- function _isFilenameSafe($char)
- {
- $_Auth_OpenID_filename_allowed = Auth_OpenID_letters .
- Auth_OpenID_digits . ".";
- return (strpos($_Auth_OpenID_filename_allowed, $char) !== false);
- }
-
- /**
- * @access private
- */
- function _safe64($str)
- {
- $h64 = base64_encode(Auth_OpenID_SHA1($str));
- $h64 = str_replace('+', '_', $h64);
- $h64 = str_replace('/', '.', $h64);
- $h64 = str_replace('=', '', $h64);
- return $h64;
- }
-
- /**
- * @access private
- */
- function _filenameEscape($str)
- {
- $filename = "";
- $b = Auth_OpenID::toBytes($str);
-
- for ($i = 0; $i < count($b); $i++) {
- $c = $b[$i];
- if (Auth_OpenID_FileStore::_isFilenameSafe($c)) {
- $filename .= $c;
- } else {
- $filename .= sprintf("_%02X", ord($c));
- }
- }
- return $filename;
- }
-
- /**
- * Attempt to remove a file, returning whether the file existed at
- * the time of the call.
- *
- * @access private
- * @return bool $result True if the file was present, false if not.
- */
- function _removeIfPresent($filename)
- {
- return @unlink($filename);
- }
-
- function cleanupAssociations()
- {
- $removed = 0;
- foreach ($this->_allAssocs() as $pair) {
- list($assoc_filename, $assoc) = $pair;
- if ($assoc->getExpiresIn() == 0) {
- $this->_removeIfPresent($assoc_filename);
- $removed += 1;
- }
- }
- return $removed;
- }
-}
-
-
-
--- a/lib/openid-php/Auth/OpenID/HMAC.php
+++ /dev/null
@@ -1,106 +1,1 @@
-<?php
-/**
- * This is the HMACSHA1 implementation for the OpenID library.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @access private
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-require_once 'Auth/OpenID.php';
-
-/**
- * SHA1_BLOCKSIZE is this module's SHA1 blocksize used by the fallback
- * implementation.
- */
-define('Auth_OpenID_SHA1_BLOCKSIZE', 64);
-
-function Auth_OpenID_SHA1($text)
-{
- if (function_exists('hash') &&
- function_exists('hash_algos') &&
- (in_array('sha1', hash_algos()))) {
- // PHP 5 case (sometimes): 'hash' available and 'sha1' algo
- // supported.
- return hash('sha1', $text, true);
- } else if (function_exists('sha1')) {
- // PHP 4 case: 'sha1' available.
- $hex = sha1($text);
- $raw = '';
- for ($i = 0; $i < 40; $i += 2) {
- $hexcode = substr($hex, $i, 2);
- $charcode = (int)base_convert($hexcode, 16, 10);
- $raw .= chr($charcode);
- }
- return $raw;
- } else {
- // Explode.
- trigger_error('No SHA1 function found', E_USER_ERROR);
- }
-}
-
-/**
- * Compute an HMAC/SHA1 hash.
- *
- * @access private
- * @param string $key The HMAC key
- * @param string $text The message text to hash
- * @return string $mac The MAC
- */
-function Auth_OpenID_HMACSHA1($key, $text)
-{
- if (Auth_OpenID::bytes($key) > Auth_OpenID_SHA1_BLOCKSIZE) {
- $key = Auth_OpenID_SHA1($key, true);
- }
-
- if (function_exists('hash_hmac') &&
- function_exists('hash_algos') &&
- (in_array('sha1', hash_algos()))) {
- return hash_hmac('sha1', $text, $key, true);
- }
- // Home-made solution
-
- $key = str_pad($key, Auth_OpenID_SHA1_BLOCKSIZE, chr(0x00));
- $ipad = str_repeat(chr(0x36), Auth_OpenID_SHA1_BLOCKSIZE);
- $opad = str_repeat(chr(0x5c), Auth_OpenID_SHA1_BLOCKSIZE);
- $hash1 = Auth_OpenID_SHA1(($key ^ $ipad) . $text, true);
- $hmac = Auth_OpenID_SHA1(($key ^ $opad) . $hash1, true);
- return $hmac;
-}
-
-if (function_exists('hash') &&
- function_exists('hash_algos') &&
- (in_array('sha256', hash_algos()))) {
- function Auth_OpenID_SHA256($text)
- {
- // PHP 5 case: 'hash' available and 'sha256' algo supported.
- return hash('sha256', $text, true);
- }
- define('Auth_OpenID_SHA256_SUPPORTED', true);
-} else {
- define('Auth_OpenID_SHA256_SUPPORTED', false);
-}
-
-if (function_exists('hash_hmac') &&
- function_exists('hash_algos') &&
- (in_array('sha256', hash_algos()))) {
-
- function Auth_OpenID_HMACSHA256($key, $text)
- {
- // Return raw MAC (not hex string).
- return hash_hmac('sha256', $text, $key, true);
- }
-
- define('Auth_OpenID_HMACSHA256_SUPPORTED', true);
-} else {
- define('Auth_OpenID_HMACSHA256_SUPPORTED', false);
-}
-
-
--- a/lib/openid-php/Auth/OpenID/Interface.php
+++ /dev/null
@@ -1,197 +1,1 @@
-<?php
-/**
- * This file specifies the interface for PHP OpenID store implementations.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * This is the interface for the store objects the OpenID library
- * uses. It is a single class that provides all of the persistence
- * mechanisms that the OpenID library needs, for both servers and
- * consumers. If you want to create an SQL-driven store, please see
- * then {@link Auth_OpenID_SQLStore} class.
- *
- * Change: Version 2.0 removed the storeNonce, getAuthKey, and isDumb
- * methods, and changed the behavior of the useNonce method to support
- * one-way nonces.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- */
-class Auth_OpenID_OpenIDStore {
- /**
- * This method puts an Association object into storage,
- * retrievable by server URL and handle.
- *
- * @param string $server_url The URL of the identity server that
- * this association is with. Because of the way the server portion
- * of the library uses this interface, don't assume there are any
- * limitations on the character set of the input string. In
- * particular, expect to see unescaped non-url-safe characters in
- * the server_url field.
- *
- * @param Association $association The Association to store.
- */
- function storeAssociation($server_url, $association)
- {
- trigger_error("Auth_OpenID_OpenIDStore::storeAssociation ".
- "not implemented", E_USER_ERROR);
- }
-
- /*
- * Remove expired nonces from the store.
- *
- * Discards any nonce from storage that is old enough that its
- * timestamp would not pass useNonce().
- *
- * This method is not called in the normal operation of the
- * library. It provides a way for store admins to keep their
- * storage from filling up with expired data.
- *
- * @return the number of nonces expired
- */
- function cleanupNonces()
- {
- trigger_error("Auth_OpenID_OpenIDStore::cleanupNonces ".
- "not implemented", E_USER_ERROR);
- }
-
- /*
- * Remove expired associations from the store.
- *
- * This method is not called in the normal operation of the
- * library. It provides a way for store admins to keep their
- * storage from filling up with expired data.
- *
- * @return the number of associations expired.
- */
- function cleanupAssociations()
- {
- trigger_error("Auth_OpenID_OpenIDStore::cleanupAssociations ".
- "not implemented", E_USER_ERROR);
- }
-
- /*
- * Shortcut for cleanupNonces(), cleanupAssociations().
- *
- * This method is not called in the normal operation of the
- * library. It provides a way for store admins to keep their
- * storage from filling up with expired data.
- */
- function cleanup()
- {
- return array($this->cleanupNonces(),
- $this->cleanupAssociations());
- }
-
- /**
- * Report whether this storage supports cleanup
- */
- function supportsCleanup()
- {
- return true;
- }
-
- /**
- * This method returns an Association object from storage that
- * matches the server URL and, if specified, handle. It returns
- * null if no such association is found or if the matching
- * association is expired.
- *
- * If no handle is specified, the store may return any association
- * which matches the server URL. If multiple associations are
- * valid, the recommended return value for this method is the one
- * most recently issued.
- *
- * This method is allowed (and encouraged) to garbage collect
- * expired associations when found. This method must not return
- * expired associations.
- *
- * @param string $server_url The URL of the identity server to get
- * the association for. Because of the way the server portion of
- * the library uses this interface, don't assume there are any
- * limitations on the character set of the input string. In
- * particular, expect to see unescaped non-url-safe characters in
- * the server_url field.
- *
- * @param mixed $handle This optional parameter is the handle of
- * the specific association to get. If no specific handle is
- * provided, any valid association matching the server URL is
- * returned.
- *
- * @return Association The Association for the given identity
- * server.
- */
- function getAssociation($server_url, $handle = null)
- {
- trigger_error("Auth_OpenID_OpenIDStore::getAssociation ".
- "not implemented", E_USER_ERROR);
- }
-
- /**
- * This method removes the matching association if it's found, and
- * returns whether the association was removed or not.
- *
- * @param string $server_url The URL of the identity server the
- * association to remove belongs to. Because of the way the server
- * portion of the library uses this interface, don't assume there
- * are any limitations on the character set of the input
- * string. In particular, expect to see unescaped non-url-safe
- * characters in the server_url field.
- *
- * @param string $handle This is the handle of the association to
- * remove. If there isn't an association found that matches both
- * the given URL and handle, then there was no matching handle
- * found.
- *
- * @return mixed Returns whether or not the given association existed.
- */
- function removeAssociation($server_url, $handle)
- {
- trigger_error("Auth_OpenID_OpenIDStore::removeAssociation ".
- "not implemented", E_USER_ERROR);
- }
-
- /**
- * Called when using a nonce.
- *
- * This method should return C{True} if the nonce has not been
- * used before, and store it for a while to make sure nobody
- * tries to use the same value again. If the nonce has already
- * been used, return C{False}.
- *
- * Change: In earlier versions, round-trip nonces were used and a
- * nonce was only valid if it had been previously stored with
- * storeNonce. Version 2.0 uses one-way nonces, requiring a
- * different implementation here that does not depend on a
- * storeNonce call. (storeNonce is no longer part of the
- * interface.
- *
- * @param string $nonce The nonce to use.
- *
- * @return bool Whether or not the nonce was valid.
- */
- function useNonce($server_url, $timestamp, $salt)
- {
- trigger_error("Auth_OpenID_OpenIDStore::useNonce ".
- "not implemented", E_USER_ERROR);
- }
-
- /**
- * Removes all entries from the store; implementation is optional.
- */
- function reset()
- {
- }
-
-}
-
--- a/lib/openid-php/Auth/OpenID/KVForm.php
+++ /dev/null
@@ -1,112 +1,1 @@
-<?php
-/**
- * OpenID protocol key-value/comma-newline format parsing and
- * serialization
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @access private
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * Container for key-value/comma-newline OpenID format and parsing
- */
-class Auth_OpenID_KVForm {
- /**
- * Convert an OpenID colon/newline separated string into an
- * associative array
- *
- * @static
- * @access private
- */
- static function toArray($kvs, $strict=false)
- {
- $lines = explode("\n", $kvs);
-
- $last = array_pop($lines);
- if ($last !== '') {
- array_push($lines, $last);
- if ($strict) {
- return false;
- }
- }
-
- $values = array();
-
- for ($lineno = 0; $lineno < count($lines); $lineno++) {
- $line = $lines[$lineno];
- $kv = explode(':', $line, 2);
- if (count($kv) != 2) {
- if ($strict) {
- return false;
- }
- continue;
- }
-
- $key = $kv[0];
- $tkey = trim($key);
- if ($tkey != $key) {
- if ($strict) {
- return false;
- }
- }
-
- $value = $kv[1];
- $tval = trim($value);
- if ($tval != $value) {
- if ($strict) {
- return false;
- }
- }
-
- $values[$tkey] = $tval;
- }
-
- return $values;
- }
-
- /**
- * Convert an array into an OpenID colon/newline separated string
- *
- * @static
- * @access private
- */
- static function fromArray($values)
- {
- if ($values === null) {
- return null;
- }
-
- ksort($values);
-
- $serialized = '';
- foreach ($values as $key => $value) {
- if (is_array($value)) {
- list($key, $value) = array($value[0], $value[1]);
- }
-
- if (strpos($key, ':') !== false) {
- return null;
- }
-
- if (strpos($key, "\n") !== false) {
- return null;
- }
-
- if (strpos($value, "\n") !== false) {
- return null;
- }
- $serialized .= "$key:$value\n";
- }
- return $serialized;
- }
-}
-
-
--- a/lib/openid-php/Auth/OpenID/MDB2Store.php
+++ /dev/null
@@ -1,414 +1,1 @@
-<?php
-/**
- * SQL-backed OpenID stores for use with PEAR::MDB2.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005 Janrain, Inc.
- * @license http://www.gnu.org/copyleft/lesser.html LGPL
- */
-
-require_once 'MDB2.php';
-
-/**
- * @access private
- */
-require_once 'Auth/OpenID/Interface.php';
-
-/**
- * @access private
- */
-require_once 'Auth/OpenID.php';
-
-/**
- * @access private
- */
-require_once 'Auth/OpenID/Nonce.php';
-
-/**
- * This store uses a PEAR::MDB2 connection to store persistence
- * information.
- *
- * The table names used are determined by the class variables
- * associations_table_name and nonces_table_name. To change the name
- * of the tables used, pass new table names into the constructor.
- *
- * To create the tables with the proper schema, see the createTables
- * method.
- *
- * @package OpenID
- */
-class Auth_OpenID_MDB2Store extends Auth_OpenID_OpenIDStore {
- /**
- * This creates a new MDB2Store instance. It requires an
- * established database connection be given to it, and it allows
- * overriding the default table names.
- *
- * @param connection $connection This must be an established
- * connection to a database of the correct type for the SQLStore
- * subclass you're using. This must be a PEAR::MDB2 connection
- * handle.
- *
- * @param associations_table: This is an optional parameter to
- * specify the name of the table used for storing associations.
- * The default value is 'oid_associations'.
- *
- * @param nonces_table: This is an optional parameter to specify
- * the name of the table used for storing nonces. The default
- * value is 'oid_nonces'.
- */
- function Auth_OpenID_MDB2Store($connection,
- $associations_table = null,
- $nonces_table = null)
- {
- $this->associations_table_name = "oid_associations";
- $this->nonces_table_name = "oid_nonces";
-
- // Check the connection object type to be sure it's a PEAR
- // database connection.
- if (!is_object($connection) ||
- !is_subclass_of($connection, 'mdb2_driver_common')) {
- trigger_error("Auth_OpenID_MDB2Store expected PEAR connection " .
- "object (got ".get_class($connection).")",
- E_USER_ERROR);
- return;
- }
-
- $this->connection = $connection;
-
- // Be sure to set the fetch mode so the results are keyed on
- // column name instead of column index.
- $this->connection->setFetchMode(MDB2_FETCHMODE_ASSOC);
-
- if (PEAR::isError($this->connection->loadModule('Extended'))) {
- trigger_error("Unable to load MDB2_Extended module", E_USER_ERROR);
- return;
- }
-
- if ($associations_table) {
- $this->associations_table_name = $associations_table;
- }
-
- if ($nonces_table) {
- $this->nonces_table_name = $nonces_table;
- }
-
- $this->max_nonce_age = 6 * 60 * 60;
- }
-
- function tableExists($table_name)
- {
- return !PEAR::isError($this->connection->query(
- sprintf("SELECT * FROM %s LIMIT 0",
- $table_name)));
- }
-
- function createTables()
- {
- $n = $this->create_nonce_table();
- $a = $this->create_assoc_table();
-
- if (!$n || !$a) {
- return false;
- }
- return true;
- }
-
- function create_nonce_table()
- {
- if (!$this->tableExists($this->nonces_table_name)) {
- switch ($this->connection->phptype) {
- case "mysql":
- case "mysqli":
- // Custom SQL for MySQL to use InnoDB and variable-
- // length keys
- $r = $this->connection->exec(
- sprintf("CREATE TABLE %s (\n".
- " server_url VARCHAR(2047) NOT NULL DEFAULT '',\n".
- " timestamp INTEGER NOT NULL,\n".
- " salt CHAR(40) NOT NULL,\n".
- " UNIQUE (server_url(255), timestamp, salt)\n".
- ") TYPE=InnoDB",
- $this->nonces_table_name));
- if (PEAR::isError($r)) {
- return false;
- }
- break;
- default:
- if (PEAR::isError(
- $this->connection->loadModule('Manager'))) {
- return false;
- }
- $fields = array(
- "server_url" => array(
- "type" => "text",
- "length" => 2047,
- "notnull" => true
- ),
- "timestamp" => array(
- "type" => "integer",
- "notnull" => true
- ),
- "salt" => array(
- "type" => "text",
- "length" => 40,
- "fixed" => true,
- "notnull" => true
- )
- );
- $constraint = array(
- "unique" => 1,
- "fields" => array(
- "server_url" => true,
- "timestamp" => true,
- "salt" => true
- )
- );
-
- $r = $this->connection->createTable($this->nonces_table_name,
- $fields);
- if (PEAR::isError($r)) {
- return false;
- }
-
- $r = $this->connection->createConstraint(
- $this->nonces_table_name,
- $this->nonces_table_name . "_constraint",
- $constraint);
- if (PEAR::isError($r)) {
- return false;
- }
- break;
- }
- }
- return true;
- }
-
- function create_assoc_table()
- {
- if (!$this->tableExists($this->associations_table_name)) {
- switch ($this->connection->phptype) {
- case "mysql":
- case "mysqli":
- // Custom SQL for MySQL to use InnoDB and variable-
- // length keys
- $r = $this->connection->exec(
- sprintf("CREATE TABLE %s(\n".
- " server_url VARCHAR(2047) NOT NULL DEFAULT '',\n".
- " handle VARCHAR(255) NOT NULL,\n".
- " secret BLOB NOT NULL,\n".
- " issued INTEGER NOT NULL,\n".
- " lifetime INTEGER NOT NULL,\n".
- " assoc_type VARCHAR(64) NOT NULL,\n".
- " PRIMARY KEY (server_url(255), handle)\n".
- ") TYPE=InnoDB",
- $this->associations_table_name));
- if (PEAR::isError($r)) {
- return false;
- }
- break;
- default:
- if (PEAR::isError(
- $this->connection->loadModule('Manager'))) {
- return false;
- }
- $fields = array(
- "server_url" => array(
- "type" => "text",
- "length" => 2047,
- "notnull" => true
- ),
- "handle" => array(
- "type" => "text",
- "length" => 255,
- "notnull" => true
- ),
- "secret" => array(
- "type" => "blob",
- "length" => "255",
- "notnull" => true
- ),
- "issued" => array(
- "type" => "integer",
- "notnull" => true
- ),
- "lifetime" => array(
- "type" => "integer",
- "notnull" => true
- ),
- "assoc_type" => array(
- "type" => "text",
- "length" => 64,
- "notnull" => true
- )
- );
- $options = array(
- "primary" => array(
- "server_url" => true,
- "handle" => true
- )
- );
-
- $r = $this->connection->createTable(
- $this->associations_table_name,
- $fields,
- $options);
- if (PEAR::isError($r)) {
- return false;
- }
- break;
- }
- }
- return true;
- }
-
- function storeAssociation($server_url, $association)
- {
- $fields = array(
- "server_url" => array(
- "value" => $server_url,
- "key" => true
- ),
- "handle" => array(
- "value" => $association->handle,
- "key" => true
- ),
- "secret" => array(
- "value" => $association->secret,
- "type" => "blob"
- ),
- "issued" => array(
- "value" => $association->issued
- ),
- "lifetime" => array(
- "value" => $association->lifetime
- ),
- "assoc_type" => array(
- "value" => $association->assoc_type
- )
- );
-
- return !PEAR::isError($this->connection->replace(
- $this->associations_table_name,
- $fields));
- }
-
- function cleanupNonces()
- {
- global $Auth_OpenID_SKEW;
- $v = time() - $Auth_OpenID_SKEW;
-
- return $this->connection->exec(
- sprintf("DELETE FROM %s WHERE timestamp < %d",
- $this->nonces_table_name, $v));
- }
-
- function cleanupAssociations()
- {
- return $this->connection->exec(
- sprintf("DELETE FROM %s WHERE issued + lifetime < %d",
- $this->associations_table_name, time()));
- }
-
- function getAssociation($server_url, $handle = null)
- {
- $sql = "";
- $params = null;
- $types = array(
- "text",
- "blob",
- "integer",
- "integer",
- "text"
- );
- if ($handle !== null) {
- $sql = sprintf("SELECT handle, secret, issued, lifetime, assoc_type " .
- "FROM %s WHERE server_url = ? AND handle = ?",
- $this->associations_table_name);
- $params = array($server_url, $handle);
- } else {
- $sql = sprintf("SELECT handle, secret, issued, lifetime, assoc_type " .
- "FROM %s WHERE server_url = ? ORDER BY issued DESC",
- $this->associations_table_name);
- $params = array($server_url);
- }
-
- $assoc = $this->connection->getRow($sql, $types, $params);
-
- if (!$assoc || PEAR::isError($assoc)) {
- return null;
- } else {
- $association = new Auth_OpenID_Association($assoc['handle'],
- stream_get_contents(
- $assoc['secret']),
- $assoc['issued'],
- $assoc['lifetime'],
- $assoc['assoc_type']);
- fclose($assoc['secret']);
- return $association;
- }
- }
-
- function removeAssociation($server_url, $handle)
- {
- $r = $this->connection->execParam(
- sprintf("DELETE FROM %s WHERE server_url = ? AND handle = ?",
- $this->associations_table_name),
- array($server_url, $handle));
-
- if (PEAR::isError($r) || $r == 0) {
- return false;
- }
- return true;
- }
-
- function useNonce($server_url, $timestamp, $salt)
- {
- global $Auth_OpenID_SKEW;
-
- if (abs($timestamp - time()) > $Auth_OpenID_SKEW ) {
- return false;
- }
-
- $fields = array(
- "timestamp" => $timestamp,
- "salt" => $salt
- );
-
- if (!empty($server_url)) {
- $fields["server_url"] = $server_url;
- }
-
- $r = $this->connection->autoExecute(
- $this->nonces_table_name,
- $fields,
- MDB2_AUTOQUERY_INSERT);
-
- if (PEAR::isError($r)) {
- return false;
- }
- return true;
- }
-
- /**
- * Resets the store by removing all records from the store's
- * tables.
- */
- function reset()
- {
- $this->connection->query(sprintf("DELETE FROM %s",
- $this->associations_table_name));
-
- $this->connection->query(sprintf("DELETE FROM %s",
- $this->nonces_table_name));
- }
-
-}
-
-?>
-
--- a/lib/openid-php/Auth/OpenID/MemcachedStore.php
+++ /dev/null
@@ -1,208 +1,1 @@
-<?php
-/**
- * This file supplies a memcached store backend for OpenID servers and
- * consumers.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author Artemy Tregubenko <me@arty.name>
- * @copyright 2008 JanRain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- * Contributed by Open Web Technologies <http://openwebtech.ru/>
- */
-
-/**
- * Import the interface for creating a new store class.
- */
-require_once 'Auth/OpenID/Interface.php';
-
-/**
- * This is a memcached-based store for OpenID associations and
- * nonces.
- *
- * As memcache has limit of 250 chars for key length,
- * server_url, handle and salt are hashed with sha1().
- *
- * Most of the methods of this class are implementation details.
- * People wishing to just use this store need only pay attention to
- * the constructor.
- *
- * @package OpenID
- */
-class Auth_OpenID_MemcachedStore extends Auth_OpenID_OpenIDStore {
-
- /**
- * Initializes a new {@link Auth_OpenID_MemcachedStore} instance.
- * Just saves memcached object as property.
- *
- * @param resource connection Memcache connection resourse
- */
- function Auth_OpenID_MemcachedStore($connection, $compress = false)
- {
- $this->connection = $connection;
- $this->compress = $compress ? MEMCACHE_COMPRESSED : 0;
- }
-
- /**
- * Store association until its expiration time in memcached.
- * Overwrites any existing association with same server_url and
- * handle. Handles list of associations for every server.
- */
- function storeAssociation($server_url, $association)
- {
- // create memcached keys for association itself
- // and list of associations for this server
- $associationKey = $this->associationKey($server_url,
- $association->handle);
- $serverKey = $this->associationServerKey($server_url);
-
- // get list of associations
- $serverAssociations = $this->connection->get($serverKey);
-
- // if no such list, initialize it with empty array
- if (!$serverAssociations) {
- $serverAssociations = array();
- }
- // and store given association key in it
- $serverAssociations[$association->issued] = $associationKey;
-
- // save associations' keys list
- $this->connection->set(
- $serverKey,
- $serverAssociations,
- $this->compress
- );
- // save association itself
- $this->connection->set(
- $associationKey,
- $association,
- $this->compress,
- $association->issued + $association->lifetime);
- }
-
- /**
- * Read association from memcached. If no handle given
- * and multiple associations found, returns latest issued
- */
- function getAssociation($server_url, $handle = null)
- {
- // simple case: handle given
- if ($handle !== null) {
- // get association, return null if failed
- $association = $this->connection->get(
- $this->associationKey($server_url, $handle));
- return $association ? $association : null;
- }
-
- // no handle given, working with list
- // create key for list of associations
- $serverKey = $this->associationServerKey($server_url);
-
- // get list of associations
- $serverAssociations = $this->connection->get($serverKey);
- // return null if failed or got empty list
- if (!$serverAssociations) {
- return null;
- }
-
- // get key of most recently issued association
- $keys = array_keys($serverAssociations);
- sort($keys);
- $lastKey = $serverAssociations[array_pop($keys)];
-
- // get association, return null if failed
- $association = $this->connection->get($lastKey);
- return $association ? $association : null;
- }
-
- /**
- * Immediately delete association from memcache.
- */
- function removeAssociation($server_url, $handle)
- {
- // create memcached keys for association itself
- // and list of associations for this server
- $serverKey = $this->associationServerKey($server_url);
- $associationKey = $this->associationKey($server_url,
- $handle);
-
- // get list of associations
- $serverAssociations = $this->connection->get($serverKey);
- // return null if failed or got empty list
- if (!$serverAssociations) {
- return false;
- }
-
- // ensure that given association key exists in list
- $serverAssociations = array_flip($serverAssociations);
- if (!array_key_exists($associationKey, $serverAssociations)) {
- return false;
- }
-
- // remove given association key from list
- unset($serverAssociations[$associationKey]);
- $serverAssociations = array_flip($serverAssociations);
-
- // save updated list
- $this->connection->set(
- $serverKey,
- $serverAssociations,
- $this->compress
- );
-
- // delete association
- return $this->connection->delete($associationKey);
- }
-
- /**
- * Create nonce for server and salt, expiring after
- * $Auth_OpenID_SKEW seconds.
- */
- function useNonce($server_url, $timestamp, $salt)
- {
- global $Auth_OpenID_SKEW;
-
- // save one request to memcache when nonce obviously expired
- if (abs($timestamp - time()) > $Auth_OpenID_SKEW) {
- return false;
- }
-
- // returns false when nonce already exists
- // otherwise adds nonce
- return $this->connection->add(
- 'openid_nonce_' . sha1($server_url) . '_' . sha1($salt),
- 1, // any value here
- $this->compress,
- $Auth_OpenID_SKEW);
- }
-
- /**
- * Memcache key is prefixed with 'openid_association_' string.
- */
- function associationKey($server_url, $handle = null)
- {
- return 'openid_association_' . sha1($server_url) . '_' . sha1($handle);
- }
-
- /**
- * Memcache key is prefixed with 'openid_association_' string.
- */
- function associationServerKey($server_url)
- {
- return 'openid_association_server_' . sha1($server_url);
- }
-
- /**
- * Report that this storage doesn't support cleanup
- */
- function supportsCleanup()
- {
- return false;
- }
-}
-
-
--- a/lib/openid-php/Auth/OpenID/Message.php
+++ /dev/null
@@ -1,921 +1,1 @@
-<?php
-/**
- * Extension argument processing code
- *
- * @package OpenID
- */
-
-/**
- * Import tools needed to deal with messages.
- */
-require_once 'Auth/OpenID.php';
-require_once 'Auth/OpenID/KVForm.php';
-require_once 'Auth/Yadis/XML.php';
-require_once 'Auth/OpenID/Consumer.php'; // For Auth_OpenID_FailureResponse
-
-// This doesn't REALLY belong here, but where is better?
