chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Remove openid old code see #2645

Browse Source 
replaced by Oauth using bundle https://github.com/hwi/HWIOAuthBundle
pull/2650/head
Julio Montoya 7 years ago
parent 06a8047c4c
commit 36034a23da
14 changed files with 15 additions and 1325 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      app/Migrations/Schema/V200/Version20.php
  2. 11
      main/admin/configure_inscription.php
  3. 10
      main/admin/user_edit.php
  4. 12
      main/auth/inscription.php
  5. 461
      main/auth/openid/login.php
  6. 420
      main/auth/openid/openid.lib.php
  7. 14
      main/auth/openid/whatis.php
  8. 85
      main/auth/openid/xrds.lib.php
  9. 9
      main/auth/profile.php
  10. 1
      main/inc/lib/database.constants.inc.php
  11. 4
      main/inc/lib/template.lib.php
  12. 59
      main/inc/lib/usermanager.lib.php
  13. 251
      src/CoreBundle/Entity/OpenidAssociation.php
  14. 1
      src/SettingsBundle/Manager/SettingsManager.php

2
app/Migrations/Schema/V200/Version20.php
Unescape View File

@ -639,7 +639,7 @@ class Version20 extends AbstractMigrationChamilo
$this->addSql('CREATE INDEX IDX_C9FA0CBD613FECDF ON c_document (session_id)');
// Drop unused tables
$dropTables = ['event_email_template', 'event_sent', 'user_rel_event_type'];
$dropTables = ['event_email_template', 'event_sent', 'user_rel_event_type', 'openid_association'];
foreach ($dropTables as $table) {
if ($schema->hasTable($table)) {
$schema->dropTable($table);

11
main/admin/configure_inscription.php
Unescape View File

@ -183,9 +183,6 @@ if ($display_all_form) {
$form->addRule('email', get_lang('ThisFieldIsRequired'), 'required');
}
$form->addRule('email', get_lang('EmailWrong'), 'email');
if (api_get_setting('openid_authentication') == 'true') {
$form->addElement('text', 'openid', get_lang('OpenIDURL'), ['size' => 40, 'disabled' => 'disabled']);
}
// USERNAME
$form->addElement('text', 'username', get_lang('UserName'), ['size' => USERNAME_MAX_LENGTH, 'disabled' => 'disabled']);
@ -328,10 +325,6 @@ if (!empty($_GET['phone'])) {
$defaults['phone'] = Security::remove_XSS($_GET['phone']);
}
if (api_get_setting('openid_authentication') == 'true' && !empty($_GET['openid'])) {
$defaults['openid'] = Security::remove_XSS($_GET['openid']);
}
$form->setDefaults($defaults);
$tpl = new Template();
@ -348,10 +341,6 @@ $content = Display::page_header($tool_name);
if (api_get_setting('allow_registration') == 'approval') {
$content .= Display::return_message(get_lang('YourAccountHasToBeApproved'), 'normal');
}
//if openid was not found
if (!empty($_GET['openid_msg']) && $_GET['openid_msg'] == 'idnotfound') {
$content .= Display::return_message(get_lang('OpenIDCouldNotBeFoundPleaseRegister'), 'warning');
}
$url = api_get_path(WEB_PUBLIC_PATH).'internal_page/edit/inscription';
//Form of language

10
main/admin/user_edit.php
Unescape View File

@ -151,11 +151,6 @@ if (api_get_setting('login_is_email') == 'true') {
$form->addRule('email', get_lang('UserTaken'), 'username_available', $user_data['username']);
}
// OpenID
if (api_get_setting('openid_authentication') == 'true') {
$form->addElement('text', 'openid', get_lang('OpenIDURL'));
}
// Phone
$form->addElement('text', 'phone', get_lang('PhoneNumber'));
@ -457,12 +452,7 @@ if ($form->validate()) {
if (isset($user['student_boss'])) {
UserManager::subscribeUserToBossList($user_id, $user['student_boss']);
}
if (api_get_setting('openid_authentication') == 'true' && !empty($user['openid'])) {
$up = UserManager::update_openid($user_id, $user['openid']);
}
$currentUserId = api_get_user_id();
$userObj = api_get_user_entity($user_id);
UserManager::add_user_as_admin($userObj);

12
main/auth/inscription.php
Unescape View File

@ -166,9 +166,6 @@ if ($user_already_registered_show_terms === false &&
}
$form->addRule('email', get_lang('EmailWrong'), 'email');
if (api_get_setting('openid_authentication') === 'true') {
$form->addElement('text', 'openid', get_lang('OpenIDURL'), ['size' => 40]);
}
// USERNAME
if (api_get_setting('login_is_email') != 'true') {
@ -419,10 +416,6 @@ if (!empty($_GET['phone'])) {
$defaults['phone'] = Security::remove_XSS($_GET['phone']);
}
if (api_get_setting('openid_authentication') === 'true' && !empty($_GET['openid'])) {
$defaults['openid'] = Security::remove_XSS($_GET['openid']);
}
$defaults['status'] = STUDENT;
$defaults['extra_mail_notify_invitation'] = 1;
$defaults['extra_mail_notify_message'] = 1;
@ -503,11 +496,6 @@ if (api_get_setting('allow_registration') === 'approval') {
$content .= Display::return_message(get_lang('YourAccountHasToBeApproved'));
}
//if openid was not found
if (!empty($_GET['openid_msg']) && $_GET['openid_msg'] == 'idnotfound') {
$content .= Display::return_message(get_lang('OpenIDCouldNotBeFoundPleaseRegister'));
}
$showTerms = false;
// Terms and conditions
if (api_get_setting('allow_terms_conditions') === 'true' && $user_already_registered_show_terms) {

