diff --git a/app/Migrations/Schema/V200/Version20.php b/app/Migrations/Schema/V200/Version20.php
index 9ee78806d0..5a349d710a 100644
--- a/app/Migrations/Schema/V200/Version20.php
+++ b/app/Migrations/Schema/V200/Version20.php
@@ -639,7 +639,7 @@ class Version20 extends AbstractMigrationChamilo
$this->addSql('CREATE INDEX IDX_C9FA0CBD613FECDF ON c_document (session_id)');
// Drop unused tables
- $dropTables = ['event_email_template', 'event_sent', 'user_rel_event_type'];
+ $dropTables = ['event_email_template', 'event_sent', 'user_rel_event_type', 'openid_association'];
foreach ($dropTables as $table) {
if ($schema->hasTable($table)) {
$schema->dropTable($table);
diff --git a/main/admin/configure_inscription.php b/main/admin/configure_inscription.php
index 6e425247a2..d16e091f89 100755
--- a/main/admin/configure_inscription.php
+++ b/main/admin/configure_inscription.php
@@ -183,9 +183,6 @@ if ($display_all_form) {
$form->addRule('email', get_lang('ThisFieldIsRequired'), 'required');
}
$form->addRule('email', get_lang('EmailWrong'), 'email');
- if (api_get_setting('openid_authentication') == 'true') {
- $form->addElement('text', 'openid', get_lang('OpenIDURL'), ['size' => 40, 'disabled' => 'disabled']);
- }
// USERNAME
$form->addElement('text', 'username', get_lang('UserName'), ['size' => USERNAME_MAX_LENGTH, 'disabled' => 'disabled']);
@@ -328,10 +325,6 @@ if (!empty($_GET['phone'])) {
$defaults['phone'] = Security::remove_XSS($_GET['phone']);
}
-if (api_get_setting('openid_authentication') == 'true' && !empty($_GET['openid'])) {
- $defaults['openid'] = Security::remove_XSS($_GET['openid']);
-}
-
$form->setDefaults($defaults);
$tpl = new Template();
@@ -348,10 +341,6 @@ $content = Display::page_header($tool_name);
if (api_get_setting('allow_registration') == 'approval') {
$content .= Display::return_message(get_lang('YourAccountHasToBeApproved'), 'normal');
}
-//if openid was not found
-if (!empty($_GET['openid_msg']) && $_GET['openid_msg'] == 'idnotfound') {
- $content .= Display::return_message(get_lang('OpenIDCouldNotBeFoundPleaseRegister'), 'warning');
-}
$url = api_get_path(WEB_PUBLIC_PATH).'internal_page/edit/inscription';
//Form of language
diff --git a/main/admin/user_edit.php b/main/admin/user_edit.php
index 9bd867145e..1ad466ccd1 100755
--- a/main/admin/user_edit.php
+++ b/main/admin/user_edit.php
@@ -151,11 +151,6 @@ if (api_get_setting('login_is_email') == 'true') {
$form->addRule('email', get_lang('UserTaken'), 'username_available', $user_data['username']);
}
-// OpenID
-if (api_get_setting('openid_authentication') == 'true') {
- $form->addElement('text', 'openid', get_lang('OpenIDURL'));
-}
-
// Phone
$form->addElement('text', 'phone', get_lang('PhoneNumber'));
@@ -457,12 +452,7 @@ if ($form->validate()) {
if (isset($user['student_boss'])) {
UserManager::subscribeUserToBossList($user_id, $user['student_boss']);
}
-
- if (api_get_setting('openid_authentication') == 'true' && !empty($user['openid'])) {
- $up = UserManager::update_openid($user_id, $user['openid']);
- }
$currentUserId = api_get_user_id();
-
$userObj = api_get_user_entity($user_id);
UserManager::add_user_as_admin($userObj);
diff --git a/main/auth/inscription.php b/main/auth/inscription.php
index 606be20e75..32d3d7c2e9 100755
--- a/main/auth/inscription.php
+++ b/main/auth/inscription.php
@@ -166,9 +166,6 @@ if ($user_already_registered_show_terms === false &&
}
$form->addRule('email', get_lang('EmailWrong'), 'email');
- if (api_get_setting('openid_authentication') === 'true') {
- $form->addElement('text', 'openid', get_lang('OpenIDURL'), ['size' => 40]);
- }
// USERNAME
if (api_get_setting('login_is_email') != 'true') {
@@ -419,10 +416,6 @@ if (!empty($_GET['phone'])) {
$defaults['phone'] = Security::remove_XSS($_GET['phone']);
}
-if (api_get_setting('openid_authentication') === 'true' && !empty($_GET['openid'])) {
- $defaults['openid'] = Security::remove_XSS($_GET['openid']);
-}
-
$defaults['status'] = STUDENT;
$defaults['extra_mail_notify_invitation'] = 1;
$defaults['extra_mail_notify_message'] = 1;
@@ -503,11 +496,6 @@ if (api_get_setting('allow_registration') === 'approval') {
$content .= Display::return_message(get_lang('YourAccountHasToBeApproved'));
}
-//if openid was not found
-if (!empty($_GET['openid_msg']) && $_GET['openid_msg'] == 'idnotfound') {
- $content .= Display::return_message(get_lang('OpenIDCouldNotBeFoundPleaseRegister'));
-}
-
$showTerms = false;
// Terms and conditions
if (api_get_setting('allow_terms_conditions') === 'true' && $user_already_registered_show_terms) {
diff --git a/main/auth/openid/login.php b/main/auth/openid/login.php
deleted file mode 100755
index f3cda60ac6..0000000000
--- a/main/auth/openid/login.php
+++ /dev/null
@@ -1,461 +0,0 @@
- 'form-vertical form_login')
- );
- $form -> addElement('text', 'openid_url', array(get_lang('OpenIDURL'), Display::url(get_lang('OpenIDWhatIs'), 'main/auth/openid/whatis.php')), array('class' => 'openid_input'));
- $form -> addElement('button', 'submit', get_lang('Login'));
-
- return $form->returnForm();
-}
-
-/**
- * The initial step of OpenID authentication responsible for the following:
- * - Perform discovery on the claimed OpenID.