-define('Auth_OpenID_IDENTIFIER_SELECT',
- "http://specs.openid.net/auth/2.0/identifier_select");
-
-// URI for Simple Registration extension, the only commonly deployed
-// OpenID 1.x extension, and so a special case
-define('Auth_OpenID_SREG_URI', 'http://openid.net/sreg/1.0');
-
-// The OpenID 1.X namespace URI
-define('Auth_OpenID_OPENID1_NS', 'http://openid.net/signon/1.0');
-define('Auth_OpenID_THE_OTHER_OPENID1_NS', 'http://openid.net/signon/1.1');
-
-function Auth_OpenID_isOpenID1($ns)
-{
- return ($ns == Auth_OpenID_THE_OTHER_OPENID1_NS) ||
- ($ns == Auth_OpenID_OPENID1_NS);
-}
-
-// The OpenID 2.0 namespace URI
-define('Auth_OpenID_OPENID2_NS', 'http://specs.openid.net/auth/2.0');
-
-// The namespace consisting of pairs with keys that are prefixed with
-// "openid." but not in another namespace.
-define('Auth_OpenID_NULL_NAMESPACE', 'Null namespace');
-
-// The null namespace, when it is an allowed OpenID namespace
-define('Auth_OpenID_OPENID_NS', 'OpenID namespace');
-
-// The top-level namespace, excluding all pairs with keys that start
-// with "openid."
-define('Auth_OpenID_BARE_NS', 'Bare namespace');
-
-// Sentinel for Message implementation to indicate that getArg should
-// return null instead of returning a default.
-define('Auth_OpenID_NO_DEFAULT', 'NO DEFAULT ALLOWED');
-
-// Limit, in bytes, of identity provider and return_to URLs, including
-// response payload. See OpenID 1.1 specification, Appendix D.
-define('Auth_OpenID_OPENID1_URL_LIMIT', 2047);
-
-// All OpenID protocol fields. Used to check namespace aliases.
-global $Auth_OpenID_OPENID_PROTOCOL_FIELDS;
-$Auth_OpenID_OPENID_PROTOCOL_FIELDS = array(
- 'ns', 'mode', 'error', 'return_to', 'contact', 'reference',
- 'signed', 'assoc_type', 'session_type', 'dh_modulus', 'dh_gen',
- 'dh_consumer_public', 'claimed_id', 'identity', 'realm',
- 'invalidate_handle', 'op_endpoint', 'response_nonce', 'sig',
- 'assoc_handle', 'trust_root', 'openid');
-
-// Global namespace / alias registration map. See
-// Auth_OpenID_registerNamespaceAlias.
-global $Auth_OpenID_registered_aliases;
-$Auth_OpenID_registered_aliases = array();
-
-/**
- * Registers a (namespace URI, alias) mapping in a global namespace
- * alias map. Raises NamespaceAliasRegistrationError if either the
- * namespace URI or alias has already been registered with a different
- * value. This function is required if you want to use a namespace
- * with an OpenID 1 message.
- */
-function Auth_OpenID_registerNamespaceAlias($namespace_uri, $alias)
-{
- global $Auth_OpenID_registered_aliases;
-
- if (Auth_OpenID::arrayGet($Auth_OpenID_registered_aliases,
- $alias) == $namespace_uri) {
- return true;
- }
-
- if (in_array($namespace_uri,
- array_values($Auth_OpenID_registered_aliases))) {
- return false;
- }
-
- if (in_array($alias, array_keys($Auth_OpenID_registered_aliases))) {
- return false;
- }
-
- $Auth_OpenID_registered_aliases[$alias] = $namespace_uri;
- return true;
-}
-
-/**
- * Removes a (namespace_uri, alias) registration from the global
- * namespace alias map. Returns true if the removal succeeded; false
- * if not (if the mapping did not exist).
- */
-function Auth_OpenID_removeNamespaceAlias($namespace_uri, $alias)
-{
- global $Auth_OpenID_registered_aliases;
-
- if (Auth_OpenID::arrayGet($Auth_OpenID_registered_aliases,
- $alias) === $namespace_uri) {
- unset($Auth_OpenID_registered_aliases[$alias]);
- return true;
- }
-
- return false;
-}
-
-/**
- * An Auth_OpenID_Mapping maintains a mapping from arbitrary keys to
- * arbitrary values. (This is unlike an ordinary PHP array, whose
- * keys may be only simple scalars.)
- *
- * @package OpenID
- */
-class Auth_OpenID_Mapping {
- /**
- * Initialize a mapping. If $classic_array is specified, its keys
- * and values are used to populate the mapping.
- */
- function Auth_OpenID_Mapping($classic_array = null)
- {
- $this->keys = array();
- $this->values = array();
-
- if (is_array($classic_array)) {
- foreach ($classic_array as $key => $value) {
- $this->set($key, $value);
- }
- }
- }
-
- /**
- * Returns true if $thing is an Auth_OpenID_Mapping object; false
- * if not.
- */
- static function isA($thing)
- {
- return (is_object($thing) &&
- strtolower(get_class($thing)) == 'auth_openid_mapping');
- }
-
- /**
- * Returns an array of the keys in the mapping.
- */
- function keys()
- {
- return $this->keys;
- }
-
- /**
- * Returns an array of values in the mapping.
- */
- function values()
- {
- return $this->values;
- }
-
- /**
- * Returns an array of (key, value) pairs in the mapping.
- */
- function items()
- {
- $temp = array();
-
- for ($i = 0; $i < count($this->keys); $i++) {
- $temp[] = array($this->keys[$i],
- $this->values[$i]);
- }
- return $temp;
- }
-
- /**
- * Returns the "length" of the mapping, or the number of keys.
- */
- function len()
- {
- return count($this->keys);
- }
-
- /**
- * Sets a key-value pair in the mapping. If the key already
- * exists, its value is replaced with the new value.
- */
- function set($key, $value)
- {
- $index = array_search($key, $this->keys);
-
- if ($index !== false) {
- $this->values[$index] = $value;
- } else {
- $this->keys[] = $key;
- $this->values[] = $value;
- }
- }
-
- /**
- * Gets a specified value from the mapping, associated with the
- * specified key. If the key does not exist in the mapping,
- * $default is returned instead.
- */
- function get($key, $default = null)
- {
- $index = array_search($key, $this->keys);
-
- if ($index !== false) {
- return $this->values[$index];
- } else {
- return $default;
- }
- }
-
- /**
- * @access private
- */
- function _reflow()
- {
- // PHP is broken yet again. Sort the arrays to remove the
- // hole in the numeric indexes that make up the array.
- $old_keys = $this->keys;
- $old_values = $this->values;
-
- $this->keys = array();
- $this->values = array();
-
- foreach ($old_keys as $k) {
- $this->keys[] = $k;
- }
-
- foreach ($old_values as $v) {
- $this->values[] = $v;
- }
- }
-
- /**
- * Deletes a key-value pair from the mapping with the specified
- * key.
- */
- function del($key)
- {
- $index = array_search($key, $this->keys);
-
- if ($index !== false) {
- unset($this->keys[$index]);
- unset($this->values[$index]);
- $this->_reflow();
- return true;
- }
- return false;
- }
-
- /**
- * Returns true if the specified value has a key in the mapping;
- * false if not.
- */
- function contains($value)
- {
- return (array_search($value, $this->keys) !== false);
- }
-}
-
-/**
- * Maintains a bijective map between namespace uris and aliases.
- *
- * @package OpenID
- */
-class Auth_OpenID_NamespaceMap {
- function Auth_OpenID_NamespaceMap()
- {
- $this->alias_to_namespace = new Auth_OpenID_Mapping();
- $this->namespace_to_alias = new Auth_OpenID_Mapping();
- $this->implicit_namespaces = array();
- }
-
- function getAlias($namespace_uri)
- {
- return $this->namespace_to_alias->get($namespace_uri);
- }
-
- function getNamespaceURI($alias)
- {
- return $this->alias_to_namespace->get($alias);
- }
-
- function iterNamespaceURIs()
- {
- // Return an iterator over the namespace URIs
- return $this->namespace_to_alias->keys();
- }
-
- function iterAliases()
- {
- // Return an iterator over the aliases"""
- return $this->alias_to_namespace->keys();
- }
-
- function iteritems()
- {
- return $this->namespace_to_alias->items();
- }
-
- function isImplicit($namespace_uri)
- {
- return in_array($namespace_uri, $this->implicit_namespaces);
- }
-
- function addAlias($namespace_uri, $desired_alias, $implicit=false)
- {
- // Add an alias from this namespace URI to the desired alias
- global $Auth_OpenID_OPENID_PROTOCOL_FIELDS;
-
- // Check that desired_alias is not an openid protocol field as
- // per the spec.
- if (in_array($desired_alias, $Auth_OpenID_OPENID_PROTOCOL_FIELDS)) {
- Auth_OpenID::log("\"%s\" is not an allowed namespace alias",
- $desired_alias);
- return null;
- }
-
- // Check that desired_alias does not contain a period as per
- // the spec.
- if (strpos($desired_alias, '.') !== false) {
- Auth_OpenID::log('"%s" must not contain a dot', $desired_alias);
- return null;
- }
-
- // Check that there is not a namespace already defined for the
- // desired alias
- $current_namespace_uri =
- $this->alias_to_namespace->get($desired_alias);
-
- if (($current_namespace_uri !== null) &&
- ($current_namespace_uri != $namespace_uri)) {
- Auth_OpenID::log('Cannot map "%s" because previous mapping exists',
- $namespace_uri);
- return null;
- }
-
- // Check that there is not already a (different) alias for
- // this namespace URI
- $alias = $this->namespace_to_alias->get($namespace_uri);
-
- if (($alias !== null) && ($alias != $desired_alias)) {
- Auth_OpenID::log('Cannot map %s to alias %s. ' .
- 'It is already mapped to alias %s',
- $namespace_uri, $desired_alias, $alias);
- return null;
- }
-
- assert((Auth_OpenID_NULL_NAMESPACE === $desired_alias) ||
- is_string($desired_alias));
-
- $this->alias_to_namespace->set($desired_alias, $namespace_uri);
- $this->namespace_to_alias->set($namespace_uri, $desired_alias);
- if ($implicit) {
- array_push($this->implicit_namespaces, $namespace_uri);
- }
-
- return $desired_alias;
- }
-
- function add($namespace_uri)
- {
- // Add this namespace URI to the mapping, without caring what
- // alias it ends up with
-
- // See if this namespace is already mapped to an alias
- $alias = $this->namespace_to_alias->get($namespace_uri);
-
- if ($alias !== null) {
- return $alias;
- }
-
- // Fall back to generating a numerical alias
- $i = 0;
- while (1) {
- $alias = 'ext' . strval($i);
- if ($this->addAlias($namespace_uri, $alias) === null) {
- $i += 1;
- } else {
- return $alias;
- }
- }
-
- // Should NEVER be reached!
- return null;
- }
-
- function contains($namespace_uri)
- {
- return $this->isDefined($namespace_uri);
- }
-
- function isDefined($namespace_uri)
- {
- return $this->namespace_to_alias->contains($namespace_uri);
- }
-}
-
-/**
- * In the implementation of this object, null represents the global
- * namespace as well as a namespace with no key.
- *
- * @package OpenID
- */
-class Auth_OpenID_Message {
-
- function Auth_OpenID_Message($openid_namespace = null)
- {
- // Create an empty Message
- $this->allowed_openid_namespaces = array(
- Auth_OpenID_OPENID1_NS,
- Auth_OpenID_THE_OTHER_OPENID1_NS,
- Auth_OpenID_OPENID2_NS);
-
- $this->args = new Auth_OpenID_Mapping();
- $this->namespaces = new Auth_OpenID_NamespaceMap();
- if ($openid_namespace === null) {
- $this->_openid_ns_uri = null;
- } else {
- $implicit = Auth_OpenID_isOpenID1($openid_namespace);
- $this->setOpenIDNamespace($openid_namespace, $implicit);
- }
- }
-
- function isOpenID1()
- {
- return Auth_OpenID_isOpenID1($this->getOpenIDNamespace());
- }
-
- function isOpenID2()
- {
- return $this->getOpenIDNamespace() == Auth_OpenID_OPENID2_NS;
- }
-
- static function fromPostArgs($args)
- {
- // Construct a Message containing a set of POST arguments
- $obj = new Auth_OpenID_Message();
-
- // Partition into "openid." args and bare args
- $openid_args = array();
- foreach ($args as $key => $value) {
-
- if (is_array($value)) {
- return null;
- }
-
- $parts = explode('.', $key, 2);
-
- if (count($parts) == 2) {
- list($prefix, $rest) = $parts;
- } else {
- $prefix = null;
- }
-
- if ($prefix != 'openid') {
- $obj->args->set(array(Auth_OpenID_BARE_NS, $key), $value);
- } else {
- $openid_args[$rest] = $value;
- }
- }
-
- if ($obj->_fromOpenIDArgs($openid_args)) {
- return $obj;
- } else {
- return null;
- }
- }
-
- static function fromOpenIDArgs($openid_args)
- {
- // Takes an array.
-
- // Construct a Message from a parsed KVForm message
- $obj = new Auth_OpenID_Message();
- if ($obj->_fromOpenIDArgs($openid_args)) {
- return $obj;
- } else {
- return null;
- }
- }
-
- /**
- * @access private
- */
- function _fromOpenIDArgs($openid_args)
- {
- global $Auth_OpenID_registered_aliases;
-
- // Takes an Auth_OpenID_Mapping instance OR an array.
-
- if (!Auth_OpenID_Mapping::isA($openid_args)) {
- $openid_args = new Auth_OpenID_Mapping($openid_args);
- }
-
- $ns_args = array();
-
- // Resolve namespaces
- foreach ($openid_args->items() as $pair) {
- list($rest, $value) = $pair;
-
- $parts = explode('.', $rest, 2);
-
- if (count($parts) == 2) {
- list($ns_alias, $ns_key) = $parts;
- } else {
- $ns_alias = Auth_OpenID_NULL_NAMESPACE;
- $ns_key = $rest;
- }
-
- if ($ns_alias == 'ns') {
- if ($this->namespaces->addAlias($value, $ns_key) === null) {
- return false;
- }
- } else if (($ns_alias == Auth_OpenID_NULL_NAMESPACE) &&
- ($ns_key == 'ns')) {
- // null namespace
- if ($this->setOpenIDNamespace($value, false) === false) {
- return false;
- }
- } else {
- $ns_args[] = array($ns_alias, $ns_key, $value);
- }
- }
-
- if (!$this->getOpenIDNamespace()) {
- if ($this->setOpenIDNamespace(Auth_OpenID_OPENID1_NS, true) ===
- false) {
- return false;
- }
- }
-
- // Actually put the pairs into the appropriate namespaces
- foreach ($ns_args as $triple) {
- list($ns_alias, $ns_key, $value) = $triple;
- $ns_uri = $this->namespaces->getNamespaceURI($ns_alias);
- if ($ns_uri === null) {
- $ns_uri = $this->_getDefaultNamespace($ns_alias);
- if ($ns_uri === null) {
-
- $ns_uri = Auth_OpenID_OPENID_NS;
- $ns_key = sprintf('%s.%s', $ns_alias, $ns_key);
- } else {
- $this->namespaces->addAlias($ns_uri, $ns_alias, true);
- }
- }
-
- $this->setArg($ns_uri, $ns_key, $value);
- }
-
- return true;
- }
-
- function _getDefaultNamespace($mystery_alias)
- {
- global $Auth_OpenID_registered_aliases;
- if ($this->isOpenID1()) {
- return @$Auth_OpenID_registered_aliases[$mystery_alias];
- }
- return null;
- }
-
- function setOpenIDNamespace($openid_ns_uri, $implicit)
- {
- if (!in_array($openid_ns_uri, $this->allowed_openid_namespaces)) {
- Auth_OpenID::log('Invalid null namespace: "%s"', $openid_ns_uri);
- return false;
- }
-
- $succeeded = $this->namespaces->addAlias($openid_ns_uri,
- Auth_OpenID_NULL_NAMESPACE,
- $implicit);
- if ($succeeded === false) {
- return false;
- }
-
- $this->_openid_ns_uri = $openid_ns_uri;
-
- return true;
- }
-
- function getOpenIDNamespace()
- {
- return $this->_openid_ns_uri;
- }
-
- static function fromKVForm($kvform_string)
- {
- // Create a Message from a KVForm string
- return Auth_OpenID_Message::fromOpenIDArgs(
- Auth_OpenID_KVForm::toArray($kvform_string));
- }
-
- function copy()
- {
- return $this;
- }
-
- function toPostArgs()
- {
- // Return all arguments with openid. in front of namespaced
- // arguments.
-
- $args = array();
-
- // Add namespace definitions to the output
- foreach ($this->namespaces->iteritems() as $pair) {
- list($ns_uri, $alias) = $pair;
- if ($this->namespaces->isImplicit($ns_uri)) {
- continue;
- }
- if ($alias == Auth_OpenID_NULL_NAMESPACE) {
- $ns_key = 'openid.ns';
- } else {
- $ns_key = 'openid.ns.' . $alias;
- }
- $args[$ns_key] = $ns_uri;
- }
-
- foreach ($this->args->items() as $pair) {
- list($ns_parts, $value) = $pair;
- list($ns_uri, $ns_key) = $ns_parts;
- $key = $this->getKey($ns_uri, $ns_key);
- $args[$key] = $value;
- }
-
- return $args;
- }
-
- function toArgs()
- {
- // Return all namespaced arguments, failing if any
- // non-namespaced arguments exist.
- $post_args = $this->toPostArgs();
- $kvargs = array();
- foreach ($post_args as $k => $v) {
- if (strpos($k, 'openid.') !== 0) {
- // raise ValueError(
- // 'This message can only be encoded as a POST, because it '
- // 'contains arguments that are not prefixed with "openid."')
- return null;
- } else {
- $kvargs[substr($k, 7)] = $v;
- }
- }
-
- return $kvargs;
- }
-
- function toFormMarkup($action_url, $form_tag_attrs = null,
- $submit_text = "Continue")
- {
- $form = "<form accept-charset=\"UTF-8\" ".
- "enctype=\"application/x-www-form-urlencoded\"";
-
- if (!$form_tag_attrs) {
- $form_tag_attrs = array();
- }
-
- $form_tag_attrs['action'] = $action_url;
- $form_tag_attrs['method'] = 'post';
-
- unset($form_tag_attrs['enctype']);
- unset($form_tag_attrs['accept-charset']);
-
- if ($form_tag_attrs) {
- foreach ($form_tag_attrs as $name => $attr) {
- $form .= sprintf(" %s=\"%s\"", $name, $attr);
- }
- }
-
- $form .= ">\n";
-
- foreach ($this->toPostArgs() as $name => $value) {
- $form .= sprintf(
- "<input type=\"hidden\" name=\"%s\" value=\"%s\" />\n",
- $name, urldecode($value));
- }
-
- $form .= sprintf("<input type=\"submit\" value=\"%s\" />\n",
- $submit_text);
-
- $form .= "</form>\n";
-
- return $form;
- }
-
- function toURL($base_url)
- {
- // Generate a GET URL with the parameters in this message
- // attached as query parameters.
- return Auth_OpenID::appendArgs($base_url, $this->toPostArgs());
- }
-
- function toKVForm()
- {
- // Generate a KVForm string that contains the parameters in
- // this message. This will fail if the message contains
- // arguments outside of the 'openid.' prefix.
- return Auth_OpenID_KVForm::fromArray($this->toArgs());
- }
-
- function toURLEncoded()
- {
- // Generate an x-www-urlencoded string
- $args = array();
-
- foreach ($this->toPostArgs() as $k => $v) {
- $args[] = array($k, $v);
- }
-
- sort($args);
- return Auth_OpenID::httpBuildQuery($args);
- }
-
- /**
- * @access private
- */
- function _fixNS($namespace)
- {
- // Convert an input value into the internally used values of
- // this object
-
- if ($namespace == Auth_OpenID_OPENID_NS) {
- if ($this->_openid_ns_uri === null) {
- return new Auth_OpenID_FailureResponse(null,
- 'OpenID namespace not set');
- } else {
- $namespace = $this->_openid_ns_uri;
- }
- }
-
- if (($namespace != Auth_OpenID_BARE_NS) &&
- (!is_string($namespace))) {
- //TypeError
- $err_msg = sprintf("Namespace must be Auth_OpenID_BARE_NS, ".
- "Auth_OpenID_OPENID_NS or a string. got %s",
- print_r($namespace, true));
- return new Auth_OpenID_FailureResponse(null, $err_msg);
- }
-
- if (($namespace != Auth_OpenID_BARE_NS) &&
- (strpos($namespace, ':') === false)) {
- // fmt = 'OpenID 2.0 namespace identifiers SHOULD be URIs. Got %r'
- // warnings.warn(fmt % (namespace,), DeprecationWarning)
-
- if ($namespace == 'sreg') {
- // fmt = 'Using %r instead of "sreg" as namespace'
- // warnings.warn(fmt % (SREG_URI,), DeprecationWarning,)
- return Auth_OpenID_SREG_URI;
- }
- }
-
- return $namespace;
- }
-
- function hasKey($namespace, $ns_key)
- {
- $namespace = $this->_fixNS($namespace);
- if (Auth_OpenID::isFailure($namespace)) {
- // XXX log me
- return false;
- } else {
- return $this->args->contains(array($namespace, $ns_key));
- }
- }
-
- function getKey($namespace, $ns_key)
- {
- // Get the key for a particular namespaced argument
- $namespace = $this->_fixNS($namespace);
- if (Auth_OpenID::isFailure($namespace)) {
- return $namespace;
- }
- if ($namespace == Auth_OpenID_BARE_NS) {
- return $ns_key;
- }
-
- $ns_alias = $this->namespaces->getAlias($namespace);
-
- // No alias is defined, so no key can exist
- if ($ns_alias === null) {
- return null;
- }
-
- if ($ns_alias == Auth_OpenID_NULL_NAMESPACE) {
- $tail = $ns_key;
- } else {
- $tail = sprintf('%s.%s', $ns_alias, $ns_key);
- }
-
- return 'openid.' . $tail;
- }
-
- function getArg($namespace, $key, $default = null)
- {
- // Get a value for a namespaced key.
- $namespace = $this->_fixNS($namespace);
-
- if (Auth_OpenID::isFailure($namespace)) {
- return $namespace;
- } else {
- if ((!$this->args->contains(array($namespace, $key))) &&
- ($default == Auth_OpenID_NO_DEFAULT)) {
- $err_msg = sprintf("Namespace %s missing required field %s",
- $namespace, $key);
- return new Auth_OpenID_FailureResponse(null, $err_msg);
- } else {
- return $this->args->get(array($namespace, $key), $default);
- }
- }
- }
-
- function getArgs($namespace)
- {
- // Get the arguments that are defined for this namespace URI
-
- $namespace = $this->_fixNS($namespace);
- if (Auth_OpenID::isFailure($namespace)) {
- return $namespace;
- } else {
- $stuff = array();
- foreach ($this->args->items() as $pair) {
- list($key, $value) = $pair;
- list($pair_ns, $ns_key) = $key;
- if ($pair_ns == $namespace) {
- $stuff[$ns_key] = $value;
- }
- }
-
- return $stuff;
- }
- }
-
- function updateArgs($namespace, $updates)
- {
- // Set multiple key/value pairs in one call
-
- $namespace = $this->_fixNS($namespace);
-
- if (Auth_OpenID::isFailure($namespace)) {
- return $namespace;
- } else {
- foreach ($updates as $k => $v) {
- $this->setArg($namespace, $k, $v);
- }
- return true;
- }
- }
-
- function setArg($namespace, $key, $value)
- {
- // Set a single argument in this namespace
- $namespace = $this->_fixNS($namespace);
-
- if (Auth_OpenID::isFailure($namespace)) {
- return $namespace;
- } else {
- $this->args->set(array($namespace, $key), $value);
- if ($namespace !== Auth_OpenID_BARE_NS) {
- $this->namespaces->add($namespace);
- }
- return true;
- }
- }
-
- function delArg($namespace, $key)
- {
- $namespace = $this->_fixNS($namespace);
-
- if (Auth_OpenID::isFailure($namespace)) {
- return $namespace;
- } else {
- return $this->args->del(array($namespace, $key));
- }
- }
-
- function getAliasedArg($aliased_key, $default = null)
- {
- if ($aliased_key == 'ns') {
- // Return the namespace URI for the OpenID namespace
- return $this->getOpenIDNamespace();
- }
-
- $parts = explode('.', $aliased_key, 2);
-
- if (count($parts) != 2) {
- $ns = null;
- } else {
- list($alias, $key) = $parts;
-
- if ($alias == 'ns') {
- // Return the namespace URI for a namespace alias
- // parameter.
- return $this->namespaces->getNamespaceURI($key);
- } else {
- $ns = $this->namespaces->getNamespaceURI($alias);
- }
- }
-
- if ($ns === null) {
- $key = $aliased_key;
- $ns = $this->getOpenIDNamespace();
- }
-
- return $this->getArg($ns, $key, $default);
- }
-}
-
-
-
--- a/lib/openid-php/Auth/OpenID/MySQLStore.php
+++ /dev/null
@@ -1,78 +1,1 @@
-<?php
-/**
- * A MySQL store.
- *
- * @package OpenID
- */
-
-/**
- * Require the base class file.
- */
-require_once "Auth/OpenID/SQLStore.php";
-
-/**
- * An SQL store that uses MySQL as its backend.
- *
- * @package OpenID
- */
-class Auth_OpenID_MySQLStore extends Auth_OpenID_SQLStore {
- /**
- * @access private
- */
- function setSQL()
- {
- $this->sql['nonce_table'] =
- "CREATE TABLE %s (\n".
- " server_url VARCHAR(2047) NOT NULL,\n".
- " timestamp INTEGER NOT NULL,\n".
- " salt CHAR(40) NOT NULL,\n".
- " UNIQUE (server_url(255), timestamp, salt)\n".
- ") ENGINE=InnoDB";
-
- $this->sql['assoc_table'] =
- "CREATE TABLE %s (\n".
- " server_url BLOB NOT NULL,\n".
- " handle VARCHAR(255) NOT NULL,\n".
- " secret BLOB NOT NULL,\n".
- " issued INTEGER NOT NULL,\n".
- " lifetime INTEGER NOT NULL,\n".
- " assoc_type VARCHAR(64) NOT NULL,\n".
- " PRIMARY KEY (server_url(255), handle)\n".
- ") ENGINE=InnoDB";
-
- $this->sql['set_assoc'] =
- "REPLACE INTO %s (server_url, handle, secret, issued,\n".
- " lifetime, assoc_type) VALUES (?, ?, !, ?, ?, ?)";
-
- $this->sql['get_assocs'] =
- "SELECT handle, secret, issued, lifetime, assoc_type FROM %s ".
- "WHERE server_url = ?";
-
- $this->sql['get_assoc'] =
- "SELECT handle, secret, issued, lifetime, assoc_type FROM %s ".
- "WHERE server_url = ? AND handle = ?";
-
- $this->sql['remove_assoc'] =
- "DELETE FROM %s WHERE server_url = ? AND handle = ?";
-
- $this->sql['add_nonce'] =
- "INSERT INTO %s (server_url, timestamp, salt) VALUES (?, ?, ?)";
-
- $this->sql['clean_nonce'] =
- "DELETE FROM %s WHERE timestamp < ?";
-
- $this->sql['clean_assoc'] =
- "DELETE FROM %s WHERE issued + lifetime < ?";
- }
-
- /**
- * @access private
- */
- function blobEncode($blob)
- {
- return "0x" . bin2hex($blob);
- }
-}
-
-
--- a/lib/openid-php/Auth/OpenID/Nonce.php
+++ /dev/null
@@ -1,109 +1,1 @@
-<?php
-/**
- * Nonce-related functionality.
- *
- * @package OpenID
- */
-
-/**
- * Need CryptUtil to generate random strings.
- */
-require_once 'Auth/OpenID/CryptUtil.php';
-
-/**
- * This is the characters that the nonces are made from.
- */
-define('Auth_OpenID_Nonce_CHRS',"abcdefghijklmnopqrstuvwxyz" .
- "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789");
-
-// Keep nonces for five hours (allow five hours for the combination of
-// request time and clock skew). This is probably way more than is
-// necessary, but there is not much overhead in storing nonces.
-global $Auth_OpenID_SKEW;
-$Auth_OpenID_SKEW = 60 * 60 * 5;
-
-define('Auth_OpenID_Nonce_REGEX',
- '/(\d{4})-(\d\d)-(\d\d)T(\d\d):(\d\d):(\d\d)Z(.*)/');
-
-define('Auth_OpenID_Nonce_TIME_FMT',
- '%Y-%m-%dT%H:%M:%SZ');
-
-function Auth_OpenID_splitNonce($nonce_string)
-{
- // Extract a timestamp from the given nonce string
- $result = preg_match(Auth_OpenID_Nonce_REGEX, $nonce_string, $matches);
- if ($result != 1 || count($matches) != 8) {
- return null;
- }
-
- list($unused,
- $tm_year,
- $tm_mon,
- $tm_mday,
- $tm_hour,
- $tm_min,
- $tm_sec,
- $uniquifier) = $matches;
-
- $timestamp =
- @gmmktime($tm_hour, $tm_min, $tm_sec, $tm_mon, $tm_mday, $tm_year);
-
- if ($timestamp === false || $timestamp < 0) {
- return null;
- }
-
- return array($timestamp, $uniquifier);
-}
-
-function Auth_OpenID_checkTimestamp($nonce_string,
- $allowed_skew = null,
- $now = null)
-{
- // Is the timestamp that is part of the specified nonce string
- // within the allowed clock-skew of the current time?