461
main/auth/openid/login.php
Unescape View File

@ -1,461 +0,0 @@
<?php
/* For licensing terms, see /license.txt */
/**
* OpenID login method
*
* The OpenID login method relies on authentication servers providing a public
* URL that can confirm the identity of a person, thus avoiding the spread
* use of password transmissions over non-secure lines (for Dokeos, it is a
* good way of avoiding password theft)
* @package chamilo.auth.openid
*/
require_once 'openid.lib.php';
require_once 'xrds.lib.php';
function openid_form()
{
$form = new FormValidator(
'openid_login',
'post',
null,
null,
array('class' => 'form-vertical form_login')
);
$form -> addElement('text', 'openid_url', array(get_lang('OpenIDURL'), Display::url(get_lang('OpenIDWhatIs'), 'main/auth/openid/whatis.php')), array('class' => 'openid_input'));
$form -> addElement('button', 'submit', get_lang('Login'));
return $form->returnForm();
}
/**
* The initial step of OpenID authentication responsible for the following:
* - Perform discovery on the claimed OpenID.
* - If possible, create an association with the Provider's endpoint.
* - Create the authentication request.
* - Perform the appropriate redirect.
*
* @param $claimed_id The OpenID to authenticate
* @param $return_to The endpoint to return to from the OpenID Provider
*/
function openid_begin($claimed_id, $return_to = '', $form_values = array()) {
$claimed_id = _openid_normalize($claimed_id);
$services = openid_discovery($claimed_id);
if (count($services) == 0) {
echo 'Sorry, that is not a valid OpenID. Please ensure you have spelled your ID correctly.';
return;
}
$op_endpoint = $services[0]['uri'];
// Store the discovered endpoint in the session (so we don't have to rediscover).
$_SESSION['openid_op_endpoint'] = $op_endpoint;
// Store the claimed_id in the session (for handling delegation).
$_SESSION['openid_claimed_id'] = $claimed_id;
// Store the login form values so we can pass them to
// user_exteral_login later.
$_SESSION['openid_user_login_values'] = $form_values;
// If bcmath is present, then create an association
$assoc_handle = '';
if (function_exists('bcadd')) {
$assoc_handle = openid_association($op_endpoint);
}
// Now that there is an association created, move on
// to request authentication from the IdP
$identity = (!empty($services[0]['delegate'])) ? $services[0]['delegate'] : $claimed_id;
if (isset($services[0]['types']) && is_array($services[0]['types']) && in_array(OPENID_NS_2_0 . '/server', $services[0]['types'])) {
$identity = 'http://openid.net/identifier_select/2.0';
}
$authn_request = openid_authentication_request($claimed_id, $identity, $return_to, $assoc_handle, $services[0]['version']);
if ($services[0]['version'] == 2) {
echo openid_redirect($op_endpoint, $authn_request);
} else {
echo openid_redirect_http($op_endpoint, $authn_request);
}
}
/**
* Completes OpenID authentication by validating returned data from the OpenID
* Provider.
* @param array $response Array of returned from the OpenID provider (typically $_REQUEST).
* @return array $response Response values for further processing with $response['status'] set to one of 'success', 'failed' or 'cancel'.
*/
function openid_complete($response) {
// Default to failed response
$response['status'] = 'failed';
if (isset($_SESSION['openid_op_endpoint']) && isset($_SESSION['openid_claimed_id'])) {
_openid_fix_post($response);
$op_endpoint = $_SESSION['openid_op_endpoint'];
$claimed_id = $_SESSION['openid_claimed_id'];
unset($_SESSION['openid_op_endpoint']);
unset($_SESSION['openid_claimed_id']);
if (isset($response['openid.mode'])) {
if ($response['openid.mode'] == 'cancel') {
$response['status'] = 'cancel';
} else {
if (openid_verify_assertion($op_endpoint, $response)) {
$response['openid.identity'] = $claimed_id;
$response['status'] = 'success';
}
}
}
}
return $response;
}
/**
* Perform discovery on a claimed ID to determine the OpenID provider endpoint.
*
* @param $claimed_id The OpenID URL to perform discovery on.
*
* @return Array of services discovered (including OpenID version, endpoint
* URI, etc).
*/
function openid_discovery($claimed_id)
{
$services = array();
$xrds_url = $claimed_id;
if (_openid_is_xri($claimed_id)) {
$xrds_url = 'http://xri.net/' . $claimed_id;
}
$url = @parse_url($xrds_url);
if ($url['scheme'] == 'http' || $url['scheme'] == 'https') {
// For regular URLs, try Yadis resolution first, then HTML-based discovery
$headers = array('Accept' => 'application/xrds+xml');
//TODO
$result = openid_http_request($xrds_url, $headers);
if (!isset($result->error)) {
if (isset($result->headers['Content-Type']) && preg_match("/application\/xrds\+xml/", $result->headers['Content-Type'])) {
// Parse XML document to find URL
$services = xrds_parse($result->data);
} else {
$xrds_url = NULL;
if (isset($result->headers['X-XRDS-Location'])) {
$xrds_url = $result->headers['X-XRDS-Location'];
} else {
// Look for meta http-equiv link in HTML head
$xrds_url = _openid_meta_httpequiv('X-XRDS-Location', $result->data);
}
if (!empty($xrds_url)) {
$headers = array('Accept' => 'application/xrds+xml');
//TODO
$xrds_result = openid_http_request($xrds_url, $headers);
if (!isset($xrds_result->error)) {
