diff --git a/main/auth/openid/login.php b/main/auth/openid/login.php index bae526062a..8c282a4829 100644 --- a/main/auth/openid/login.php +++ b/main/auth/openid/login.php @@ -1,4 +1,5 @@ '.get_lang('OpenIdAuthentication').'


'; +function openid_form() { + //get_lang('OpenIdAuthentication') + $form = new FormValidator('openid_login', 'post', null, null, array('class' => 'form-vertical form_login')); + $form->addElement('text', 'openid_url', array(get_lang('OpenIDURL'), Display::url(get_lang('OpenIDWhatIs'), 'main/auth/openid/whatis.php')), array('class' => 'openid_input')); + $form->addElement('button', 'submit', get_lang('Login')); + return $form->return_form(); + /* + return ' + + *

'; + * + */ } /** @@ -32,46 +42,40 @@ function openid_form() * @param $claimed_id The OpenID to authenticate * @param $return_to The endpoint to return to from the OpenID Provider */ -function openid_begin($claimed_id, $return_to = '', $form_values = array()) -{ - - $claimed_id = _openid_normalize($claimed_id); - - $services = openid_discovery($claimed_id); - if (count($services) == 0) { - echo 'Sorry, that is not a valid OpenID. Please ensure you have spelled your ID correctly.'; - return; - } - - $op_endpoint = $services[0]['uri']; - // Store the discovered endpoint in the session (so we don't have to rediscover). - $_SESSION['openid_op_endpoint'] = $op_endpoint; - // Store the claimed_id in the session (for handling delegation). - $_SESSION['openid_claimed_id'] = $claimed_id; - // Store the login form values so we can pass them to - // user_exteral_login later. - $_SESSION['openid_user_login_values'] = $form_values; - - // If bcmath is present, then create an association - $assoc_handle = ''; - if (function_exists('bcadd')) { - $assoc_handle = openid_association($op_endpoint); - } - - // Now that there is an association created, move on - // to request authentication from the IdP - $identity = (!empty($services[0]['delegate'])) ? $services[0]['delegate'] : $claimed_id; - if (isset($services[0]['types']) && is_array($services[0]['types']) && in_array(OPENID_NS_2_0 .'/server', $services[0]['types'])) { - $identity = 'http://openid.net/identifier_select/2.0'; - } - $authn_request = openid_authentication_request($claimed_id, $identity, $return_to, $assoc_handle, $services[0]['version']); - - if ($services[0]['version'] == 2) { - openid_redirect($op_endpoint, $authn_request); - } - else { - openid_redirect_http($op_endpoint, $authn_request); - } +function openid_begin($claimed_id, $return_to = '', $form_values = array()) { + + $claimed_id = _openid_normalize($claimed_id); + $services = openid_discovery($claimed_id); + if (count($services) == 0) { + echo 'Sorry, that is not a valid OpenID. Please ensure you have spelled your ID correctly.'; + return; + } + $op_endpoint = $services[0]['uri']; + // Store the discovered endpoint in the session (so we don't have to rediscover). + $_SESSION['openid_op_endpoint'] = $op_endpoint; + // Store the claimed_id in the session (for handling delegation). + $_SESSION['openid_claimed_id'] = $claimed_id; + // Store the login form values so we can pass them to + // user_exteral_login later. + $_SESSION['openid_user_login_values'] = $form_values; + + // If bcmath is present, then create an association + $assoc_handle = ''; + if (function_exists('bcadd')) { + $assoc_handle = openid_association($op_endpoint); + } + // Now that there is an association created, move on + // to request authentication from the IdP + $identity = (!empty($services[0]['delegate'])) ? $services[0]['delegate'] : $claimed_id; + if (isset($services[0]['types']) && is_array($services[0]['types']) && in_array(OPENID_NS_2_0 . '/server', $services[0]['types'])) { + $identity = 'http://openid.net/identifier_select/2.0'; + } + $authn_request = openid_authentication_request($claimed_id, $identity, $return_to, $assoc_handle, $services[0]['version']); + if ($services[0]['version'] == 2) { + openid_redirect($op_endpoint, $authn_request); + } else { + openid_redirect_http($op_endpoint, $authn_request); + } } /** @@ -83,29 +87,27 @@ function openid_begin($claimed_id, $return_to = '', $form_values = array()) * @return $response Response values for further processing with * $response['status'] set to one of 'success', 'failed' or 'cancel'. */ -function openid_complete($response) -{ - // Default to failed response - $response['status'] = 'failed'; - if (isset($_SESSION['openid_op_endpoint']) && isset($_SESSION['openid_claimed_id'])) { - _openid_fix_post($response); - $op_endpoint = $_SESSION['openid_op_endpoint']; - $claimed_id = $_SESSION['openid_claimed_id']; - unset($_SESSION['openid_op_endpoint']); - unset($_SESSION['openid_claimed_id']); - if (isset($response['openid.mode'])) { - if ($response['openid.mode'] == 'cancel') { - $response['status'] = 'cancel'; - } - else { - if (openid_verify_assertion($op_endpoint, $response)) { - $response['openid.identity'] = $claimed_id; - $response['status'] = 'success'; +function openid_complete($response) { + // Default to failed response + $response['status'] = 'failed'; + if (isset($_SESSION['openid_op_endpoint']) && isset($_SESSION['openid_claimed_id'])) { + _openid_fix_post($response); + $op_endpoint = $_SESSION['openid_op_endpoint']; + $claimed_id = $_SESSION['openid_claimed_id']; + unset($_SESSION['openid_op_endpoint']); + unset($_SESSION['openid_claimed_id']); + if (isset($response['openid.mode'])) { + if ($response['openid.mode'] == 'cancel') { + $response['status'] = 'cancel'; + } else { + if (openid_verify_assertion($op_endpoint, $response)) { + $response['openid.identity'] = $claimed_id; + $response['status'] = 'success'; + } + } } - } } - } - return $response; + return $response; } /** @@ -118,63 +120,61 @@ function openid_complete($response) */ function openid_discovery($claimed_id) { - $services = array(); + $services = array(); - $xrds_url = $claimed_id; - if (_openid_is_xri($claimed_id)) { - $xrds_url = 'http://xri.net/'. $claimed_id; - } - $url = @parse_url($xrds_url); - if ($url['scheme'] == 'http' || $url['scheme'] == 'https') { - // For regular URLs, try Yadis resolution first, then HTML-based discovery - $headers = array('Accept' => 'application/xrds+xml'); - //TODO - $result = openid_http_request($xrds_url, $headers); - - if (!isset($result->error)) { - if (isset($result->headers['Content-Type']) && preg_match("/application\/xrds\+xml/", $result->headers['Content-Type'])) { - // Parse XML document to find URL - $services = xrds_parse($result->data); - } - else { - $xrds_url = NULL; - if (isset($result->headers['X-XRDS-Location'])) { - $xrds_url = $result->headers['X-XRDS-Location']; - } - else { - // Look for meta http-equiv link in HTML head - $xrds_url = _openid_meta_httpequiv('X-XRDS-Location', $result->data); - } - if (!empty($xrds_url)) { - $headers = array('Accept' => 'application/xrds+xml'); - //TODO - $xrds_result = openid_http_request($xrds_url, $headers); - if (!isset($xrds_result->error)) { - $services = xrds_parse($xrds_result->data); - } - } - } - - // Check for HTML delegation - if (count($services) == 0) { - // Look for 2.0 links - $uri = _openid_link_href('openid2.provider', $result->data); - $delegate = _openid_link_href('openid2.local_id', $result->data); - $version = 2; - - // 1.0 links - if (empty($uri)) { - $uri = _openid_link_href('openid.server', $result->data); - $delegate = _openid_link_href('openid.delegate', $result->data); - $version = 1; - } - if (!empty($uri)) { - $services[] = array('uri' => $uri, 'delegate' => $delegate, 'version' => $version); + $xrds_url = $claimed_id; + if (_openid_is_xri($claimed_id)) { + $xrds_url = 'http://xri.net/' . $claimed_id; + } + $url = @parse_url($xrds_url); + if ($url['scheme'] == 'http' || $url['scheme'] == 'https') { + // For regular URLs, try Yadis resolution first, then HTML-based discovery + $headers = array('Accept' => 'application/xrds+xml'); + //TODO + $result = openid_http_request($xrds_url, $headers); + + if (!isset($result->error)) { + if (isset($result->headers['Content-Type']) && preg_match("/application\/xrds\+xml/", $result->headers['Content-Type'])) { + // Parse XML document to find URL + $services = xrds_parse($result->data); + } else { + $xrds_url = NULL; + if (isset($result->headers['X-XRDS-Location'])) { + $xrds_url = $result->headers['X-XRDS-Location']; + } else { + // Look for meta http-equiv link in HTML head + $xrds_url = _openid_meta_httpequiv('X-XRDS-Location', $result->data); + } + if (!empty($xrds_url)) { + $headers = array('Accept' => 'application/xrds+xml'); + //TODO + $xrds_result = openid_http_request($xrds_url, $headers); + if (!isset($xrds_result->error)) { + $services = xrds_parse($xrds_result->data); + } + } + } + + // Check for HTML delegation + if (count($services) == 0) { + // Look for 2.0 links + $uri = _openid_link_href('openid2.provider', $result->data); + $delegate = _openid_link_href('openid2.local_id', $result->data); + $version = 2; + + // 1.0 links + if (empty($uri)) { + $uri = _openid_link_href('openid.server', $result->data); + $delegate = _openid_link_href('openid.delegate', $result->data); + $version = 1; + } + if (!empty($uri)) { + $services[] = array('uri' => $uri, 'delegate' => $delegate, 'version' => $version); + } + } } - } } - } - return $services; + return $services; } /** @@ -185,51 +185,50 @@ function openid_discovery($claimed_id) { * @return $assoc_handle The association handle. */ function openid_association($op_endpoint) { + //@todo Remove Old Associations: + $openid_association = Database::get_main_table(TABLE_MAIN_OPENID_ASSOCIATION); + $sql = "DELETE FROM $openid_association WHERE created + expires_in < '" . api_get_utc_datetime() . "'"; + Database::query($sql); + + // Check to see if we have an association for this IdP already + $op_endpoint = Database::escape_string($op_endpoint); + $sql = "SELECT assoc_handle FROM $openid_association WHERE idp_endpoint_uri = '$op_endpoint'"; + $assoc_handle = Database::query($sql); + if (Database::num_rows($assoc_handle) <= 1) { + $mod = OPENID_DH_DEFAULT_MOD; + $gen = OPENID_DH_DEFAULT_GEN; + $r = _openid_dh_rand($mod); + $private = bcadd($r, 1); + $public = bcpowmod($gen, $private, $mod); + + // If there is no existing association, then request one + $assoc_request = openid_association_request($public); + $assoc_message = _openid_encode_message(_openid_create_message($assoc_request)); + $assoc_headers = array('Content-Type' => 'application/x-www-form-urlencoded; charset=utf-8'); + //TODO + $assoc_result = openid_http_request($op_endpoint, $assoc_headers, 'POST', $assoc_message); + if (isset($assoc_result->error)) { + return FALSE; + } - // Remove Old Associations: - //TODO - $openid_association = Database::get_main_table(TABLE_MAIN_OPENID_ASSOCIATION); - Database::query("DELETE FROM $openid_association WHERE created + expires_in < %d", time()); - - // Check to see if we have an association for this IdP already - $assoc_handle = Database::query("SELECT assoc_handle FROM $openid_association WHERE idp_endpoint_uri = '%s'", $op_endpoint); - if (Database::num_rows($assoc_handle)<=1) { - $mod = OPENID_DH_DEFAULT_MOD; - $gen = OPENID_DH_DEFAULT_GEN; - $r = _openid_dh_rand($mod); - $private = bcadd($r, 1); - $public = bcpowmod($gen, $private, $mod); - - // If there is no existing association, then request one - $assoc_request = openid_association_request($public); - $assoc_message = _openid_encode_message(_openid_create_message($assoc_request)); - $assoc_headers = array('Content-Type' => 'application/x-www-form-urlencoded; charset=utf-8'); - //TODO - $assoc_result = openid_http_request($op_endpoint, $assoc_headers, 'POST', $assoc_message); - if (isset($assoc_result->error)) { - return FALSE; - } + $assoc_response = _openid_parse_message($assoc_result->data); + if (isset($assoc_response['mode']) && $assoc_response['mode'] == 'error') { + return FALSE; + } - $assoc_response = _openid_parse_message($assoc_result->data); - if (isset($assoc_response['mode']) && $assoc_response['mode'] == 'error') { - return FALSE; - } + if ($assoc_response['session_type'] == 'DH-SHA1') { + $spub = _openid_dh_base64_to_long($assoc_response['dh_server_public']); + $enc_mac_key = base64_decode($assoc_response['enc_mac_key']); + $shared = bcpowmod($spub, $private, $mod); + $assoc_response['mac_key'] = base64_encode(_openid_dh_xorsecret($shared, $enc_mac_key)); + } + //TODO + $openid_association = Database::get_main_table(TABLE_MAIN_OPENID_ASSOCIATION); + Database::query(sprintf("INSERT INTO $openid_association (idp_endpoint_uri, session_type, assoc_handle, assoc_type, expires_in, mac_key, created) VALUES('%s', '%s', '%s', '%s', %d, '%s', %d)", $op_endpoint, $assoc_response['session_type'], $assoc_response['assoc_handle'], $assoc_response['assoc_type'], $assoc_response['expires_in'], $assoc_response['mac_key'], api_get_utc_datetime())); - if ($assoc_response['session_type'] == 'DH-SHA1') { - $spub = _openid_dh_base64_to_long($assoc_response['dh_server_public']); - $enc_mac_key = base64_decode($assoc_response['enc_mac_key']); - $shared = bcpowmod($spub, $private, $mod); - $assoc_response['mac_key'] = base64_encode(_openid_dh_xorsecret($shared, $enc_mac_key)); + $assoc_handle = $assoc_response['assoc_handle']; } - //TODO - $openid_association = Database::get_main_table(TABLE_MAIN_OPENID_ASSOCIATION); - Database::query(sprintf("INSERT INTO $openid_association (idp_endpoint_uri, session_type, assoc_handle, assoc_type, expires_in, mac_key, created) VALUES('%s', '%s', '%s', '%s', %d, '%s', %d)", - $op_endpoint, $assoc_response['session_type'], $assoc_response['assoc_handle'], $assoc_response['assoc_type'], $assoc_response['expires_in'], $assoc_response['mac_key'], time())); - - $assoc_handle = $assoc_response['assoc_handle']; - } - - return $assoc_handle; + return $assoc_handle; } /** @@ -256,34 +255,33 @@ function openid_association_request($public) { */ function openid_authentication_request($claimed_id, $identity, $return_to = '', $assoc_handle = '', $version = 2) { - $realm = ($return_to) ? $return_to : api_get_self(); - - $ns = ($version == 2) ? OPENID_NS_2_0 : OPENID_NS_1_0; - $request = array( - 'openid.ns' => $ns, - 'openid.mode' => 'checkid_setup', - 'openid.identity' => $identity, - 'openid.claimed_id' => $claimed_id, - 'openid.assoc_handle' => $assoc_handle, - 'openid.return_to' => $return_to, - ); - - if ($version == 2) { - $request['openid.realm'] = $realm; - } - else { - $request['openid.trust_root'] = $realm; - } - - // Simple Registration - we don't ask lastname and firstname because the only - // available similar data is "fullname" and we would have to guess where to split - $request['openid.sreg.required'] = 'nickname,email'; - $request['openid.ns.sreg'] = "http://openid.net/extensions/sreg/1.1"; - - //$request = array_merge($request, module_invoke_all('openid', 'request', $request)); - //$request = array_merge($request); - - return $request; + $realm = ($return_to) ? $return_to : api_get_self(); + + $ns = ($version == 2) ? OPENID_NS_2_0 : OPENID_NS_1_0; + $request = array( + 'openid.ns' => $ns, + 'openid.mode' => 'checkid_setup', + 'openid.identity' => $identity, + 'openid.claimed_id' => $claimed_id, + 'openid.assoc_handle' => $assoc_handle, + 'openid.return_to' => $return_to, + ); + + if ($version == 2) { + $request['openid.realm'] = $realm; + } else { + $request['openid.trust_root'] = $realm; + } + + // Simple Registration - we don't ask lastname and firstname because the only + // available similar data is "fullname" and we would have to guess where to split + $request['openid.sreg.required'] = 'nickname,email'; + $request['openid.ns.sreg'] = "http://openid.net/extensions/sreg/1.1"; + + //$request = array_merge($request, module_invoke_all('openid', 'request', $request)); + //$request = array_merge($request); + + return $request; } /** @@ -296,173 +294,169 @@ function openid_authentication_request($claimed_id, $identity, $return_to = '', */ function openid_verify_assertion($op_endpoint, $response) { - $valid = FALSE; - - //TODO - $openid_association = Database::get_main_table(TABLE_MAIN_OPENID_ASSOCIATION); - $sql = sprintf("SELECT * FROM $openid_association WHERE assoc_handle = '%s'", $response['openid.assoc_handle']); - $res = Database::query($sql); - $association = Database::fetch_object($res); - if ($association && isset($association->session_type)) { - $keys_to_sign = explode(',', $response['openid.signed']); - $self_sig = _openid_signature($association, $response, $keys_to_sign); - if ($self_sig == $response['openid.sig']) { - $valid = TRUE; - } - else { - $valid = FALSE; - } - } - else { - $request = $response; - $request['openid.mode'] = 'check_authentication'; - $message = _openid_create_message($request); - $headers = array('Content-Type' => 'application/x-www-form-urlencoded; charset=utf-8'); - $result = openid_http_request($op_endpoint, $headers, 'POST', _openid_encode_message($message)); - if (!isset($result->error)) { - $response = _openid_parse_message($result->data); - if (strtolower(trim($response['is_valid'])) == 'true') { - $valid = TRUE; - } - else { - $valid = FALSE; - } + $valid = FALSE; + + //TODO + $openid_association = Database::get_main_table(TABLE_MAIN_OPENID_ASSOCIATION); + $sql = sprintf("SELECT * FROM $openid_association WHERE assoc_handle = '%s'", $response['openid.assoc_handle']); + $res = Database::query($sql); + $association = Database::fetch_object($res); + if ($association && isset($association->session_type)) { + $keys_to_sign = explode(',', $response['openid.signed']); + $self_sig = _openid_signature($association, $response, $keys_to_sign); + if ($self_sig == $response['openid.sig']) { + $valid = TRUE; + } else { + $valid = FALSE; + } + } else { + $request = $response; + $request['openid.mode'] = 'check_authentication'; + $message = _openid_create_message($request); + $headers = array('Content-Type' => 'application/x-www-form-urlencoded; charset=utf-8'); + $result = openid_http_request($op_endpoint, $headers, 'POST', _openid_encode_message($message)); + if (!isset($result->error)) { + $response = _openid_parse_message($result->data); + if (strtolower(trim($response['is_valid'])) == 'true') { + $valid = TRUE; + } else { + $valid = FALSE; + } + } } - } - return $valid; + return $valid; } /** * Make a HTTP request - This function has been copied straight over from Drupal 6 code (drupal_http_request) */ function openid_http_request($url, $headers = array(), $method = 'GET', $data = NULL, $retry = 3) { - $result = new stdClass(); - - // Parse the URL and make sure we can handle the schema. - $uri = parse_url($url); - - switch ($uri['scheme']) { - case 'http': - $port = isset($uri['port']) ? $uri['port'] : 80; - $host = $uri['host'] . ($port != 80 ? ':'. $port : ''); - $fp = @fsockopen($uri['host'], $port, $errno, $errstr, 15); - break; - case 'https': - // Note: Only works for PHP 4.3 compiled with OpenSSL. - $port = isset($uri['port']) ? $uri['port'] : 443; - $host = $uri['host'] . ($port != 443 ? ':'. $port : ''); - $fp = @fsockopen('ssl://'. $uri['host'], $port, $errno, $errstr, 20); - break; - default: - $result->error = 'invalid schema '. $uri['scheme']; - return $result; - } - - // Make sure the socket opened properly. - if (!$fp) { - // When a network error occurs, we make sure that it is a negative number so - // it can clash with the HTTP status codes. - $result->code = -$errno; - $result->error = trim($errstr); - return $result; - } - - // Construct the path to act on. - $path = isset($uri['path']) ? $uri['path'] : '/'; - if (isset($uri['query'])) { - $path .= '?'. $uri['query']; - } - - // Create HTTP request. - $defaults = array( - // RFC 2616: "non-standard ports MUST, default ports MAY be included". - // We don't add the port to prevent from breaking rewrite rules checking the - // host that do not take into account the port number. - 'Host' => "Host: $host", - 'User-Agent' => 'User-Agent: Dokeos (+http://dokeos.com/)', - 'Content-Length' => 'Content-Length: '. strlen($data) - ); - - // If the server url has a user then attempt to use basic authentication - if (isset($uri['user'])) { - $defaults['Authorization'] = 'Authorization: Basic '. base64_encode($uri['user'] . (!empty($uri['pass']) ? ":". $uri['pass'] : '')); - } - - foreach ($headers as $header => $value) { - $defaults[$header] = $header .': '. $value; - } - - $request = $method .' '. $path ." HTTP/1.0\r\n"; - $request .= implode("\r\n", $defaults); - $request .= "\r\n\r\n"; - if ($data) { - $request .= $data ."\r\n"; - } - $result->request = $request; - - fwrite($fp, $request); - - // Fetch response. - $response = ''; - while (!feof($fp) && $chunk = fread($fp, 1024)) { - $response .= $chunk; - } - fclose($fp); - - // Parse response. - list($split, $result->data) = explode("\r\n\r\n", $response, 2); - $split = preg_split("/\r\n|\n|\r/", $split); - - list($protocol, $code, $text) = explode(' ', trim(array_shift($split)), 3); - $result->headers = array(); - - // Parse headers. - while ($line = trim(array_shift($split))) { - list($header, $value) = explode(':', $line, 2); - if (isset($result->headers[$header]) && $header == 'Set-Cookie') { - // RFC 2109: the Set-Cookie response header comprises the token Set- - // Cookie:, followed by a comma-separated list of one or more cookies. - $result->headers[$header] .= ','. trim($value); + $result = new stdClass(); + + // Parse the URL and make sure we can handle the schema. + $uri = parse_url($url); + + switch ($uri['scheme']) { + case 'http': + $port = isset($uri['port']) ? $uri['port'] : 80; + $host = $uri['host'] . ($port != 80 ? ':' . $port : ''); + $fp = @fsockopen($uri['host'], $port, $errno, $errstr, 15); + break; + case 'https': + // Note: Only works for PHP 4.3 compiled with OpenSSL. + $port = isset($uri['port']) ? $uri['port'] : 443; + $host = $uri['host'] . ($port != 443 ? ':' . $port : ''); + $fp = @fsockopen('ssl://' . $uri['host'], $port, $errno, $errstr, 20); + break; + default: + $result->error = 'invalid schema ' . $uri['scheme']; + return $result; + } + + // Make sure the socket opened properly. + if (!$fp) { + // When a network error occurs, we make sure that it is a negative number so + // it can clash with the HTTP status codes. + $result->code = -$errno; + $result->error = trim($errstr); + return $result; } - else { - $result->headers[$header] = trim($value); + + // Construct the path to act on. + $path = isset($uri['path']) ? $uri['path'] : '/'; + if (isset($uri['query'])) { + $path .