- global $Auth_OpenID_SKEW;
-
- if ($allowed_skew === null) {
- $allowed_skew = $Auth_OpenID_SKEW;
- }
-
- $parts = Auth_OpenID_splitNonce($nonce_string);
- if ($parts == null) {
- return false;
- }
-
- if ($now === null) {
- $now = time();
- }
-
- $stamp = $parts[0];
-
- // Time after which we should not use the nonce
- $past = $now - $allowed_skew;
-
- // Time that is too far in the future for us to allow
- $future = $now + $allowed_skew;
-
- // the stamp is not too far in the future and is not too far
- // in the past
- return (($past <= $stamp) && ($stamp <= $future));
-}
-
-function Auth_OpenID_mkNonce($when = null)
-{
- // Generate a nonce with the current timestamp
- $salt = Auth_OpenID_CryptUtil::randomString(
- 6, Auth_OpenID_Nonce_CHRS);
- if ($when === null) {
- // It's safe to call time() with no arguments; it returns a
- // GMT unix timestamp on PHP 4 and PHP 5. gmmktime() with no
- // args returns a local unix timestamp on PHP 4, so don't use
- // that.
- $when = time();
- }
- $time_str = gmstrftime(Auth_OpenID_Nonce_TIME_FMT, $when);
- return $time_str . $salt;
-}
-
-
--- a/lib/openid-php/Auth/OpenID/PAPE.php
+++ /dev/null
@@ -1,301 +1,1 @@
-<?php
-/**
- * An implementation of the OpenID Provider Authentication Policy
- * Extension 1.0
- *
- * See:
- * http://openid.net/developers/specs/
- */
-
-require_once "Auth/OpenID/Extension.php";
-
-define('Auth_OpenID_PAPE_NS_URI',
- "http://specs.openid.net/extensions/pape/1.0");
-
-define('PAPE_AUTH_MULTI_FACTOR_PHYSICAL',
- 'http://schemas.openid.net/pape/policies/2007/06/multi-factor-physical');
-define('PAPE_AUTH_MULTI_FACTOR',
- 'http://schemas.openid.net/pape/policies/2007/06/multi-factor');
-define('PAPE_AUTH_PHISHING_RESISTANT',
- 'http://schemas.openid.net/pape/policies/2007/06/phishing-resistant');
-
-define('PAPE_TIME_VALIDATOR',
- '/^[0-9]{4,4}-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z$/');
-/**
- * A Provider Authentication Policy request, sent from a relying party
- * to a provider
- *
- * preferred_auth_policies: The authentication policies that
- * the relying party prefers
- *
- * max_auth_age: The maximum time, in seconds, that the relying party
- * wants to allow to have elapsed before the user must re-authenticate
- */
-class Auth_OpenID_PAPE_Request extends Auth_OpenID_Extension {
-
- var $ns_alias = 'pape';
- var $ns_uri = Auth_OpenID_PAPE_NS_URI;
-
- function Auth_OpenID_PAPE_Request($preferred_auth_policies=null,
- $max_auth_age=null)
- {
- if ($preferred_auth_policies === null) {
- $preferred_auth_policies = array();
- }
-
- $this->preferred_auth_policies = $preferred_auth_policies;
- $this->max_auth_age = $max_auth_age;
- }
-
- /**
- * Add an acceptable authentication policy URI to this request
- *
- * This method is intended to be used by the relying party to add
- * acceptable authentication types to the request.
- *
- * policy_uri: The identifier for the preferred type of
- * authentication.
- */
- function addPolicyURI($policy_uri)
- {
- if (!in_array($policy_uri, $this->preferred_auth_policies)) {
- $this->preferred_auth_policies[] = $policy_uri;
- }
- }
-
- function getExtensionArgs()
- {
- $ns_args = array(
- 'preferred_auth_policies' =>
- implode(' ', $this->preferred_auth_policies)
- );
-
- if ($this->max_auth_age !== null) {
- $ns_args['max_auth_age'] = strval($this->max_auth_age);
- }
-
- return $ns_args;
- }
-
- /**
- * Instantiate a Request object from the arguments in a checkid_*
- * OpenID message
- */
- static function fromOpenIDRequest($request)
- {
- $obj = new Auth_OpenID_PAPE_Request();
- $args = $request->message->getArgs(Auth_OpenID_PAPE_NS_URI);
-
- if ($args === null || $args === array()) {
- return null;
- }
-
- $obj->parseExtensionArgs($args);
- return $obj;
- }
-
- /**
- * Set the state of this request to be that expressed in these
- * PAPE arguments
- *
- * @param args: The PAPE arguments without a namespace
- */
- function parseExtensionArgs($args)
- {
- // preferred_auth_policies is a space-separated list of policy
- // URIs
- $this->preferred_auth_policies = array();
-
- $policies_str = Auth_OpenID::arrayGet($args, 'preferred_auth_policies');
- if ($policies_str) {
- foreach (explode(' ', $policies_str) as $uri) {
- if (!in_array($uri, $this->preferred_auth_policies)) {
- $this->preferred_auth_policies[] = $uri;
- }
- }
- }
-
- // max_auth_age is base-10 integer number of seconds
- $max_auth_age_str = Auth_OpenID::arrayGet($args, 'max_auth_age');
- if ($max_auth_age_str) {
- $this->max_auth_age = Auth_OpenID::intval($max_auth_age_str);
- } else {
- $this->max_auth_age = null;
- }
- }
-
- /**
- * Given a list of authentication policy URIs that a provider
- * supports, this method returns the subsequence of those types
- * that are preferred by the relying party.
- *
- * @param supported_types: A sequence of authentication policy
- * type URIs that are supported by a provider
- *
- * @return array The sub-sequence of the supported types that are
- * preferred by the relying party. This list will be ordered in
- * the order that the types appear in the supported_types
- * sequence, and may be empty if the provider does not prefer any
- * of the supported authentication types.
- */
- function preferredTypes($supported_types)
- {
- $result = array();
-
- foreach ($supported_types as $st) {
- if (in_array($st, $this->preferred_auth_policies)) {
- $result[] = $st;
- }
- }
- return $result;
- }
-}
-
-/**
- * A Provider Authentication Policy response, sent from a provider to
- * a relying party
- */
-class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension {
-
- var $ns_alias = 'pape';
- var $ns_uri = Auth_OpenID_PAPE_NS_URI;
-
- function Auth_OpenID_PAPE_Response($auth_policies=null, $auth_time=null,
- $nist_auth_level=null)
- {
- if ($auth_policies) {
- $this->auth_policies = $auth_policies;
- } else {
- $this->auth_policies = array();
- }
-
- $this->auth_time = $auth_time;
- $this->nist_auth_level = $nist_auth_level;
- }
-
- /**
- * Add a authentication policy to this response
- *
- * This method is intended to be used by the provider to add a
- * policy that the provider conformed to when authenticating the
- * user.
- *
- * @param policy_uri: The identifier for the preferred type of
- * authentication.
- */
- function addPolicyURI($policy_uri)
- {
- if (!in_array($policy_uri, $this->auth_policies)) {
- $this->auth_policies[] = $policy_uri;
- }
- }
-
- /**
- * Create an Auth_OpenID_PAPE_Response object from a successful
- * OpenID library response.
- *
- * @param success_response $success_response A SuccessResponse
- * from Auth_OpenID_Consumer::complete()
- *
- * @returns: A provider authentication policy response from the
- * data that was supplied with the id_res response.
- */
- static function fromSuccessResponse($success_response)
- {
- $obj = new Auth_OpenID_PAPE_Response();
-
- // PAPE requires that the args be signed.
- $args = $success_response->getSignedNS(Auth_OpenID_PAPE_NS_URI);
-
- if ($args === null || $args === array()) {
- return null;
- }
-
- $result = $obj->parseExtensionArgs($args);
-
- if ($result === false) {
- return null;
- } else {
- return $obj;
- }
- }
-
- /**
- * Parse the provider authentication policy arguments into the
- * internal state of this object
- *
- * @param args: unqualified provider authentication policy
- * arguments
- *
- * @param strict: Whether to return false when bad data is
- * encountered
- *
- * @return null The data is parsed into the internal fields of
- * this object.
- */
- function parseExtensionArgs($args, $strict=false)
- {
- $policies_str = Auth_OpenID::arrayGet($args, 'auth_policies');
- if ($policies_str && $policies_str != "none") {
- $this->auth_policies = explode(" ", $policies_str);
- }
-
- $nist_level_str = Auth_OpenID::arrayGet($args, 'nist_auth_level');
- if ($nist_level_str !== null) {
- $nist_level = Auth_OpenID::intval($nist_level_str);
-
- if ($nist_level === false) {
- if ($strict) {
- return false;
- } else {
- $nist_level = null;
- }
- }
-
- if (0 <= $nist_level && $nist_level < 5) {
- $this->nist_auth_level = $nist_level;
- } else if ($strict) {
- return false;
- }
- }
-
- $auth_time = Auth_OpenID::arrayGet($args, 'auth_time');
- if ($auth_time !== null) {
- if (preg_match(PAPE_TIME_VALIDATOR, $auth_time)) {
- $this->auth_time = $auth_time;
- } else if ($strict) {
- return false;
- }
- }
- }
-
- function getExtensionArgs()
- {
- $ns_args = array();
- if (count($this->auth_policies) > 0) {
- $ns_args['auth_policies'] = implode(' ', $this->auth_policies);
- } else {
- $ns_args['auth_policies'] = 'none';
- }
-
- if ($this->nist_auth_level !== null) {
- if (!in_array($this->nist_auth_level, range(0, 4), true)) {
- return false;
- }
- $ns_args['nist_auth_level'] = strval($this->nist_auth_level);
- }
-
- if ($this->auth_time !== null) {
- if (!preg_match(PAPE_TIME_VALIDATOR, $this->auth_time)) {
- return false;
- }
-
- $ns_args['auth_time'] = $this->auth_time;
- }
-
- return $ns_args;
- }
-}
-
-
--- a/lib/openid-php/Auth/OpenID/Parse.php
+++ /dev/null
@@ -1,378 +1,1 @@
-<?php
-/**
- * This module implements a VERY limited parser that finds <link> tags
- * in the head of HTML or XHTML documents and parses out their
- * attributes according to the OpenID spec. It is a liberal parser,
- * but it requires these things from the data in order to work:
- *
- * - There must be an open <html> tag
- *
- * - There must be an open <head> tag inside of the <html> tag
- *
- * - Only <link>s that are found inside of the <head> tag are parsed
- * (this is by design)
- *
- * - The parser follows the OpenID specification in resolving the
- * attributes of the link tags. This means that the attributes DO
- * NOT get resolved as they would by an XML or HTML parser. In
- * particular, only certain entities get replaced, and href
- * attributes do not get resolved relative to a base URL.
- *
- * From http://openid.net/specs.bml:
- *
- * - The openid.server URL MUST be an absolute URL. OpenID consumers
- * MUST NOT attempt to resolve relative URLs.
- *
- * - The openid.server URL MUST NOT include entities other than &,
- * <, >, and ".
- *
- * The parser ignores SGML comments and <![CDATA[blocks]]>. Both kinds
- * of quoting are allowed for attributes.
- *
- * The parser deals with invalid markup in these ways:
- *
- * - Tag names are not case-sensitive
- *
- * - The <html> tag is accepted even when it is not at the top level
- *
- * - The <head> tag is accepted even when it is not a direct child of
- * the <html> tag, but a <html> tag must be an ancestor of the
- * <head> tag
- *
- * - <link> tags are accepted even when they are not direct children
- * of the <head> tag, but a <head> tag must be an ancestor of the
- * <link> tag
- *
- * - If there is no closing tag for an open <html> or <head> tag, the
- * remainder of the document is viewed as being inside of the
- * tag. If there is no closing tag for a <link> tag, the link tag is
- * treated as a short tag. Exceptions to this rule are that <html>
- * closes <html> and <body> or <head> closes <head>
- *
- * - Attributes of the <link> tag are not required to be quoted.
- *
- * - In the case of duplicated attribute names, the attribute coming
- * last in the tag will be the value returned.
- *
- * - Any text that does not parse as an attribute within a link tag
- * will be ignored. (e.g. <link pumpkin rel='openid.server' /> will
- * ignore pumpkin)
- *
- * - If there are more than one <html> or <head> tag, the parser only
- * looks inside of the first one.
- *
- * - The contents of <script> tags are ignored entirely, except
- * unclosed <script> tags. Unclosed <script> tags are ignored.
- *
- * - Any other invalid markup is ignored, including unclosed SGML
- * comments and unclosed <![CDATA[blocks.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @access private
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * Require Auth_OpenID::arrayGet().
- */
-require_once "Auth/OpenID.php";
-
-class Auth_OpenID_Parse {
-
- /**
- * Specify some flags for use with regex matching.
- */
- var $_re_flags = "si";
-
- /**
- * Stuff to remove before we start looking for tags
- */
- var $_removed_re =
- "<!--.*?-->|<!\[CDATA\[.*?\]\]>|<script\b(?!:)[^>]*>.*?<\/script>";
-
- /**
- * Starts with the tag name at a word boundary, where the tag name
- * is not a namespace
- */
- var $_tag_expr = "<%s\b(?!:)([^>]*?)(?:\/>|>(.*)(?:<\/?%s\s*>|\Z))";
-
- var $_attr_find = '\b(\w+)=("[^"]*"|\'[^\']*\'|[^\'"\s\/<>]+)';
-
- var $_open_tag_expr = "<%s\b";
- var $_close_tag_expr = "<((\/%s\b)|(%s[^>\/]*\/))>";
-
- function Auth_OpenID_Parse()
- {
- $this->_link_find = sprintf("/<link\b(?!:)([^>]*)(?!<)>/%s",
- $this->_re_flags);
-
- $this->_entity_replacements = array(
- 'amp' => '&',
- 'lt' => '<',
- 'gt' => '>',
- 'quot' => '"'
- );
-
- $this->_attr_find = sprintf("/%s/%s",
- $this->_attr_find,
- $this->_re_flags);
-
- $this->_removed_re = sprintf("/%s/%s",
- $this->_removed_re,
- $this->_re_flags);
-
- $this->_ent_replace =
- sprintf("&(%s);", implode("|",
- $this->_entity_replacements));
- }
-
- /**
- * Returns a regular expression that will match a given tag in an
- * SGML string.
- */
- function tagMatcher($tag_name, $close_tags = null)
- {
- $expr = $this->_tag_expr;
-
- if ($close_tags) {
- $options = implode("|", array_merge(array($tag_name), $close_tags));
- $closer = sprintf("(?:%s)", $options);
- } else {
- $closer = $tag_name;
- }
-
- $expr = sprintf($expr, $tag_name, $closer);
- return sprintf("/%s/%s", $expr, $this->_re_flags);
- }
-
- function openTag($tag_name)
- {
- $expr = sprintf($this->_open_tag_expr, $tag_name);
- return sprintf("/%s/%s", $expr, $this->_re_flags);
- }
-
- function closeTag($tag_name)
- {
- $expr = sprintf($this->_close_tag_expr, $tag_name, $tag_name);
- return sprintf("/%s/%s", $expr, $this->_re_flags);
- }
-
- function htmlBegin($s)
- {
- $matches = array();
- $result = preg_match($this->openTag('html'), $s,
- $matches, PREG_OFFSET_CAPTURE);
- if ($result === false || !$matches) {
- return false;
- }
- // Return the offset of the first match.
- return $matches[0][1];
- }
-
- function htmlEnd($s)
- {
- $matches = array();
- $result = preg_match($this->closeTag('html'), $s,
- $matches, PREG_OFFSET_CAPTURE);
- if ($result === false || !$matches) {
- return false;
- }
- // Return the offset of the first match.
- return $matches[count($matches) - 1][1];
- }
-
- function headFind()
- {
- return $this->tagMatcher('head', array('body', 'html'));
- }
-
- function replaceEntities($str)
- {
- foreach ($this->_entity_replacements as $old => $new) {
- $str = preg_replace(sprintf("/&%s;/", $old), $new, $str);
- }
- return $str;
- }
-
- function removeQuotes($str)
- {
- $matches = array();
- $double = '/^"(.*)"$/';
- $single = "/^\'(.*)\'$/";
-
- if (preg_match($double, $str, $matches)) {
- return $matches[1];
- } else if (preg_match($single, $str, $matches)) {
- return $matches[1];
- } else {
- return $str;
- }
- }
-
- function match($regexp, $text, &$match)
- {
- if (!is_callable('mb_ereg_search_init')) {
- return preg_match($regexp, $text, $match);
- }
-
- $regexp = substr($regexp, 1, strlen($regexp) - 2 - strlen($this->_re_flags));
- mb_ereg_search_init($text);
- if (!mb_ereg_search($regexp)) {
- return false;
- }
- $match = mb_ereg_search_getregs();
- return true;
- }
-
- /**
- * Find all link tags in a string representing a HTML document and
- * return a list of their attributes.
- *
- * @todo This is quite ineffective and may fail with the default
- * pcre.backtrack_limit of 100000 in PHP 5.2, if $html is big.
- * It should rather use stripos (in PHP5) or strpos()+strtoupper()
- * in PHP4 to manage this.
- *
- * @param string $html The text to parse
- * @return array $list An array of arrays of attributes, one for each
- * link tag
- */
- function parseLinkAttrs($html)
- {
- $stripped = preg_replace($this->_removed_re,
- "",
- $html);
-
- $html_begin = $this->htmlBegin($stripped);
- $html_end = $this->htmlEnd($stripped);
-
- if ($html_begin === false) {
- return array();
- }
-
- if ($html_end === false) {
- $html_end = strlen($stripped);
- }
-
- $stripped = substr($stripped, $html_begin,
- $html_end - $html_begin);
-
- // Workaround to prevent PREG_BACKTRACK_LIMIT_ERROR:
- $old_btlimit = ini_set( 'pcre.backtrack_limit', -1 );
-
- // Try to find the <HEAD> tag.
- $head_re = $this->headFind();
- $head_match = array();
- if (!$this->match($head_re, $stripped, $head_match)) {
- ini_set( 'pcre.backtrack_limit', $old_btlimit );
- return array();
- }
-
- $link_data = array();
- $link_matches = array();
-
- if (!preg_match_all($this->_link_find, $head_match[0],
- $link_matches)) {
- ini_set( 'pcre.backtrack_limit', $old_btlimit );
- return array();
- }
-
- foreach ($link_matches[0] as $link) {
- $attr_matches = array();
- preg_match_all($this->_attr_find, $link, $attr_matches);
- $link_attrs = array();
- foreach ($attr_matches[0] as $index => $full_match) {
- $name = $attr_matches[1][$index];
- $value = $this->replaceEntities(
- $this->removeQuotes($attr_matches[2][$index]));
-
- $link_attrs[strtolower($name)] = $value;
- }
- $link_data[] = $link_attrs;
- }
-
- ini_set( 'pcre.backtrack_limit', $old_btlimit );
- return $link_data;
- }
-
- function relMatches($rel_attr, $target_rel)
- {
- // Does this target_rel appear in the rel_str?
- // XXX: TESTME
- $rels = preg_split("/\s+/", trim($rel_attr));
- foreach ($rels as $rel) {
- $rel = strtolower($rel);
- if ($rel == $target_rel) {
- return 1;
- }
- }
-
- return 0;
- }
-
- function linkHasRel($link_attrs, $target_rel)
- {
- // Does this link have target_rel as a relationship?
- // XXX: TESTME
- $rel_attr = Auth_OpeniD::arrayGet($link_attrs, 'rel', null);
- return ($rel_attr && $this->relMatches($rel_attr,
- $target_rel));
- }
-
- function findLinksRel($link_attrs_list, $target_rel)
- {
- // Filter the list of link attributes on whether it has
- // target_rel as a relationship.
- // XXX: TESTME
- $result = array();
- foreach ($link_attrs_list as $attr) {
- if ($this->linkHasRel($attr, $target_rel)) {
- $result[] = $attr;
- }
- }
-
- return $result;
- }
-
- function findFirstHref($link_attrs_list, $target_rel)
- {
- // Return the value of the href attribute for the first link
- // tag in the list that has target_rel as a relationship.
- // XXX: TESTME
- $matches = $this->findLinksRel($link_attrs_list,
- $target_rel);
- if (!$matches) {
- return null;
- }
- $first = $matches[0];
- return Auth_OpenID::arrayGet($first, 'href', null);
- }
-}
-
-function Auth_OpenID_legacy_discover($html_text, $server_rel,
- $delegate_rel)
-{
- $p = new Auth_OpenID_Parse();
-
- $link_attrs = $p->parseLinkAttrs($html_text);
-
- $server_url = $p->findFirstHref($link_attrs,
- $server_rel);
-
- if ($server_url === null) {
- return false;
- } else {
- $delegate_url = $p->findFirstHref($link_attrs,
- $delegate_rel);
- return array($delegate_url, $server_url);
- }
-}
-
-
--- a/lib/openid-php/Auth/OpenID/PostgreSQLStore.php
+++ /dev/null
@@ -1,113 +1,1 @@
-<?php
-/**
- * A PostgreSQL store.
- *
- * @package OpenID
- */
-
-/**
- * Require the base class file.
- */
-require_once "Auth/OpenID/SQLStore.php";
-
-/**
- * An SQL store that uses PostgreSQL as its backend.
- *
- * @package OpenID
- */
-class Auth_OpenID_PostgreSQLStore extends Auth_OpenID_SQLStore {
- /**
- * @access private
- */
- function setSQL()
- {
- $this->sql['nonce_table'] =
- "CREATE TABLE %s (server_url VARCHAR(2047) NOT NULL, ".
- "timestamp INTEGER NOT NULL, ".
- "salt CHAR(40) NOT NULL, ".
- "UNIQUE (server_url, timestamp, salt))";
-
- $this->sql['assoc_table'] =
- "CREATE TABLE %s (server_url VARCHAR(2047) NOT NULL, ".
- "handle VARCHAR(255) NOT NULL, ".
- "secret BYTEA NOT NULL, ".
- "issued INTEGER NOT NULL, ".
- "lifetime INTEGER NOT NULL, ".
- "assoc_type VARCHAR(64) NOT NULL, ".
- "PRIMARY KEY (server_url, handle), ".
- "CONSTRAINT secret_length_constraint CHECK ".
- "(LENGTH(secret) <= 128))";
-
- $this->sql['set_assoc'] =
- array(
- 'insert_assoc' => "INSERT INTO %s (server_url, handle, ".
- "secret, issued, lifetime, assoc_type) VALUES ".
- "(?, ?, '!', ?, ?, ?)",
- 'update_assoc' => "UPDATE %s SET secret = '!', issued = ?, ".
- "lifetime = ?, assoc_type = ? WHERE server_url = ? AND ".
- "handle = ?"
- );
-
- $this->sql['get_assocs'] =
- "SELECT handle, secret, issued, lifetime, assoc_type FROM %s ".
- "WHERE server_url = ?";
-
- $this->sql['get_assoc'] =
- "SELECT handle, secret, issued, lifetime, assoc_type FROM %s ".
- "WHERE server_url = ? AND handle = ?";
-
- $this->sql['remove_assoc'] =
- "DELETE FROM %s WHERE server_url = ? AND handle = ?";
-
- $this->sql['add_nonce'] =
- "INSERT INTO %s (server_url, timestamp, salt) VALUES ".
- "(?, ?, ?)"
- ;
-
- $this->sql['clean_nonce'] =
- "DELETE FROM %s WHERE timestamp < ?";
-
- $this->sql['clean_assoc'] =
- "DELETE FROM %s WHERE issued + lifetime < ?";
- }
-
- /**
- * @access private
- */
- function _set_assoc($server_url, $handle, $secret, $issued, $lifetime,
- $assoc_type)
- {
- $result = $this->_get_assoc($server_url, $handle);
- if ($result) {
- // Update the table since this associations already exists.
- $this->connection->query($this->sql['set_assoc']['update_assoc'],
- array($secret, $issued, $lifetime,
- $assoc_type, $server_url, $handle));
- } else {
- // Insert a new record because this association wasn't
- // found.
- $this->connection->query($this->sql['set_assoc']['insert_assoc'],
- array($server_url, $handle, $secret,
- $issued, $lifetime, $assoc_type));
- }
- }
-
- /**
- * @access private
- */
- function blobEncode($blob)
- {
- return $this->_octify($blob);
- }
-
- /**
- * @access private
- */
- function blobDecode($blob)
- {
- return $this->_unoctify($blob);
- }
-}
-
-
--- a/lib/openid-php/Auth/OpenID/SQLStore.php
+++ /dev/null
@@ -1,558 +1,1 @@
-<?php
-/**
- * SQL-backed OpenID stores.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * @access private
- */
-require_once 'Auth/OpenID/Interface.php';
-require_once 'Auth/OpenID/Nonce.php';
-
-/**
- * @access private
- */
-require_once 'Auth/OpenID.php';
-
-/**
- * @access private
- */
-require_once 'Auth/OpenID/Nonce.php';
-
-/**
- * This is the parent class for the SQL stores, which contains the
- * logic common to all of the SQL stores.
- *
- * The table names used are determined by the class variables
- * associations_table_name and nonces_table_name. To change the name
- * of the tables used, pass new table names into the constructor.
- *
- * To create the tables with the proper schema, see the createTables
- * method.
- *
- * This class shouldn't be used directly. Use one of its subclasses
- * instead, as those contain the code necessary to use a specific
- * database. If you're an OpenID integrator and you'd like to create
- * an SQL-driven store that wraps an application's database
- * abstraction, be sure to create a subclass of
- * {@link Auth_OpenID_DatabaseConnection} that calls the application's
- * database abstraction calls. Then, pass an instance of your new
- * database connection class to your SQLStore subclass constructor.
- *
- * All methods other than the constructor and createTables should be
- * considered implementation details.
- *
- * @package OpenID
- */
-class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore {
-
- /**
- * This creates a new SQLStore instance. It requires an
- * established database connection be given to it, and it allows
- * overriding the default table names.
- *
- * @param connection $connection This must be an established
- * connection to a database of the correct type for the SQLStore
- * subclass you're using. This must either be an PEAR DB
- * connection handle or an instance of a subclass of
- * Auth_OpenID_DatabaseConnection.
- *
- * @param associations_table: This is an optional parameter to
- * specify the name of the table used for storing associations.
- * The default value is 'oid_associations'.
- *
- * @param nonces_table: This is an optional parameter to specify
- * the name of the table used for storing nonces. The default
- * value is 'oid_nonces'.
- */
- function Auth_OpenID_SQLStore($connection,
- $associations_table = null,
- $nonces_table = null)
- {
- $this->associations_table_name = "oid_associations";
- $this->nonces_table_name = "oid_nonces";
-
- // Check the connection object type to be sure it's a PEAR
- // database connection.
- if (!(is_object($connection) &&
- (is_subclass_of($connection, 'db_common') ||
- is_subclass_of($connection,
- 'auth_openid_databaseconnection')))) {
- trigger_error("Auth_OpenID_SQLStore expected PEAR connection " .
- "object (got ".get_class($connection).")",
- E_USER_ERROR);
- return;
- }
-
- $this->connection = $connection;
-
- // Be sure to set the fetch mode so the results are keyed on
- // column name instead of column index. This is a PEAR
- // constant, so only try to use it if PEAR is present. Note
- // that Auth_Openid_Databaseconnection instances need not
- // implement ::setFetchMode for this reason.
- if (is_subclass_of($this->connection, 'db_common')) {
- $this->connection->setFetchMode(DB_FETCHMODE_ASSOC);
- }
-
- if ($associations_table) {
- $this->associations_table_name = $associations_table;
- }
-
- if ($nonces_table) {
- $this->nonces_table_name = $nonces_table;
- }
-
- $this->max_nonce_age = 6 * 60 * 60;
-
- // Be sure to run the database queries with auto-commit mode
- // turned OFF, because we want every function to run in a
- // transaction, implicitly. As a rule, methods named with a
- // leading underscore will NOT control transaction behavior.
- // Callers of these methods will worry about transactions.
- $this->connection->autoCommit(false);
-
- // Create an empty SQL strings array.
- $this->sql = array();
-
- // Call this method (which should be overridden by subclasses)
- // to populate the $this->sql array with SQL strings.