$services = xrds_parse($xrds_result->data);
}
}
}
// Check for HTML delegation
if (count($services) == 0) {
// Look for 2.0 links
$uri = _openid_link_href('openid2.provider', $result->data);
$delegate = _openid_link_href('openid2.local_id', $result->data);
$version = 2;
// 1.0 links
if (empty($uri)) {
$uri = _openid_link_href('openid.server', $result->data);
$delegate = _openid_link_href('openid.delegate', $result->data);
$version = 1;
}
if (!empty($uri)) {
$services[] = array('uri' => $uri, 'delegate' => $delegate, 'version' => $version);
}
}
}
}
return $services;
}
/**
* Attempt to create a shared secret with the OpenID Provider.
* @param $op_endpoint URL of the OpenID Provider endpoint.
* @return object $assoc_handle The association handle.
*/
function openid_association($op_endpoint) {
//@todo Remove Old Associations:
$openid_association = Database::get_main_table(TABLE_MAIN_OPENID_ASSOCIATION);
$sql = "DELETE FROM $openid_association
WHERE created + expires_in < '" . api_get_utc_datetime() . "'";
Database::query($sql);
// Check to see if we have an association for this IdP already
$op_endpoint = Database::escape_string($op_endpoint);
$sql = "SELECT assoc_handle
FROM $openid_association
WHERE idp_endpoint_uri = '$op_endpoint'";
$assoc_handle = Database::query($sql);
if (Database::num_rows($assoc_handle) <= 1) {
$mod = OPENID_DH_DEFAULT_MOD;
$gen = OPENID_DH_DEFAULT_GEN;
$r = _openid_dh_rand($mod);
$private = bcadd($r, 1);
$public = bcpowmod($gen, $private, $mod);
// If there is no existing association, then request one
$assoc_request = openid_association_request($public);
$assoc_message = _openid_encode_message(_openid_create_message($assoc_request));
$assoc_headers = array('Content-Type' => 'application/x-www-form-urlencoded; charset=utf-8');
//TODO
$assoc_result = openid_http_request($op_endpoint, $assoc_headers, 'POST', $assoc_message);
if (isset($assoc_result->error)) {
return FALSE;
}
$assoc_response = _openid_parse_message($assoc_result->data);
if (isset($assoc_response['mode']) && $assoc_response['mode'] == 'error') {
return FALSE;
}
if ($assoc_response['session_type'] == 'DH-SHA1') {
$spub = _openid_dh_base64_to_long($assoc_response['dh_server_public']);
$enc_mac_key = base64_decode($assoc_response['enc_mac_key']);
$shared = bcpowmod($spub, $private, $mod);
$assoc_response['mac_key'] = base64_encode(_openid_dh_xorsecret($shared, $enc_mac_key));
}
//TODO
$openid_association = Database::get_main_table(TABLE_MAIN_OPENID_ASSOCIATION);
Database::query(sprintf("INSERT INTO $openid_association (idp_endpoint_uri, session_type, assoc_handle, assoc_type, expires_in, mac_key, created) VALUES('%s', '%s', '%s', '%s', %d, '%s', %d)", $op_endpoint, $assoc_response['session_type'], $assoc_response['assoc_handle'], $assoc_response['assoc_type'], $assoc_response['expires_in'], $assoc_response['mac_key'], api_get_utc_datetime()));
$assoc_handle = $assoc_response['assoc_handle'];
}
return $assoc_handle;
}
/**
* ?
*/
function openid_association_request($public) {
$request = array(
'openid.ns' => OPENID_NS_2_0,
'openid.mode' => 'associate',
'openid.session_type' => 'DH-SHA1',
'openid.assoc_type' => 'HMAC-SHA1'
);
if ($request['openid.session_type'] == 'DH-SHA1' || $request['openid.session_type'] == 'DH-SHA256') {
$cpub = _openid_dh_long_to_base64($public);
$request['openid.dh_consumer_public'] = $cpub;
}
return $request;
}
/**
*
*/
function openid_authentication_request($claimed_id, $identity, $return_to = '', $assoc_handle = '', $version = 2) {
$realm = ($return_to) ? $return_to : api_get_self();
$ns = ($version == 2) ? OPENID_NS_2_0 : OPENID_NS_1_0;
$request = array(
'openid.ns' => $ns,
'openid.mode' => 'checkid_setup',
'openid.identity' => $identity,
'openid.claimed_id' => $claimed_id,
'openid.assoc_handle' => $assoc_handle,
'openid.return_to' => $return_to,
);
if ($version == 2) {
$request['openid.realm'] = $realm;
} else {
$request['openid.trust_root'] = $realm;
}
// Simple Registration - we don't ask lastname and firstname because the only
// available similar data is "fullname" and we would have to guess where to split
$request['openid.sreg.required'] = 'nickname,email';
$request['openid.ns.sreg'] = "http://openid.net/extensions/sreg/1.1";
//$request = array_merge($request, module_invoke_all('openid', 'request', $request));
//$request = array_merge($request);
return $request;
}
/**
* Attempt to verify the response received from the OpenID Provider.
*
* @param $op_endpoint The OpenID Provider URL.
* @param $response Array of repsonse values from the provider.
*
* @return boolean
*/
function openid_verify_assertion($op_endpoint, $response) {
$valid = FALSE;
//TODO
$openid_association = Database::get_main_table(TABLE_MAIN_OPENID_ASSOCIATION);
$sql = sprintf("SELECT * FROM $openid_association WHERE assoc_handle = '%s'", $response['openid.assoc_handle']);
$res = Database::query($sql);
$association = Database::fetch_object($res);
if ($association && isset($association->session_type)) {
$keys_to_sign = explode(',', $response['openid.signed']);
$self_sig = _openid_signature($association, $response, $keys_to_sign);
if ($self_sig == $response['openid.sig']) {
$valid = TRUE;
} else {
$valid = FALSE;
}
} else {
$request = $response;