- * - If possible, create an association with the Provider's endpoint.
- * - Create the authentication request.
- * - Perform the appropriate redirect.
- *
- * @param $claimed_id The OpenID to authenticate
- * @param $return_to The endpoint to return to from the OpenID Provider
- */
-function openid_begin($claimed_id, $return_to = '', $form_values = array()) {
-
- $claimed_id = _openid_normalize($claimed_id);
- $services = openid_discovery($claimed_id);
- if (count($services) == 0) {
- echo 'Sorry, that is not a valid OpenID. Please ensure you have spelled your ID correctly.';
- return;
- }
- $op_endpoint = $services[0]['uri'];
- // Store the discovered endpoint in the session (so we don't have to rediscover).
- $_SESSION['openid_op_endpoint'] = $op_endpoint;
- // Store the claimed_id in the session (for handling delegation).
- $_SESSION['openid_claimed_id'] = $claimed_id;
- // Store the login form values so we can pass them to
- // user_exteral_login later.
- $_SESSION['openid_user_login_values'] = $form_values;
-
- // If bcmath is present, then create an association
- $assoc_handle = '';
- if (function_exists('bcadd')) {
- $assoc_handle = openid_association($op_endpoint);
- }
- // Now that there is an association created, move on
- // to request authentication from the IdP
- $identity = (!empty($services[0]['delegate'])) ? $services[0]['delegate'] : $claimed_id;
- if (isset($services[0]['types']) && is_array($services[0]['types']) && in_array(OPENID_NS_2_0 . '/server', $services[0]['types'])) {
- $identity = 'http://openid.net/identifier_select/2.0';
- }
- $authn_request = openid_authentication_request($claimed_id, $identity, $return_to, $assoc_handle, $services[0]['version']);
- if ($services[0]['version'] == 2) {
- echo openid_redirect($op_endpoint, $authn_request);
- } else {
- echo openid_redirect_http($op_endpoint, $authn_request);
- }
-}
-
-/**
- * Completes OpenID authentication by validating returned data from the OpenID
- * Provider.
- * @param array $response Array of returned from the OpenID provider (typically $_REQUEST).
- * @return array $response Response values for further processing with $response['status'] set to one of 'success', 'failed' or 'cancel'.
- */
-function openid_complete($response) {
- // Default to failed response
- $response['status'] = 'failed';
- if (isset($_SESSION['openid_op_endpoint']) && isset($_SESSION['openid_claimed_id'])) {
- _openid_fix_post($response);
- $op_endpoint = $_SESSION['openid_op_endpoint'];
- $claimed_id = $_SESSION['openid_claimed_id'];
- unset($_SESSION['openid_op_endpoint']);
- unset($_SESSION['openid_claimed_id']);
- if (isset($response['openid.mode'])) {
- if ($response['openid.mode'] == 'cancel') {
- $response['status'] = 'cancel';
- } else {
- if (openid_verify_assertion($op_endpoint, $response)) {
- $response['openid.identity'] = $claimed_id;
- $response['status'] = 'success';
- }
- }
- }
- }
-
- return $response;
-}
-
-/**
- * Perform discovery on a claimed ID to determine the OpenID provider endpoint.
- *
- * @param $claimed_id The OpenID URL to perform discovery on.
- *
- * @return Array of services discovered (including OpenID version, endpoint
- * URI, etc).
- */
-function openid_discovery($claimed_id)
-{
- $services = array();
-
- $xrds_url = $claimed_id;
- if (_openid_is_xri($claimed_id)) {
- $xrds_url = 'http://xri.net/' . $claimed_id;
- }
- $url = @parse_url($xrds_url);
- if ($url['scheme'] == 'http' || $url['scheme'] == 'https') {
- // For regular URLs, try Yadis resolution first, then HTML-based discovery
- $headers = array('Accept' => 'application/xrds+xml');
- //TODO
- $result = openid_http_request($xrds_url, $headers);
-
- if (!isset($result->error)) {
- if (isset($result->headers['Content-Type']) && preg_match("/application\/xrds\+xml/", $result->headers['Content-Type'])) {
- // Parse XML document to find URL
- $services = xrds_parse($result->data);
- } else {
- $xrds_url = NULL;
- if (isset($result->headers['X-XRDS-Location'])) {
- $xrds_url = $result->headers['X-XRDS-Location'];
- } else {
- // Look for meta http-equiv link in HTML head
- $xrds_url = _openid_meta_httpequiv('X-XRDS-Location', $result->data);
- }
- if (!empty($xrds_url)) {
- $headers = array('Accept' => 'application/xrds+xml');
- //TODO
- $xrds_result = openid_http_request($xrds_url, $headers);
- if (!isset($xrds_result->error)) {
- $services = xrds_parse($xrds_result->data);
- }
- }
- }
-
- // Check for HTML delegation
- if (count($services) == 0) {
- // Look for 2.0 links
- $uri = _openid_link_href('openid2.provider', $result->data);
- $delegate = _openid_link_href('openid2.local_id', $result->data);
- $version = 2;
-
- // 1.0 links
- if (empty($uri)) {
- $uri = _openid_link_href('openid.server', $result->data);
- $delegate = _openid_link_href('openid.delegate', $result->data);
- $version = 1;
- }
- if (!empty($uri)) {
- $services[] = array('uri' => $uri, 'delegate' => $delegate, 'version' => $version);
- }
- }
- }
- }
-
- return $services;
-}
-
-/**
- * Attempt to create a shared secret with the OpenID Provider.