- $this->setSQL();
-
- // Verify that all required SQL statements have been set, and
- // raise an error if any expected SQL strings were either
- // absent or empty.
- list($missing, $empty) = $this->_verifySQL();
-
- if ($missing) {
- trigger_error("Expected keys in SQL query list: " .
- implode(", ", $missing),
- E_USER_ERROR);
- return;
- }
-
- if ($empty) {
- trigger_error("SQL list keys have no SQL strings: " .
- implode(", ", $empty),
- E_USER_ERROR);
- return;
- }
-
- // Add table names to queries.
- $this->_fixSQL();
- }
-
- function tableExists($table_name)
- {
- return !$this->isError(
- $this->connection->query(
- sprintf("SELECT * FROM %s LIMIT 0",
- $table_name)));
- }
-
- /**
- * Returns true if $value constitutes a database error; returns
- * false otherwise.
- */
- function isError($value)
- {
- return PEAR::isError($value);
- }
-
- /**
- * Converts a query result to a boolean. If the result is a
- * database error according to $this->isError(), this returns
- * false; otherwise, this returns true.
- */
- function resultToBool($obj)
- {
- if ($this->isError($obj)) {
- return false;
- } else {
- return true;
- }
- }
-
- /**
- * This method should be overridden by subclasses. This method is
- * called by the constructor to set values in $this->sql, which is
- * an array keyed on sql name.
- */
- function setSQL()
- {
- }
-
- /**
- * Resets the store by removing all records from the store's
- * tables.
- */
- function reset()
- {
- $this->connection->query(sprintf("DELETE FROM %s",
- $this->associations_table_name));
-
- $this->connection->query(sprintf("DELETE FROM %s",
- $this->nonces_table_name));
- }
-
- /**
- * @access private
- */
- function _verifySQL()
- {
- $missing = array();
- $empty = array();
-
- $required_sql_keys = array(
- 'nonce_table',
- 'assoc_table',
- 'set_assoc',
- 'get_assoc',
- 'get_assocs',
- 'remove_assoc'
- );
-
- foreach ($required_sql_keys as $key) {
- if (!array_key_exists($key, $this->sql)) {
- $missing[] = $key;
- } else if (!$this->sql[$key]) {
- $empty[] = $key;
- }
- }
-
- return array($missing, $empty);
- }
-
- /**
- * @access private
- */
- function _fixSQL()
- {
- $replacements = array(
- array(
- 'value' => $this->nonces_table_name,
- 'keys' => array('nonce_table',
- 'add_nonce',
- 'clean_nonce')
- ),
- array(
- 'value' => $this->associations_table_name,
- 'keys' => array('assoc_table',
- 'set_assoc',
- 'get_assoc',
- 'get_assocs',
- 'remove_assoc',
- 'clean_assoc')
- )
- );
-
- foreach ($replacements as $item) {
- $value = $item['value'];
- $keys = $item['keys'];
-
- foreach ($keys as $k) {
- if (is_array($this->sql[$k])) {
- foreach ($this->sql[$k] as $part_key => $part_value) {
- $this->sql[$k][$part_key] = sprintf($part_value,
- $value);
- }
- } else {
- $this->sql[$k] = sprintf($this->sql[$k], $value);
- }
- }
- }
- }
-
- function blobDecode($blob)
- {
- return $blob;
- }
-
- function blobEncode($str)
- {
- return $str;
- }
-
- function createTables()
- {
- $this->connection->autoCommit(true);
- $n = $this->create_nonce_table();
- $a = $this->create_assoc_table();
- $this->connection->autoCommit(false);
-
- if ($n && $a) {
- return true;
- } else {
- return false;
- }
- }
-
- function create_nonce_table()
- {
- if (!$this->tableExists($this->nonces_table_name)) {
- $r = $this->connection->query($this->sql['nonce_table']);
- return $this->resultToBool($r);
- }
- return true;
- }
-
- function create_assoc_table()
- {
- if (!$this->tableExists($this->associations_table_name)) {
- $r = $this->connection->query($this->sql['assoc_table']);
- return $this->resultToBool($r);
- }
- return true;
- }
-
- /**
- * @access private
- */
- function _set_assoc($server_url, $handle, $secret, $issued,
- $lifetime, $assoc_type)
- {
- return $this->connection->query($this->sql['set_assoc'],
- array(
- $server_url,
- $handle,
- $secret,
- $issued,
- $lifetime,
- $assoc_type));
- }
-
- function storeAssociation($server_url, $association)
- {
- if ($this->resultToBool($this->_set_assoc(
- $server_url,
- $association->handle,
- $this->blobEncode(
- $association->secret),
- $association->issued,
- $association->lifetime,
- $association->assoc_type
- ))) {
- $this->connection->commit();
- } else {
- $this->connection->rollback();
- }
- }
-
- /**
- * @access private
- */
- function _get_assoc($server_url, $handle)
- {
- $result = $this->connection->getRow($this->sql['get_assoc'],
- array($server_url, $handle));
- if ($this->isError($result)) {
- return null;
- } else {
- return $result;
- }
- }
-
- /**
- * @access private
- */
- function _get_assocs($server_url)
- {
- $result = $this->connection->getAll($this->sql['get_assocs'],
- array($server_url));
-
- if ($this->isError($result)) {
- return array();
- } else {
- return $result;
- }
- }
-
- function removeAssociation($server_url, $handle)
- {
- if ($this->_get_assoc($server_url, $handle) == null) {
- return false;
- }
-
- if ($this->resultToBool($this->connection->query(
- $this->sql['remove_assoc'],
- array($server_url, $handle)))) {
- $this->connection->commit();
- } else {
- $this->connection->rollback();
- }
-
- return true;
- }
-
- function getAssociation($server_url, $handle = null)
- {
- if ($handle !== null) {
- $assoc = $this->_get_assoc($server_url, $handle);
-
- $assocs = array();
- if ($assoc) {
- $assocs[] = $assoc;
- }
- } else {
- $assocs = $this->_get_assocs($server_url);
- }
-
- if (!$assocs || (count($assocs) == 0)) {
- return null;
- } else {
- $associations = array();
-
- foreach ($assocs as $assoc_row) {
- $assoc = new Auth_OpenID_Association($assoc_row['handle'],
- $assoc_row['secret'],
- $assoc_row['issued'],
- $assoc_row['lifetime'],
- $assoc_row['assoc_type']);
-
- $assoc->secret = $this->blobDecode($assoc->secret);
-
- if ($assoc->getExpiresIn() == 0) {
- $this->removeAssociation($server_url, $assoc->handle);
- } else {
- $associations[] = array($assoc->issued, $assoc);
- }
- }
-
- if ($associations) {
- $issued = array();
- $assocs = array();
- foreach ($associations as $key => $assoc) {
- $issued[$key] = $assoc[0];
- $assocs[$key] = $assoc[1];
- }
-
- array_multisort($issued, SORT_DESC, $assocs, SORT_DESC,
- $associations);
-
- // return the most recently issued one.
- list($issued, $assoc) = $associations[0];
- return $assoc;
- } else {
- return null;
- }
- }
- }
-
- /**
- * @access private
- */
- function _add_nonce($server_url, $timestamp, $salt)
- {
- $sql = $this->sql['add_nonce'];
- $result = $this->connection->query($sql, array($server_url,
- $timestamp,
- $salt));
- if ($this->isError($result)) {
- $this->connection->rollback();
- } else {
- $this->connection->commit();
- }
- return $this->resultToBool($result);
- }
-
- function useNonce($server_url, $timestamp, $salt)
- {
- global $Auth_OpenID_SKEW;
-
- if ( abs($timestamp - time()) > $Auth_OpenID_SKEW ) {
- return false;
- }
-
- return $this->_add_nonce($server_url, $timestamp, $salt);
- }
-
- /**
- * "Octifies" a binary string by returning a string with escaped
- * octal bytes. This is used for preparing binary data for
- * PostgreSQL BYTEA fields.
- *
- * @access private
- */
- function _octify($str)
- {
- $result = "";
- for ($i = 0; $i < Auth_OpenID::bytes($str); $i++) {
- $ch = substr($str, $i, 1);
- if ($ch == "\\") {
- $result .= "\\\\\\\\";
- } else if (ord($ch) == 0) {
- $result .= "\\\\000";
- } else {
- $result .= "\\" . strval(decoct(ord($ch)));
- }
- }
- return $result;
- }
-
- /**
- * "Unoctifies" octal-escaped data from PostgreSQL and returns the
- * resulting ASCII (possibly binary) string.
- *
- * @access private
- */
- function _unoctify($str)
- {
- $result = "";
- $i = 0;
- while ($i < strlen($str)) {
- $char = $str[$i];
- if ($char == "\\") {
- // Look to see if the next char is a backslash and
- // append it.
- if ($str[$i + 1] != "\\") {
- $octal_digits = substr($str, $i + 1, 3);
- $dec = octdec($octal_digits);
- $char = chr($dec);
- $i += 4;
- } else {
- $char = "\\";
- $i += 2;
- }
- } else {
- $i += 1;
- }
-
- $result .= $char;
- }
-
- return $result;
- }
-
- function cleanupNonces()
- {
- global $Auth_OpenID_SKEW;
- $v = time() - $Auth_OpenID_SKEW;
-
- $this->connection->query($this->sql['clean_nonce'], array($v));
- $num = $this->connection->affectedRows();
- $this->connection->commit();
- return $num;
- }
-
- function cleanupAssociations()
- {
- $this->connection->query($this->sql['clean_assoc'],
- array(time()));
- $num = $this->connection->affectedRows();
- $this->connection->commit();
- return $num;
- }
-}
-
-
-
--- a/lib/openid-php/Auth/OpenID/SQLiteStore.php
+++ /dev/null
@@ -1,71 +1,1 @@
-<?php
-/**
- * An SQLite store.
- *
- * @package OpenID
- */
-
-/**
- * Require the base class file.
- */
-require_once "Auth/OpenID/SQLStore.php";
-
-/**
- * An SQL store that uses SQLite as its backend.
- *
- * @package OpenID
- */
-class Auth_OpenID_SQLiteStore extends Auth_OpenID_SQLStore {
- function setSQL()
- {
- $this->sql['nonce_table'] =
- "CREATE TABLE %s (server_url VARCHAR(2047), timestamp INTEGER, ".
- "salt CHAR(40), UNIQUE (server_url, timestamp, salt))";
-
- $this->sql['assoc_table'] =
- "CREATE TABLE %s (server_url VARCHAR(2047), handle VARCHAR(255), ".
- "secret BLOB(128), issued INTEGER, lifetime INTEGER, ".
- "assoc_type VARCHAR(64), PRIMARY KEY (server_url, handle))";
-
- $this->sql['set_assoc'] =
- "INSERT OR REPLACE INTO %s VALUES (?, ?, ?, ?, ?, ?)";
-
- $this->sql['get_assocs'] =
- "SELECT handle, secret, issued, lifetime, assoc_type FROM %s ".
- "WHERE server_url = ?";
-
- $this->sql['get_assoc'] =
- "SELECT handle, secret, issued, lifetime, assoc_type FROM %s ".
- "WHERE server_url = ? AND handle = ?";
-
- $this->sql['remove_assoc'] =
- "DELETE FROM %s WHERE server_url = ? AND handle = ?";
-
- $this->sql['add_nonce'] =
- "INSERT INTO %s (server_url, timestamp, salt) VALUES (?, ?, ?)";
-
- $this->sql['clean_nonce'] =
- "DELETE FROM %s WHERE timestamp < ?";
-
- $this->sql['clean_assoc'] =
- "DELETE FROM %s WHERE issued + lifetime < ?";
- }
-
- /**
- * @access private
- */
- function _add_nonce($server_url, $timestamp, $salt)
- {
- // PECL SQLite extensions 1.0.3 and older (1.0.3 is the
- // current release at the time of this writing) have a broken
- // sqlite_escape_string function that breaks when passed the
- // empty string. Prefixing all strings with one character
- // keeps them unique and avoids this bug. The nonce table is
- // write-only, so we don't have to worry about updating other
- // functions with this same bad hack.
- return parent::_add_nonce('x' . $server_url, $timestamp, $salt);
- }
-}
-
-
--- a/lib/openid-php/Auth/OpenID/SReg.php
+++ /dev/null
@@ -1,522 +1,1 @@
-<?php
-/**
- * Simple registration request and response parsing and object
- * representation.
- *
- * This module contains objects representing simple registration
- * requests and responses that can be used with both OpenID relying
- * parties and OpenID providers.
- *
- * 1. The relying party creates a request object and adds it to the
- * {@link Auth_OpenID_AuthRequest} object before making the
- * checkid request to the OpenID provider:
- *
- * $sreg_req = Auth_OpenID_SRegRequest::build(array('email'));
- * $auth_request->addExtension($sreg_req);
- *
- * 2. The OpenID provider extracts the simple registration request
- * from the OpenID request using {@link
- * Auth_OpenID_SRegRequest::fromOpenIDRequest}, gets the user's
- * approval and data, creates an {@link Auth_OpenID_SRegResponse}
- * object and adds it to the id_res response:
- *
- * $sreg_req = Auth_OpenID_SRegRequest::fromOpenIDRequest(
- * $checkid_request);
- * // [ get the user's approval and data, informing the user that
- * // the fields in sreg_response were requested ]
- * $sreg_resp = Auth_OpenID_SRegResponse::extractResponse(
- * $sreg_req, $user_data);
- * $sreg_resp->toMessage($openid_response->fields);
- *
- * 3. The relying party uses {@link
- * Auth_OpenID_SRegResponse::fromSuccessResponse} to extract the data
- * from the OpenID response:
- *
- * $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse(
- * $success_response);
- *
- * @package OpenID
- */
-
-/**
- * Import message and extension internals.
- */
-require_once 'Auth/OpenID/Message.php';
-require_once 'Auth/OpenID/Extension.php';
-
-// The data fields that are listed in the sreg spec
-global $Auth_OpenID_sreg_data_fields;
-$Auth_OpenID_sreg_data_fields = array(
- 'fullname' => 'Full Name',
- 'nickname' => 'Nickname',
- 'dob' => 'Date of Birth',
- 'email' => 'E-mail Address',
- 'gender' => 'Gender',
- 'postcode' => 'Postal Code',
- 'country' => 'Country',
- 'language' => 'Language',
- 'timezone' => 'Time Zone');
-
-/**
- * Check to see that the given value is a valid simple registration
- * data field name. Return true if so, false if not.
- */
-function Auth_OpenID_checkFieldName($field_name)
-{
- global $Auth_OpenID_sreg_data_fields;
-
- if (!in_array($field_name, array_keys($Auth_OpenID_sreg_data_fields))) {
- return false;
- }
- return true;
-}
-
-// URI used in the wild for Yadis documents advertising simple
-// registration support
-define('Auth_OpenID_SREG_NS_URI_1_0', 'http://openid.net/sreg/1.0');
-
-// URI in the draft specification for simple registration 1.1
-// <http://openid.net/specs/openid-simple-registration-extension-1_1-01.html>
-define('Auth_OpenID_SREG_NS_URI_1_1', 'http://openid.net/extensions/sreg/1.1');
-
-// This attribute will always hold the preferred URI to use when
-// adding sreg support to an XRDS file or in an OpenID namespace
-// declaration.
-define('Auth_OpenID_SREG_NS_URI', Auth_OpenID_SREG_NS_URI_1_1);
-
-Auth_OpenID_registerNamespaceAlias(Auth_OpenID_SREG_NS_URI_1_1, 'sreg');
-
-/**
- * Does the given endpoint advertise support for simple
- * registration?
- *
- * $endpoint: The endpoint object as returned by OpenID discovery.
- * returns whether an sreg type was advertised by the endpoint
- */
-function Auth_OpenID_supportsSReg($endpoint)
-{
- return ($endpoint->usesExtension(Auth_OpenID_SREG_NS_URI_1_1) ||
- $endpoint->usesExtension(Auth_OpenID_SREG_NS_URI_1_0));
-}
-
-/**
- * A base class for classes dealing with Simple Registration protocol
- * messages.
- *
- * @package OpenID
- */
-class Auth_OpenID_SRegBase extends Auth_OpenID_Extension {
- /**
- * Extract the simple registration namespace URI from the given
- * OpenID message. Handles OpenID 1 and 2, as well as both sreg
- * namespace URIs found in the wild, as well as missing namespace
- * definitions (for OpenID 1)
- *
- * $message: The OpenID message from which to parse simple
- * registration fields. This may be a request or response message.
- *
- * Returns the sreg namespace URI for the supplied message. The
- * message may be modified to define a simple registration
- * namespace.
- *
- * @access private
- */
- static function _getSRegNS($message)
- {
- $alias = null;
- $found_ns_uri = null;
-
- // See if there exists an alias for one of the two defined
- // simple registration types.
- foreach (array(Auth_OpenID_SREG_NS_URI_1_1,
- Auth_OpenID_SREG_NS_URI_1_0) as $sreg_ns_uri) {
- $alias = $message->namespaces->getAlias($sreg_ns_uri);
- if ($alias !== null) {
- $found_ns_uri = $sreg_ns_uri;
- break;
- }
- }
-
- if ($alias === null) {
- // There is no alias for either of the types, so try to
- // add one. We default to using the modern value (1.1)
- $found_ns_uri = Auth_OpenID_SREG_NS_URI_1_1;
- if ($message->namespaces->addAlias(Auth_OpenID_SREG_NS_URI_1_1,
- 'sreg') === null) {
- // An alias for the string 'sreg' already exists, but
- // it's defined for something other than simple
- // registration
- return null;
- }
- }
-
- return $found_ns_uri;
- }
-}
-
-/**
- * An object to hold the state of a simple registration request.
- *
- * required: A list of the required fields in this simple registration
- * request
- *
- * optional: A list of the optional fields in this simple registration
- * request
- *
- * @package OpenID
- */
-class Auth_OpenID_SRegRequest extends Auth_OpenID_SRegBase {
-
- var $ns_alias = 'sreg';
-
- /**
- * Initialize an empty simple registration request.
- */
- static function build($required=null, $optional=null,
- $policy_url=null,
- $sreg_ns_uri=Auth_OpenID_SREG_NS_URI,
- $cls='Auth_OpenID_SRegRequest')
- {
- $obj = new $cls();
-
- $obj->required = array();
- $obj->optional = array();
- $obj->policy_url = $policy_url;
- $obj->ns_uri = $sreg_ns_uri;
-
- if ($required) {
- if (!$obj->requestFields($required, true, true)) {
- return null;
- }
- }
-
- if ($optional) {
- if (!$obj->requestFields($optional, false, true)) {
- return null;
- }
- }
-
- return $obj;
- }
-
- /**
- * Create a simple registration request that contains the fields
- * that were requested in the OpenID request with the given
- * arguments
- *
- * $request: The OpenID authentication request from which to
- * extract an sreg request.
- *
- * $cls: name of class to use when creating sreg request object.
- * Used for testing.
- *
- * Returns the newly created simple registration request
- */
- static function fromOpenIDRequest($request, $cls='Auth_OpenID_SRegRequest')
- {
-
- $obj = call_user_func_array(array($cls, 'build'),
- array(null, null, null, Auth_OpenID_SREG_NS_URI, $cls));
-
- // Since we're going to mess with namespace URI mapping, don't
- // mutate the object that was passed in.
- $m = $request->message;
-
- $obj->ns_uri = $obj->_getSRegNS($m);
- $args = $m->getArgs($obj->ns_uri);
-
- if ($args === null || Auth_OpenID::isFailure($args)) {
- return null;
- }
-
- $obj->parseExtensionArgs($args);
-
- return $obj;
- }
-
- /**
- * Parse the unqualified simple registration request parameters
- * and add them to this object.
- *
- * This method is essentially the inverse of
- * getExtensionArgs. This method restores the serialized simple
- * registration request fields.
- *
- * If you are extracting arguments from a standard OpenID
- * checkid_* request, you probably want to use fromOpenIDRequest,
- * which will extract the sreg namespace and arguments from the
- * OpenID request. This method is intended for cases where the
- * OpenID server needs more control over how the arguments are
- * parsed than that method provides.
- *
- * $args == $message->getArgs($ns_uri);
- * $request->parseExtensionArgs($args);
- *
- * $args: The unqualified simple registration arguments
- *
- * strict: Whether requests with fields that are not defined in
- * the simple registration specification should be tolerated (and
- * ignored)
- */
- function parseExtensionArgs($args, $strict=false)
- {
- foreach (array('required', 'optional') as $list_name) {
- $required = ($list_name == 'required');
- $items = Auth_OpenID::arrayGet($args, $list_name);
- if ($items) {
- foreach (explode(',', $items) as $field_name) {
- if (!$this->requestField($field_name, $required, $strict)) {
- if ($strict) {
- return false;
- }
- }
- }
- }
- }
-
- $this->policy_url = Auth_OpenID::arrayGet($args, 'policy_url');
-
- return true;
- }
-
- /**
- * A list of all of the simple registration fields that were
- * requested, whether they were required or optional.
- */
- function allRequestedFields()
- {
- return array_merge($this->required, $this->optional);
- }
-
- /**
- * Have any simple registration fields been requested?
- */
- function wereFieldsRequested()
- {
- return count($this->allRequestedFields());
- }
-
- /**
- * Was this field in the request?
- */
- function contains($field_name)
- {
- return (in_array($field_name, $this->required) ||
- in_array($field_name, $this->optional));
- }
-
- /**
- * Request the specified field from the OpenID user
- *
- * $field_name: the unqualified simple registration field name
- *
- * required: whether the given field should be presented to the
- * user as being a required to successfully complete the request
- *
- * strict: whether to raise an exception when a field is added to
- * a request more than once
- */
- function requestField($field_name,
- $required=false, $strict=false)
- {
- if (!Auth_OpenID_checkFieldName($field_name)) {
- return false;
- }
-
- if ($strict) {
- if ($this->contains($field_name)) {
- return false;
- }
- } else {
- if (in_array($field_name, $this->required)) {
- return true;
- }
-
- if (in_array($field_name, $this->optional)) {
- if ($required) {
- unset($this->optional[array_search($field_name,
- $this->optional)]);
- } else {
- return true;
- }
- }
- }
-
- if ($required) {
- $this->required[] = $field_name;
- } else {
- $this->optional[] = $field_name;
- }
-
- return true;
- }
-
- /**
- * Add the given list of fields to the request
- *
- * field_names: The simple registration data fields to request
- *
- * required: Whether these values should be presented to the user
- * as required
- *
- * strict: whether to raise an exception when a field is added to
- * a request more than once
- */
- function requestFields($field_names, $required=false, $strict=false)
- {
- if (!is_array($field_names)) {
- return false;
- }
-
- foreach ($field_names as $field_name) {
- if (!$this->requestField($field_name, $required, $strict=$strict)) {
- return false;
- }
- }
-
- return true;
- }
-
- /**
- * Get a dictionary of unqualified simple registration arguments
- * representing this request.
- *
- * This method is essentially the inverse of
- * C{L{parseExtensionArgs}}. This method serializes the simple
- * registration request fields.
- */
- function getExtensionArgs()
- {
- $args = array();
-
- if ($this->required) {
- $args['required'] = implode(',', $this->required);
- }
-
- if ($this->optional) {
- $args['optional'] = implode(',', $this->optional);
- }
-
- if ($this->policy_url) {
- $args['policy_url'] = $this->policy_url;
- }
-
- return $args;
- }
-}
-
-/**
- * Represents the data returned in a simple registration response
- * inside of an OpenID C{id_res} response. This object will be created
- * by the OpenID server, added to the C{id_res} response object, and
- * then extracted from the C{id_res} message by the Consumer.
- *
- * @package OpenID
- */
-class Auth_OpenID_SRegResponse extends Auth_OpenID_SRegBase {
-
- var $ns_alias = 'sreg';
-
- function Auth_OpenID_SRegResponse($data=null,
- $sreg_ns_uri=Auth_OpenID_SREG_NS_URI)
- {
- if ($data === null) {
- $this->data = array();
- } else {
- $this->data = $data;
- }
-
- $this->ns_uri = $sreg_ns_uri;
- }
-
- /**
- * Take a C{L{SRegRequest}} and a dictionary of simple
- * registration values and create a C{L{SRegResponse}} object
- * containing that data.
- *
- * request: The simple registration request object
- *
- * data: The simple registration data for this response, as a
- * dictionary from unqualified simple registration field name to
- * string (unicode) value. For instance, the nickname should be
- * stored under the key 'nickname'.
- */
- static function extractResponse($request, $data)
- {
- $obj = new Auth_OpenID_SRegResponse();
- $obj->ns_uri = $request->ns_uri;
-
- foreach ($request->allRequestedFields() as $field) {
- $value = Auth_OpenID::arrayGet($data, $field);
- if ($value !== null) {
- $obj->data[$field] = $value;
- }
- }
-
- return $obj;
- }
-
- /**
- * Create a C{L{SRegResponse}} object from a successful OpenID
- * library response
- * (C{L{openid.consumer.consumer.SuccessResponse}}) response
- * message
- *
- * success_response: A SuccessResponse from consumer.complete()
- *
- * signed_only: Whether to process only data that was
- * signed in the id_res message from the server.
- *
- * Returns a simple registration response containing the data that
- * was supplied with the C{id_res} response.
- */
- static function fromSuccessResponse($success_response, $signed_only=true)
- {
- global $Auth_OpenID_sreg_data_fields;
-
- $obj = new Auth_OpenID_SRegResponse();
- $obj->ns_uri = $obj->_getSRegNS($success_response->message);
-
- if ($signed_only) {
- $args = $success_response->getSignedNS($obj->ns_uri);
- } else {
- $args = $success_response->message->getArgs($obj->ns_uri);
- }
-
- if ($args === null || Auth_OpenID::isFailure($args)) {
- return null;
- }
-
- foreach ($Auth_OpenID_sreg_data_fields as $field_name => $desc) {
- if (in_array($field_name, array_keys($args))) {
- $obj->data[$field_name] = $args[$field_name];
- }
- }
-
- return $obj;
- }
-
- function getExtensionArgs()
- {
- return $this->data;
- }
-
- // Read-only dictionary interface
- function get($field_name, $default=null)
- {
- if (!Auth_OpenID_checkFieldName($field_name)) {
- return null;
- }
-
- return Auth_OpenID::arrayGet($this->data, $field_name, $default);
- }
-
- function contents()
- {
- return $this->data;
- }
-}
-
-
-
--- a/lib/openid-php/Auth/OpenID/ServerRequest.php
+++ /dev/null
@@ -1,37 +1,1 @@
-<?php
-/**
- * OpenID Server Request
- *
- * @see Auth_OpenID_Server
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-/**
- * Imports
- */
-require_once "Auth/OpenID.php";
-
-/**
- * Object that holds the state of a request to the OpenID server
- *
- * With accessor functions to get at the internal request data.