$request['openid.mode'] = 'check_authentication';
$message = _openid_create_message($request);
$headers = array('Content-Type' => 'application/x-www-form-urlencoded; charset=utf-8');
$result = openid_http_request($op_endpoint, $headers, 'POST', _openid_encode_message($message));
if (!isset($result->error)) {
$response = _openid_parse_message($result->data);
if (strtolower(trim($response['is_valid'])) == 'true') {
$valid = TRUE;
} else {
$valid = FALSE;
}
}
}
return $valid;
}
/**
* Make a HTTP request - This function has been copied straight over from Drupal 6 code (drupal_http_request)
* @param string $data
*/
function openid_http_request($url, $headers = array(), $method = 'GET', $data = NULL, $retry = 3) {
$result = new stdClass();
// Parse the URL and make sure we can handle the schema.
$uri = parse_url($url);
switch ($uri['scheme']) {
case 'http':
$port = isset($uri['port']) ? $uri['port'] : 80;
$host = $uri['host'] . ($port != 80 ? ':' . $port : '');
$fp = @fsockopen($uri['host'], $port, $errno, $errstr, 15);
break;
case 'https':
// Note: Only works for PHP 4.3 compiled with OpenSSL.
$port = isset($uri['port']) ? $uri['port'] : 443;
$host = $uri['host'] . ($port != 443 ? ':' . $port : '');
$fp = @fsockopen('ssl://' . $uri['host'], $port, $errno, $errstr, 20);
break;
default:
$result->error = 'invalid schema ' . $uri['scheme'];
return $result;
}
// Make sure the socket opened properly.
if (!$fp) {
// When a network error occurs, we make sure that it is a negative number so
// it can clash with the HTTP status codes.
$result->code = -$errno;
$result->error = trim($errstr);
return $result;
}
// Construct the path to act on.
$path = isset($uri['path']) ? $uri['path'] : '/';
if (isset($uri['query'])) {
$path .= '?' . $uri['query'];
}
// Create HTTP request.
$defaults = array(
// RFC 2616: "non-standard ports MUST, default ports MAY be included".
// We don't add the port to prevent from breaking rewrite rules checking the
// host that do not take into account the port number.
'Host' => "Host: $host",
'User-Agent' => 'User-Agent: Chamilo (+http://www.chamilo.org/)',
'Content-Length' => 'Content-Length: ' . strlen($data)
);
// If the server url has a user then attempt to use basic authentication
if (isset($uri['user'])) {
$defaults['Authorization'] = 'Authorization: Basic ' . base64_encode($uri['user'] . (!empty($uri['pass']) ? ":" . $uri['pass'] : ''));
}
foreach ($headers as $header => $value) {
$defaults[$header] = $header . ': ' . $value;
}
$request = $method . ' ' . $path . " HTTP/1.0\r\n";
$request .= implode("\r\n", $defaults);
$request .= "\r\n\r\n";
if ($data) {
$request .= $data . "\r\n";
}
$result->request = $request;
fwrite($fp, $request);
// Fetch response.
$response = '';
while (!feof($fp) && $chunk = fread($fp, 1024)) {
$response .= $chunk;
}
fclose($fp);
// Parse response.
list($split, $result->data) = explode("\r\n\r\n", $response, 2);
$split = preg_split("/\r\n|\n|\r/", $split);
list($protocol, $code, $text) = explode(' ', trim(array_shift($split)), 3);
$result->headers = array();
// Parse headers.
while ($line = trim(array_shift($split))) {
list($header, $value) = explode(':', $line, 2);
if (isset($result->headers[$header]) && $header == 'Set-Cookie') {
// RFC 2109: the Set-Cookie response header comprises the token Set-
// Cookie:, followed by a comma-separated list of one or more cookies.
$result->headers[$header] .= ',' . trim($value);
} else {
$result->headers[$header] = trim($value);
}
}
$responses = array(
100 => 'Continue', 101 => 'Switching Protocols',
200 => 'OK', 201 => 'Created', 202 => 'Accepted', 203 => 'Non-Authoritative Information', 204 => 'No Content', 205 => 'Reset Content', 206 => 'Partial Content',
300 => 'Multiple Choices', 301 => 'Moved Permanently', 302 => 'Found', 303 => 'See Other', 304 => 'Not Modified', 305 => 'Use Proxy', 307 => 'Temporary Redirect',
400 => 'Bad Request', 401 => 'Unauthorized', 402 => 'Payment Required', 403 => 'Forbidden', 404 => 'Not Found', 405 => 'Method Not Allowed', 406 => 'Not Acceptable', 407 => 'Proxy Authentication Required', 408 => 'Request Time-out', 409 => 'Conflict', 410 => 'Gone', 411 => 'Length Required', 412 => 'Precondition Failed', 413 => 'Request Entity Too Large', 414 => 'Request-URI Too Large', 415 => 'Unsupported Media Type', 416 => 'Requested range not satisfiable', 417 => 'Expectation Failed',
500 => 'Internal Server Error', 501 => 'Not Implemented', 502 => 'Bad Gateway', 503 => 'Service Unavailable', 504 => 'Gateway Time-out', 505 => 'HTTP Version not supported'
);
// RFC 2616 states that all unknown HTTP codes must be treated the same as the
// base code in their class.
if (!isset($responses[$code])) {
$code = floor($code / 100) * 100;
}
switch ($code) {
case 200: // OK
case 304: // Not modified
break;
case 301: // Moved permanently
case 302: // Moved temporarily
case 307: // Moved temporarily
$location = $result->headers['Location'];
if ($retry) {
$result = openid_http_request($result->headers['Location'], $headers, $method, $data, --$retry);
$result->redirect_code = $result->code;
}
$result->redirect_url = $location;
break;
default:
$result->error = $text;
}
$result->code = $code;
return $result;
}