- * @param $op_endpoint URL of the OpenID Provider endpoint.
- * @return object $assoc_handle The association handle.
- */
-function openid_association($op_endpoint) {
- //@todo Remove Old Associations:
- $openid_association = Database::get_main_table(TABLE_MAIN_OPENID_ASSOCIATION);
- $sql = "DELETE FROM $openid_association
- WHERE created + expires_in < '" . api_get_utc_datetime() . "'";
- Database::query($sql);
-
- // Check to see if we have an association for this IdP already
- $op_endpoint = Database::escape_string($op_endpoint);
- $sql = "SELECT assoc_handle
- FROM $openid_association
- WHERE idp_endpoint_uri = '$op_endpoint'";
- $assoc_handle = Database::query($sql);
- if (Database::num_rows($assoc_handle) <= 1) {
- $mod = OPENID_DH_DEFAULT_MOD;
- $gen = OPENID_DH_DEFAULT_GEN;
- $r = _openid_dh_rand($mod);
- $private = bcadd($r, 1);
- $public = bcpowmod($gen, $private, $mod);
-
- // If there is no existing association, then request one
- $assoc_request = openid_association_request($public);
- $assoc_message = _openid_encode_message(_openid_create_message($assoc_request));
- $assoc_headers = array('Content-Type' => 'application/x-www-form-urlencoded; charset=utf-8');
- //TODO
- $assoc_result = openid_http_request($op_endpoint, $assoc_headers, 'POST', $assoc_message);
- if (isset($assoc_result->error)) {
- return FALSE;
- }
-
- $assoc_response = _openid_parse_message($assoc_result->data);
- if (isset($assoc_response['mode']) && $assoc_response['mode'] == 'error') {
- return FALSE;
- }
-
- if ($assoc_response['session_type'] == 'DH-SHA1') {
- $spub = _openid_dh_base64_to_long($assoc_response['dh_server_public']);
- $enc_mac_key = base64_decode($assoc_response['enc_mac_key']);
- $shared = bcpowmod($spub, $private, $mod);
- $assoc_response['mac_key'] = base64_encode(_openid_dh_xorsecret($shared, $enc_mac_key));
- }
- //TODO
- $openid_association = Database::get_main_table(TABLE_MAIN_OPENID_ASSOCIATION);
- Database::query(sprintf("INSERT INTO $openid_association (idp_endpoint_uri, session_type, assoc_handle, assoc_type, expires_in, mac_key, created) VALUES('%s', '%s', '%s', '%s', %d, '%s', %d)", $op_endpoint, $assoc_response['session_type'], $assoc_response['assoc_handle'], $assoc_response['assoc_type'], $assoc_response['expires_in'], $assoc_response['mac_key'], api_get_utc_datetime()));
-
- $assoc_handle = $assoc_response['assoc_handle'];
- }
- return $assoc_handle;
-}
-
-/**
- * ?
- */
-function openid_association_request($public) {
-
- $request = array(
- 'openid.ns' => OPENID_NS_2_0,
- 'openid.mode' => 'associate',
- 'openid.session_type' => 'DH-SHA1',
- 'openid.assoc_type' => 'HMAC-SHA1'
- );
-
- if ($request['openid.session_type'] == 'DH-SHA1' || $request['openid.session_type'] == 'DH-SHA256') {
- $cpub = _openid_dh_long_to_base64($public);
- $request['openid.dh_consumer_public'] = $cpub;
- }
-
- return $request;
-}
-
-/**
- *
- */
-function openid_authentication_request($claimed_id, $identity, $return_to = '', $assoc_handle = '', $version = 2) {
-
- $realm = ($return_to) ? $return_to : api_get_self();
-
- $ns = ($version == 2) ? OPENID_NS_2_0 : OPENID_NS_1_0;
- $request = array(
- 'openid.ns' => $ns,
- 'openid.mode' => 'checkid_setup',
- 'openid.identity' => $identity,
- 'openid.claimed_id' => $claimed_id,
- 'openid.assoc_handle' => $assoc_handle,
- 'openid.return_to' => $return_to,
- );
-
- if ($version == 2) {
- $request['openid.realm'] = $realm;
- } else {
- $request['openid.trust_root'] = $realm;
- }
-
- // Simple Registration - we don't ask lastname and firstname because the only
- // available similar data is "fullname" and we would have to guess where to split
- $request['openid.sreg.required'] = 'nickname,email';
- $request['openid.ns.sreg'] = "http://openid.net/extensions/sreg/1.1";
-
- //$request = array_merge($request, module_invoke_all('openid', 'request', $request));
- //$request = array_merge($request);
-
- return $request;
-}
-
-/**
- * Attempt to verify the response received from the OpenID Provider.
- *
- * @param $op_endpoint The OpenID Provider URL.
- * @param $response Array of repsonse values from the provider.