- *
- * @see Auth_OpenID_Server
- * @package OpenID
- */
-class Auth_OpenID_ServerRequest {
- function Auth_OpenID_ServerRequest()
- {
- $this->mode = null;
- }
-}
-
-
--- a/lib/openid-php/Auth/OpenID/URINorm.php
+++ /dev/null
@@ -1,250 +1,1 @@
-<?php
-/**
- * URI normalization routines.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-require_once 'Auth/Yadis/Misc.php';
-
-// from appendix B of rfc 3986 (http://www.ietf.org/rfc/rfc3986.txt)
-function Auth_OpenID_getURIPattern()
-{
- return '&^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\?([^#]*))?(#(.*))?&';
-}
-
-function Auth_OpenID_getAuthorityPattern()
-{
- return '/^([^@]*@)?([^:]*)(:.*)?/';
-}
-
-function Auth_OpenID_getEncodedPattern()
-{
- return '/%([0-9A-Fa-f]{2})/';
-}
-
-# gen-delims = ":" / "/" / "?" / "#" / "[" / "]" / "@"
-#
-# sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
-# / "*" / "+" / "," / ";" / "="
-#
-# unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
-function Auth_OpenID_getURLIllegalCharRE()
-{
- return "/([^-A-Za-z0-9:\/\?#\[\]@\!\$&'\(\)\*\+,;=\._~\%])/";
-}
-
-function Auth_OpenID_getUnreserved()
-{
- $_unreserved = array();
- for ($i = 0; $i < 256; $i++) {
- $_unreserved[$i] = false;
- }
-
- for ($i = ord('A'); $i <= ord('Z'); $i++) {
- $_unreserved[$i] = true;
- }
-
- for ($i = ord('0'); $i <= ord('9'); $i++) {
- $_unreserved[$i] = true;
- }
-
- for ($i = ord('a'); $i <= ord('z'); $i++) {
- $_unreserved[$i] = true;
- }
-
- $_unreserved[ord('-')] = true;
- $_unreserved[ord('.')] = true;
- $_unreserved[ord('_')] = true;
- $_unreserved[ord('~')] = true;
-
- return $_unreserved;
-}
-
-function Auth_OpenID_getEscapeRE()
-{
- $parts = array();
- foreach (array_merge(Auth_Yadis_getUCSChars(),
- Auth_Yadis_getIPrivateChars()) as $pair) {
- list($m, $n) = $pair;
- $parts[] = sprintf("%s-%s", chr($m), chr($n));
- }
-
- return sprintf('[%s]', implode('', $parts));
-}
-
-function Auth_OpenID_pct_encoded_replace_unreserved($mo)
-{
- $_unreserved = Auth_OpenID_getUnreserved();
-
- $i = intval($mo[1], 16);
- if ($_unreserved[$i]) {
- return chr($i);
- } else {
- return strtoupper($mo[0]);
- }
-
- return $mo[0];
-}
-
-function Auth_OpenID_pct_encoded_replace($mo)
-{
- return chr(intval($mo[1], 16));
-}
-
-function Auth_OpenID_remove_dot_segments($path)
-{
- $result_segments = array();
-
- while ($path) {
- if (Auth_Yadis_startswith($path, '../')) {
- $path = substr($path, 3);
- } else if (Auth_Yadis_startswith($path, './')) {
- $path = substr($path, 2);
- } else if (Auth_Yadis_startswith($path, '/./')) {
- $path = substr($path, 2);
- } else if ($path == '/.') {
- $path = '/';
- } else if (Auth_Yadis_startswith($path, '/../')) {
- $path = substr($path, 3);
- if ($result_segments) {
- array_pop($result_segments);
- }
- } else if ($path == '/..') {
- $path = '/';
- if ($result_segments) {
- array_pop($result_segments);
- }
- } else if (($path == '..') ||
- ($path == '.')) {
- $path = '';
- } else {
- $i = 0;
- if ($path[0] == '/') {
- $i = 1;
- }
- $i = strpos($path, '/', $i);
- if ($i === false) {
- $i = strlen($path);
- }
- $result_segments[] = substr($path, 0, $i);
- $path = substr($path, $i);
- }
- }
-
- return implode('', $result_segments);
-}
-
-function Auth_OpenID_urinorm($uri)
-{
- $uri_matches = array();
- preg_match(Auth_OpenID_getURIPattern(), $uri, $uri_matches);
-
- if (count($uri_matches) < 9) {
- for ($i = count($uri_matches); $i <= 9; $i++) {
- $uri_matches[] = '';
- }
- }
-
- $illegal_matches = array();
- preg_match(Auth_OpenID_getURLIllegalCharRE(),
- $uri, $illegal_matches);
- if ($illegal_matches) {
- return null;
- }
-
- $scheme = $uri_matches[2];
- if ($scheme) {
- $scheme = strtolower($scheme);
- }
-
- $scheme = $uri_matches[2];
- if ($scheme === '') {
- // No scheme specified
- return null;
- }
-
- $scheme = strtolower($scheme);
- if (!in_array($scheme, array('http', 'https'))) {
- // Not an absolute HTTP or HTTPS URI
- return null;
- }
-
- $authority = $uri_matches[4];
- if ($authority === '') {
- // Not an absolute URI
- return null;
- }
-
- $authority_matches = array();
- preg_match(Auth_OpenID_getAuthorityPattern(),
- $authority, $authority_matches);
- if (count($authority_matches) === 0) {
- // URI does not have a valid authority
- return null;
- }
-
- if (count($authority_matches) < 4) {
- for ($i = count($authority_matches); $i <= 4; $i++) {
- $authority_matches[] = '';
- }
- }
-
- list($_whole, $userinfo, $host, $port) = $authority_matches;
-
- if ($userinfo === null) {
- $userinfo = '';
- }
-
- if (strpos($host, '%') !== -1) {
- $host = strtolower($host);
- $host = preg_replace_callback(
- Auth_OpenID_getEncodedPattern(),
- 'Auth_OpenID_pct_encoded_replace', $host);
- // NO IDNA.
- // $host = unicode($host, 'utf-8').encode('idna');
- } else {
- $host = strtolower($host);
- }
-
- if ($port) {
- if (($port == ':') ||
- ($scheme == 'http' && $port == ':80') ||
- ($scheme == 'https' && $port == ':443')) {
- $port = '';
- }
- } else {
- $port = '';
- }
-
- $authority = $userinfo . $host . $port;
-
- $path = $uri_matches[5];
- $path = preg_replace_callback(
- Auth_OpenID_getEncodedPattern(),
- 'Auth_OpenID_pct_encoded_replace_unreserved', $path);
-
- $path = Auth_OpenID_remove_dot_segments($path);
- if (!$path) {
- $path = '/';
- }
-
- $query = $uri_matches[6];
- if ($query === null) {
- $query = '';
- }
-
- $fragment = $uri_matches[8];
- if ($fragment === null) {
- $fragment = '';
- }
-
- return $scheme . '://' . $authority . $path . $query . $fragment;
-}
-
-
-
--- a/lib/openid-php/Auth/Yadis/HTTPFetcher.php
+++ /dev/null
@@ -1,175 +1,1 @@
-<?php
-/**
- * This module contains the HTTP fetcher interface
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * Require logging functionality
- */
-require_once "Auth/OpenID.php";
-
-define('Auth_OpenID_FETCHER_MAX_RESPONSE_KB', 1024);
-define('Auth_OpenID_USER_AGENT',
- 'php-openid/'.Auth_OpenID_VERSION.' (php/'.phpversion().')');
-
-class Auth_Yadis_HTTPResponse {
- function Auth_Yadis_HTTPResponse($final_url = null, $status = null,
- $headers = null, $body = null)
- {
- $this->final_url = $final_url;
- $this->status = $status;
- $this->headers = $headers;
- $this->body = $body;
- }
-}
-
-/**
- * This class is the interface for HTTP fetchers the Yadis library
- * uses. This interface is only important if you need to write a new
- * fetcher for some reason.
- *
- * @access private
- * @package OpenID
- */
-class Auth_Yadis_HTTPFetcher {
-
- var $timeout = 20; // timeout in seconds.
-
- /**
- * Return whether a URL can be fetched. Returns false if the URL
- * scheme is not allowed or is not supported by this fetcher
- * implementation; returns true otherwise.
- *
- * @return bool
- */
- function canFetchURL($url)
- {
- if ($this->isHTTPS($url) && !$this->supportsSSL()) {
- Auth_OpenID::log("HTTPS URL unsupported fetching %s",
- $url);
- return false;
- }
-
- if (!$this->allowedURL($url)) {
- Auth_OpenID::log("URL fetching not allowed for '%s'",
- $url);
- return false;
- }
-
- return true;
- }
-
- /**
- * Return whether a URL should be allowed. Override this method to
- * conform to your local policy.
- *
- * By default, will attempt to fetch any http or https URL.
- */
- function allowedURL($url)
- {
- return $this->URLHasAllowedScheme($url);
- }
-
- /**
- * Does this fetcher implementation (and runtime) support fetching
- * HTTPS URLs? May inspect the runtime environment.
- *
- * @return bool $support True if this fetcher supports HTTPS
- * fetching; false if not.
- */
- function supportsSSL()
- {
- trigger_error("not implemented", E_USER_ERROR);
- }
-
- /**
- * Is this an https URL?
- *
- * @access private
- */
- function isHTTPS($url)
- {
- return (bool)preg_match('/^https:\/\//i', $url);
- }
-
- /**
- * Is this an http or https URL?
- *
- * @access private
- */
- function URLHasAllowedScheme($url)
- {
- return (bool)preg_match('/^https?:\/\//i', $url);
- }
-
- /**
- * @access private
- */
- function _findRedirect($headers, $url)
- {
- foreach ($headers as $line) {
- if (strpos(strtolower($line), "location: ") === 0) {
- $parts = explode(" ", $line, 2);
- $loc = $parts[1];
- $ppos = strpos($loc, "://");
- if ($ppos === false || $ppos > strpos($loc, "/")) {
- /* no host; add it */
- $hpos = strpos($url, "://");
- $prt = substr($url, 0, $hpos+3);
- $url = substr($url, $hpos+3);
- if (substr($loc, 0, 1) == "/") {
- /* absolute path */
- $fspos = strpos($url, "/");
- if ($fspos) $loc = $prt.substr($url, 0, $fspos).$loc;
- else $loc = $prt.$url.$loc;
- } else {
- /* relative path */
- $pp = $prt;
- while (1) {
- $xpos = strpos($url, "/");
- if ($xpos === false) break;
- $apos = strpos($url, "?");
- if ($apos !== false && $apos < $xpos) break;
- $apos = strpos($url, "&");
- if ($apos !== false && $apos < $xpos) break;
- $pp .= substr($url, 0, $xpos+1);
- $url = substr($url, $xpos+1);
- }
- $loc = $pp.$loc;
- }
- }
- return $loc;
- }
- }
- return null;
- }
-
- /**
- * Fetches the specified URL using optional extra headers and
- * returns the server's response.
- *
- * @param string $url The URL to be fetched.
- * @param array $extra_headers An array of header strings
- * (e.g. "Accept: text/html").
- * @return mixed $result An array of ($code, $url, $headers,
- * $body) if the URL could be fetched; null if the URL does not
- * pass the URLHasAllowedScheme check or if the server's response
- * is malformed.
- */
- function get($url, $headers = null)
- {
- trigger_error("not implemented", E_USER_ERROR);
- }
-}
-
-
--- a/lib/openid-php/Auth/Yadis/Misc.php
+++ /dev/null
@@ -1,59 +1,1 @@
-<?php
-/**
- * Miscellaneous utility values and functions for OpenID and Yadis.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-function Auth_Yadis_getUCSChars()
-{
- return array(
- array(0xA0, 0xD7FF),
- array(0xF900, 0xFDCF),
- array(0xFDF0, 0xFFEF),
- array(0x10000, 0x1FFFD),
- array(0x20000, 0x2FFFD),
- array(0x30000, 0x3FFFD),
- array(0x40000, 0x4FFFD),
- array(0x50000, 0x5FFFD),
- array(0x60000, 0x6FFFD),
- array(0x70000, 0x7FFFD),
- array(0x80000, 0x8FFFD),
- array(0x90000, 0x9FFFD),
- array(0xA0000, 0xAFFFD),
- array(0xB0000, 0xBFFFD),
- array(0xC0000, 0xCFFFD),
- array(0xD0000, 0xDFFFD),
- array(0xE1000, 0xEFFFD)
- );
-}
-
-function Auth_Yadis_getIPrivateChars()
-{
- return array(
- array(0xE000, 0xF8FF),
- array(0xF0000, 0xFFFFD),
- array(0x100000, 0x10FFFD)
- );
-}
-
-function Auth_Yadis_pct_escape_unicode($char_match)
-{
- $c = $char_match[0];
- $result = "";
- for ($i = 0; $i < strlen($c); $i++) {
- $result .= "%".sprintf("%X", ord($c[$i]));
- }
- return $result;
-}
-
-function Auth_Yadis_startswith($s, $stuff)
-{
- return strpos($s, $stuff) === 0;
-}
-
-
--- a/lib/openid-php/Auth/Yadis/ParanoidHTTPFetcher.php
+++ /dev/null
@@ -1,246 +1,1 @@
-<?php
-/**
- * This module contains the CURL-based HTTP fetcher implementation.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * Interface import
- */
-require_once "Auth/Yadis/HTTPFetcher.php";
-
-require_once "Auth/OpenID.php";
-
-/**
- * A paranoid {@link Auth_Yadis_HTTPFetcher} class which uses CURL
- * for fetching.
- *
- * @package OpenID
- */
-class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher {
- function Auth_Yadis_ParanoidHTTPFetcher()
- {
- $this->reset();
- }
-
- function reset()
- {
- $this->headers = array();
- $this->data = "";
- }
-
- /**
- * @access private
- */
- function _writeHeader($ch, $header)
- {
- array_push($this->headers, rtrim($header));
- return strlen($header);
- }
-
- /**
- * @access private
- */
- function _writeData($ch, $data)
- {
- if (strlen($this->data) > 1024*Auth_OpenID_FETCHER_MAX_RESPONSE_KB) {
- return 0;
- } else {
- $this->data .= $data;
- return strlen($data);
- }
- }
-
- /**
- * Does this fetcher support SSL URLs?
- */
- function supportsSSL()
- {
- $v = curl_version();
- if(is_array($v)) {
- return in_array('https', $v['protocols']);
- } elseif (is_string($v)) {
- return preg_match('/OpenSSL/i', $v);
- } else {
- return 0;
- }
- }
-
- function get($url, $extra_headers = null)
- {
- if (!$this->canFetchURL($url)) {
- return null;
- }
-
- $stop = time() + $this->timeout;
- $off = $this->timeout;
-
- $redir = true;
-
- while ($redir && ($off > 0)) {
- $this->reset();
-
- $c = curl_init();
-
- if ($c === false) {
- Auth_OpenID::log(
- "curl_init returned false; could not " .
- "initialize for URL '%s'", $url);
- return null;
- }
-
- if (defined('CURLOPT_NOSIGNAL')) {
- curl_setopt($c, CURLOPT_NOSIGNAL, true);
- }
-
- if (!$this->allowedURL($url)) {
- Auth_OpenID::log("Fetching URL not allowed: %s",
- $url);
- return null;
- }
-
- curl_setopt($c, CURLOPT_WRITEFUNCTION,
- array($this, "_writeData"));
- curl_setopt($c, CURLOPT_HEADERFUNCTION,
- array($this, "_writeHeader"));
-
- if ($extra_headers) {
- curl_setopt($c, CURLOPT_HTTPHEADER, $extra_headers);
- }
-
- $cv = curl_version();
- if(is_array($cv)) {
- $curl_user_agent = 'curl/'.$cv['version'];
- } else {
- $curl_user_agent = $cv;
- }
- curl_setopt($c, CURLOPT_USERAGENT,
- Auth_OpenID_USER_AGENT.' '.$curl_user_agent);
- curl_setopt($c, CURLOPT_TIMEOUT, $off);
- curl_setopt($c, CURLOPT_URL, $url);
-
- if (defined('Auth_OpenID_VERIFY_HOST')) {
- curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
- curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
- }
- curl_exec($c);
-
- $code = curl_getinfo($c, CURLINFO_HTTP_CODE);
- $body = $this->data;
- $headers = $this->headers;
-
- if (!$code) {
- Auth_OpenID::log("Got no response code when fetching %s", $url);
- Auth_OpenID::log("CURL error (%s): %s",
- curl_errno($c), curl_error($c));
- return null;
- }
-
- if (in_array($code, array(301, 302, 303, 307))) {
- $url = $this->_findRedirect($headers, $url);
- $redir = true;
- } else {
- $redir = false;
- curl_close($c);
-
- if (defined('Auth_OpenID_VERIFY_HOST') &&
- $this->isHTTPS($url)) {
- Auth_OpenID::log('OpenID: Verified SSL host %s using '.
- 'curl/get', $url);
- }
- $new_headers = array();
-
- foreach ($headers as $header) {
- if (strpos($header, ': ')) {
- list($name, $value) = explode(': ', $header, 2);
- $new_headers[$name] = $value;
- }
- }
-
- Auth_OpenID::log(
- "Successfully fetched '%s': GET response code %s",
- $url, $code);
-
- return new Auth_Yadis_HTTPResponse($url, $code,
- $new_headers, $body);
- }
-
- $off = $stop - time();
- }
-
- return null;
- }
-
- function post($url, $body, $extra_headers = null)
- {
- if (!$this->canFetchURL($url)) {
- return null;
- }
-
- $this->reset();
-
- $c = curl_init();
-
- if (defined('CURLOPT_NOSIGNAL')) {
- curl_setopt($c, CURLOPT_NOSIGNAL, true);
- }
-
- curl_setopt($c, CURLOPT_POST, true);
- curl_setopt($c, CURLOPT_POSTFIELDS, $body);
- curl_setopt($c, CURLOPT_TIMEOUT, $this->timeout);
- curl_setopt($c, CURLOPT_URL, $url);
- curl_setopt($c, CURLOPT_WRITEFUNCTION,
- array($this, "_writeData"));
-
- if (defined('Auth_OpenID_VERIFY_HOST')) {
- curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
- curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
- }
-
- curl_exec($c);
-
- $code = curl_getinfo($c, CURLINFO_HTTP_CODE);
-
- if (!$code) {
- Auth_OpenID::log("Got no response code when fetching %s", $url);
- Auth_OpenID::log("CURL error (%s): %s",
- curl_errno($c), curl_error($c));
- return null;
- }
-
- if (defined('Auth_OpenID_VERIFY_HOST') && $this->isHTTPS($url)) {
- Auth_OpenID::log('OpenID: Verified SSL host %s using '.
- 'curl/post', $url);
- }
- $body = $this->data;
-
- curl_close($c);
-
- $new_headers = $extra_headers;
-
- foreach ($this->headers as $header) {
- if (strpos($header, ': ')) {
- list($name, $value) = explode(': ', $header, 2);
- $new_headers[$name] = $value;
- }
-
- }
-
- Auth_OpenID::log("Successfully fetched '%s': POST response code %s",
- $url, $code);
-
- return new Auth_Yadis_HTTPResponse($url, $code,
- $new_headers, $body);
- }
-}
-
-
--- a/lib/openid-php/Auth/Yadis/ParseHTML.php
+++ /dev/null
@@ -1,259 +1,1 @@
-<?php
-/**
- * This is the HTML pseudo-parser for the Yadis library.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * This class is responsible for scanning an HTML string to find META
- * tags and their attributes. This is used by the Yadis discovery
- * process. This class must be instantiated to be used.
- *
- * @package OpenID
- */
-class Auth_Yadis_ParseHTML {
-
- /**
- * @access private
- */
- var $_re_flags = "si";
-
- /**
- * @access private
- */
- var $_removed_re =
- "<!--.*?-->|<!\[CDATA\[.*?\]\]>|<script\b(?!:)[^>]*>.*?<\/script>";
-
- /**
- * @access private
- */
- var $_tag_expr = "<%s%s(?:\s.*?)?%s>";
-
- /**
- * @access private
- */
- var $_attr_find = '\b([-\w]+)=(".*?"|\'.*?\'|.+?)[\/\s>]';
-
- function Auth_Yadis_ParseHTML()
- {
- $this->_attr_find = sprintf("/%s/%s",
- $this->_attr_find,
- $this->_re_flags);
-
- $this->_removed_re = sprintf("/%s/%s",
- $this->_removed_re,
- $this->_re_flags);
-
- $this->_entity_replacements = array(
- 'amp' => '&',
- 'lt' => '<',
- 'gt' => '>',
- 'quot' => '"'
- );
-
- $this->_ent_replace =
- sprintf("&(%s);", implode("|",
- $this->_entity_replacements));
- }
-
- /**
- * Replace HTML entities (amp, lt, gt, and quot) as well as
- * numeric entities (e.g. #x9f;) with their actual values and
- * return the new string.
- *
- * @access private
- * @param string $str The string in which to look for entities
- * @return string $new_str The new string entities decoded
- */
- function replaceEntities($str)
- {
- foreach ($this->_entity_replacements as $old => $new) {
- $str = preg_replace(sprintf("/&%s;/", $old), $new, $str);
- }
-
- // Replace numeric entities because html_entity_decode doesn't
- // do it for us.
- $str = preg_replace('~&#x([0-9a-f]+);~ei', 'chr(hexdec("\\1"))', $str);
- $str = preg_replace('~&#([0-9]+);~e', 'chr(\\1)', $str);
-
- return $str;
- }
-
- /**
- * Strip single and double quotes off of a string, if they are
- * present.
- *
- * @access private
- * @param string $str The original string
- * @return string $new_str The new string with leading and
- * trailing quotes removed
- */
- function removeQuotes($str)
- {
- $matches = array();
- $double = '/^"(.*)"$/';
- $single = "/^\'(.*)\'$/";
-
- if (preg_match($double, $str, $matches)) {
- return $matches[1];
- } else if (preg_match($single, $str, $matches)) {
- return $matches[1];
- } else {
- return $str;
- }
- }
-
- /**
- * Create a regular expression that will match an opening
- * or closing tag from a set of names.
- *
- * @access private
- * @param mixed $tag_names Tag names to match
- * @param mixed $close false/0 = no, true/1 = yes, other = maybe
- * @param mixed $self_close false/0 = no, true/1 = yes, other = maybe
- * @return string $regex A regular expression string to be used
- * in, say, preg_match.
- */
- function tagPattern($tag_names, $close, $self_close)
- {
- if (is_array($tag_names)) {
- $tag_names = '(?:'.implode('|',$tag_names).')';
- }
- if ($close) {
- $close = '\/' . (($close == 1)? '' : '?');
- } else {
- $close = '';
- }
- if ($self_close) {
- $self_close = '(?:\/\s*)' . (($self_close == 1)? '' : '?');
- } else {
- $self_close = '';
- }
- $expr = sprintf($this->_tag_expr, $close, $tag_names, $self_close);
-
- return sprintf("/%s/%s", $expr, $this->_re_flags);
- }
-
- /**
- * Given an HTML document string, this finds all the META tags in
- * the document, provided they are found in the
- * <HTML><HEAD>...</HEAD> section of the document. The <HTML> tag
- * may be missing.
- *
- * @access private
- * @param string $html_string An HTMl document string
- * @return array $tag_list Array of tags; each tag is an array of
- * attribute -> value.
- */
- function getMetaTags($html_string)
- {
- $html_string = preg_replace($this->_removed_re,
- "",
- $html_string);
-
- $key_tags = array($this->tagPattern('html', false, false),
- $this->tagPattern('head', false, false),
- $this->tagPattern('head', true, false),
- $this->tagPattern('html', true, false),
- $this->tagPattern(array(
- 'body', 'frameset', 'frame', 'p', 'div',
- 'table','span','a'), 'maybe', 'maybe'));
- $key_tags_pos = array();
- foreach ($key_tags as $pat) {
- $matches = array();
- preg_match($pat, $html_string, $matches, PREG_OFFSET_CAPTURE);
- if($matches) {
- $key_tags_pos[] = $matches[0][1];
- } else {
- $key_tags_pos[] = null;
- }
- }
- // no opening head tag
- if (is_null($key_tags_pos[1])) {
- return array();
- }
- // the effective </head> is the min of the following
- if (is_null($key_tags_pos[2])) {
- $key_tags_pos[2] = strlen($html_string);
- }
- foreach (array($key_tags_pos[3], $key_tags_pos[4]) as $pos) {
- if (!is_null($pos) && $pos < $key_tags_pos[2]) {
- $key_tags_pos[2] = $pos;
- }
- }
- // closing head tag comes before opening head tag
- if ($key_tags_pos[1] > $key_tags_pos[2]) {
- return array();
- }
- // if there is an opening html tag, make sure the opening head tag
- // comes after it
- if (!is_null($key_tags_pos[0]) && $key_tags_pos[1] < $key_tags_pos[0]) {
- return array();
- }
- $html_string = substr($html_string, $key_tags_pos[1],
- ($key_tags_pos[2]-$key_tags_pos[1]));
-
- $link_data = array();
- $link_matches = array();
-
- if (!preg_match_all($this->tagPattern('meta', false, 'maybe'),
- $html_string, $link_matches)) {
- return array();
- }
-
- foreach ($link_matches[0] as $link) {
- $attr_matches = array();
- preg_match_all($this->_attr_find, $link, $attr_matches);
- $link_attrs = array();
- foreach ($attr_matches[0] as $index => $full_match) {
- $name = $attr_matches[1][$index];
- $value = $this->replaceEntities(
- $this->removeQuotes($attr_matches[2][$index]));
-
- $link_attrs[strtolower($name)] = $value;
- }
- $link_data[] = $link_attrs;
- }
-
- return $link_data;
- }
-
- /**
- * Looks for a META tag with an "http-equiv" attribute whose value
- * is one of ("x-xrds-location", "x-yadis-location"), ignoring
- * case. If such a META tag is found, its "content" attribute
- * value is returned.
- *
- * @param string $html_string An HTML document in string format
- * @return mixed $content The "content" attribute value of the
- * META tag, if found, or null if no such tag was found.
- */
- function getHTTPEquiv($html_string)
- {
- $meta_tags = $this->getMetaTags($html_string);
-
- if ($meta_tags) {
- foreach ($meta_tags as $tag) {
- if (array_key_exists('http-equiv', $tag) &&
- (in_array(strtolower($tag['http-equiv']),
- array('x-xrds-location', 'x-yadis-location'))) &&
- array_key_exists('content', $tag)) {
- return $tag['content'];
- }
- }
- }
-
- return null;
- }
-}
-
-
--- a/lib/openid-php/Auth/Yadis/PlainHTTPFetcher.php
+++ /dev/null
@@ -1,249 +1,1 @@
-<?php
-/**
- * This module contains the plain non-curl HTTP fetcher
- * implementation.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * Interface import
- */
-require_once "Auth/Yadis/HTTPFetcher.php";
-
-/**
- * This class implements a plain, hand-built socket-based fetcher
- * which will be used in the event that CURL is unavailable.
- *
- * @package OpenID
- */
-class Auth_Yadis_PlainHTTPFetcher extends Auth_Yadis_HTTPFetcher {
- /**
- * Does this fetcher support SSL URLs?
- */
- function supportsSSL()
- {
- return function_exists('openssl_open');
- }
-
- function get($url, $extra_headers = null)
- {
- if (!$this->canFetchURL($url)) {
- return null;
- }
-
- $redir = true;
-
- $stop = time() + $this->timeout;
- $off = $this->timeout;
-
- while ($redir && ($off > 0)) {
-
- $parts = parse_url($url);
-
- $specify_port = true;
-
- // Set a default port.
- if (!array_key_exists('port', $parts)) {
- $specify_port = false;
- if ($parts['scheme'] == 'http') {
- $parts['port'] = 80;
- } elseif ($parts['scheme'] == 'https') {
- $parts['port'] = 443;
- } else {
- return null;
- }
- }
-
- if (!array_key_exists('path', $parts)) {
- $parts['path'] = '/';
- }
-
- $host = $parts['host'];
-
- if ($parts['scheme'] == 'https') {
- $host = 'ssl://' . $host;
- }
-
- $user_agent = Auth_OpenID_USER_AGENT;
-
- $headers = array(
- "GET ".$parts['path'].
- (array_key_exists('query', $parts) ?
- "?".$parts['query'] : "").
- " HTTP/1.0",
- "User-Agent: $user_agent",
- "Host: ".$parts['host'].
- ($specify_port ? ":".$parts['port'] : ""),
- "Port: ".$parts['port']);
-
- $errno = 0;
- $errstr = '';
-
- if ($extra_headers) {
- foreach ($extra_headers as $h) {
- $headers[] = $h;
- }
- }
-
- @$sock = fsockopen($host, $parts['port'], $errno, $errstr,
- $this->timeout);
- if ($sock === false) {
- return false;
- }
-
- stream_set_timeout($sock, $this->timeout);
-
- fputs($sock, implode("\r\n", $headers) . "\r\n\r\n");
-
- $data = "";
- $kilobytes = 0;
- while (!feof($sock) &&
- $kilobytes < Auth_OpenID_FETCHER_MAX_RESPONSE_KB ) {
- $data .= fgets($sock, 1024);
- $kilobytes += 1;
- }
-
- fclose($sock);
-
- // Split response into header and body sections
- list($headers, $body) = explode("\r\n\r\n", $data, 2);
- $headers = explode("\r\n", $headers);
-
- $http_code = explode(" ", $headers[0]);
- $code = $http_code[1];
-
- if (in_array($code, array('301', '302'))) {
- $url = $this->_findRedirect($headers, $url);
- $redir = true;
- } else {
- $redir = false;
- }
-
- $off = $stop - time();
- }
-
- $new_headers = array();
-
- foreach ($headers as $header) {
- if (preg_match("/:/", $header)) {
- $parts = explode(": ", $header, 2);
-
- if (count($parts) == 2) {
- list($name, $value) = $parts;
- $new_headers[$name] = $value;
- }
- }
-
- }
-
- return new Auth_Yadis_HTTPResponse($url, $code, $new_headers, $body);
- }
-
- function post($url, $body, $extra_headers = null)
- {
- if (!$this->canFetchURL($url)) {
- return null;
- }
-
- $parts = parse_url($url);
-
- $headers = array();
-
- $post_path = $parts['path'];
- if (isset($parts['query'])) {
- $post_path .= '?' . $parts['query'];
- }
-
- $headers[] = "POST ".$post_path." HTTP/1.0";
- $headers[] = "Host: " . $parts['host'];
- $headers[] = "Content-type: application/x-www-form-urlencoded";
- $headers[] = "Content-length: " . strval(strlen($body));
-
- if ($extra_headers &&
- is_array($extra_headers)) {
- $headers = array_merge($headers, $extra_headers);
- }
-
- // Join all headers together.