420
main/auth/openid/openid.lib.php
Unescape View File

@ -1,420 +0,0 @@
<?php
/* For licensing terms, see /license.txt */
/**
* OpenID utility functions. Taken from Drupal 6 code (from dries)
* @package chamilo.auth.openid
*/
/**
* Code
*/
// Diffie-Hellman Key Exchange Default Value.
define('OPENID_DH_DEFAULT_MOD', '155172898181473697471232257763715539915724801' .
'966915404479707795314057629378541917580651227423698188993727816152646631' .
'438561595825688188889951272158842675419950341258706556549803580104870537' .
'681476726513255747040765857479291291572334510643245094715007229621094194' .
'349783925984760375594985848253359305585439638443');
// Constants for Diffie-Hellman key exchange computations.
define('OPENID_DH_DEFAULT_GEN', '2');
define('OPENID_SHA1_BLOCKSIZE', 64);
define('OPENID_RAND_SOURCE', '/dev/urandom');
// OpenID namespace URLs
define('OPENID_NS_2_0', 'http://specs.openid.net/auth/2.0');
define('OPENID_NS_1_1', 'http://openid.net/signon/1.1');
define('OPENID_NS_1_0', 'http://openid.net/signon/1.0');
/**
* Performs an HTTP 302 redirect (for the 1.x protocol).
* This function should be deprecated for 1.8.6.2 needs documentation
*/
function openid_redirect_http($url, $message) {
$query = array();
foreach ($message as $key => $val) {
$query[] = $key . '=' . urlencode($val);
}
$sep = (strpos($url, '?') === FALSE) ? '?' : '&';
header('Location: ' . $url . $sep . implode('&', $query), TRUE, 302);
//exit;
}
/**
* Creates a js auto-submit redirect for (for the 2.x protocol)
* This function should be deprecated for 1.8.6.2 needs documentation
*/
function openid_redirect($url, $message) {
$output = '<html><head><title>' . get_lang('OpenIDRedirect') . "</title></head>\n<body>";
$output .= '<form method="post" action="' . $url . '" id="openid-redirect-form">';
foreach ($message as $key => $value) {
$output .='<input type="hidden" name="' . $key . '" value="' . $value . '">';
}
$output .= '<noscript><input type="submit" name="submit" value="' . get_lang('Send') . '"/></noscript>';
$output .= '</form>';
$output .= '<script type="text/javascript">document.getElementById("openid-redirect-form").submit();</script>';
$output .= "</body></html>";
return $output;
}
/**
* Determine if the given identifier is an XRI ID.
*/
function _openid_is_xri($identifier) {
$firstchar = substr($identifier, 0, 1);
if ($firstchar == "@" || $firstchar == "=")
return TRUE;
if (stristr($identifier, 'xri://') !== FALSE) {
return TRUE;
}
return FALSE;
}
/**
* Normalize the given identifier as per spec.
*/
function _openid_normalize($identifier) {
if (_openid_is_xri($identifier)) {
return _openid_normalize_xri($identifier);
} else {
return _openid_normalize_url($identifier);
}
}
function _openid_normalize_xri($xri) {
$normalized_xri = $xri;
if (stristr($xri, 'xri://') !== FALSE) {
$normalized_xri = substr($xri, 6);
}
return $normalized_xri;
}
function _openid_normalize_url($url) {
$normalized_url = $url;
if (stristr($url, '://') === FALSE) {
$normalized_url = 'http://' . $url;
}
if (substr_count($normalized_url, '/') < 3) {
$normalized_url .= '/';
}
return $normalized_url;
}
/**
* Create a serialized message packet as per spec: $key:$value\n .
*/
function _openid_create_message($data) {
$serialized = '';
foreach ($data as $key => $value) {
if ((strpos($key, ':') !== FALSE) || (strpos($key, "\n") !== FALSE) || (strpos($value, "\n") !== FALSE)) {
return null;
}
$serialized .= "$key:$value\n";
}
return $serialized;
}
/**
* Encode a message from _openid_create_message for HTTP Post
* @param null|string $message
*/
function _openid_encode_message($message) {
$encoded_message = '';
$items = explode("\n", $message);
foreach ($items as $item) {
$parts = explode(':', $item, 2);
if (count($parts) == 2) {
if ($encoded_message != '') {
$encoded_message .= '&';
}
$encoded_message .= rawurlencode(trim($parts[0])) . '=' . rawurlencode(trim($parts[1]));
}
}
return $encoded_message;
}
/**
* Convert a direct communication message
* into an associative array.
*/
function _openid_parse_message($message) {
$parsed_message = array();
$items = explode("\n", $message);
foreach ($items as $item) {
$parts = explode(':', $item, 2);
if (count($parts) == 2) {
$parsed_message[$parts[0]] = $parts[1];
}
}
return $parsed_message;
}
/**
* Return a nonce value - formatted per OpenID spec.
*/
function _openid_nonce() {
// YYYY-MM-DDThh:mm:ssTZD UTC, plus some optional extra unique chars
return gmstrftime('%Y-%m-%dT%H:%M:%S%Z') .
chr(mt_rand(0, 25) + 65) .
chr(mt_rand(0, 25) + 65) .
chr(mt_rand(0, 25) + 65) .
chr(mt_rand(0, 25) + 65);
}
/**
* Pull the href attribute out of an html link element.
* @param string $rel
*/
function _openid_link_href($rel, $html) {
$rel = preg_quote($rel);
preg_match('|<link\s+rel=["\'](.*)' . $rel . '(.*)["\'](.*)/?>|iU', $html, $matches);
if (isset($matches[3])) {
preg_match('|href=["\']([^"]+)["\']|iU', $matches[0], $href);
return trim($href[1]);
}
return FALSE;
}
/**
* Pull the http-equiv attribute out of an html meta element
* @param string $equiv
*/
function _openid_meta_httpequiv($equiv, $html) {