= '?' . $uri['query']; + } + + // Create HTTP request. + $defaults = array( + // RFC 2616: "non-standard ports MUST, default ports MAY be included". + // We don't add the port to prevent from breaking rewrite rules checking the + // host that do not take into account the port number. + 'Host' => "Host: $host", + 'User-Agent' => 'User-Agent: Dokeos (+http://dokeos.com/)', + 'Content-Length' => 'Content-Length: ' . strlen($data) + ); + + // If the server url has a user then attempt to use basic authentication + if (isset($uri['user'])) { + $defaults['Authorization'] = 'Authorization: Basic ' . base64_encode($uri['user'] . (!empty($uri['pass']) ? ":" . $uri['pass'] : '')); + } + + foreach ($headers as $header => $value) { + $defaults[$header] = $header . ': ' . $value; } - } - - $responses = array( - 100 => 'Continue', 101 => 'Switching Protocols', - 200 => 'OK', 201 => 'Created', 202 => 'Accepted', 203 => 'Non-Authoritative Information', 204 => 'No Content', 205 => 'Reset Content', 206 => 'Partial Content', - 300 => 'Multiple Choices', 301 => 'Moved Permanently', 302 => 'Found', 303 => 'See Other', 304 => 'Not Modified', 305 => 'Use Proxy', 307 => 'Temporary Redirect', - 400 => 'Bad Request', 401 => 'Unauthorized', 402 => 'Payment Required', 403 => 'Forbidden', 404 => 'Not Found', 405 => 'Method Not Allowed', 406 => 'Not Acceptable', 407 => 'Proxy Authentication Required', 408 => 'Request Time-out', 409 => 'Conflict', 410 => 'Gone', 411 => 'Length Required', 412 => 'Precondition Failed', 413 => 'Request Entity Too Large', 414 => 'Request-URI Too Large', 415 => 'Unsupported Media Type', 416 => 'Requested range not satisfiable', 417 => 'Expectation Failed', - 500 => 'Internal Server Error', 501 => 'Not Implemented', 502 => 'Bad Gateway', 503 => 'Service Unavailable', 504 => 'Gateway Time-out', 505 => 'HTTP Version not supported' - ); - // RFC 2616 states that all unknown HTTP codes must be treated the same as the - // base code in their class. - if (!isset($responses[$code])) { - $code = floor($code / 100) * 100; - } - - switch ($code) { - case 200: // OK - case 304: // Not modified - break; - case 301: // Moved permanently - case 302: // Moved temporarily - case 307: // Moved temporarily - $location = $result->headers['Location']; - - if ($retry) { - $result = openid_http_request($result->headers['Location'], $headers, $method, $data, --$retry); - $result->redirect_code = $result->code; - } - $result->redirect_url = $location; - - break; - default: - $result->error = $text; - } - - $result->code = $code; - return $result; + + $request = $method . ' ' . $path . " HTTP/1.0\r\n"; + $request .= implode("\r\n", $defaults); + $request .= "\r\n\r\n"; + if ($data) { + $request .= $data . "\r\n"; + } + $result->request = $request; + + fwrite($fp, $request); + + // Fetch response. + $response = ''; + while (!feof($fp) && $chunk = fread($fp, 1024)) { + $response .= $chunk; + } + fclose($fp); + + // Parse response. + list($split, $result->data) = explode("\r\n\r\n", $response, 2); + $split = preg_split("/\r\n|\n|\r/", $split); + + list($protocol, $code, $text) = explode(' ', trim(array_shift($split)), 3); + $result->headers = array(); + + // Parse headers. + while ($line = trim(array_shift($split))) { + list($header, $value) = explode(':', $line, 2); + if (isset($result->headers[$header]) && $header == 'Set-Cookie') { + // RFC 2109: the Set-Cookie response header comprises the token Set- + // Cookie:, followed by a comma-separated list of one or more cookies. + $result->headers[$header] .= ',' . trim($value); + } else { + $result->headers[$header] = trim($value); + } + } + + $responses = array( + 100 => 'Continue', 101 => 'Switching Protocols', + 200 => 'OK', 201 => 'Created', 202 => 'Accepted', 203 => 'Non-Authoritative Information', 204 => 'No Content', 205 => 'Reset Content', 206 => 'Partial Content', + 300 => 'Multiple Choices', 301 => 'Moved Permanently', 302 => 'Found', 303 => 'See Other', 304 => 'Not Modified', 305 => 'Use Proxy', 307 => 'Temporary Redirect', + 400 => 'Bad Request', 401 => 'Unauthorized', 402 => 'Payment Required', 403 => 'Forbidden', 404 => 'Not Found', 405 => 'Method Not Allowed', 406 => 'Not Acceptable', 407 => 'Proxy Authentication Required', 408 => 'Request Time-out', 409 => 'Conflict', 410 => 'Gone', 411 => 'Length Required', 412 => 'Precondition Failed', 413 => 'Request Entity Too Large', 414 => 'Request-URI Too Large', 415 => 'Unsupported Media Type', 416 => 'Requested range not satisfiable', 417 => 'Expectation Failed', + 500 => 'Internal Server Error', 501 => 'Not Implemented', 502 => 'Bad Gateway', 503 => 'Service Unavailable', 504 => 'Gateway Time-out', 505 => 'HTTP Version not supported' + ); + // RFC 2616 states that all unknown HTTP codes must be treated the same as the + // base code in their class. + if (!isset($responses[$code])) { + $code = floor($code / 100) * 100; + } + + switch ($code) { + case 200: // OK + case 304: // Not modified + break; + case 301: // Moved permanently + case 302: // Moved temporarily + case 307: // Moved temporarily + $location = $result->headers['Location']; + + if ($retry) { + $result = openid_http_request($result->headers['Location'], $headers, $method, $data, --$retry); + $result->redirect_code = $result->code; + } + $result->redirect_url = $location; + + break; + default: + $result->error = $text; + } + + $result->code = $code; + return $result; } diff --git a/main/auth/openid/openid.lib.php b/main/auth/openid/openid.lib.php old mode 100755 new mode 100644 index 34e2b6633e..66f5c6e293 --- a/main/auth/openid/openid.lib.php +++ b/main/auth/openid/openid.lib.php @@ -1,4 +1,5 @@ $val) { - $query[] = $key .'='. urlencode($val); - } - $sep = (strpos($url, '?') === FALSE) ? '?' : '&'; - header('Location: '. $url . $sep . implode('&', $query), TRUE, 302); - //exit; + $query = array(); + foreach ($message as $key => $val) { + $query[] = $key . '=' . urlencode($val); + } + $sep = (strpos($url, '?') === FALSE) ? '?' : '&'; + header('Location: ' . $url . $sep . implode('&', $query), TRUE, 302); + //exit; } /** * Creates a js auto-submit redirect for (for the 2.x protocol) * This function should be deprecated for 1.8.6.2 needs documentation */ -function openid_redirect($url, $message) { - $output = ''.get_lang('OpenIDRedirect'). "\n"; - //$output .= drupal_get_form('openid_redirect_form', $url, $message); - $output .= '