- *
- * @return boolean
- */
-function openid_verify_assertion($op_endpoint, $response) {
-
- $valid = FALSE;
-
- //TODO
- $openid_association = Database::get_main_table(TABLE_MAIN_OPENID_ASSOCIATION);
- $sql = sprintf("SELECT * FROM $openid_association WHERE assoc_handle = '%s'", $response['openid.assoc_handle']);
- $res = Database::query($sql);
- $association = Database::fetch_object($res);
- if ($association && isset($association->session_type)) {
- $keys_to_sign = explode(',', $response['openid.signed']);
- $self_sig = _openid_signature($association, $response, $keys_to_sign);
- if ($self_sig == $response['openid.sig']) {
- $valid = TRUE;
- } else {
- $valid = FALSE;
- }
- } else {
- $request = $response;
- $request['openid.mode'] = 'check_authentication';
- $message = _openid_create_message($request);
- $headers = array('Content-Type' => 'application/x-www-form-urlencoded; charset=utf-8');
- $result = openid_http_request($op_endpoint, $headers, 'POST', _openid_encode_message($message));
- if (!isset($result->error)) {
- $response = _openid_parse_message($result->data);
- if (strtolower(trim($response['is_valid'])) == 'true') {
- $valid = TRUE;
- } else {
- $valid = FALSE;
- }
- }
- }
-
- return $valid;
-}
-
-/**
- * Make a HTTP request - This function has been copied straight over from Drupal 6 code (drupal_http_request)
- * @param string $data
- */
-function openid_http_request($url, $headers = array(), $method = 'GET', $data = NULL, $retry = 3) {
- $result = new stdClass();
-
- // Parse the URL and make sure we can handle the schema.
- $uri = parse_url($url);
-
- switch ($uri['scheme']) {
- case 'http':
- $port = isset($uri['port']) ? $uri['port'] : 80;
- $host = $uri['host'] . ($port != 80 ? ':' . $port : '');
- $fp = @fsockopen($uri['host'], $port, $errno, $errstr, 15);
- break;
- case 'https':
- // Note: Only works for PHP 4.3 compiled with OpenSSL.
- $port = isset($uri['port']) ? $uri['port'] : 443;
- $host = $uri['host'] . ($port != 443 ? ':' . $port : '');
- $fp = @fsockopen('ssl://' . $uri['host'], $port, $errno, $errstr, 20);
- break;
- default:
- $result->error = 'invalid schema ' . $uri['scheme'];
- return $result;
- }
-
- // Make sure the socket opened properly.
- if (!$fp) {
- // When a network error occurs, we make sure that it is a negative number so
- // it can clash with the HTTP status codes.
- $result->code = -$errno;
- $result->error = trim($errstr);
- return $result;
- }
-
- // Construct the path to act on.
- $path = isset($uri['path']) ? $uri['path'] : '/';
- if (isset($uri['query'])) {
- $path .= '?' . $uri['query'];
- }
-
- // Create HTTP request.
- $defaults = array(
- // RFC 2616: "non-standard ports MUST, default ports MAY be included".
- // We don't add the port to prevent from breaking rewrite rules checking the
- // host that do not take into account the port number.
- 'Host' => "Host: $host",
- 'User-Agent' => 'User-Agent: Chamilo (+http://www.chamilo.org/)',
- 'Content-Length' => 'Content-Length: ' . strlen($data)
- );
-
- // If the server url has a user then attempt to use basic authentication
- if (isset($uri['user'])) {
- $defaults['Authorization'] = 'Authorization: Basic ' . base64_encode($uri['user'] . (!empty($uri['pass']) ? ":" . $uri['pass'] : ''));
- }
-
- foreach ($headers as $header => $value) {
- $defaults[$header] = $header . ': ' . $value;
- }
-
- $request = $method . ' ' . $path . " HTTP/1.0\r\n";
- $request .= implode("\r\n", $defaults);
- $request .= "\r\n\r\n";
- if ($data) {
- $request .= $data . "\r\n";
- }
- $result->request = $request;
-
- fwrite($fp, $request);
-
- // Fetch response.
- $response = '';
- while (!feof($fp) && $chunk = fread($fp, 1024)) {
- $response .= $chunk;
- }
- fclose($fp);
-
- // Parse response.
- list($split, $result->data) = explode("\r\n\r\n", $response, 2);
- $split = preg_split("/\r\n|\n|\r/", $split);
-
- list($protocol, $code, $text) = explode(' ', trim(array_shift($split)), 3);
- $result->headers = array();
-
- // Parse headers.
- while ($line = trim(array_shift($split))) {
- list($header, $value) = explode(':', $line, 2);
- if (isset($result->headers[$header]) && $header == 'Set-Cookie') {
- // RFC 2109: the Set-Cookie response header comprises the token Set-
- // Cookie:, followed by a comma-separated list of one or more cookies.
- $result->headers[$header] .= ',' . trim($value);
- } else {
- $result->headers[$header] = trim($value);
- }
- }
-
- $responses = array(
- 100 => 'Continue', 101 => 'Switching Protocols',
- 200 => 'OK', 201 => 'Created', 202 => 'Accepted', 203 => 'Non-Authoritative Information', 204 => 'No Content', 205 => 'Reset Content', 206 => 'Partial Content',
- 300 => 'Multiple Choices', 301 => 'Moved Permanently', 302 => 'Found', 303 => 'See Other', 304 => 'Not Modified', 305 => 'Use Proxy', 307 => 'Temporary Redirect',
- 400 => 'Bad Request', 401 => 'Unauthorized', 402 => 'Payment Required', 403 => 'Forbidden', 404 => 'Not Found', 405 => 'Method Not Allowed', 406 => 'Not Acceptable', 407 => 'Proxy Authentication Required', 408 => 'Request Time-out', 409 => 'Conflict', 410 => 'Gone', 411 => 'Length Required', 412 => 'Precondition Failed', 413 => 'Request Entity Too Large', 414 => 'Request-URI Too Large', 415 => 'Unsupported Media Type', 416 => 'Requested range not satisfiable', 417 => 'Expectation Failed',
- 500 => 'Internal Server Error', 501 => 'Not Implemented', 502 => 'Bad Gateway', 503 => 'Service Unavailable', 504 => 'Gateway Time-out', 505 => 'HTTP Version not supported'
- );
- // RFC 2616 states that all unknown HTTP codes must be treated the same as the
- // base code in their class.