preg_match('|<meta\s+http-equiv=["\']' . $equiv . '["\'](.*)/?>|iU', $html, $matches);
if (isset($matches[1])) {
preg_match('|content=["\']([^"]+)["\']|iU', $matches[1], $content);
return $content[1];
}
return FALSE;
}
/**
* Sign certain keys in a message
* @param $association - object loaded from openid_association or openid_server_association table
* - important fields are ->assoc_type and ->mac_key
* @param $message_array - array of entire message about to be sent
* @param $keys_to_sign - keys in the message to include in signature (without
* 'openid.' appended)
*/
function _openid_signature($association, $message_array, $keys_to_sign) {
$signature = '';
$sign_data = array();
foreach ($keys_to_sign as $key) {
if (isset($message_array['openid.' . $key])) {
$sign_data[$key] = $message_array['openid.' . $key];
}
}
$message = _openid_create_message($sign_data);
$secret = base64_decode($association->mac_key);
$signature = _openid_hmac($secret, $message);
return base64_encode($signature);
}
/**
* @param string $key
* @param null|string $text
*/
function _openid_hmac($key, $text) {
if (strlen($key) > OPENID_SHA1_BLOCKSIZE) {
$key = _openid_sha1($key, true);
}
$key = str_pad($key, OPENID_SHA1_BLOCKSIZE, chr(0x00));
$ipad = str_repeat(chr(0x36), OPENID_SHA1_BLOCKSIZE);
$opad = str_repeat(chr(0x5c), OPENID_SHA1_BLOCKSIZE);
$hash1 = _openid_sha1(($key ^ $ipad) . $text, true);
$hmac = _openid_sha1(($key ^ $opad) . $hash1, true);
return $hmac;
}
function _openid_sha1($text) {
$hex = sha1($text);
$raw = '';
for ($i = 0; $i < 40; $i += 2) {
$hexcode = substr($hex, $i, 2);
$charcode = (int) base_convert($hexcode, 16, 10);
$raw .= chr($charcode);
}
return $raw;
}
function _openid_dh_base64_to_long($str) {
$b64 = base64_decode($str);
return _openid_dh_binary_to_long($b64);
}
function _openid_dh_long_to_base64($str) {
return base64_encode(_openid_dh_long_to_binary($str));
}
/**
* @param string $str
*/
function _openid_dh_binary_to_long($str) {
$bytes = array_merge(unpack('C*', $str));
$n = 0;
foreach ($bytes as $byte) {
$n = bcmul($n, pow(2, 8));
$n = bcadd($n, $byte);
}
return $n;
}
function _openid_dh_long_to_binary($long) {
$cmp = bccomp($long, 0);
if ($cmp < 0) {
return FALSE;
}
if ($cmp == 0) {
return "\x00";
}
$bytes = array();
while (bccomp($long, 0) > 0) {
array_unshift($bytes, bcmod($long, 256));
$long = bcdiv($long, pow(2, 8));
}
if ($bytes && ($bytes[0] > 127)) {
array_unshift($bytes, 0);
}
$string = '';
foreach ($bytes as $byte) {
$string .= pack('C', $byte);
}
return $string;
}
/**
* @param string $secret
*/
function _openid_dh_xorsecret($shared, $secret) {
$dh_shared_str = _openid_dh_long_to_binary($shared);
$sha1_dh_shared = _openid_sha1($dh_shared_str);
$xsecret = "";
for ($i = 0; $i < strlen($secret); $i++) {
$xsecret .= chr(ord($secret[$i]) ^ ord($sha1_dh_shared[$i]));
}
return $xsecret;
}
/**
* @param string $stop
*/
function _openid_dh_rand($stop) {
static $duplicate_cache = array();
// Used as the key for the duplicate cache
$rbytes = _openid_dh_long_to_binary($stop);
if (array_key_exists($rbytes, $duplicate_cache)) {
list($duplicate, $nbytes) = $duplicate_cache[$rbytes];
} else {
if ($rbytes[0] == "\x00") {
$nbytes = strlen($rbytes) - 1;
} else {
$nbytes = strlen($rbytes);
}
$mxrand = bcpow(256, $nbytes);
// If we get a number less than this, then it is in the
// duplicated range.
$duplicate = bcmod($mxrand, $stop);
if (count($duplicate_cache) > 10) {
$duplicate_cache = array();
}
$duplicate_cache[$rbytes] = array($duplicate, $nbytes);
}
do {
$bytes = "\x00" . _openid_get_bytes($nbytes);
$n = _openid_dh_binary_to_long($bytes);
// Keep looping if this value is in the low duplicated range.
} while (bccomp($n, $duplicate) < 0);
return bcmod($n, $stop);
}
function _openid_get_bytes($num_bytes) {
static $f = null;
$bytes = '';
if (!isset($f)) {
$f = @fopen(OPENID_RAND_SOURCE, "r");
}
if (!$f) {
// pseudorandom used
$bytes = '';
for ($i = 0; $i < $num_bytes; $i += 4) {
$bytes .= pack('L', mt_rand());
}
$bytes = substr($bytes, 0, $num_bytes);
} else {
$bytes = fread($f, $num_bytes);
}
return $bytes;
}
/**
* Fix PHP's habit of replacing '.' by '_' in posted data.
*/
function _openid_fix_post(&$post) {
//$extensions = module_invoke_all('openid', 'extension');
foreach ($post as $key => $value) {
if (strpos($key, 'openid_') === 0) {
$fixed_key = str_replace('openid_', 'openid.', $key);
$fixed_key = str_replace('openid.ns_', 'openid.ns.', $fixed_key);
$fixed_key = str_replace('openid.sreg_', 'openid.sreg.', $fixed_key);
//foreach ($extensions as $ext) {
// $fixed_key = str_replace('openid.'.$ext.'_', 'openid.'.$ext.'.', $fixed_key);
//}
unset($post[$key]);
$post[$fixed_key] = $value;
}
}
}
/**
* Provide bcpowmod support for PHP4.
*/
if (!function_exists('bcpowmod')) {
function bcpowmod($base, $exp, $mod) {
$square = bcmod($base, $mod);
$result = 1;
while (bccomp($exp, 0) > 0) {
if (bcmod($exp, 2)) {
$result = bcmod(bcmul($result, $square), $mod);
}
$square = bcmod(bcmul($square, $square), $mod);
$exp = bcdiv($exp, 2);
}
return $result;
}
}