'; - foreach($message as $key => $value) - { - $output .=''; - } - //$output .= '
'; - $output .= ''; - $output .= ''; - $output .= ''; - $output .= "\n"; - //print $output; - return $output; - exit; +function openid_redirect($url, $message) { + $output = '' . get_lang('OpenIDRedirect') . "\n"; + $output .= '
'; + foreach ($message as $key => $value) { + $output .=''; + } + $output .= ''; + $output .= '
'; + $output .= ''; + $output .= ""; + return $output; } - /** * Determine if the given identifier is an XRI ID. */ function _openid_is_xri($identifier) { - $firstchar = substr($identifier, 0, 1); - if ($firstchar == "@" || $firstchar == "=") - return TRUE; + $firstchar = substr($identifier, 0, 1); + if ($firstchar == "@" || $firstchar == "=") + return TRUE; - if (stristr($identifier, 'xri://') !== FALSE) { - return TRUE; - } + if (stristr($identifier, 'xri://') !== FALSE) { + return TRUE; + } - return FALSE; + return FALSE; } /** * Normalize the given identifier as per spec. */ function _openid_normalize($identifier) { - if (_openid_is_xri($identifier)) { - return _openid_normalize_xri($identifier); - } - else { - return _openid_normalize_url($identifier); - } + if (_openid_is_xri($identifier)) { + return _openid_normalize_xri($identifier); + } else { + return _openid_normalize_url($identifier); + } } function _openid_normalize_xri($xri) { - $normalized_xri = $xri; - if (stristr($xri, 'xri://') !== FALSE) { - $normalized_xri = substr($xri, 6); - } - return $normalized_xri; + $normalized_xri = $xri; + if (stristr($xri, 'xri://') !== FALSE) { + $normalized_xri = substr($xri, 6); + } + return $normalized_xri; } function _openid_normalize_url($url) { - $normalized_url = $url; + $normalized_url = $url; - if (stristr($url, '://') === FALSE) { - $normalized_url = 'http://'. $url; - } + if (stristr($url, '://') === FALSE) { + $normalized_url = 'http://' . $url; + } - if (substr_count($normalized_url, '/') < 3) { - $normalized_url .= '/'; - } + if (substr_count($normalized_url, '/') < 3) { + $normalized_url .= '/'; + } - return $normalized_url; + return $normalized_url; } /** * Create a serialized message packet as per spec: $key:$value\n . */ function _openid_create_message($data) { - $serialized = ''; + $serialized = ''; - foreach ($data as $key => $value) { - if ((strpos($key, ':') !== FALSE) || (strpos($key, "\n") !== FALSE) || (strpos($value, "\n") !== FALSE)) { - return null; + foreach ($data as $key => $value) { + if ((strpos($key, ':') !== FALSE) || (strpos($key, "\n") !== FALSE) || (strpos($value, "\n") !== FALSE)) { + return null; + } + $serialized .= "$key:$value\n"; } - $serialized .= "$key:$value\n"; - } - return $serialized; + return $serialized; } /** * Encode a message from _openid_create_message for HTTP Post */ function _openid_encode_message($message) { - $encoded_message = ''; - - $items = explode("\n", $message); - foreach ($items as $item) { - $parts = explode(':', $item, 2); - - if (count($parts) == 2) { - if ($encoded_message != '') { - $encoded_message .= '&'; - } - $encoded_message .= rawurlencode(trim($parts[0])) .'='. rawurlencode(trim($parts[1])); + $encoded_message = ''; + + $items = explode("\n", $message); + foreach ($items as $item) { + $parts = explode(':', $item, 2); + + if (count($parts) == 2) { + if ($encoded_message != '') { + $encoded_message .= '&'; + } + $encoded_message .= rawurlencode(trim($parts[0])) . '=' . rawurlencode(trim($parts[1])); + } } - } - return $encoded_message; + return $encoded_message; } /** @@ -151,55 +145,55 @@ function _openid_encode_message($message) { * into an associative array. */ function _openid_parse_message($message) { - $parsed_message = array(); + $parsed_message = array(); - $items = explode("\n", $message); - foreach ($items as $item) { - $parts = explode(':', $item, 2); + $items = explode("\n", $message); + foreach ($items as $item) { + $parts = explode(':', $item, 2); - if (count($parts) == 2) { - $parsed_message[$parts[0]] = $parts[1]; + if (count($parts) == 2) { + $parsed_message[$parts[0]] = $parts[1]; + } } - } - return $parsed_message; + return $parsed_message; } /** * Return a nonce value - formatted per OpenID spec. */ function _openid_nonce() { - // YYYY-MM-DDThh:mm:ssTZD UTC, plus some optional extra unique chars - return gmstrftime('%Y-%m-%dT%H:%M:%S%Z') . - chr(mt_rand(0, 25) + 65) . - chr(mt_rand(0, 25) + 65) . - chr(mt_rand(0, 25) + 65) . - chr(mt_rand(0, 25) + 65); + // YYYY-MM-DDThh:mm:ssTZD UTC, plus some optional extra unique chars + return gmstrftime('%Y-%m-%dT%H:%M:%S%Z') . + chr(mt_rand(0, 25) + 65) . + chr(mt_rand(0, 25) + 65) . + chr(mt_rand(0, 25) + 65) . + chr(mt_rand(0, 25) + 65); } /** * Pull the href attribute out of an html link element. */ function _openid_link_href($rel, $html) { - $rel = preg_quote($rel); - preg_match('||iU', $html, $matches); - if (isset($matches[3])) { - preg_match('|href=["\']([^"]+)["\']|iU', $matches[0], $href); - return trim($href[1]); - } - return FALSE; + $rel = preg_quote($rel); + preg_match('||iU', $html, $matches); + if (isset($matches[3])) { + preg_match('|href=["\']([^"]+)["\']|iU', $matches[0], $href); + return trim($href[1]); + } + return FALSE; } /** * Pull the http-equiv attribute out of an html meta element */ function _openid_meta_httpequiv($equiv, $html) { - preg_match('||iU', $html, $matches); - if (isset($matches[1])) { - preg_match('|content=["\']([^"]+)["\']|iU', $matches[1], $content); - return $content[1]; - } - return FALSE; + preg_match('||iU', $html, $matches); + if (isset($matches[1])) { + preg_match('|content=["\']([^"]+)["\']|iU', $matches[1], $content); + return $content[1]; + } + return FALSE; } /** @@ -211,201 +205,200 @@ function _openid_meta_httpequiv($equiv, $html) { * 'openid.' appended) */ function _openid_signature($association, $message_array, $keys_to_sign) { - $signature = ''; - $sign_data = array(); + $signature = ''; + $sign_data = array(); - foreach ($keys_to_sign as $key) { - if (isset($message_array['openid.'