- $all_headers = implode("\r\n", $headers);
-
- // Add headers, two newlines, and request body.
- $request = $all_headers . "\r\n\r\n" . $body;
-
- // Set a default port.
- if (!array_key_exists('port', $parts)) {
- if ($parts['scheme'] == 'http') {
- $parts['port'] = 80;
- } elseif ($parts['scheme'] == 'https') {
- $parts['port'] = 443;
- } else {
- return null;
- }
- }
-
- if ($parts['scheme'] == 'https') {
- $parts['host'] = sprintf("ssl://%s", $parts['host']);
- }
-
- // Connect to the remote server.
- $errno = 0;
- $errstr = '';
-
- $sock = fsockopen($parts['host'], $parts['port'], $errno, $errstr,
- $this->timeout);
-
- if ($sock === false) {
- return null;
- }
-
- stream_set_timeout($sock, $this->timeout);
-
- // Write the POST request.
- fputs($sock, $request);
-
- // Get the response from the server.
- $response = "";
- while (!feof($sock)) {
- if ($data = fgets($sock, 128)) {
- $response .= $data;
- } else {
- break;
- }
- }
-
- // Split the request into headers and body.
- list($headers, $response_body) = explode("\r\n\r\n", $response, 2);
-
- $headers = explode("\r\n", $headers);
-
- // Expect the first line of the headers data to be something
- // like HTTP/1.1 200 OK. Split the line on spaces and take
- // the second token, which should be the return code.
- $http_code = explode(" ", $headers[0]);
- $code = $http_code[1];
-
- $new_headers = array();
-
- foreach ($headers as $header) {
- if (preg_match("/:/", $header)) {
- list($name, $value) = explode(": ", $header, 2);
- $new_headers[$name] = $value;
- }
-
- }
-
- return new Auth_Yadis_HTTPResponse($url, $code,
- $new_headers, $response_body);
- }
-}
-
-
--- a/lib/openid-php/Auth/Yadis/XML.php
+++ /dev/null
@@ -1,353 +1,1 @@
-<?php
-/**
- * XML-parsing classes to wrap the domxml and DOM extensions for PHP 4
- * and 5, respectively.
- *
- * @package OpenID
- */
-
-/**
- * The base class for wrappers for available PHP XML-parsing
- * extensions. To work with this Yadis library, subclasses of this
- * class MUST implement the API as defined in the remarks for this
- * class. Subclasses of Auth_Yadis_XMLParser are used to wrap
- * particular PHP XML extensions such as 'domxml'. These are used
- * internally by the library depending on the availability of
- * supported PHP XML extensions.
- *
- * @package OpenID
- */
-class Auth_Yadis_XMLParser {
- /**
- * Initialize an instance of Auth_Yadis_XMLParser with some
- * XML and namespaces. This SHOULD NOT be overridden by
- * subclasses.
- *
- * @param string $xml_string A string of XML to be parsed.
- * @param array $namespace_map An array of ($ns_name => $ns_uri)
- * to be registered with the XML parser. May be empty.
- * @return boolean $result True if the initialization and
- * namespace registration(s) succeeded; false otherwise.
- */
- function init($xml_string, $namespace_map)
- {
- if (!$this->setXML($xml_string)) {
- return false;
- }
-
- foreach ($namespace_map as $prefix => $uri) {
- if (!$this->registerNamespace($prefix, $uri)) {
- return false;
- }
- }
-
- return true;
- }
-
- /**
- * Register a namespace with the XML parser. This should be
- * overridden by subclasses.
- *
- * @param string $prefix The namespace prefix to appear in XML tag
- * names.
- *
- * @param string $uri The namespace URI to be used to identify the
- * namespace in the XML.
- *
- * @return boolean $result True if the registration succeeded;
- * false otherwise.
- */
- function registerNamespace($prefix, $uri)
- {
- // Not implemented.
- }
-
- /**
- * Set this parser object's XML payload. This should be
- * overridden by subclasses.
- *
- * @param string $xml_string The XML string to pass to this
- * object's XML parser.
- *
- * @return boolean $result True if the initialization succeeded;
- * false otherwise.
- */
- function setXML($xml_string)
- {
- // Not implemented.
- }
-
- /**
- * Evaluate an XPath expression and return the resulting node
- * list. This should be overridden by subclasses.
- *
- * @param string $xpath The XPath expression to be evaluated.
- *
- * @param mixed $node A node object resulting from a previous
- * evalXPath call. This node, if specified, provides the context
- * for the evaluation of this xpath expression.
- *
- * @return array $node_list An array of matching opaque node
- * objects to be used with other methods of this parser class.
- */
- function &evalXPath($xpath, $node = null)
- {
- // Not implemented.
- }
-
- /**
- * Return the textual content of a specified node.
- *
- * @param mixed $node A node object from a previous call to
- * $this->evalXPath().
- *
- * @return string $content The content of this node.
- */
- function content($node)
- {
- // Not implemented.
- }
-
- /**
- * Return the attributes of a specified node.
- *
- * @param mixed $node A node object from a previous call to
- * $this->evalXPath().
- *
- * @return array $attrs An array mapping attribute names to
- * values.
- */
- function attributes($node)
- {
- // Not implemented.
- }
-}
-
-/**
- * This concrete implementation of Auth_Yadis_XMLParser implements
- * the appropriate API for the 'domxml' extension which is typically
- * packaged with PHP 4. This class will be used whenever the 'domxml'
- * extension is detected. See the Auth_Yadis_XMLParser class for
- * details on this class's methods.
- *
- * @package OpenID
- */
-class Auth_Yadis_domxml extends Auth_Yadis_XMLParser {
- function Auth_Yadis_domxml()
- {
- $this->xml = null;
- $this->doc = null;
- $this->xpath = null;
- $this->errors = array();
- }
-
- function setXML($xml_string)
- {
- $this->xml = $xml_string;
- $this->doc = @domxml_open_mem($xml_string, DOMXML_LOAD_PARSING,
- $this->errors);
-
- if (!$this->doc) {
- return false;
- }
-
- $this->xpath = $this->doc->xpath_new_context();
-
- return true;
- }
-
- function registerNamespace($prefix, $uri)
- {
- return xpath_register_ns($this->xpath, $prefix, $uri);
- }
-
- function &evalXPath($xpath, $node = null)
- {
- if ($node) {
- $result = @$this->xpath->xpath_eval($xpath, $node);
- } else {
- $result = @$this->xpath->xpath_eval($xpath);
- }
-
- if (!$result) {
- $n = array();
- return $n;
- }
-
- if (!$result->nodeset) {
- $n = array();
- return $n;
- }
-
- return $result->nodeset;
- }
-
- function content($node)
- {
- if ($node) {
- return $node->get_content();
- }
- }
-
- function attributes($node)
- {
- if ($node) {
- $arr = $node->attributes();
- $result = array();
-
- if ($arr) {
- foreach ($arr as $attrnode) {
- $result[$attrnode->name] = $attrnode->value;
- }
- }
-
- return $result;
- }
- }
-}
-
-/**
- * This concrete implementation of Auth_Yadis_XMLParser implements
- * the appropriate API for the 'dom' extension which is typically
- * packaged with PHP 5. This class will be used whenever the 'dom'
- * extension is detected. See the Auth_Yadis_XMLParser class for
- * details on this class's methods.
- *
- * @package OpenID
- */
-class Auth_Yadis_dom extends Auth_Yadis_XMLParser {
- function Auth_Yadis_dom()
- {
- $this->xml = null;
- $this->doc = null;
- $this->xpath = null;
- $this->errors = array();
- }
-
- function setXML($xml_string)
- {
- $this->xml = $xml_string;
- $this->doc = new DOMDocument;
-
- if (!$this->doc) {
- return false;
- }
-
- if (!@$this->doc->loadXML($xml_string)) {
- return false;
- }
-
- $this->xpath = new DOMXPath($this->doc);
-
- if ($this->xpath) {
- return true;
- } else {
- return false;
- }
- }
-
- function registerNamespace($prefix, $uri)
- {
- return $this->xpath->registerNamespace($prefix, $uri);
- }
-
- function &evalXPath($xpath, $node = null)
- {
- if ($node) {
- $result = @$this->xpath->query($xpath, $node);
- } else {
- $result = @$this->xpath->query($xpath);
- }
-
- $n = array();
-
- if (!$result) {
- return $n;
- }
-
- for ($i = 0; $i < $result->length; $i++) {
- $n[] = $result->item($i);
- }
-
- return $n;
- }
-
- function content($node)
- {
- if ($node) {
- return $node->textContent;
- }
- }
-
- function attributes($node)
- {
- if ($node) {
- $arr = $node->attributes;
- $result = array();
-
- if ($arr) {
- for ($i = 0; $i < $arr->length; $i++) {
- $node = $arr->item($i);
- $result[$node->nodeName] = $node->nodeValue;
- }
- }
-
- return $result;
- }
- }
-}
-
-global $__Auth_Yadis_defaultParser;
-$__Auth_Yadis_defaultParser = null;
-
-/**
- * Set a default parser to override the extension-driven selection of
- * available parser classes. This is helpful in a test environment or
- * one in which multiple parsers can be used but one is more
- * desirable.
- *
- * @param Auth_Yadis_XMLParser $parser An instance of a
- * Auth_Yadis_XMLParser subclass.
- */
-function Auth_Yadis_setDefaultParser($parser)
-{
- global $__Auth_Yadis_defaultParser;
- $__Auth_Yadis_defaultParser = $parser;
-}
-
-function Auth_Yadis_getSupportedExtensions()
-{
- return array('dom' => 'Auth_Yadis_dom',
- 'domxml' => 'Auth_Yadis_domxml');
-}
-
-/**
- * Returns an instance of a Auth_Yadis_XMLParser subclass based on
- * the availability of PHP extensions for XML parsing. If
- * Auth_Yadis_setDefaultParser has been called, the parser used in
- * that call will be returned instead.
- */
-function Auth_Yadis_getXMLParser()
-{
- global $__Auth_Yadis_defaultParser;
-
- if (isset($__Auth_Yadis_defaultParser)) {
- return $__Auth_Yadis_defaultParser;
- }
-
- foreach(Auth_Yadis_getSupportedExtensions() as $extension => $classname)
- {
- if (extension_loaded($extension))
- {
- $p = new $classname();
- Auth_Yadis_setDefaultParser($p);
- return $p;
- }
- }
-
- return false;
-}
-
-
-
--- a/lib/openid-php/Auth/Yadis/XRI.php
+++ /dev/null
@@ -1,235 +1,1 @@
-<?php
-/**
- * Routines for XRI resolution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-require_once 'Auth/Yadis/Misc.php';
-require_once 'Auth/Yadis/Yadis.php';
-require_once 'Auth/OpenID.php';
-
-function Auth_Yadis_getDefaultProxy()
-{
- return 'http://xri.net/';
-}
-
-function Auth_Yadis_getXRIAuthorities()
-{
- return array('!', '=', '@', '+', '$', '(');
-}
-
-function Auth_Yadis_getEscapeRE()
-{
- $parts = array();
- foreach (array_merge(Auth_Yadis_getUCSChars(),
- Auth_Yadis_getIPrivateChars()) as $pair) {
- list($m, $n) = $pair;
- $parts[] = sprintf("%s-%s", chr($m), chr($n));
- }
-
- return sprintf('/[%s]/', implode('', $parts));
-}
-
-function Auth_Yadis_getXrefRE()
-{
- return '/\((.*?)\)/';
-}
-
-function Auth_Yadis_identifierScheme($identifier)
-{
- if (Auth_Yadis_startswith($identifier, 'xri://') ||
- ($identifier &&
- in_array($identifier[0], Auth_Yadis_getXRIAuthorities()))) {
- return "XRI";
- } else {
- return "URI";
- }
-}
-
-function Auth_Yadis_toIRINormal($xri)
-{
- if (!Auth_Yadis_startswith($xri, 'xri://')) {
- $xri = 'xri://' . $xri;
- }
-
- return Auth_Yadis_escapeForIRI($xri);
-}
-
-function _escape_xref($xref_match)
-{
- $xref = $xref_match[0];
- $xref = str_replace('/', '%2F', $xref);
- $xref = str_replace('?', '%3F', $xref);
- $xref = str_replace('#', '%23', $xref);
- return $xref;
-}
-
-function Auth_Yadis_escapeForIRI($xri)
-{
- $xri = str_replace('%', '%25', $xri);
- $xri = preg_replace_callback(Auth_Yadis_getXrefRE(),
- '_escape_xref', $xri);
- return $xri;
-}
-
-function Auth_Yadis_toURINormal($xri)
-{
- return Auth_Yadis_iriToURI(Auth_Yadis_toIRINormal($xri));
-}
-
-function Auth_Yadis_iriToURI($iri)
-{
- if (1) {
- return $iri;
- } else {
- // According to RFC 3987, section 3.1, "Mapping of IRIs to URIs"
- return preg_replace_callback(Auth_Yadis_getEscapeRE(),
- 'Auth_Yadis_pct_escape_unicode', $iri);
- }
-}
-
-
-function Auth_Yadis_XRIAppendArgs($url, $args)
-{
- // Append some arguments to an HTTP query. Yes, this is just like
- // OpenID's appendArgs, but with special seasoning for XRI
- // queries.
-
- if (count($args) == 0) {
- return $url;
- }
-
- // Non-empty array; if it is an array of arrays, use multisort;
- // otherwise use sort.
- if (array_key_exists(0, $args) &&
- is_array($args[0])) {
- // Do nothing here.
- } else {
- $keys = array_keys($args);
- sort($keys);
- $new_args = array();
- foreach ($keys as $key) {
- $new_args[] = array($key, $args[$key]);
- }
- $args = $new_args;
- }
-
- // According to XRI Resolution section "QXRI query parameters":
- //
- // "If the original QXRI had a null query component (only a
- // leading question mark), or a query component consisting of
- // only question marks, one additional leading question mark MUST
- // be added when adding any XRI resolution parameters."
- if (strpos(rtrim($url, '?'), '?') !== false) {
- $sep = '&';
- } else {
- $sep = '?';
- }
-
- return $url . $sep . Auth_OpenID::httpBuildQuery($args);
-}
-
-function Auth_Yadis_providerIsAuthoritative($providerID, $canonicalID)
-{
- $lastbang = strrpos($canonicalID, '!');
- $p = substr($canonicalID, 0, $lastbang);
- return $p == $providerID;
-}
-
-function Auth_Yadis_rootAuthority($xri)
-{
- // Return the root authority for an XRI.
-
- $root = null;
-
- if (Auth_Yadis_startswith($xri, 'xri://')) {
- $xri = substr($xri, 6);
- }
-
- $authority = explode('/', $xri, 2);
- $authority = $authority[0];
- if ($authority[0] == '(') {
- // Cross-reference.
- // XXX: This is incorrect if someone nests cross-references so
- // there is another close-paren in there. Hopefully nobody
- // does that before we have a real xriparse function.
- // Hopefully nobody does that *ever*.
- $root = substr($authority, 0, strpos($authority, ')') + 1);
- } else if (in_array($authority[0], Auth_Yadis_getXRIAuthorities())) {
- // Other XRI reference.
- $root = $authority[0];
- } else {
- // IRI reference.
- $_segments = explode("!", $authority);
- $segments = array();
- foreach ($_segments as $s) {
- $segments = array_merge($segments, explode("*", $s));
- }
- $root = $segments[0];
- }
-
- return Auth_Yadis_XRI($root);
-}
-
-function Auth_Yadis_XRI($xri)
-{
- if (!Auth_Yadis_startswith($xri, 'xri://')) {
- $xri = 'xri://' . $xri;
- }
- return $xri;
-}
-
-function Auth_Yadis_getCanonicalID($iname, $xrds)
-{
- // Returns false or a canonical ID value.
-
- // Now nodes are in reverse order.
- $xrd_list = array_reverse($xrds->allXrdNodes);
- $parser = $xrds->parser;
- $node = $xrd_list[0];
-
- $canonicalID_nodes = $parser->evalXPath('xrd:CanonicalID', $node);
-
- if (!$canonicalID_nodes) {
- return false;
- }
-
- $canonicalID = $canonicalID_nodes[0];
- $canonicalID = Auth_Yadis_XRI($parser->content($canonicalID));
-
- $childID = $canonicalID;
-
- for ($i = 1; $i < count($xrd_list); $i++) {
- $xrd = $xrd_list[$i];
-
- $parent_sought = substr($childID, 0, strrpos($childID, '!'));
- $parentCID = $parser->evalXPath('xrd:CanonicalID', $xrd);
- if (!$parentCID) {
- return false;
- }
- $parentCID = Auth_Yadis_XRI($parser->content($parentCID[0]));
-
- if (strcasecmp($parent_sought, $parentCID)) {
- // raise XRDSFraud.
- return false;
- }
-
- $childID = $parent_sought;
- }
-
- $root = Auth_Yadis_rootAuthority($iname);
- if (!Auth_Yadis_providerIsAuthoritative($root, $childID)) {
- // raise XRDSFraud.
- return false;
- }
-
- return $canonicalID;
-}
-
-
-
--- a/lib/openid-php/Auth/Yadis/XRIRes.php
+++ /dev/null
@@ -1,73 +1,1 @@
-<?php
-/**
- * Code for using a proxy XRI resolver.
- */
-
-require_once 'Auth/Yadis/XRDS.php';
-require_once 'Auth/Yadis/XRI.php';
-
-class Auth_Yadis_ProxyResolver {
- function Auth_Yadis_ProxyResolver($fetcher, $proxy_url = null)
- {
- $this->fetcher = $fetcher;
- $this->proxy_url = $proxy_url;
- if (!$this->proxy_url) {
- $this->proxy_url = Auth_Yadis_getDefaultProxy();
- }
- }
-
- function queryURL($xri, $service_type = null)
- {
- // trim off the xri:// prefix
- $qxri = substr(Auth_Yadis_toURINormal($xri), 6);
- $hxri = $this->proxy_url . $qxri;
- $args = array(
- '_xrd_r' => 'application/xrds+xml'
- );
-
- if ($service_type) {
- $args['_xrd_t'] = $service_type;
- } else {
- // Don't perform service endpoint selection.
- $args['_xrd_r'] .= ';sep=false';
- }
-
- $query = Auth_Yadis_XRIAppendArgs($hxri, $args);
- return $query;
- }
-
- function query($xri, $service_types, $filters = array())
- {
- $services = array();
- $canonicalID = null;
- foreach ($service_types as $service_type) {
- $url = $this->queryURL($xri, $service_type);
- $response = $this->fetcher->get($url);
- if ($response->status != 200 and $response->status != 206) {
- continue;
- }
- $xrds = Auth_Yadis_XRDS::parseXRDS($response->body);
- if (!$xrds) {
- continue;
- }
- $canonicalID = Auth_Yadis_getCanonicalID($xri,
- $xrds);
-
- if ($canonicalID === false) {
- return null;
- }
-
- $some_services = $xrds->services($filters);
- $services = array_merge($services, $some_services);
- // TODO:
- // * If we do get hits for multiple service_types, we're
- // almost certainly going to have duplicated service
- // entries and broken priority ordering.
- }
- return array($canonicalID, $services);
- }
-}
-
-
-
--- a/lib/openid-php/Auth/Yadis/Yadis.php
+++ /dev/null
@@ -1,383 +1,1 @@
-<?php
-/**
- * The core PHP Yadis implementation.
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @package OpenID
- * @author JanRain, Inc. <openid@janrain.com>
- * @copyright 2005-2008 Janrain, Inc.
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
- */
-
-/**
- * Need both fetcher types so we can use the right one based on the
- * presence or absence of CURL.
- */
-require_once "Auth/Yadis/PlainHTTPFetcher.php";
-require_once "Auth/Yadis/ParanoidHTTPFetcher.php";
-
-/**
- * Need this for parsing HTML (looking for META tags).
- */
-require_once "Auth/Yadis/ParseHTML.php";
-
-/**
- * Need this to parse the XRDS document during Yadis discovery.
- */
-require_once "Auth/Yadis/XRDS.php";
-
-/**
- * XRDS (yadis) content type
- */
-define('Auth_Yadis_CONTENT_TYPE', 'application/xrds+xml');
-
-/**
- * Yadis header
- */
-define('Auth_Yadis_HEADER_NAME', 'X-XRDS-Location');
-
-/**
- * Contains the result of performing Yadis discovery on a URI.
- *
- * @package OpenID
- */
-class Auth_Yadis_DiscoveryResult {
-
- // The URI that was passed to the fetcher
- var $request_uri = null;
-
- // The result of following redirects from the request_uri
- var $normalized_uri = null;
-
- // The URI from which the response text was returned (set to
- // None if there was no XRDS document found)
- var $xrds_uri = null;
-
- var $xrds = null;
-
- // The content-type returned with the response_text
- var $content_type = null;
-
- // The document returned from the xrds_uri
- var $response_text = null;
-
- // Did the discovery fail miserably?
- var $failed = false;
-
- function Auth_Yadis_DiscoveryResult($request_uri)
- {
- // Initialize the state of the object
- // sets all attributes to None except the request_uri
- $this->request_uri = $request_uri;
- }
-
- function fail()
- {
- $this->failed = true;
- }
-
- function isFailure()
- {
- return $this->failed;
- }
-
- /**
- * Returns the list of service objects as described by the XRDS
- * document, if this yadis object represents a successful Yadis
- * discovery.
- *
- * @return array $services An array of {@link Auth_Yadis_Service}
- * objects
- */
- function services()
- {
- if ($this->xrds) {
- return $this->xrds->services();
- }
-
- return null;
- }
-
- function usedYadisLocation()
- {
- // Was the Yadis protocol's indirection used?
- return ($this->xrds_uri && $this->normalized_uri != $this->xrds_uri);
- }
-
- function isXRDS()
- {
- // Is the response text supposed to be an XRDS document?
- return ($this->usedYadisLocation() ||
- $this->content_type == Auth_Yadis_CONTENT_TYPE);
- }
-}
-
-/**
- *
- * Perform the Yadis protocol on the input URL and return an iterable
- * of resulting endpoint objects.
- *
- * input_url: The URL on which to perform the Yadis protocol
- *
- * @return: The normalized identity URL and an iterable of endpoint
- * objects generated by the filter function.
- *
- * xrds_parse_func: a callback which will take (uri, xrds_text) and
- * return an array of service endpoint objects or null. Usually
- * array('Auth_OpenID_ServiceEndpoint', 'fromXRDS').
- *
- * discover_func: if not null, a callback which should take (uri) and
- * return an Auth_Yadis_Yadis object or null.
- */
-function Auth_Yadis_getServiceEndpoints($input_url, $xrds_parse_func,
- $discover_func=null, $fetcher=null)
-{
- if ($discover_func === null) {
- $discover_function = array('Auth_Yadis_Yadis', 'discover');
- }
-
- $yadis_result = call_user_func_array($discover_func,
- array($input_url, &$fetcher));
-
- if ($yadis_result === null) {
- return array($input_url, array());
- }
-
- $endpoints = call_user_func_array($xrds_parse_func,
- array($yadis_result->normalized_uri,
- $yadis_result->response_text));
-
- if ($endpoints === null) {
- $endpoints = array();
- }
-
- return array($yadis_result->normalized_uri, $endpoints);
-}
-
-/**
- * This is the core of the PHP Yadis library. This is the only class
- * a user needs to use to perform Yadis discovery. This class
- * performs the discovery AND stores the result of the discovery.
- *
- * First, require this library into your program source:
- *
- * <pre> require_once "Auth/Yadis/Yadis.php";</pre>
- *
- * To perform Yadis discovery, first call the "discover" method
- * statically with a URI parameter:
- *
- * <pre> $http_response = array();
- * $fetcher = Auth_Yadis_Yadis::getHTTPFetcher();
- * $yadis_object = Auth_Yadis_Yadis::discover($uri,
- * $http_response, $fetcher);</pre>
- *
- * If the discovery succeeds, $yadis_object will be an instance of
- * {@link Auth_Yadis_Yadis}. If not, it will be null. The XRDS
- * document found during discovery should have service descriptions,
- * which can be accessed by calling
- *
- * <pre> $service_list = $yadis_object->services();</pre>
- *
- * which returns an array of objects which describe each service.
- * These objects are instances of Auth_Yadis_Service. Each object
- * describes exactly one whole Service element, complete with all of
- * its Types and URIs (no expansion is performed). The common use
- * case for using the service objects returned by services() is to
- * write one or more filter functions and pass those to services():
- *
- * <pre> $service_list = $yadis_object->services(
- * array("filterByURI",
- * "filterByExtension"));</pre>
- *
- * The filter functions (whose names appear in the array passed to
- * services()) take the following form:
- *
- * <pre> function myFilter($service) {
- * // Query $service object here. Return true if the service
- * // matches your query; false if not.
- * }</pre>
- *
- * This is an example of a filter which uses a regular expression to
- * match the content of URI tags (note that the Auth_Yadis_Service
- * class provides a getURIs() method which you should use instead of
- * this contrived example):
- *
- * <pre>
- * function URIMatcher($service) {
- * foreach ($service->getElements('xrd:URI') as $uri) {
- * if (preg_match("/some_pattern/",
- * $service->parser->content($uri))) {
- * return true;
- * }
- * }
- * return false;
- * }</pre>
- *
- * The filter functions you pass will be called for each service
- * object to determine which ones match the criteria your filters
- * specify. The default behavior is that if a given service object
- * matches ANY of the filters specified in the services() call, it
- * will be returned. You can specify that a given service object will
- * be returned ONLY if it matches ALL specified filters by changing
- * the match mode of services():
- *
- * <pre> $yadis_object->services(array("filter1", "filter2"),
- * SERVICES_YADIS_MATCH_ALL);</pre>
- *
- * See {@link SERVICES_YADIS_MATCH_ALL} and {@link
- * SERVICES_YADIS_MATCH_ANY}.
- *
- * Services described in an XRDS should have a library which you'll
- * probably be using. Those libraries are responsible for defining
- * filters that can be used with the "services()" call. If you need
- * to write your own filter, see the documentation for {@link
- * Auth_Yadis_Service}.
- *
- * @package OpenID
- */
-class Auth_Yadis_Yadis {
-
- /**
- * Returns an HTTP fetcher object. If the CURL extension is
- * present, an instance of {@link Auth_Yadis_ParanoidHTTPFetcher}
- * is returned. If not, an instance of
- * {@link Auth_Yadis_PlainHTTPFetcher} is returned.
- *
- * If Auth_Yadis_CURL_OVERRIDE is defined, this method will always
- * return a {@link Auth_Yadis_PlainHTTPFetcher}.
- */
- static function getHTTPFetcher($timeout = 20)
- {
- if (Auth_Yadis_Yadis::curlPresent() &&
- (!defined('Auth_Yadis_CURL_OVERRIDE'))) {
- $fetcher = new Auth_Yadis_ParanoidHTTPFetcher($timeout);
- } else {
- $fetcher = new Auth_Yadis_PlainHTTPFetcher($timeout);
- }
- return $fetcher;
- }
-
- static function curlPresent()
- {
- return function_exists('curl_init');
- }
-
- /**
- * @access private
- */
- static function _getHeader($header_list, $names)
- {
- foreach ($header_list as $name => $value) {
- foreach ($names as $n) {
- if (strtolower($name) == strtolower($n)) {
- return $value;
- }
- }
- }
-
- return null;
- }
-
- /**
- * @access private
- */
- static function _getContentType($content_type_header)
- {
- if ($content_type_header) {
- $parts = explode(";", $content_type_header);
- return strtolower($parts[0]);
- }
- }
-
- /**
- * This should be called statically and will build a Yadis
- * instance if the discovery process succeeds. This implements
- * Yadis discovery as specified in the Yadis specification.
- *
- * @param string $uri The URI on which to perform Yadis discovery.
- *
- * @param array $http_response An array reference where the HTTP
- * response object will be stored (see {@link
- * Auth_Yadis_HTTPResponse}.
- *
- * @param Auth_Yadis_HTTPFetcher $fetcher An instance of a
- * Auth_Yadis_HTTPFetcher subclass.
- *
- * @param array $extra_ns_map An array which maps namespace names
- * to namespace URIs to be used when parsing the Yadis XRDS
- * document.
- *
- * @param integer $timeout An optional fetcher timeout, in seconds.
- *
- * @return mixed $obj Either null or an instance of
- * Auth_Yadis_Yadis, depending on whether the discovery
- * succeeded.
- */
- static function discover($uri, $fetcher,
- $extra_ns_map = null, $timeout = 20)
- {
- $result = new Auth_Yadis_DiscoveryResult($uri);
-
- $request_uri = $uri;
- $headers = array("Accept: " . Auth_Yadis_CONTENT_TYPE .