14
main/auth/openid/whatis.php
Unescape View File

@ -1,14 +0,0 @@
<?php
/* For licensing terms, see /license.txt */
/**
* OpenID
* @package chamilo.auth.openid
*/
/**
* Code
*/
require_once '../../inc/global.inc.php';
Display::display_header('OpenID', NULL);
echo Display::page_header(get_lang('OpenIDWhatIs'));
echo get_lang('OpenIDDescription');
Display::display_footer();

85
main/auth/openid/xrds.lib.php
Unescape View File

@ -1,85 +0,0 @@
<?php
/* For licensing terms, see /license.txt */
/**
* Parsing library for OpenID
* @package chamilo.auth.openid
*/
/**
* Code
*/
// Global variables to track parsing state
$xrds_open_elements = array();
$xrds_services = array();
$xrds_current_service = array();
/**
* Main entry point for parsing XRDS documents
*/
function xrds_parse($xml) {
global $xrds_services;
$parser = xml_parser_create_ns();
xml_set_element_handler($parser, '_xrds_element_start', '_xrds_element_end');
xml_set_character_data_handler($parser, '_xrds_cdata');
xml_parse($parser, $xml);
xml_parser_free($parser);
return $xrds_services;
}
/**
* Parser callback functions
*/
function _xrds_element_start(&$parser, $name, $attribs) {
global $xrds_open_elements;
$xrds_open_elements[] = _xrds_strip_namespace($name);
}
function _xrds_element_end(&$parser, $name) {
global $xrds_open_elements, $xrds_services, $xrds_current_service;
$name = _xrds_strip_namespace($name);
if ($name == 'SERVICE') {
if (in_array(OPENID_NS_2_0 .'/signon', $xrds_current_service['types']) ||
in_array(OPENID_NS_2_0 .'/server', $xrds_current_service['types'])) {
$xrds_current_service['version'] = 2;
}
elseif (in_array(OPENID_NS_1_1, $xrds_current_service['types']) ||
in_array(OPENID_NS_1_0, $xrds_current_service['types'])) {
$xrds_current_service['version'] = 1;
}
if (!empty($xrds_current_service['version'])) {
$xrds_services[] = $xrds_current_service;
}
$xrds_current_service = array();
}
array_pop($xrds_open_elements);
}
function _xrds_cdata(&$parser, $data) {
global $xrds_open_elements, $xrds_services, $xrds_current_service;
$path = strtoupper(implode('/', $xrds_open_elements));
switch ($path) {
case 'XRDS/XRD/SERVICE/TYPE':
$xrds_current_service['types'][] = $data;
break;
case 'XRDS/XRD/SERVICE/URI':
$xrds_current_service['uri'] = $data;
break;
case 'XRDS/XRD/SERVICE/DELEGATE':
$xrds_current_service['delegate'] = $data;
break;
}
}
function _xrds_strip_namespace($name) {
// Strip namespacing.
$pos = strrpos($name, ':');
if ($pos !== FALSE) {
$name = substr($name, $pos + 1, strlen($name));
}
return $name;
}

9
main/auth/profile.php
Unescape View File

@ -181,15 +181,6 @@ if (api_get_setting('registration', 'email') == 'true' && api_get_setting('profi
$form->addRule('email', get_lang('EmailWrong'), 'email');
}
// OPENID URL
if (api_get_setting('profile.is_editable') === 'true' && api_get_setting('openid_authentication') == 'true') {
$form->addElement('text', 'openid', get_lang('OpenIDURL'), ['size' => 40]);
if (api_get_setting('profile', 'openid') !== 'true') {
$form->freeze('openid');
}
$form->applyFilter('openid', 'trim');
}
// PHONE
$form->addElement('text', 'phone', get_lang('Phone'), ['size' => 20]);
if (api_get_setting('profile', 'phone') !== 'true') {

1
main/inc/lib/database.constants.inc.php
Unescape View File

@ -42,7 +42,6 @@ define('TABLE_MAIN_SHARED_SURVEY_QUESTION', 'shared_survey_question');
define('TABLE_MAIN_SHARED_SURVEY_QUESTION_OPTION', 'shared_survey_question_option');
define('TABLE_MAIN_TEMPLATES', 'templates');
define('TABLE_MAIN_SYSTEM_TEMPLATE', 'system_template');
define('TABLE_MAIN_OPENID_ASSOCIATION', 'openid_association');
define('TABLE_MAIN_COURSE_REQUEST', 'course_request');
// Gradebook

4
main/inc/lib/template.lib.php
Unescape View File

@ -1303,10 +1303,6 @@ class Template
);
$html = $form->returnForm();
if (api_get_setting('openid_authentication') == 'true') {
include_once api_get_path(SYS_CODE_PATH).'auth/openid/login.php';
$html .= '<div>'.openid_form().'</div>';
}
return $html;
}