- if (!isset($responses[$code])) {
- $code = floor($code / 100) * 100;
- }
-
- switch ($code) {
- case 200: // OK
- case 304: // Not modified
- break;
- case 301: // Moved permanently
- case 302: // Moved temporarily
- case 307: // Moved temporarily
- $location = $result->headers['Location'];
-
- if ($retry) {
- $result = openid_http_request($result->headers['Location'], $headers, $method, $data, --$retry);
- $result->redirect_code = $result->code;
- }
- $result->redirect_url = $location;
-
- break;
- default:
- $result->error = $text;
- }
-
- $result->code = $code;
- return $result;
-}
diff --git a/main/auth/openid/openid.lib.php b/main/auth/openid/openid.lib.php
deleted file mode 100755
index e48bb1068e..0000000000
--- a/main/auth/openid/openid.lib.php
+++ /dev/null
@@ -1,420 +0,0 @@
- $val) {
- $query[] = $key . '=' . urlencode($val);
- }
- $sep = (strpos($url, '?') === FALSE) ? '?' : '&';
- header('Location: ' . $url . $sep . implode('&', $query), TRUE, 302);
- //exit;
-}
-
-/**
- * Creates a js auto-submit redirect for (for the 2.x protocol)
- * This function should be deprecated for 1.8.6.2 needs documentation
- */
-function openid_redirect($url, $message) {
- $output = '' . get_lang('OpenIDRedirect') . "\n";
- $output .= '';
- $output .= '';
- $output .= "";
- return $output;
-}
-
-/**
- * Determine if the given identifier is an XRI ID.
- */
-function _openid_is_xri($identifier) {
- $firstchar = substr($identifier, 0, 1);
- if ($firstchar == "@" || $firstchar == "=")
- return TRUE;
-
- if (stristr($identifier, 'xri://') !== FALSE) {
- return TRUE;
- }
-
- return FALSE;
-}
-
-/**
- * Normalize the given identifier as per spec.
- */
-function _openid_normalize($identifier) {
- if (_openid_is_xri($identifier)) {
- return _openid_normalize_xri($identifier);
- } else {
- return _openid_normalize_url($identifier);
- }
-}
-
-function _openid_normalize_xri($xri) {
- $normalized_xri = $xri;
- if (stristr($xri, 'xri://') !== FALSE) {
- $normalized_xri = substr($xri, 6);
- }
- return $normalized_xri;
-}
-
-function _openid_normalize_url($url) {
- $normalized_url = $url;
-
- if (stristr($url, '://') === FALSE) {
- $normalized_url = 'http://' . $url;
- }
-
- if (substr_count($normalized_url, '/') < 3) {
- $normalized_url .= '/';
- }
-
- return $normalized_url;
-}
-
-/**
- * Create a serialized message packet as per spec: $key:$value\n .
- */
-function _openid_create_message($data) {
- $serialized = '';
-
- foreach ($data as $key => $value) {
- if ((strpos($key, ':') !== FALSE) || (strpos($key, "\n") !== FALSE) || (strpos($value, "\n") !== FALSE)) {
- return null;
- }
- $serialized .= "$key:$value\n";
- }
- return $serialized;
-}
-
-/**
- * Encode a message from _openid_create_message for HTTP Post
- * @param null|string $message
- */
-function _openid_encode_message($message) {
- $encoded_message = '';
-
- $items = explode("\n", $message);
- foreach ($items as $item) {
- $parts = explode(':', $item, 2);
-
- if (count($parts) == 2) {
- if ($encoded_message != '') {
- $encoded_message .= '&';
- }
- $encoded_message .= rawurlencode(trim($parts[0])) . '=' . rawurlencode(trim($parts[1]));
- }
- }
-
- return $encoded_message;
-}
-
-/**
- * Convert a direct communication message
- * into an associative array.
- */
-function _openid_parse_message($message) {
- $parsed_message = array();
-
- $items = explode("\n", $message);
- foreach ($items as $item) {
- $parts = explode(':', $item, 2);
-
- if (count($parts) == 2) {
- $parsed_message[$parts[0]] = $parts[1];
- }
- }
-
- return $parsed_message;
-}
-
-/**
- * Return a nonce value - formatted per OpenID spec.
- */
-function _openid_nonce() {
- // YYYY-MM-DDThh:mm:ssTZD UTC, plus some optional extra unique chars
- return gmstrftime('%Y-%m-%dT%H:%M:%S%Z') .
- chr(mt_rand(0, 25) + 65) .
- chr(mt_rand(0, 25) + 65) .
- chr(mt_rand(0, 25) + 65) .
- chr(mt_rand(0, 25) + 65);
-}
-
-/**
- * Pull the href attribute out of an html link element.