- ', text/html; q=0.3, application/xhtml+xml; q=0.5');
-
- if ($fetcher === null) {
- $fetcher = Auth_Yadis_Yadis::getHTTPFetcher($timeout);
- }
-
- $response = $fetcher->get($uri, $headers);
-
- if (!$response || ($response->status != 200 and
- $response->status != 206)) {
- $result->fail();
- return $result;
- }
-
- $result->normalized_uri = $response->final_url;
- $result->content_type = Auth_Yadis_Yadis::_getHeader(
- $response->headers,
- array('content-type'));
-
- if ($result->content_type &&
- (Auth_Yadis_Yadis::_getContentType($result->content_type) ==
- Auth_Yadis_CONTENT_TYPE)) {
- $result->xrds_uri = $result->normalized_uri;
- } else {
- $yadis_location = Auth_Yadis_Yadis::_getHeader(
- $response->headers,
- array(Auth_Yadis_HEADER_NAME));
-
- if (!$yadis_location) {
- $parser = new Auth_Yadis_ParseHTML();
- $yadis_location = $parser->getHTTPEquiv($response->body);
- }
-
- if ($yadis_location) {
- $result->xrds_uri = $yadis_location;
-
- $response = $fetcher->get($yadis_location);
-
- if ((!$response) || ($response->status != 200 and
- $response->status != 206)) {
- $result->fail();
- return $result;
- }
-
- $result->content_type = Auth_Yadis_Yadis::_getHeader(
- $response->headers,
- array('content-type'));
- }
- }
-
- $result->response_text = $response->body;
- return $result;
- }
-}
-
-
-
--- /dev/null
+++ b/lib/openid.php
@@ -1,1 +1,782 @@
-
+<?php
+/**
+ * This class provides a simple interface for OpenID (1.1 and 2.0) authentication.
+ * Supports Yadis discovery.
+ * The authentication process is stateless/dumb.
+ *
+ * Usage:
+ * Sign-on with OpenID is a two step process:
+ * Step one is authentication with the provider:
+ * <code>
+ * $openid = new LightOpenID('my-host.example.org');
+ * $openid->identity = 'ID supplied by user';
+ * header('Location: ' . $openid->authUrl());
+ * </code>
+ * The provider then sends various parameters via GET, one of them is openid_mode.
+ * Step two is verification:
+ * <code>
+ * if ($this->data['openid_mode']) {
+ * $openid = new LightOpenID('my-host.example.org');
+ * echo $openid->validate() ? 'Logged in.' : 'Failed';
+ * }
+ * </code>
+ *
+ * Change the 'my-host.example.org' to your domain name. Do NOT use $_SERVER['HTTP_HOST']
+ * for that, unless you know what you are doing.
+ *
+ * Optionally, you can set $returnUrl and $realm (or $trustRoot, which is an alias).
+ * The default values for those are:
+ * $openid->realm = (!empty($_SERVER['HTTPS']) ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'];
+ * $openid->returnUrl = $openid->realm . $_SERVER['REQUEST_URI'];
+ * If you don't know their meaning, refer to any openid tutorial, or specification. Or just guess.
+ *
+ * AX and SREG extensions are supported.
+ * To use them, specify $openid->required and/or $openid->optional before calling $openid->authUrl().
+ * These are arrays, with values being AX schema paths (the 'path' part of the URL).
+ * For example:
+ * $openid->required = array('namePerson/friendly', 'contact/email');
+ * $openid->optional = array('namePerson/first');
+ * If the server supports only SREG or OpenID 1.1, these are automaticaly
+ * mapped to SREG names, so that user doesn't have to know anything about the server.
+ *
+ * To get the values, use $openid->getAttributes().
+ *
+ *
+ * The library requires PHP >= 5.1.2 with curl or http/https stream wrappers enabled.
+ * @author Mewp
+ * @copyright Copyright (c) 2010, Mewp
+ * @license http://www.opensource.org/licenses/mit-license.php MIT
+ */
+class LightOpenID
+{
+ public $returnUrl
+ , $required = array()
+ , $optional = array()
+ , $verify_peer = null
+ , $capath = null
+ , $cainfo = null
+ , $data;
+ private $identity, $claimed_id;
+ protected $server, $version, $trustRoot, $aliases, $identifier_select = false
+ , $ax = false, $sreg = false, $setup_url = null;
+ static protected $ax_to_sreg = array(
+ 'namePerson/friendly' => 'nickname',
+ 'contact/email' => 'email',
+ 'namePerson' => 'fullname',
+ 'birthDate' => 'dob',
+ 'person/gender' => 'gender',
+ 'contact/postalCode/home' => 'postcode',
+ 'contact/country/home' => 'country',
+ 'pref/language' => 'language',
+ 'pref/timezone' => 'timezone',
+ );
+
+ function __construct($host)
+ {
+ $this->trustRoot = (strpos($host, '://') ? $host : 'http://' . $host);
+ if ((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off')
+ || (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])
+ && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
+ ) {
+ $this->trustRoot = (strpos($host, '://') ? $host : 'https://' . $host);
+ }
+
+ if(($host_end = strpos($this->trustRoot, '/', 8)) !== false) {
+ $this->trustRoot = substr($this->trustRoot, 0, $host_end);
+ }
+
+ $uri = rtrim(preg_replace('#((?<=\?)|&)openid\.[^&]+#', '', $_SERVER['REQUEST_URI']), '?');
+ $this->returnUrl = $this->trustRoot . $uri;
+
+ $this->data = ($_SERVER['REQUEST_METHOD'] === 'POST') ? $_POST : $_GET;
+
+ if(!function_exists('curl_init') && !in_array('https', stream_get_wrappers())) {
+ throw new ErrorException('You must have either https wrappers or curl enabled.');
+ }
+ }
+
+ function __set($name, $value)
+ {
+ switch ($name) {
+ case 'identity':
+ if (strlen($value = trim((String) $value))) {
+ if (preg_match('#^xri:/*#i', $value, $m)) {
+ $value = substr($value, strlen($m[0]));
+ } elseif (!preg_match('/^(?:[=@+\$!\(]|https?:)/i', $value)) {
+ $value = "http://$value";
+ }
+ if (preg_match('#^https?://[^/]+$#i', $value, $m)) {
+ $value .= '/';
+ }
+ }
+ $this->$name = $this->claimed_id = $value;
+ break;
+ case 'trustRoot':
+ case 'realm':
+ $this->trustRoot = trim($value);
+ }
+ }
+
+ function __get($name)
+ {
+ switch ($name) {
+ case 'identity':
+ # We return claimed_id instead of identity,
+ # because the developer should see the claimed identifier,
+ # i.e. what he set as identity, not the op-local identifier (which is what we verify)
+ return $this->claimed_id;
+ case 'trustRoot':
+ case 'realm':
+ return $this->trustRoot;
+ case 'mode':
+ return empty($this->data['openid_mode']) ? null : $this->data['openid_mode'];
+ }
+ }
+
+ /**
+ * Checks if the server specified in the url exists.
+ *
+ * @param $url url to check
+ * @return true, if the server exists; false otherwise
+ */
+ function hostExists($url)
+ {
+ if (strpos($url, '/') === false) {
+ $server = $url;
+ } else {
+ $server = @parse_url($url, PHP_URL_HOST);
+ }
+
+ if (!$server) {
+ return false;
+ }
+
+ return !!gethostbynamel($server);
+ }
+
+ protected function request_curl($url, $method='GET', $params=array())
+ {
+ $params = http_build_query($params, '', '&');
+ $curl = curl_init($url . ($method == 'GET' && $params ? '?' . $params : ''));
+ curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
+ curl_setopt($curl, CURLOPT_HEADER, false);
+ curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
+ curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
+ curl_setopt($curl, CURLOPT_HTTPHEADER, array('Accept: application/xrds+xml, */*'));
+
+ if($this->verify_peer !== null) {
+ curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, $this->verify_peer);
+ if($this->capath) {
+ curl_setopt($curl, CURLOPT_CAPATH, $this->capath);
+ }
+
+ if($this->cainfo) {
+ curl_setopt($curl, CURLOPT_CAINFO, $this->cainfo);
+ }
+ }
+
+ if ($method == 'POST') {
+ curl_setopt($curl, CURLOPT_POST, true);
+ curl_setopt($curl, CURLOPT_POSTFIELDS, $params);
+ } elseif ($method == 'HEAD') {
+ curl_setopt($curl, CURLOPT_HEADER, true);
+ curl_setopt($curl, CURLOPT_NOBODY, true);
+ } else {
+ curl_setopt($curl, CURLOPT_HTTPGET, true);
+ }
+ $response = curl_exec($curl);
+
+ if($method == 'HEAD') {
+ $headers = array();
+ foreach(explode("\n", $response) as $header) {
+ $pos = strpos($header,':');
+ $name = strtolower(trim(substr($header, 0, $pos)));
+ $headers[$name] = trim(substr($header, $pos+1));
+ }
+
+ # Updating claimed_id in case of redirections.
+ $effective_url = curl_getinfo($curl, CURLINFO_EFFECTIVE_URL);
+ if($effective_url != $url) {
+ $this->identity = $this->claimed_id = $effective_url;
+ }
+
+ return $headers;
+ }
+
+ if (curl_errno($curl)) {
+ throw new ErrorException(curl_error($curl), curl_errno($curl));
+ }
+
+ return $response;
+ }
+
+ protected function request_streams($url, $method='GET', $params=array())
+ {
+ if(!$this->hostExists($url)) {
+ throw new ErrorException("Could not connect to $url.", 404);
+ }
+
+ $params = http_build_query($params, '', '&');
+ switch($method) {
+ case 'GET':
+ $opts = array(
+ 'http' => array(
+ 'method' => 'GET',
+ 'header' => 'Accept: application/xrds+xml, */*',
+ 'ignore_errors' => true,
+ ), 'ssl' => array(
+ 'CN_match' => parse_url($url, PHP_URL_HOST),
+ ),
+ );
+ $url = $url . ($params ? '?' . $params : '');
+ break;
+ case 'POST':
+ $opts = array(
+ 'http' => array(
+ 'method' => 'POST',
+ 'header' => 'Content-type: application/x-www-form-urlencoded',
+ 'content' => $params,
+ 'ignore_errors' => true,
+ ), 'ssl' => array(
+ 'CN_match' => parse_url($url, PHP_URL_HOST),
+ ),
+ );
+ break;
+ case 'HEAD':
+ # We want to send a HEAD request,
+ # but since get_headers doesn't accept $context parameter,
+ # we have to change the defaults.
+ $default = stream_context_get_options(stream_context_get_default());
+ stream_context_get_default(
+ array(
+ 'http' => array(
+ 'method' => 'HEAD',
+ 'header' => 'Accept: application/xrds+xml, */*',
+ 'ignore_errors' => true,
+ ), 'ssl' => array(
+ 'CN_match' => parse_url($url, PHP_URL_HOST),
+ ),
+ )
+ );
+
+ $url = $url . ($params ? '?' . $params : '');
+ $headers_tmp = get_headers ($url);
+ if(!$headers_tmp) {
+ return array();
+ }
+
+ # Parsing headers.
+ $headers = array();
+ foreach($headers_tmp as $header) {
+ $pos = strpos($header,':');
+ $name = strtolower(trim(substr($header, 0, $pos)));
+ $headers[$name] = trim(substr($header, $pos+1));
+
+ # Following possible redirections. The point is just to have
+ # claimed_id change with them, because get_headers() will
+ # follow redirections automatically.
+ # We ignore redirections with relative paths.
+ # If any known provider uses them, file a bug report.
+ if($name == 'location') {
+ if(strpos($headers[$name], 'http') === 0) {
+ $this->identity = $this->claimed_id = $headers[$name];
+ } elseif($headers[$name][0] == '/') {
+ $parsed_url = parse_url($this->claimed_id);
+ $this->identity =
+ $this->claimed_id = $parsed_url['scheme'] . '://'
+ . $parsed_url['host']
+ . $headers[$name];
+ }
+ }
+ }
+
+ # And restore them.
+ stream_context_get_default($default);
+ return $headers;
+ }
+
+ if($this->verify_peer) {
+ $opts['ssl'] += array(
+ 'verify_peer' => true,
+ 'capath' => $this->capath,
+ 'cafile' => $this->cainfo,
+ );
+ }
+
+ $context = stream_context_create ($opts);
+
+ return file_get_contents($url, false, $context);
+ }
+
+ protected function request($url, $method='GET', $params=array())
+ {
+ if (function_exists('curl_init')
+ && (!in_array('https', stream_get_wrappers()) || !ini_get('safe_mode') && !ini_get('open_basedir'))
+ ) {
+ return $this->request_curl($url, $method, $params);
+ }
+ return $this->request_streams($url, $method, $params);
+ }
+
+ protected function build_url($url, $parts)
+ {
+ if (isset($url['query'], $parts['query'])) {
+ $parts['query'] = $url['query'] . '&' . $parts['query'];
+ }
+
+ $url = $parts + $url;
+ $url = $url['scheme'] . '://'
+ . (empty($url['username'])?''
+ :(empty($url['password'])? "{$url['username']}@"
+ :"{$url['username']}:{$url['password']}@"))
+ . $url['host']
+ . (empty($url['port'])?'':":{$url['port']}")
+ . (empty($url['path'])?'':$url['path'])
+ . (empty($url['query'])?'':"?{$url['query']}")
+ . (empty($url['fragment'])?'':"#{$url['fragment']}");
+ return $url;
+ }
+
+ /**
+ * Helper function used to scan for <meta>/<link> tags and extract information
+ * from them
+ */
+ protected function htmlTag($content, $tag, $attrName, $attrValue, $valueName)
+ {
+ preg_match_all("#<{$tag}[^>]*$attrName=['\"].*?$attrValue.*?['\"][^>]*$valueName=['\"](.+?)['\"][^>]*/?>#i", $content, $matches1);
+ preg_match_all("#<{$tag}[^>]*$valueName=['\"](.+?)['\"][^>]*$attrName=['\"].*?$attrValue.*?['\"][^>]*/?>#i", $content, $matches2);
+
+ $result = array_merge($matches1[1], $matches2[1]);
+ return empty($result)?false:$result[0];
+ }
+
+ /**
+ * Performs Yadis and HTML discovery. Normally not used.
+ * @param $url Identity URL.
+ * @return String OP Endpoint (i.e. OpenID provider address).
+ * @throws ErrorException
+ */
+ function discover($url)
+ {
+ if (!$url) throw new ErrorException('No identity supplied.');
+ # Use xri.net proxy to resolve i-name identities
+ if (!preg_match('#^https?:#', $url)) {
+ $url = "https://xri.net/$url";
+ }
+
+ # We save the original url in case of Yadis discovery failure.
+ # It can happen when we'll be lead to an XRDS document
+ # which does not have any OpenID2 services.
+ $originalUrl = $url;
+
+ # A flag to disable yadis discovery in case of failure in headers.
+ $yadis = true;
+
+ # We'll jump a maximum of 5 times, to avoid endless redirections.
+ for ($i = 0; $i < 5; $i ++) {
+ if ($yadis) {
+ $headers = $this->request($url, 'HEAD');
+
+ $next = false;
+ if (isset($headers['x-xrds-location'])) {
+ $url = $this->build_url(parse_url($url), parse_url(trim($headers['x-xrds-location'])));
+ $next = true;
+ }
+
+ if (isset($headers['content-type'])
+ && (strpos($headers['content-type'], 'application/xrds+xml') !== false
+ || strpos($headers['content-type'], 'text/xml') !== false)
+ ) {
+ # Apparently, some providers return XRDS documents as text/html.
+ # While it is against the spec, allowing this here shouldn't break
+ # compatibility with anything.
+ # ---
+ # Found an XRDS document, now let's find the server, and optionally delegate.
+ $content = $this->request($url, 'GET');
+
+ preg_match_all('#<Service.*?>(.*?)</Service>#s', $content, $m);
+ foreach($m[1] as $content) {
+ $content = ' ' . $content; # The space is added, so that strpos doesn't return 0.
+
+ # OpenID 2
+ $ns = preg_quote('http://specs.openid.net/auth/2.0/');
+ if(preg_match('#<Type>\s*'.$ns.'(server|signon)\s*</Type>#s', $content, $type)) {
+ if ($type[1] == 'server') $this->identifier_select = true;
+
+ preg_match('#<URI.*?>(.*)</URI>#', $content, $server);
+ preg_match('#<(Local|Canonical)ID>(.*)</\1ID>#', $content, $delegate);
+ if (empty($server)) {
+ return false;
+ }
+ # Does the server advertise support for either AX or SREG?
+ $this->ax = (bool) strpos($content, '<Type>http://openid.net/srv/ax/1.0</Type>');
+ $this->sreg = strpos($content, '<Type>http://openid.net/sreg/1.0</Type>')
+ || strpos($content, '<Type>http://openid.net/extensions/sreg/1.1</Type>');
+
+ $server = $server[1];
+ if (isset($delegate[2])) $this->identity = trim($delegate[2]);
+ $this->version = 2;
+
+ $this->server = $server;
+ return $server;
+ }
+
+ # OpenID 1.1
+ $ns = preg_quote('http://openid.net/signon/1.1');
+ if (preg_match('#<Type>\s*'.$ns.'\s*</Type>#s', $content)) {
+
+ preg_match('#<URI.*?>(.*)</URI>#', $content, $server);
+ preg_match('#<.*?Delegate>(.*)</.*?Delegate>#', $content, $delegate);
+ if (empty($server)) {
+ return false;
+ }
+ # AX can be used only with OpenID 2.0, so checking only SREG
+ $this->sreg = strpos($content, '<Type>http://openid.net/sreg/1.0</Type>')
+ || strpos($content, '<Type>http://openid.net/extensions/sreg/1.1</Type>');
+
+ $server = $server[1];
+ if (isset($delegate[1])) $this->identity = $delegate[1];
+ $this->version = 1;
+
+ $this->server = $server;
+ return $server;
+ }
+ }
+
+ $next = true;
+ $yadis = false;
+ $url = $originalUrl;
+ $content = null;
+ break;
+ }
+ if ($next) continue;
+
+ # There are no relevant information in headers, so we search the body.
+ $content = $this->request($url, 'GET');
+ $location = $this->htmlTag($content, 'meta', 'http-equiv', 'X-XRDS-Location', 'content');
+ if ($location) {
+ $url = $this->build_url(parse_url($url), parse_url($location));
+ continue;
+ }
+ }
+
+ if (!$content) $content = $this->request($url, 'GET');
+
+ # At this point, the YADIS Discovery has failed, so we'll switch
+ # to openid2 HTML discovery, then fallback to openid 1.1 discovery.
+ $server = $this->htmlTag($content, 'link', 'rel', 'openid2.provider', 'href');
+ $delegate = $this->htmlTag($content, 'link', 'rel', 'openid2.local_id', 'href');
+ $this->version = 2;
+
+ if (!$server) {
+ # The same with openid 1.1
+ $server = $this->htmlTag($content, 'link', 'rel', 'openid.server', 'href');
+ $delegate = $this->htmlTag($content, 'link', 'rel', 'openid.delegate', 'href');
+ $this->version = 1;
+ }
+
+ if ($server) {
+ # We found an OpenID2 OP Endpoint
+ if ($delegate) {
+ # We have also found an OP-Local ID.
+ $this->identity = $delegate;
+ }
+ $this->server = $server;
+ return $server;
+ }
+
+ throw new ErrorException("No OpenID Server found at $url", 404);
+ }
+ throw new ErrorException('Endless redirection!', 500);
+ }
+
+ protected function sregParams()
+ {
+ $params = array();
+ # We always use SREG 1.1, even if the server is advertising only support for 1.0.
+ # That's because it's fully backwards compatibile with 1.0, and some providers
+ # advertise 1.0 even if they accept only 1.1. One such provider is myopenid.com
+ $params['openid.ns.sreg'] = 'http://openid.net/extensions/sreg/1.1';
+ if ($this->required) {
+ $params['openid.sreg.required'] = array();
+ foreach ($this->required as $required) {
+ if (!isset(self::$ax_to_sreg[$required])) continue;
+ $params['openid.sreg.required'][] = self::$ax_to_sreg[$required];
+ }
+ $params['openid.sreg.required'] = implode(',', $params['openid.sreg.required']);
+ }
+
+ if ($this->optional) {
+ $params['openid.sreg.optional'] = array();
+ foreach ($this->optional as $optional) {
+ if (!isset(self::$ax_to_sreg[$optional])) continue;
+ $params['openid.sreg.optional'][] = self::$ax_to_sreg[$optional];
+ }
+ $params['openid.sreg.optional'] = implode(',', $params['openid.sreg.optional']);
+ }
+ return $params;
+ }
+
+ protected function axParams()
+ {
+ $params = array();
+ if ($this->required || $this->optional) {
+ $params['openid.ns.ax'] = 'http://openid.net/srv/ax/1.0';
+ $params['openid.ax.mode'] = 'fetch_request';
+ $this->aliases = array();
+ $counts = array();
+ $required = array();
+ $optional = array();
+ foreach (array('required','optional') as $type) {
+ foreach ($this->$type as $alias => $field) {
+ if (is_int($alias)) $alias = strtr($field, '/', '_');
+ $this->aliases[$alias] = 'http://axschema.org/' . $field;
+ if (empty($counts[$alias])) $counts[$alias] = 0;
+ $counts[$alias] += 1;
+ ${$type}[] = $alias;
+ }
+ }
+ foreach ($this->aliases as $alias => $ns) {
+ $params['openid.ax.type.' . $alias] = $ns;
+ }
+ foreach ($counts as $alias => $count) {
+ if ($count == 1) continue;
+ $params['openid.ax.count.' . $alias] = $count;
+ }
+
+ # Don't send empty ax.requied and ax.if_available.
+ # Google and possibly other providers refuse to support ax when one of these is empty.
+ if($required) {
+ $params['openid.ax.required'] = implode(',', $required);
+ }
+ if($optional) {
+ $params['openid.ax.if_available'] = implode(',', $optional);
+ }
+ }
+ return $params;
+ }
+
+ protected function authUrl_v1($immediate)
+ {
+ $returnUrl = $this->returnUrl;
+ # If we have an openid.delegate that is different from our claimed id,
+ # we need to somehow preserve the claimed id between requests.
+ # The simplest way is to just send it along with the return_to url.
+ if($this->identity != $this->claimed_id) {
+ $returnUrl .= (strpos($returnUrl, '?') ? '&' : '?') . 'openid.claimed_id=' . $this->claimed_id;
+ }
+
+ $params = array(
+ 'openid.return_to' => $returnUrl,
+ 'openid.mode' => $immediate ? 'checkid_immediate' : 'checkid_setup',
+ 'openid.identity' => $this->identity,
+ 'openid.trust_root' => $this->trustRoot,
+ ) + $this->sregParams();
+
+ return $this->build_url(parse_url($this->server)
+ , array('query' => http_build_query($params, '', '&')));
+ }
+
+ protected function authUrl_v2($immediate)
+ {
+ $params = array(
+ 'openid.ns' => 'http://specs.openid.net/auth/2.0',
+ 'openid.mode' => $immediate ? 'checkid_immediate' : 'checkid_setup',
+ 'openid.return_to' => $this->returnUrl,
+ 'openid.realm' => $this->trustRoot,
+ );
+ if ($this->ax) {
+ $params += $this->axParams();
+ }
+ if ($this->sreg) {
+ $params += $this->sregParams();
+ }
+ if (!$this->ax && !$this->sreg) {
+ # If OP doesn't advertise either SREG, nor AX, let's send them both
+ # in worst case we don't get anything in return.
+ $params += $this->axParams() + $this->sregParams();
+ }
+
+ if ($this->identifier_select) {
+ $params['openid.identity'] = $params['openid.claimed_id']
+ = 'http://specs.openid.net/auth/2.0/identifier_select';
+ } else {
+ $params['openid.identity'] = $this->identity;
+ $params['openid.claimed_id'] = $this->claimed_id;
+ }
+
+ return $this->build_url(parse_url($this->server)
+ , array('query' => http_build_query($params, '', '&')));
+ }
+
+ /**
+ * Returns authentication url. Usually, you want to redirect your user to it.
+ * @return String The authentication url.
+ * @param String $select_identifier Whether to request OP to select identity for an user in OpenID 2. Does not affect OpenID 1.
+ * @throws ErrorException
+ */
+ function authUrl($immediate = false)
+ {
+ if ($this->setup_url && !$immediate) return $this->setup_url;
+ if (!$this->server) $this->discover($this->identity);
+
+ if ($this->version == 2) {
+ return $this->authUrl_v2($immediate);
+ }
+ return $this->authUrl_v1($immediate);
+ }
+
+ /**
+ * Performs OpenID verification with the OP.
+ * @return Bool Whether the verification was successful.
+ * @throws ErrorException
+ */
+ function validate()
+ {
+ # If the request was using immediate mode, a failure may be reported
+ # by presenting user_setup_url (for 1.1) or reporting
+ # mode 'setup_needed' (for 2.0). Also catching all modes other than
+ # id_res, in order to avoid throwing errors.
+ if(isset($this->data['openid_user_setup_url'])) {
+ $this->setup_url = $this->data['openid_user_setup_url'];
+ return false;
+ }
+ if($this->mode != 'id_res') {
+ return false;
+ }
+
+ $this->claimed_id = isset($this->data['openid_claimed_id'])?$this->data['openid_claimed_id']:$this->data['openid_identity'];
+ $params = array(
+ 'openid.assoc_handle' => $this->data['openid_assoc_handle'],
+ 'openid.signed' => $this->data['openid_signed'],
+ 'openid.sig' => $this->data['openid_sig'],
+ );
+
+ if (isset($this->data['openid_ns'])) {
+ # We're dealing with an OpenID 2.0 server, so let's set an ns
+ # Even though we should know location of the endpoint,
+ # we still need to verify it by discovery, so $server is not set here
+ $params['openid.ns'] = 'http://specs.openid.net/auth/2.0';
+ } elseif (isset($this->data['openid_claimed_id'])
+ && $this->data['openid_claimed_id'] != $this->data['openid_identity']
+ ) {
+ # If it's an OpenID 1 provider, and we've got claimed_id,
+ # we have to append it to the returnUrl, like authUrl_v1 does.
+ $this->returnUrl .= (strpos($this->returnUrl, '?') ? '&' : '?')
+ . 'openid.claimed_id=' . $this->claimed_id;
+ }
+
+ if ($this->data['openid_return_to'] != $this->returnUrl) {
+ # The return_to url must match the url of current request.
+ # I'm assuing that noone will set the returnUrl to something that doesn't make sense.
+ return false;
+ }
+
+ $server = $this->discover($this->claimed_id);
+
+ foreach (explode(',', $this->data['openid_signed']) as $item) {
+ # Checking whether magic_quotes_gpc is turned on, because
+ # the function may fail if it is. For example, when fetching
+ # AX namePerson, it might containg an apostrophe, which will be escaped.
+ # In such case, validation would fail, since we'd send different data than OP
+ # wants to verify. stripslashes() should solve that problem, but we can't
+ # use it when magic_quotes is off.
+ $value = $this->data['openid_' . str_replace('.','_',$item)];
+ $params['openid.' . $item] = get_magic_quotes_gpc() ? stripslashes($value) : $value;
+
+ }
+
+ $params['openid.mode'] = 'check_authentication';
+
+ $response = $this->request($server, 'POST', $params);
+
+ return preg_match('/is_valid\s*:\s*true/i', $response);
+ }
+
+ protected function getAxAttributes()
+ {
+ $alias = null;
+ if (isset($this->data['openid_ns_ax'])
+ && $this->data['openid_ns_ax'] != 'http://openid.net/srv/ax/1.0'
+ ) { # It's the most likely case, so we'll check it before
+ $alias = 'ax';
+ } else {
+ # 'ax' prefix is either undefined, or points to another extension,
+ # so we search for another prefix
+ foreach ($this->data as $key => $val) {
+ if (substr($key, 0, strlen('openid_ns_')) == 'openid_ns_'
+ && $val == 'http://openid.net/srv/ax/1.0'
+ ) {
+ $alias = substr($key, strlen('openid_ns_'));
+ break;
+ }
+ }
+ }
+ if (!$alias) {
+ # An alias for AX schema has not been found,
+ # so there is no AX data in the OP's response
+ return array();
+ }
+
+ $attributes = array();
+ foreach (explode(',', $this->data['openid_signed']) as $key) {
+ $keyMatch = $alias . '.value.';
+ if (substr($key, 0, strlen($keyMatch)) != $keyMatch) {
+ continue;
+ }
+ $key = substr($key, strlen($keyMatch));
+ if (!isset($this->data['openid_' . $alias . '_type_' . $key])) {
+ # OP is breaking the spec by returning a field without
+ # associated ns. This shouldn't happen, but it's better
+ # to check, than cause an E_NOTICE.