. $key])) { - $sign_data[$key] = $message_array['openid.'. $key]; + foreach ($keys_to_sign as $key) { + if (isset($message_array['openid.' . $key])) { + $sign_data[$key] = $message_array['openid.' . $key]; + } } - } - $message = _openid_create_message($sign_data); - $secret = base64_decode($association->mac_key); - $signature = _openid_hmac($secret, $message); + $message = _openid_create_message($sign_data); + $secret = base64_decode($association->mac_key); + $signature = _openid_hmac($secret, $message); - return base64_encode($signature); + return base64_encode($signature); } function _openid_hmac($key, $text) { - if (strlen($key) > OPENID_SHA1_BLOCKSIZE) { - $key = _openid_sha1($key, true); - } + if (strlen($key) > OPENID_SHA1_BLOCKSIZE) { + $key = _openid_sha1($key, true); + } - $key = str_pad($key, OPENID_SHA1_BLOCKSIZE, chr(0x00)); - $ipad = str_repeat(chr(0x36), OPENID_SHA1_BLOCKSIZE); - $opad = str_repeat(chr(0x5c), OPENID_SHA1_BLOCKSIZE); - $hash1 = _openid_sha1(($key ^ $ipad) . $text, true); - $hmac = _openid_sha1(($key ^ $opad) . $hash1, true); + $key = str_pad($key, OPENID_SHA1_BLOCKSIZE, chr(0x00)); + $ipad = str_repeat(chr(0x36), OPENID_SHA1_BLOCKSIZE); + $opad = str_repeat(chr(0x5c), OPENID_SHA1_BLOCKSIZE); + $hash1 = _openid_sha1(($key ^ $ipad) . $text, true); + $hmac = _openid_sha1(($key ^ $opad) . $hash1, true); - return $hmac; + return $hmac; } function _openid_sha1($text) { - $hex = sha1($text); - $raw = ''; - for ($i = 0; $i < 40; $i += 2) { - $hexcode = substr($hex, $i, 2); - $charcode = (int)base_convert($hexcode, 16, 10); - $raw .= chr($charcode); - } - return $raw; + $hex = sha1($text); + $raw = ''; + for ($i = 0; $i < 40; $i += 2) { + $hexcode = substr($hex, $i, 2); + $charcode = (int) base_convert($hexcode, 16, 10); + $raw .= chr($charcode); + } + return $raw; } function _openid_dh_base64_to_long($str) { - $b64 = base64_decode($str); + $b64 = base64_decode($str); - return _openid_dh_binary_to_long($b64); + return _openid_dh_binary_to_long($b64); } function _openid_dh_long_to_base64($str) { - return base64_encode(_openid_dh_long_to_binary($str)); + return base64_encode(_openid_dh_long_to_binary($str)); } function _openid_dh_binary_to_long($str) { - $bytes = array_merge(unpack('C*', $str)); + $bytes = array_merge(unpack('C*', $str)); - $n = 0; - foreach ($bytes as $byte) { - $n = bcmul($n, pow(2, 8)); - $n = bcadd($n, $byte); - } + $n = 0; + foreach ($bytes as $byte) { + $n = bcmul($n, pow(2, 8)); + $n = bcadd($n, $byte); + } - return $n; + return $n; } function _openid_dh_long_to_binary($long) { - $cmp = bccomp($long, 0); - if ($cmp < 0) { - return FALSE; - } + $cmp = bccomp($long, 0); + if ($cmp < 0) { + return FALSE; + } - if ($cmp == 0) { - return "\x00"; - } + if ($cmp == 0) { + return "\x00"; + } - $bytes = array(); + $bytes = array(); - while (bccomp($long, 0) > 0) { - array_unshift($bytes, bcmod($long, 256)); - $long = bcdiv($long, pow(2, 8)); - } + while (bccomp($long, 0) > 0) { + array_unshift($bytes, bcmod($long, 256)); + $long = bcdiv($long, pow(2, 8)); + } - if ($bytes && ($bytes[0] > 127)) { - array_unshift($bytes, 0); - } + if ($bytes && ($bytes[0] > 127)) { + array_unshift($bytes, 0); + } - $string = ''; - foreach ($bytes as $byte) { - $string .= pack('C', $byte); - } + $string = ''; + foreach ($bytes as $byte) { + $string .= pack('C', $byte); + } - return $string; + return $string; } function _openid_dh_xorsecret($shared, $secret) { - $dh_shared_str = _openid_dh_long_to_binary($shared); - $sha1_dh_shared = _openid_sha1($dh_shared_str); - $xsecret = ""; - for ($i = 0; $i < strlen($secret); $i++) { - $xsecret .= chr(ord($secret[$i]) ^ ord($sha1_dh_shared[$i])); - } - - return $xsecret; + $dh_shared_str = _openid_dh_long_to_binary($shared); + $sha1_dh_shared = _openid_sha1($dh_shared_str); + $xsecret = ""; + for ($i = 0; $i < strlen($secret); $i++) { + $xsecret .= chr(ord($secret[$i]) ^ ord($sha1_dh_shared[$i])); + } + + return $xsecret; } function _openid_dh_rand($stop) { - static $duplicate_cache = array(); + static $duplicate_cache = array(); - // Used as the key for the duplicate cache - $rbytes = _openid_dh_long_to_binary($stop); + // Used as the key for the duplicate cache + $rbytes = _openid_dh_long_to_binary($stop); - if (array_key_exists($rbytes, $duplicate_cache)) { - list($duplicate, $nbytes) = $duplicate_cache[$rbytes]; - } - else { - if ($rbytes[0] == "\x00") { - $nbytes = strlen($rbytes) - 1; - } - else { - $nbytes = strlen($rbytes); - } + if (array_key_exists($rbytes, $duplicate_cache)) { + list($duplicate, $nbytes) = $duplicate_cache[$rbytes]; + } else { + if ($rbytes[0] == "\x00") { + $nbytes = strlen($rbytes) - 1; + } else { + $nbytes = strlen($rbytes); + } - $mxrand = bcpow(256, $nbytes); + $mxrand = bcpow(256, $nbytes); - // If we get a number less than this, then it is in the - // duplicated range. - $duplicate = bcmod($mxrand, $stop); + // If we get a number less than this, then it is in the + // duplicated range. + $duplicate = bcmod($mxrand, $stop); - if (count($duplicate_cache) > 10) { - $duplicate_cache = array(); - } + if (count($duplicate_cache) > 10) { + $duplicate_cache = array(); + } - $duplicate_cache[$rbytes] = array($duplicate, $nbytes); - } + $duplicate_cache[$rbytes] = array($duplicate, $nbytes); + } - do { - $bytes = "\x00" . _openid_get_bytes($nbytes); - $n = _openid_dh_binary_to_long($bytes); - // Keep looping if this value is in the low duplicated range. - } while (bccomp($n, $duplicate) < 0); + do { + $bytes = "\x00" . _openid_get_bytes($nbytes); + $n = _openid_dh_binary_to_long($bytes); + // Keep looping if this value is in the low duplicated range. + } while (bccomp($n, $duplicate) < 0); - return bcmod($n, $stop); + return bcmod($n, $stop); } function _openid_get_bytes($num_bytes) { - static $f = null; - $bytes = ''; - if (!isset($f)) { - $f = @fopen(OPENID_RAND_SOURCE, "r"); - } - if (!