- * @param string $rel
- */
-function _openid_link_href($rel, $html) {
- $rel = preg_quote($rel);
- preg_match('||iU', $html, $matches);
- if (isset($matches[3])) {
- preg_match('|href=["\']([^"]+)["\']|iU', $matches[0], $href);
- return trim($href[1]);
- }
- return FALSE;
-}
-
-/**
- * Pull the http-equiv attribute out of an html meta element
- * @param string $equiv
- */
-function _openid_meta_httpequiv($equiv, $html) {
- preg_match('||iU', $html, $matches);
- if (isset($matches[1])) {
- preg_match('|content=["\']([^"]+)["\']|iU', $matches[1], $content);
- return $content[1];
- }
- return FALSE;
-}
-
-/**
- * Sign certain keys in a message
- * @param $association - object loaded from openid_association or openid_server_association table
- * - important fields are ->assoc_type and ->mac_key
- * @param $message_array - array of entire message about to be sent
- * @param $keys_to_sign - keys in the message to include in signature (without
- * 'openid.' appended)
- */
-function _openid_signature($association, $message_array, $keys_to_sign) {
- $signature = '';
- $sign_data = array();
-
- foreach ($keys_to_sign as $key) {
- if (isset($message_array['openid.' . $key])) {
- $sign_data[$key] = $message_array['openid.' . $key];
- }
- }
-
- $message = _openid_create_message($sign_data);
- $secret = base64_decode($association->mac_key);
- $signature = _openid_hmac($secret, $message);
-
- return base64_encode($signature);
-}
-
-/**
- * @param string $key
- * @param null|string $text
- */
-function _openid_hmac($key, $text) {
- if (strlen($key) > OPENID_SHA1_BLOCKSIZE) {
- $key = _openid_sha1($key, true);
- }
-
- $key = str_pad($key, OPENID_SHA1_BLOCKSIZE, chr(0x00));
- $ipad = str_repeat(chr(0x36), OPENID_SHA1_BLOCKSIZE);
- $opad = str_repeat(chr(0x5c), OPENID_SHA1_BLOCKSIZE);
- $hash1 = _openid_sha1(($key ^ $ipad) . $text, true);
- $hmac = _openid_sha1(($key ^ $opad) . $hash1, true);
-
- return $hmac;
-}
-
-function _openid_sha1($text) {
- $hex = sha1($text);
- $raw = '';
- for ($i = 0; $i < 40; $i += 2) {
- $hexcode = substr($hex, $i, 2);
- $charcode = (int) base_convert($hexcode, 16, 10);
- $raw .= chr($charcode);
- }
- return $raw;
-}
-
-function _openid_dh_base64_to_long($str) {
- $b64 = base64_decode($str);
-
- return _openid_dh_binary_to_long($b64);
-}
-
-function _openid_dh_long_to_base64($str) {
- return base64_encode(_openid_dh_long_to_binary($str));
-}
-
-/**
- * @param string $str
- */
-function _openid_dh_binary_to_long($str) {
- $bytes = array_merge(unpack('C*', $str));
-
- $n = 0;
- foreach ($bytes as $byte) {
- $n = bcmul($n, pow(2, 8));
- $n = bcadd($n, $byte);
- }
-
- return $n;
-}
-
-function _openid_dh_long_to_binary($long) {
- $cmp = bccomp($long, 0);
- if ($cmp < 0) {
- return FALSE;
- }
-
- if ($cmp == 0) {
- return "\x00";
- }
-
- $bytes = array();
-
- while (bccomp($long, 0) > 0) {
- array_unshift($bytes, bcmod($long, 256));
- $long = bcdiv($long, pow(2, 8));
- }
-
- if ($bytes && ($bytes[0] > 127)) {
- array_unshift($bytes, 0);
- }
-
- $string = '';
- foreach ($bytes as $byte) {
- $string .= pack('C', $byte);
- }
-
- return $string;
-}
-
-/**
- * @param string $secret
- */
-function _openid_dh_xorsecret($shared, $secret) {
- $dh_shared_str = _openid_dh_long_to_binary($shared);
- $sha1_dh_shared = _openid_sha1($dh_shared_str);
- $xsecret = "";
- for ($i = 0; $i < strlen($secret); $i++) {
- $xsecret .= chr(ord($secret[$i]) ^ ord($sha1_dh_shared[$i]));
- }
-
- return $xsecret;
-}
-
-/**
- * @param string $stop
- */
-function _openid_dh_rand($stop) {
- static $duplicate_cache = array();
-
- // Used as the key for the duplicate cache
- $rbytes = _openid_dh_long_to_binary($stop);
-
- if (array_key_exists($rbytes, $duplicate_cache)) {
- list($duplicate, $nbytes) = $duplicate_cache[$rbytes];
- } else {
- if ($rbytes[0] == "\x00") {
- $nbytes = strlen($rbytes) - 1;
- } else {
- $nbytes = strlen($rbytes);
- }
-
- $mxrand = bcpow(256, $nbytes);
-
- // If we get a number less than this, then it is in the
- // duplicated range.
- $duplicate = bcmod($mxrand, $stop);
-
- if (count($duplicate_cache) > 10) {
- $duplicate_cache = array();
- }
-
- $duplicate_cache[$rbytes] = array($duplicate, $nbytes);
- }
-
- do {
- $bytes = "\x00" . _openid_get_bytes($nbytes);
- $n = _openid_dh_binary_to_long($bytes);
- // Keep looping if this value is in the low duplicated range.