59
main/inc/lib/usermanager.lib.php
Unescape View File

@ -24,20 +24,20 @@ use Symfony\Component\Security\Core\Encoder\EncoderFactory;
class UserManager
{
// This constants are deprecated use the constants located in ExtraField
const USER_FIELD_TYPE_TEXT = 1;
const USER_FIELD_TYPE_TEXTAREA = 2;
const USER_FIELD_TYPE_RADIO = 3;
const USER_FIELD_TYPE_SELECT = 4;
const USER_FIELD_TYPE_SELECT_MULTIPLE = 5;
const USER_FIELD_TYPE_DATE = 6;
const USER_FIELD_TYPE_DATETIME = 7;
const USER_FIELD_TYPE_DOUBLE_SELECT = 8;
const USER_FIELD_TYPE_DIVIDER = 9;
const USER_FIELD_TYPE_TAG = 10;
const USER_FIELD_TYPE_TIMEZONE = 11;
const USER_FIELD_TYPE_SOCIAL_PROFILE = 12;
const USER_FIELD_TYPE_FILE = 13;
const USER_FIELD_TYPE_MOBILE_PHONE_NUMBER = 14;
public const USER_FIELD_TYPE_TEXT = 1;
public const USER_FIELD_TYPE_TEXTAREA = 2;
public const USER_FIELD_TYPE_RADIO = 3;
public const USER_FIELD_TYPE_SELECT = 4;
public const USER_FIELD_TYPE_SELECT_MULTIPLE = 5;
public const USER_FIELD_TYPE_DATE = 6;
public const USER_FIELD_TYPE_DATETIME = 7;
public const USER_FIELD_TYPE_DOUBLE_SELECT = 8;
public const USER_FIELD_TYPE_DIVIDER = 9;
public const USER_FIELD_TYPE_TAG = 10;
public const USER_FIELD_TYPE_TIMEZONE = 11;
public const USER_FIELD_TYPE_SOCIAL_PROFILE = 12;
public const USER_FIELD_TYPE_FILE = 13;
public const USER_FIELD_TYPE_MOBILE_PHONE_NUMBER = 14;
private static $encryptionMethod;
@ -558,7 +558,6 @@ class UserManager
}
}
if ($sendEmailToAllAdmins) {
$adminList = self::get_all_administrators();
@ -1003,36 +1002,6 @@ class UserManager
return false;
}
/**
* Update user information with new openid.
*
* @param int $user_id
* @param string $openid
*
* @return bool true if the user information was updated
* @assert (false,'') === false
* @assert (-1,'') === false
*/
public static function update_openid($user_id, $openid)
{
$table_user = Database::get_main_table(TABLE_MAIN_USER);
if ($user_id != strval(intval($user_id))) {
return false;
}
if ($user_id === false) {
return false;
}
$sql = "UPDATE $table_user SET
openid='".Database::escape_string($openid)."'";
$sql .= " WHERE id= $user_id";
if (Database::query($sql) !== false) {
return true;
}
return false;
}
/**
* Update user information with all the parameters passed to this function.
*

251
src/CoreBundle/Entity/OpenidAssociation.php
Unescape View File

@ -1,251 +0,0 @@
<?php
/* For licensing terms, see /license.txt */
namespace Chamilo\CoreBundle\Entity;
use Doctrine\ORM\Mapping as ORM;
/**
* OpenidAssociation.
*
* @ORM\Table(name="openid_association")
* @ORM\Entity
*/
class OpenidAssociation
{
/**
* @var string
*
* @ORM\Column(name="idp_endpoint_uri", type="text", nullable=false)
*/
protected $idpEndpointUri;
/**
* @var string
*
* @ORM\Column(name="session_type", type="string", length=30, nullable=false)
*/
protected $sessionType;
/**
* @var string
*
* @ORM\Column(name="assoc_handle", type="text", nullable=false)
*/
protected $assocHandle;
/**
* @var string
*
* @ORM\Column(name="assoc_type", type="text", nullable=false)
*/
protected $assocType;
/**
* @var int
*
* @ORM\Column(name="expires_in", type="bigint", nullable=false)
*/
protected $expiresIn;
/**
* @var string
*
* @ORM\Column(name="mac_key", type="text", nullable=false)
*/
protected $macKey;
/**
* @var int
*
* @ORM\Column(name="created", type="bigint", nullable=false)
*/
protected $created;
/**
* @var int
*
* @ORM\Column(name="id", type="integer")
* @ORM\Id
* @ORM\GeneratedValue(strategy="IDENTITY")
*/
protected $id;
/**
* Set idpEndpointUri.
*
* @param string $idpEndpointUri
*
* @return OpenidAssociation
*/
public function setIdpEndpointUri($idpEndpointUri)
{
$this->idpEndpointUri = $idpEndpointUri;
return $this;
}
/**
* Get idpEndpointUri.
*
* @return string
*/
public function getIdpEndpointUri()
{
return $this->idpEndpointUri;
}
/**
* Set sessionType.
*
* @param string $sessionType
*
* @return OpenidAssociation
*/
public function setSessionType($sessionType)
{
$this->sessionType = $sessionType;
return $this;
}
/**
* Get sessionType.
*
* @return string
*/
public function getSessionType()
{
return $this->sessionType;
}
/**
* Set assocHandle.
*
* @param string $assocHandle
*
* @return OpenidAssociation
*/
public function setAssocHandle($assocHandle)
{
$this->assocHandle = $assocHandle;
return $this;
}
/**
* Get assocHandle.
*
* @return string
*/
public function getAssocHandle()
{
return $this->assocHandle;
}
/**
* Set assocType.
*
* @param string $assocType
*
* @return OpenidAssociation
*/
public function setAssocType($assocType)
{
$this->assocType = $assocType;
return $this;
}
/**
* Get assocType.
*
* @return string
*/
public function getAssocType()
{
return $this->assocType;
}
/**
* Set expiresIn.
*
* @param int $expiresIn
*
* @return OpenidAssociation
*/
public function setExpiresIn($expiresIn)
{
$this->expiresIn = $expiresIn;
return $this;
}
/**
* Get expiresIn.
*
* @return int
*/
public function getExpiresIn()
{
return $this->expiresIn;
}
/**
* Set macKey.
*
* @param string $macKey
*
* @return OpenidAssociation
*/
public function setMacKey($macKey)
{
$this->macKey = $macKey;
return $this;
}
/**
* Get macKey.
*
* @return string
*/
public function getMacKey()
{
return $this->macKey;
}
/**
* Set created.
*
* @param int $created
*
* @return OpenidAssociation
*/
public function setCreated($created)
{
$this->created = $created;
return $this;
}
/**
* Get created.
*
* @return int
*/
public function getCreated()
{
return $this->created;
}
/**
* Get id.
*
* @return int
*/
public function getId()
{
return $this->id;
}
}

1
src/SettingsBundle/Manager/SettingsManager.php
Unescape View File

@ -211,7 +211,6 @@ class SettingsManager implements SettingsManagerInterface
'platform_charset' => 'Languages',
'noreply_email_address' => 'Platform',
'survey_email_sender_noreply' => 'Course',
'openid_authentication' => 'Security',
'gradebook_enable' => 'Gradebook',
'gradebook_score_display_coloring' => 'Gradebook',
'gradebook_score_display_custom' => 'Gradebook',

Write Preview
Loading…
Cancel
Save