$f) { - // pseudorandom used + static $f = null; $bytes = ''; - for ($i = 0; $i < $num_bytes; $i += 4) { - $bytes .= pack('L', mt_rand()); + if (!isset($f)) { + $f = @fopen(OPENID_RAND_SOURCE, "r"); + } + if (!$f) { + // pseudorandom used + $bytes = ''; + for ($i = 0; $i < $num_bytes; $i += 4) { + $bytes .= pack('L', mt_rand()); + } + $bytes = substr($bytes, 0, $num_bytes); + } else { + $bytes = fread($f, $num_bytes); } - $bytes = substr($bytes, 0, $num_bytes); - } - else { - $bytes = fread($f, $num_bytes); - } - return $bytes; + return $bytes; } /** * Fix PHP's habit of replacing '.' by '_' in posted data. */ function _openid_fix_post(&$post) { - //$extensions = module_invoke_all('openid', 'extension'); - foreach ($post as $key => $value) { - if (strpos($key, 'openid_') === 0) { - $fixed_key = str_replace('openid_', 'openid.', $key); - $fixed_key = str_replace('openid.ns_', 'openid.ns.', $fixed_key); - $fixed_key = str_replace('openid.sreg_', 'openid.sreg.', $fixed_key); - //foreach ($extensions as $ext) { - // $fixed_key = str_replace('openid.'.$ext.'_', 'openid.'.$ext.'.', $fixed_key); - //} - unset($post[$key]); - $post[$fixed_key] = $value; + //$extensions = module_invoke_all('openid', 'extension'); + foreach ($post as $key => $value) { + if (strpos($key, 'openid_') === 0) { + $fixed_key = str_replace('openid_', 'openid.', $key); + $fixed_key = str_replace('openid.ns_', 'openid.ns.', $fixed_key); + $fixed_key = str_replace('openid.sreg_', 'openid.sreg.', $fixed_key); + //foreach ($extensions as $ext) { + // $fixed_key = str_replace('openid.'.$ext.'_', 'openid.'.$ext.'.', $fixed_key); + //} + unset($post[$key]); + $post[$fixed_key] = $value; + } } - } } /** * Provide bcpowmod support for PHP4. */ if (!function_exists('bcpowmod')) { - function bcpowmod($base, $exp, $mod) { - $square = bcmod($base, $mod); - $result = 1; - while (bccomp($exp, 0) > 0) { - if (bcmod($exp, 2)) { - $result = bcmod(bcmul($result, $square), $mod); - } - $square = bcmod(bcmul($square, $square), $mod); - $exp = bcdiv($exp, 2); + + function bcpowmod($base, $exp, $mod) { + $square = bcmod($base, $mod); + $result = 1; + while (bccomp($exp, 0) > 0) { + if (bcmod($exp, 2)) { + $result = bcmod(bcmul($result, $square), $mod); + } + $square = bcmod(bcmul($square, $square), $mod); + $exp = bcdiv($exp, 2); + } + return $result; } - return $result; - } + } diff --git a/main/auth/openid/whatis.php b/main/auth/openid/whatis.php old mode 100755 new mode 100644 index 70c2e3a826..6c275689a2 --- a/main/auth/openid/whatis.php +++ b/main/auth/openid/whatis.php @@ -7,21 +7,8 @@ /** * Code */ -require('../../inc/global.inc.php'); +require_once '../../inc/global.inc.php'; Display::display_header('OpenID', NULL); -?> -

- -
- -

-

-Return to the previous page -

- +echo Display::page_header(get_lang('OpenIDWhatIs')); +echo get_lang('OpenIDDescription'); +Display::display_footer(); \ No newline at end of file diff --git a/main/css/base.css b/main/css/base.css index e435a61fec..4e87a50f68 100644 --- a/main/css/base.css +++ b/main/css/base.css @@ -3161,6 +3161,10 @@ form .formw .freeze { text-align: left; } +.form_login { + padding: 3px 15px; +} + #formLogin label { color:#666666; } @@ -3262,7 +3266,7 @@ div#no-data-view div.controls { -/* styles for the star rater */ +/* styles for the star rater */ .star-rating{ list-style:none; margin: 0px; @@ -4666,5 +4670,4 @@ i.size-32.icon-new-work{ #filepaths input{ margin-bottom:5px; -} - +} \ No newline at end of file diff --git a/main/inc/lib/database.lib.php b/main/inc/lib/database.lib.php index ddb4d9f367..5343ba5e4b 100644 --- a/main/inc/lib/database.lib.php +++ b/main/inc/lib/database.lib.php @@ -686,7 +686,8 @@ class Database { if (strpos($query, 'c_')) { //Check if the table contains inner joins if ( - + + strpos($query, 'assoc_handle') === false && strpos($query, 'olpc_peru_filter') === false && strpos($query, 'allow_public_certificates') === false && strpos($query, 'DROP TABLE IF EXISTS') === false && diff --git a/main/inc/local.inc.php b/main/inc/local.inc.php index 6578bc3687..7436b923ad 100644 --- a/main/inc/local.inc.php +++ b/main/inc/local.inc.php @@ -469,13 +469,13 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) { }//end logout ... else ... login } elseif (api_get_setting('openid_authentication')=='true') { if (!empty($_POST['openid_url'])) { - include 'main/auth/openid/login.php'; - openid_begin(trim($_POST['openid_url']),api_get_path(WEB_PATH).'index.php'); + include api_get_path(SYS_CODE_PATH).'auth/openid/login.php'; + openid_begin(trim($_POST['openid_url']), api_get_path(WEB_PATH).'index.php'); //this last function should trigger a redirect, so we can die here safely die('Openid login redirection should be in progress'); } elseif (!empty($_GET['openid_identity'])) { //it's usual for PHP to replace '.' (dot) by '_' (underscore) in URL parameters - include('main/auth/openid/login.php'); + include(api_get_path(SYS_CODE_PATH).'auth/openid/login.php'); $res = openid_complete($_GET); if ($res['status'] == 'success') { $id1 = Database::escape_string($res['openid.identity']);