- } while (bccomp($n, $duplicate) < 0);
-
- return bcmod($n, $stop);
-}
-
-function _openid_get_bytes($num_bytes) {
- static $f = null;
- $bytes = '';
- if (!isset($f)) {
- $f = @fopen(OPENID_RAND_SOURCE, "r");
- }
- if (!$f) {
- // pseudorandom used
- $bytes = '';
- for ($i = 0; $i < $num_bytes; $i += 4) {
- $bytes .= pack('L', mt_rand());
- }
- $bytes = substr($bytes, 0, $num_bytes);
- } else {
- $bytes = fread($f, $num_bytes);
- }
- return $bytes;
-}
-
-/**
- * Fix PHP's habit of replacing '.' by '_' in posted data.
- */
-function _openid_fix_post(&$post) {
- //$extensions = module_invoke_all('openid', 'extension');
- foreach ($post as $key => $value) {
- if (strpos($key, 'openid_') === 0) {
- $fixed_key = str_replace('openid_', 'openid.', $key);
- $fixed_key = str_replace('openid.ns_', 'openid.ns.', $fixed_key);
- $fixed_key = str_replace('openid.sreg_', 'openid.sreg.', $fixed_key);
- //foreach ($extensions as $ext) {
- // $fixed_key = str_replace('openid.'.$ext.'_', 'openid.'.$ext.'.', $fixed_key);
- //}
- unset($post[$key]);
- $post[$fixed_key] = $value;
- }
- }
-}
-
-/**
- * Provide bcpowmod support for PHP4.
- */
-if (!function_exists('bcpowmod')) {
-
- function bcpowmod($base, $exp, $mod) {
- $square = bcmod($base, $mod);
- $result = 1;
- while (bccomp($exp, 0) > 0) {
- if (bcmod($exp, 2)) {
- $result = bcmod(bcmul($result, $square), $mod);
- }
- $square = bcmod(bcmul($square, $square), $mod);
- $exp = bcdiv($exp, 2);
- }
- return $result;
- }
-
-}
diff --git a/main/auth/openid/whatis.php b/main/auth/openid/whatis.php
deleted file mode 100755
index 6c275689a2..0000000000
--- a/main/auth/openid/whatis.php
+++ /dev/null
@@ -1,14 +0,0 @@
-addRule('email', get_lang('EmailWrong'), 'email');
}
-// OPENID URL
-if (api_get_setting('profile.is_editable') === 'true' && api_get_setting('openid_authentication') == 'true') {
- $form->addElement('text', 'openid', get_lang('OpenIDURL'), ['size' => 40]);
- if (api_get_setting('profile', 'openid') !== 'true') {
- $form->freeze('openid');
- }
- $form->applyFilter('openid', 'trim');
-}
-
// PHONE
$form->addElement('text', 'phone', get_lang('Phone'), ['size' => 20]);
if (api_get_setting('profile', 'phone') !== 'true') {
diff --git a/main/inc/lib/database.constants.inc.php b/main/inc/lib/database.constants.inc.php
index a19e6e0369..4a8174ff6c 100755
--- a/main/inc/lib/database.constants.inc.php
+++ b/main/inc/lib/database.constants.inc.php
@@ -42,7 +42,6 @@ define('TABLE_MAIN_SHARED_SURVEY_QUESTION', 'shared_survey_question');
define('TABLE_MAIN_SHARED_SURVEY_QUESTION_OPTION', 'shared_survey_question_option');
define('TABLE_MAIN_TEMPLATES', 'templates');
define('TABLE_MAIN_SYSTEM_TEMPLATE', 'system_template');
-define('TABLE_MAIN_OPENID_ASSOCIATION', 'openid_association');
define('TABLE_MAIN_COURSE_REQUEST', 'course_request');
// Gradebook
diff --git a/main/inc/lib/template.lib.php b/main/inc/lib/template.lib.php
index 184b298c03..7a9fe8fccf 100755
--- a/main/inc/lib/template.lib.php
+++ b/main/inc/lib/template.lib.php
@@ -1303,10 +1303,6 @@ class Template
);
$html = $form->returnForm();
- if (api_get_setting('openid_authentication') == 'true') {
- include_once api_get_path(SYS_CODE_PATH).'auth/openid/login.php';
- $html .= ''.openid_form().'
';
- }
return $html;
}
diff --git a/main/inc/lib/usermanager.lib.php b/main/inc/lib/usermanager.lib.php
index c53d3614c6..0b7bbe1d36 100755
--- a/main/inc/lib/usermanager.lib.php
+++ b/main/inc/lib/usermanager.lib.php
@@ -24,20 +24,20 @@ use Symfony\Component\Security\Core\Encoder\EncoderFactory;
class UserManager
{
// This constants are deprecated use the constants located in ExtraField
- const USER_FIELD_TYPE_TEXT = 1;
- const USER_FIELD_TYPE_TEXTAREA = 2;
- const USER_FIELD_TYPE_RADIO = 3;
- const USER_FIELD_TYPE_SELECT = 4;
- const USER_FIELD_TYPE_SELECT_MULTIPLE = 5;
- const USER_FIELD_TYPE_DATE = 6;
- const USER_FIELD_TYPE_DATETIME = 7;
- const USER_FIELD_TYPE_DOUBLE_SELECT = 8;
- const USER_FIELD_TYPE_DIVIDER = 9;
- const USER_FIELD_TYPE_TAG = 10;
- const USER_FIELD_TYPE_TIMEZONE = 11;
- const USER_FIELD_TYPE_SOCIAL_PROFILE = 12;
- const USER_FIELD_TYPE_FILE = 13;
- const USER_FIELD_TYPE_MOBILE_PHONE_NUMBER = 14;
+ public const USER_FIELD_TYPE_TEXT = 1;
+ public const USER_FIELD_TYPE_TEXTAREA = 2;
+ public const USER_FIELD_TYPE_RADIO = 3;
+ public const USER_FIELD_TYPE_SELECT = 4;
+ public const USER_FIELD_TYPE_SELECT_MULTIPLE = 5;
+ public const USER_FIELD_TYPE_DATE = 6;
+ public const USER_FIELD_TYPE_DATETIME = 7;
+ public const USER_FIELD_TYPE_DOUBLE_SELECT = 8;
+ public const USER_FIELD_TYPE_DIVIDER = 9;
+ public const USER_FIELD_TYPE_TAG = 10;
+ public const USER_FIELD_TYPE_TIMEZONE = 11;
+ public const USER_FIELD_TYPE_SOCIAL_PROFILE = 12;
+ public const USER_FIELD_TYPE_FILE = 13;
+ public const USER_FIELD_TYPE_MOBILE_PHONE_NUMBER = 14;
private static $encryptionMethod;
@@ -558,7 +558,6 @@ class UserManager
}
}
-
if ($sendEmailToAllAdmins) {
$adminList = self::get_all_administrators();
@@ -1003,36 +1002,6 @@ class UserManager
return false;
}
- /**
- * Update user information with new openid.