+ continue;
+ }
+ $value = $this->data['openid_' . $alias . '_value_' . $key];
+ $key = substr($this->data['openid_' . $alias . '_type_' . $key],
+ strlen('http://axschema.org/'));
+
+ $attributes[$key] = $value;
+ }
+ return $attributes;
+ }
+
+ protected function getSregAttributes()
+ {
+ $attributes = array();
+ $sreg_to_ax = array_flip(self::$ax_to_sreg);
+ foreach (explode(',', $this->data['openid_signed']) as $key) {
+ $keyMatch = 'sreg.';
+ if (substr($key, 0, strlen($keyMatch)) != $keyMatch) {
+ continue;
+ }
+ $key = substr($key, strlen($keyMatch));
+ if (!isset($sreg_to_ax[$key])) {
+ # The field name isn't part of the SREG spec, so we ignore it.
+ continue;
+ }
+ $attributes[$sreg_to_ax[$key]] = $this->data['openid_sreg_' . $key];
+ }
+ return $attributes;
+ }
+
+ /**
+ * Gets AX/SREG attributes provided by OP. should be used only after successful validaton.
+ * Note that it does not guarantee that any of the required/optional parameters will be present,
+ * or that there will be no other attributes besides those specified.
+ * In other words. OP may provide whatever information it wants to.
+ * * SREG names will be mapped to AX names.
+ * * @return Array Array of attributes with keys being the AX schema names, e.g. 'contact/email'
+ * @see http://www.axschema.org/types/
+ */
+ function getAttributes()
+ {
+ if (isset($this->data['openid_ns'])
+ && $this->data['openid_ns'] == 'http://specs.openid.net/auth/2.0'
+ ) { # OpenID 2.0
+ # We search for both AX and SREG attributes, with AX taking precedence.
+ return $this->getAxAttributes() + $this->getSregAttributes();
+ }
+ return $this->getSregAttributes();
+ }
+}
+
--- a/lib/staticmaplite/.gitignore
+++ /dev/null
@@ -1,4 +1,1 @@
-cache/tiles
-cache/map
-cache/maps
--- a/lib/staticmaplite/images/markers/GPlotter - Make Google Maps Easily.URL
+++ /dev/null
@@ -1,3 +1,1 @@
-[InternetShortcut]
-URL=http://gplotter.offwhite.net/
--- a/lib/staticmaplite/images/markers/Google Maps Icons, Free!.URL
+++ /dev/null
@@ -1,3 +1,1 @@
-[InternetShortcut]
-URL=http://brennan.offwhite.net/blog/2005/07/23/new-google-maps-icons-free/
Binary files a/lib/staticmaplite/images/markers/Thumbs.db and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconb.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconb1.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconb10.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconb11.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconb12.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconb13.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconb14.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconb15.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconb16.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconb17.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconb18.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconb19.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconb2.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconb20.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconb21.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconb22.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconb23.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconb24.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconb25.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconb3.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconb4.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconb5.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconb6.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconb7.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconb8.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconb9.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/icong.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/icong1.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/icong10.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/icong11.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/icong12.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/icong13.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/icong14.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/icong15.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/icong16.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/icong17.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/icong18.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/icong19.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/icong2.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/icong20.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/icong21.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/icong22.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/icong23.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/icong24.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/icong25.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/icong3.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/icong4.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/icong5.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/icong6.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/icong7.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/icong8.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/icong9.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconr.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconr1.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconr10.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconr11.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconr12.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconr13.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconr14.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconr15.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconr16.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconr17.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconr18.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconr19.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconr2.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconr20.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconr21.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconr22.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconr23.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconr24.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconr25.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconr3.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconr4.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconr5.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconr6.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconr7.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconr8.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/iconr9.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/icons.psd and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/lightblue1.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/lightblue2.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/lightblue3.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/lightblue4.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/lightblue5.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/ol-marker-blue.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/ol-marker-gold.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/ol-marker-green.png and /dev/null differ
Binary files a/lib/staticmaplite/images/markers/ol-marker.png and /dev/null differ
Binary files a/lib/staticmaplite/images/osm_logo.png and /dev/null differ
--- a/lib/staticmaplite/index.html
+++ /dev/null
@@ -1,122 +1,1 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de-de" lang="de-de">
-<head>
- <!--
- CSS based on template of Dandelion wiki engine by Radomir Dopieralski who released this
- template under the terms of GNU GPL. http://dandelion.sheep.art.pl/
- -->
- <meta http-equiv="content-type" content="text/html; charset=utf-8" />
- <title>staticMapLite</title>
- <style type="text/css">
-html{font:96% sans-serif;color:#000;background:#f7f7f7;line-height:1.4;}
-body{color:#333;}
-#wrapper{margin:auto;width:60em;position:relative;}
-#header{padding:0px 0px 7px 0px; height: 1em;}
-#header h1 { float:left; width: 40%; }
-#content{background:white;padding:1em;border:1px solid #e0d78a;outline:0.5em solid #fef4a4; margin:0.5em 0;padding:20px;min-height:20em;}
-h1{margin-top:0px;}
-h1,h2,h3,h4,h5,h6{letter-spacing:0.05em;color:#1474CA;font-weight:normal;}
-h1 a:hover,h2 a:hover,h3 a:hover,h4 a:hover,h5 a:hover,h6 a:hover{text-decoration:none;}
-a{color:#1474CA;text-decoration:none;}
-a:visited{color:#1474CA;}
-a.pending{color:#c174a0;}
-a:hover{text-decoration:underline;}
-a img{border:none;}
-input,textarea{font-size:94%;border:1px solid #999;background:#fff;color:#666;outline:0.2em solid #eee;padding:0px;line-height:1.2;margin:0.5em;vertical-align:middle;}
-textarea{display:block;margin:0.5em auto;width:100%;}
-pre{outline:0.4em solid #eee;padding:0.5em;margin:0.5em;border:1px solid #e0d78a;background:#fef4a4;color:#644e22;}
-img{border:1px solid #ccc;outline:0.25em solid #eee;padding:0.25em;margin:0.25em 0 0.25em 0.5em;background:#fff;}
-hr{height:0;border:none;color:#fff;background:transparent;border-bottom:1px solid #ccc; margin:0.5em 0;}
-#diff {outline:none;border:none;}
-#diff ins{color:green;text-decoration:none;font-weight:bold;}
-#diff del{color:red;text-decoration:line-through;}
-#diff{background:#fff;line-height:1.25;padding:1em;white-space:pre-wrap;word-wrap:break-word; white-space:-moz-pre-wrap;white-space:-pre-wrap;white-space:-o-pre-wrap;width:97%;}
-hr{margin:10px 0 10px 0;height:0px;overflow:hidden;border:0px;border-top:2px solid #ccc;}
-.error{color:#F25A5A;font-weight:bold;}
-form{display:inline;}
-#contentTextarea{height:44em;}
-#toc{margin:5px 0 5px 10px;padding:6px 5px 7px 0px;float:right;list-style:none;outline:0.4em solid #eee;background:#fef4a4;border:1px solid #e0d78a;}
-#toc ul{list-style:none;padding:3px 0 3px 10px;}
-#toc li{font-size:11px;padding-left:10px;}
-#toc ul li{font-size:10px;}
-#toc ul ul li{font-size:9px;}
-#toc ul ul ul li{font-size:8px;}
-#toc ul ul ul ul li{font-size:7px;}
-.pageVersionsList{letter-spacing:0px;font-variant:normal;font-size:12px;}
-#renameForm{float:left;}
-.clear{clear:both;}
-.tagList{padding:0.2em 0.4em 0.2em 0.4em;margin-top:0.5em;border:1px dashed #e0d78a;background:#fef4a4;color:#644e22;}
-.tagCloud{float:right;width:200px;padding:0.5em;margin:1em;border:1px dashed #e0d78a;background:#fef4a4;color:#644e22;}
-#fileTable{border-collapse:collapse;}
-#fileTable td{border:1px solid #FEF4A4;padding:2px 6px 2px 6px;}
-h2 span.par-edit, h3 span.par-edit, h4 span.par-edit, h5 span.par-edit, h6 span.par-edit {display:none;}
-h2:hover span.par-edit, h3:hover span.par-edit, h4:hover span.par-edit, h5:hover span.par-edit, h6:hover span.par-edit {display:inline;font-size:x-small;}
-.comment-item { border:1px solid #999;color:#666;outline:0.2em solid #eee; }
-.resizeTextareaDiv { margin-top: 5px;}
-a.toolbarTextareaItem { padding-right: 10px; }
-a.external:after { content: "\2197";}
- </style>
- </head>
-<body>
- <div id="wrapper">
- <div id="header">
- </div>
- <div id="content">
-
- <div class="par-div">
- <h2>
- staticMapLite - simple map for your website
- </h2>
- <p>
- <img src="staticmap.php?center=40.714728,-73.998672&zoom=14&size=865x512&maptype=mapnik" width="865" height="512" /></p>
- <p>
- This image was created using the following simple <img> tag:
-<pre><img src="staticmap.php?center=40.714728,-73.998672&zoom=14&size=865x512&maptype=mapnik" /></pre>
- </p>
- </div>
- <hr />
- <div class="par-div">
- <h3>
- Place Markers
- </h3>
-
- <p>
- <img src="staticmap.php?center=40.714728,-73.998672&zoom=14&size=865x512&maptype=mapnik&markers=40.702147,-74.015794,lightblue1|40.711614,-74.012318,lightblue2|40.718217,-73.998284,lightblue3" width="865" height="512" />
-</p><p> Add markers by appending them to the image URL:
-<pre>markers=40.702147,-74.015794,lightblue1|40.711614,-74.012318,lightblue2|40.718217,-73.998284,lightblue3</pre>
- </p>
- </div>
- <hr />
- <div class="par-div">
- <h3>
- Use Different Map Styles (Tile Sources)
- </h3>
-
- <p>
- <div style="float:left; margin-right: 10px">
- <img src="staticmap.php?center=40.714728,-73.998672&zoom=14&size=256x256&maptype=mapnik" width="256" height="256" />
- <pre>maptype=mapnik</pre>
- </div>
- <div style="float:left; margin-right: 10px">
- <img src="staticmap.php?center=40.714728,-73.998672&zoom=14&size=256x256&maptype=osmarenderer" width="256" height="256" />
- <pre>maptype=osmarenderer</pre>
- </div>
- <div style="float:left; margin-right: 10px">
- <img src="staticmap.php?center=40.714728,-73.998672&zoom=14&size=256x256&maptype=cycle" width="256" height="256" />
- <pre>maptype=cycle</pre>
- </div>
- <br style="clear:both" />
- </p>
- </div>
-
- </div>
- <div id="footer">
- <div style="text-align:center;padding:7px;color:#ccc">
- sponsored by <a href="http://dfacts.de">dFacts Network</a>
- </div>
- </div>
-</div>
-</body>
-</html>
--- a/lib/staticmaplite/selinux-fix.sh
+++ /dev/null
@@ -1,3 +1,1 @@
-chcon -R -t httpd_sys_content_rw_t cache
-
--- a/lib/staticmaplite/staticmap.php
+++ /dev/null
@@ -1,273 +1,1 @@
-<?php
-/**
- * staticMapLite 0.02
- *
- * Copyright 2009 Gerhard Koch
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * @author Gerhard Koch <gerhard.koch AT ymail.com>
- *
- * USAGE:
- *
- * staticmap.php?center=40.714728,-73.998672&zoom=14&size=512x512&maptype=mapnik&markers=40.702147,-74.015794,blues|40.711614,-74.012318,greeng|40.718217,-73.998284,redc
- *
- */
-
-error_reporting(0);
-ini_set('display_errors','off');
-
-Class staticMapLite {
-
- protected $tileSize = 256;
- protected $tileSrcUrl = array( 'mapnik' => 'http://tile.openstreetmap.org/{Z}/{X}/{Y}.png',
- 'cloudmade' => 'http://b.tile.cloudmade.com/daa03470bb8740298d4b10e3f03d63e6/1/256/{Z}/{X}/{Y}.png',);
-
- protected $tileDefaultSrc = 'cloudmade';
- protected $markerBaseDir = 'images/markers';
- protected $osmLogo = 'images/osm_logo.png';
-
- protected $useTileCache = true;
- protected $tileCacheBaseDir = './cache/tiles';
-
- protected $useMapCache = true;
- protected $mapCacheBaseDir = './cache/maps';
- protected $mapCacheID = '';
- protected $mapCacheFile = '';
- protected $mapCacheExtension = 'png';
-
- protected $zoom, $lat, $lon, $width, $height, $markers, $image, $maptype;
- protected $centerX, $centerY, $offsetX, $offsetY;
-
- public function __construct(){
- $this->zoom = 0;
- $this->lat = 0;
- $this->lon = 0;
- $this->width = 500;
- $this->height = 350;
- $this->markers = array();
- $this->maptype = $this->tileDefaultSrc;
- }
-
- public function parseParams(){
- global $_GET;
-
- // get zoom from GET paramter
- $this->zoom = $_GET['zoom']?intval($_GET['zoom']):0;
- if($this->zoom>18)$this->zoom = 18;
-
- // get lat and lon from GET paramter
- list($this->lat,$this->lon) = split(',',$_GET['center']);
- $this->lat = floatval($this->lat);
- $this->lon = floatval($this->lon);
-
- // get zoom from GET paramter
- if($_GET['size']){
- list($this->width, $this->height) = split('x',$_GET['size']);
- $this->width = intval($this->width);
- $this->height = intval($this->height);
- }
- if($_GET['markers']){
- $markers = split('%7C|\|',$_GET['markers']);
- foreach($markers as $marker){
- list($markerLat, $markerLon, $markerImage) = split(',',$marker);
- $markerLat = floatval($markerLat);
- $markerLon = floatval($markerLon);
- $markerImage = basename($markerImage);
- $this->markers[] = array('lat'=>$markerLat, 'lon'=>$markerLon, 'image'=>$markerImage);
- }
-
- }
- if($_GET['maptype']){
- if(array_key_exists($_GET['maptype'],$this->tileSrcUrl)) $this->maptype = $_GET['maptype'];
- }
- }
-
- public function lonToTile($long, $zoom){
- return (($long + 180) / 360) * pow(2, $zoom);
- }
-
- public function latToTile($lat, $zoom){
- return (1 - log(tan($lat * pi()/180) + 1 / cos($lat* pi()/180)) / pi()) /2 * pow(2, $zoom);
- }
-
- public function initCoords(){
- $this->centerX = $this->lonToTile($this->lon, $this->zoom);
- $this->centerY = $this->latToTile($this->lat, $this->zoom);
- $this->offsetX = floor((floor($this->centerX)-$this->centerX)*$this->tileSize);
- $this->offsetY = floor((floor($this->centerY)-$this->centerY)*$this->tileSize);
- }
-
- public function createBaseMap(){
- $this->image = imagecreatetruecolor($this->width, $this->height);
- $startX = floor($this->centerX-($this->width/$this->tileSize)/2);
- $startY = floor($this->centerY-($this->height/$this->tileSize)/2);
- $endX = ceil($this->centerX+($this->width/$this->tileSize)/2);
- $endY = ceil($this->centerY+($this->height/$this->tileSize)/2);
- $this->offsetX = -floor(($this->centerX-floor($this->centerX))*$this->tileSize);
- $this->offsetY = -floor(($this->centerY-floor($this->centerY))*$this->tileSize);
- $this->offsetX += floor($this->width/2);
- $this->offsetY += floor($this->height/2);
- $this->offsetX += floor($startX-floor($this->centerX))*$this->tileSize;
- $this->offsetY += floor($startY-floor($this->centerY))*$this->tileSize;
-
- for($x=$startX; $x<=$endX; $x++){
- for($y=$startY; $y<=$endY; $y++){
- $url = str_replace(array('{Z}','{X}','{Y}'),array($this->zoom, $x, $y), $this->tileSrcUrl[$this->maptype]);
- $tileImage = imagecreatefromstring($this->fetchTile($url));
- $destX = ($x-$startX)*$this->tileSize+$this->offsetX;
- $destY = ($y-$startY)*$this->tileSize+$this->offsetY;
- imagecopy($this->image, $tileImage, $destX, $destY, 0, 0, $this->tileSize, $this->tileSize);
- }
- }
- }
-
-
- public function placeMarkers(){
- foreach($this->markers as $marker){
- $markerLat = $marker['lat'];
- $markerLon = $marker['lon'];
- $markerImage = $marker['image'];
- $markerIndex++;
- $markerFilename = $markerImage?(file_exists($this->markerBaseDir.'/'.$markerImage.".png")?$markerImage:'lightblue'.$markerIndex):'lightblue'.$markerIndex;
- if(file_exists($this->markerBaseDir.'/'.$markerFilename.".png")){
- $markerImg = imagecreatefrompng($this->markerBaseDir.'/'.$markerFilename.".png");
- } else {
- $markerImg = imagecreatefrompng($this->markerBaseDir.'/lightblue1.png');
- }
- $destX = floor(($this->width/2)-$this->tileSize*($this->centerX-$this->lonToTile($markerLon, $this->zoom)));
- $destY = floor(($this->height/2)-$this->tileSize*($this->centerY-$this->latToTile($markerLat, $this->zoom)));
- $destY = $destY - imagesy($markerImg);
-
- imagecopy($this->image, $markerImg, $destX, $destY, 0, 0, imagesx($markerImg), imagesy($markerImg));
-
- };
-}
-
-
-
- public function tileUrlToFilename($url){
- return $this->tileCacheBaseDir."/".str_replace(array('http://'),'',$url);
- }
-
- public function checkTileCache($url){
- $filename = $this->tileUrlToFilename($url);
- if(file_exists($filename)){
- return file_get_contents($filename);
- }
- }
-
- public function checkMapCache(){
- $this->mapCacheID = md5($this->serializeParams());
- $filename = $this->mapCacheIDToFilename();
- if(file_exists($filename)) return true;
- }
-
- public function serializeParams(){
- return join("&",array($this->zoom,$this->lat,$this->lon,$this->width,$this->height, serialize($this->markers),$this->maptype));
- }
-
- public function mapCacheIDToFilename(){
- if(!$this->mapCacheFile){
- $this->mapCacheFile = $this->mapCacheBaseDir."/".substr($this->mapCacheID,0,2)."/".substr($this->mapCacheID,2,2)."/".substr($this->mapCacheID,4);
- }
- return $this->mapCacheFile.".".$this->mapCacheExtension;
- }
-
-
-
- public function mkdir_recursive($pathname, $mode){
- return mkdir($pathname, $mode, true);
- }
- public function writeTileToCache($url, $data){
- $filename = $this->tileUrlToFilename($url);
- $this->mkdir_recursive(dirname($filename),0777);
- file_put_contents($filename, $data);
- }
-
- public function fetchTile($url){
- if($this->useTileCache && ($cached = $this->checkTileCache($url))) return $cached;
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0");
- curl_setopt($ch, CURLOPT_URL, $url);
- $tile = curl_exec($ch);
- curl_close($ch);
- if($this->useTileCache){
- $this->writeTileToCache($url,$tile);
- }
- return $tile;
-
- }
-
- public function copyrightNotice(){
- $logoImg = imagecreatefrompng($this->osmLogo);
- imagecopy($this->image, $logoImg, imagesx($this->image)-imagesx($logoImg), imagesy($this->image)-imagesy($logoImg), 0, 0, imagesx($logoImg), imagesy($logoImg));
-
- }
-
- public function sendHeader(){
- header('Content-Type: image/png');
- $expires = 60*60*24*14;
- header("Pragma: public");
- header("Cache-Control: maxage=".$expires);
- header('Expires: ' . gmdate('D, d M Y H:i:s', time()+$expires) . ' GMT');
- }
-
- public function makeMap(){
- $this->initCoords();
- $this->createBaseMap();
- if(count($this->markers))$this->placeMarkers();
- if($this->osmLogo) $this->copyrightNotice();
- }
-
- public function showMap(){
- $this->parseParams();
- if($this->useMapCache){
- // use map cache, so check cache for map
- if(!$this->checkMapCache()){
- // map is not in cache, needs to be build
- $this->makeMap();
- $this->mkdir_recursive(dirname($this->mapCacheIDToFilename()),0777);
- imagepng($this->image,$this->mapCacheIDToFilename(),9);
- $this->sendHeader();
- if(file_exists($this->mapCacheIDToFilename())){
- return file_get_contents($this->mapCacheIDToFilename());
- } else {
- return imagepng($this->image);
- }
- } else {
- // map is in cache
- $this->sendHeader();
- return file_get_contents($this->mapCacheIDToFilename());
- }
-
- } else {
- // no cache, make map, send headers and deliver png
- $this->makeMap();
- // $this->sendHeader();
- // do some extra compression
- imagetruecolortopalette($this->image, false, 256);
- return imagepng($this->image, 9, PNG_ALL_FILTERS);
-
- }
- }
-
-}
-
-$map = new staticMapLite();
-print $map->showMap();
-
-?>
-
--- a/myway/myway_api.json.php
+++ b/myway/myway_api.json.php
@@ -33,8 +33,8 @@
}
} */
//set POST variables
-$url = 'https://www.action.act.gov.au/ARTS/use_Funcs.asp';
-//$url = 'http://localhost/myway.htm';
+$url = 'https://www.transport.act.gov.au/ARTS/use_Funcs.asp';
+//$url = 'http://localhost/myway.html';
$field_mapping = Array(
"card_number" => "SRNO",
"DOBmonth" => "month",
@@ -81,7 +81,7 @@
curl_setopt($ch, CURLOPT_POST, count($fields));
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($ch, CURLOPT_REFERER, "https://www.action.act.gov.au/ARTS/getbalance.asp");
+ curl_setopt($ch, CURLOPT_REFERER, "https://www.transport.act.gov.au/ARTS/getbalance.asp");
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
//execute post
@@ -90,6 +90,39 @@
$return["error"][] = "Network error " . curl_errno($ch) . " " . curl_error($ch) . " " . $url . $fields_string;
//close connection
curl_close($ch);
+}
+
+function parseTable($table,$tableName) {
+ global $return;
+ $tableColumns = Array();
+ $tableColumnNum = 0;
+ foreach ($table->find("th") as $th) {
+ $tableColumns[$tableColumnNum] = cleanString($th->plaintext);
+ $tableColumnNum++;
+ }
+ //print_r($tableColumns);
+ $tableRowNum = 0;
+ foreach ($table->find("tr") as $tr) {
+ $tableColumnNum = 0;
+ foreach ($tr->find("td") as $td) {
+ if ($tableName == "myway_carddetails") {
+ // first table has card/cardholder details
+ $return[$tableName][$tableColumns[$tableColumnNum]] = cleanString($td->plaintext);
+ } else {
+ // second table has transactions
+
+ if ($tableColumns[$tableColumnNum] == "TX Reference No / Type") {
+ $return[$tableName][$tableRowNum]["TX Reference No"] = substr(cleanString($td->plaintext), 0, 6);
+ $return[$tableName][$tableRowNum]["TX Type"] = substr(cleanString($td->plaintext), 7);
+ } else {
+ $return[$tableName][$tableRowNum][$tableColumns[$tableColumnNum]] = cleanString($td->plaintext);
+ }
+ }
+ //print_r($return);
+ $tableColumnNum++;
+ }
+ $tableRowNum++;
+ }
}
if (!isset($return['error'])) {
@@ -101,43 +134,12 @@
$return['error'][] = $pageAlerts[0]->plaintext;
}
if (!isset($return['error'])) {
- $tableNum = 0;
- $tableName = Array(
- 1 => "myway_carddetails",
- 2 => "myway_transactions"
- );
- foreach ($page->find("table") as $table) {
- $tableNum++;
- $tableColumns = Array();
- $tableColumnNum = 0;
- foreach ($table->find("th") as $th) {
- $tableColumns[$tableColumnNum] = cleanString($th->plaintext);
- $tableColumnNum++;
- }
- //print_r($tableColumns);
- $tableRowNum = 0;
- foreach ($table->find("tr") as $tr) {
- $tableColumnNum = 0;
- foreach ($tr->find("td") as $td) {
- if ($tableNum == 1) {
- // first table has card/cardholder details
- $return[$tableName[$tableNum]][$tableColumns[$tableColumnNum]] = cleanString($td->plaintext);
- } else {
- // second table has transactions
-
- if ($tableColumns[$tableColumnNum] == "TX Reference No / Type") {
- $return[$tableName[$tableNum]][$tableRowNum]["TX Reference No"] = substr(cleanString($td->plaintext), 0, 6);
- $return[$tableName[$tableNum]][$tableRowNum]["TX Type"] = substr(cleanString($td->plaintext), 7);
- } else {
- $return[$tableName[$tableNum]][$tableRowNum][$tableColumns[$tableColumnNum]] = cleanString($td->plaintext);
- }
- }
- //print_r($return);
- $tableColumnNum++;
- }
- $tableRowNum++;
- }
- }
+ $tables = $page->find(".type3");
+ parseTable($tables[0], "myway_carddetails");
+
+ $tables = $page->find(".type2");
+ parseTable($tables[0], "myway_transactions");
+
}
}
if (sizeof($return) == 0) {
--- a/myway/myway_timeliness_reconcile.php
+++ b/myway/myway_timeliness_reconcile.php
@@ -80,7 +80,7 @@
echo "<h3>{$myway_stop[0]}</h3>";
$stopNameParts = explode(" ", $myway_stop[0]);
$markers = array();
- $stopKey = 1;
+ $stopKey = 0;
$foundStops = getStops(false, "", $stopNameParts[0] . " " . $stopNameParts[1]);
if (sizeof($foundStops) > 0) {
echo "<table>";
@@ -92,7 +92,7 @@
echo "<tr><td>" . $stopKey++ . "</td><td>" . $stopResult['stop_name'] . "</td><td>" . $stopResult['stop_code'] . "</td></tr>";
}
echo '</table>';
- echo "" . staticmap($markers, 0, "icong", false) . "<br>\n";
+ echo "" . staticmap($markers,false,false,false,true) . "<br>\n";
}
echo '<form id="inputform' . md5($myway_stop[0]) . '">
<input type="hidden" name="myway_stop" value="' . $myway_stop[0] . '">
--- a/stopList.php
+++ b/stopList.php
@@ -77,7 +77,7 @@
$sub_stop["stop_lon"]
);
}
- echo staticmap($stopPositions, 0, "iconb", true, true);
+ echo staticmap($stopPositions, true, true);
placeSettings();
echo '</span><span class="content-primary">';
} else if (isset($suburb)) {
--- a/trip.php
+++ b/trip.php
@@ -69,7 +69,7 @@
$tripStopTimes = getTimeInterpolatedTrip($tripid);
echo '<li data-role="list-divider">' . $tripStopTimes[0]['arrival_time'] . ' to ' . $tripStopTimes[sizeof($tripStopTimes) - 1]['arrival_time'] . ' ' . $trip['route_long_name'] . ' (' . ucwords($tripStopTimes[0]['service_id']) . ')</li>';
foreach ($tripStopTimes as $key => $tripStopTime) {
- if (($tripStopTimes[$key]["stop_name"] != $tripStopTimes[$key + 1]["stop_name"]) || $key + 1 >= sizeof($tripStopTimes)) {
+ if ($key + 1 > sizeof($tripStopTimes) || ($tripStopTimes[$key]["stop_name"] != $tripStopTimes[$key + 1]["stop_name"])) {
echo '<li>';
if (!startsWith($tripStopTime['stop_code'], "Wj"))
echo '<img src="css/images/time.png" alt="Timing Point" class="ui-li-icon">';
--- a/tripPlanner.php
+++ b/tripPlanner.php
@@ -65,7 +65,7 @@
$leg->from->lon
);
}
- echo '' . staticmap($legMarkers, 0, "iconb", false) . "<br>\n";
+ echo '' . staticmap($legMarkers, false, false, true) . "<br>\n";
echo '<ul>';
foreach ($itinerary->legs->leg as $legNumber => $leg) {
echo '<li>';
@@ -81,7 +81,7 @@
$itinerary->legs->leg->from->lat,
$itinerary->legs->leg->from->lon
)
- ), 0, "iconb", false) . "<br>\n";
+ ), false, false, true) . "<br>\n";
processLeg(0, $itinerary->legs->leg);
}
echo "</p></div>";
@@ -100,7 +100,7 @@
$step->lon
);
}
- echo "" . staticmap($walkStepMarkers, 0, "icong", false) . "<br>\n";
+ echo "" . staticmap($walkStepMarkers, false, false, true) . "<br>\n";
foreach ($leg->steps->walkSteps as $stepNumber => $step) {
echo "Walking step " . ($stepNumber + 1) . ": ";
if ($step->relativeDirection == "CONTINUE") {