- *
- * @param int $user_id
- * @param string $openid
- *
- * @return bool true if the user information was updated
- * @assert (false,'') === false
- * @assert (-1,'') === false
- */
- public static function update_openid($user_id, $openid)
- {
- $table_user = Database::get_main_table(TABLE_MAIN_USER);
- if ($user_id != strval(intval($user_id))) {
- return false;
- }
- if ($user_id === false) {
- return false;
- }
- $sql = "UPDATE $table_user SET
- openid='".Database::escape_string($openid)."'";
- $sql .= " WHERE id= $user_id";
-
- if (Database::query($sql) !== false) {
- return true;
- }
-
- return false;
- }
-
/**
* Update user information with all the parameters passed to this function.
*
diff --git a/src/CoreBundle/Entity/OpenidAssociation.php b/src/CoreBundle/Entity/OpenidAssociation.php
deleted file mode 100644
index 0de62f3df0..0000000000
--- a/src/CoreBundle/Entity/OpenidAssociation.php
+++ /dev/null
@@ -1,251 +0,0 @@
-idpEndpointUri = $idpEndpointUri;
-
- return $this;
- }
-
- /**
- * Get idpEndpointUri.
- *
- * @return string
- */
- public function getIdpEndpointUri()
- {
- return $this->idpEndpointUri;
- }
-
- /**
- * Set sessionType.
- *
- * @param string $sessionType
- *
- * @return OpenidAssociation
- */
- public function setSessionType($sessionType)
- {
- $this->sessionType = $sessionType;
-
- return $this;
- }
-
- /**
- * Get sessionType.
- *
- * @return string
- */
- public function getSessionType()
- {
- return $this->sessionType;
- }
-
- /**
- * Set assocHandle.
- *
- * @param string $assocHandle
- *
- * @return OpenidAssociation
- */
- public function setAssocHandle($assocHandle)
- {
- $this->assocHandle = $assocHandle;
-
- return $this;
- }
-
- /**
- * Get assocHandle.
- *
- * @return string
- */
- public function getAssocHandle()
- {
- return $this->assocHandle;
- }
-
- /**
- * Set assocType.
- *
- * @param string $assocType
- *
- * @return OpenidAssociation
- */
- public function setAssocType($assocType)
- {
- $this->assocType = $assocType;
-
- return $this;
- }
-
- /**
- * Get assocType.
- *
- * @return string
- */
- public function getAssocType()
- {
- return $this->assocType;
- }
-
- /**
- * Set expiresIn.
- *
- * @param int $expiresIn
- *
- * @return OpenidAssociation
- */
- public function setExpiresIn($expiresIn)
- {
- $this->expiresIn = $expiresIn;
-
- return $this;
- }
-
- /**
- * Get expiresIn.
- *
- * @return int
- */
- public function getExpiresIn()
- {
- return $this->expiresIn;
- }
-
- /**
- * Set macKey.
- *
- * @param string $macKey
- *
- * @return OpenidAssociation
- */
- public function setMacKey($macKey)
- {
- $this->macKey = $macKey;
-
- return $this;
- }
-
- /**
- * Get macKey.
- *
- * @return string
- */
- public function getMacKey()
- {
- return $this->macKey;
- }
-
- /**
- * Set created.
- *
- * @param int $created
- *
- * @return OpenidAssociation
- */
- public function setCreated($created)
- {
- $this->created = $created;
-
- return $this;
- }
-
- /**
- * Get created.
- *
- * @return int
- */
- public function getCreated()
- {
- return $this->created;
- }
-
- /**
- * Get id.
- *
- * @return int
- */
- public function getId()
- {
- return $this->id;
- }
-}
diff --git a/src/SettingsBundle/Manager/SettingsManager.php b/src/SettingsBundle/Manager/SettingsManager.php
index b4c135e5c7..7859f2efca 100644
--- a/src/SettingsBundle/Manager/SettingsManager.php
+++ b/src/SettingsBundle/Manager/SettingsManager.php
@@ -211,7 +211,6 @@ class SettingsManager implements SettingsManagerInterface
'platform_charset' => 'Languages',
'noreply_email_address' => 'Platform',
'survey_email_sender_noreply' => 'Course',
- 'openid_authentication' => 'Security',
'gradebook_enable' => 'Gradebook',
'gradebook_score_display_coloring' => 'Gradebook',
'gradebook_score_display_custom' => 'Gradebook',