[svn r13894] Activate OpenID support - now functional (but only allowing one OpenID per user)

17 years ago · e99610cf91
parent 72e6d40036
commit e99610cf91
7 changed files with 157 additions and 8 deletions
--- a/index.php
+++ b/index.php
@ -20,7 +20,7 @@
 /**
 *	@package dokeos.main
 * 	@author Patrick Cool <patrick.cool@UGent.be>, Ghent University, Refactoring
-* 	@version $Id: index.php 13757 2007-11-24 01:01:22Z yannoo $
+* 	@version $Id: index.php 13894 2007-12-03 21:43:34Z yannoo $
 *   @todo check the different @todos in this page and really do them
 * 	@todo check if the news management works as expected
 */
@ -512,6 +512,11 @@ function display_login_form()
 	$renderer =& $form->defaultRenderer();
 	$renderer->setElementTemplate('<div><label>{label}</label></div><div>{element}</div>');
 	$form->display();
+	if(api_get_setting('openid_authentication')=='true')
+	{
+		include_once('main/auth/openid/login.php');
+		echo '<div>'.openid_form().'</div>';
+	}
 }
 /**
 * Displays a link to the lost password section
--- a/main/auth/inscription.php
+++ b/main/auth/inscription.php
@ -1,5 +1,5 @@
 <?php
-// $Id: inscription.php 13893 2007-12-03 21:14:24Z yannoo $
+// $Id: inscription.php 13894 2007-12-03 21:43:34Z yannoo $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@ -51,6 +51,11 @@ if (get_setting('allow_registration')=='approval')
 {
 	Display::display_normal_message(get_lang('YourAccountHasToBeApproved'));
 }
+//if openid was not found
+if (!empty($_GET['openid_msg']) && $_GET['openid_msg'] == 'idnotfound')
+{
+	Display::display_warning_message(get_lang('OpenIDCouldNotBeFoundPleaseRegister'));	
+}

 $fck_attribute['Height'] = "150";
 $fck_attribute['Width'] = "450";
@ -67,6 +72,10 @@ $form->addElement('text', 'email', get_lang('Email'), array('size' => 40));
 if (api_get_setting('registration', 'email') == 'true')
 	$form->addRule('email', get_lang('ThisFieldIsRequired'), 'required');
 $form->addRule('email', get_lang('EmailWrong'), 'email');
+if (api_get_setting('openid_authentication')=='true')
+{
+	$form->addElement('text', 'openid', get_lang('OpenIDURL'), array('size' => 40));	
+}
 //	OFFICIAL CODE
 if (CONFVAL_ASK_FOR_OFFICIAL_CODE)
 {
@ -153,6 +162,10 @@ if(!empty($_GET['email']))
 {
 	$defaults['email'] = $_GET['email'];
 }
+if (api_get_setting('openid_authentication')=='true' && !empty($_GET['openid']))
+{
+	$defaults['openid'] = $_GET['openid'];	
+}
 $defaults['status'] = STUDENT;
 $form->setDefaults($defaults);

--- a/main/auth/profile.php
+++ b/main/auth/profile.php
@ -1,5 +1,5 @@
 <?php
-// $Id: profile.php 13486 2007-10-16 07:39:22Z pcool $
+// $Id: profile.php 13894 2007-12-03 21:43:34Z yannoo $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@ -152,6 +152,16 @@ if (api_get_setting('registration', 'email') == 'true')
 	$form->addRule('email', get_lang('ThisFieldIsRequired'), 'required');
 $form->addRule('email', get_lang('EmailWrong'), 'email');

+// OPENID URL
+if(api_get_setting('openid_authentication')=='true')
+{
+	$form->addElement('text', 'openid', get_lang('OpenIDURL'), array('size' => 40));
+	if (api_get_setting('profile', 'openid') !== 'true')
+		$form->freeze('openid');
+	$form->applyFilter('openid', 'trim');
+	//if (api_get_setting('registration', 'openid') == 'true')
+	//	$form->addRule('openid', get_lang('ThisFieldIsRequired'), 'required');
+}

 //	PHONE
 $form->addElement('text', 'phone', get_lang('phone'), array('size' => 20));
@ -478,6 +488,7 @@ elseif ($form->validate())
 	if ($_FILES['production']['size'])
 		upload_user_production($_user['user_id']);

+	
 	// remove values that shouldn't go in the database
 	unset($user_data['password1'], $user_data['password2'], $user_data['MAX_FILE_SIZE'],
 		$user_data['remove_picture'], $user_data['apply_change']);
--- a/main/inc/lib/database.lib.php
+++ b/main/inc/lib/database.lib.php
@ -65,6 +65,7 @@ define('TABLE_MAIN_SHARED_SURVEY', 'shared_survey');
 define('TABLE_MAIN_SHARED_SURVEY_QUESTION', 'shared_survey_question');
 define('TABLE_MAIN_SHARED_SURVEY_QUESTION_OPTION', 'shared_survey_question_option');
 define('TABLE_MAIN_TEMPLATES', 'templates');
+define('TABLE_MAIN_OPENID_ASSOCIATION','openid_association');

 //statistic database tables
 define('TABLE_STATISTIC_TRACK_E_LASTACCESS', 'track_e_lastaccess');
--- a/main/inc/local.inc.php
+++ b/main/inc/local.inc.php
@ -347,6 +347,94 @@ else

        } //end else login failed
    }
+    elseif(api_get_setting('openid_authentication')=='true')
+    {
+		if(!empty($_POST['openid_url']))
+		{
+	    	include('main/auth/openid/login.php');
+	    	openid_begin(trim($_POST['openid_url']),api_get_path(WEB_PATH).'index.php');
+	    	//this last function should trigger a redirect, so we can die here safely
+	    	die('Openid login redirection should be in progress');
+		}
+		elseif(!empty($_GET['openid_identity']))
+    	{	//it's usual for PHP to replace '.' (dot) by '_' (underscore) in URL parameters
+	    	include('main/auth/openid/login.php');
+	    	$res = openid_complete($_GET);
+	    	if($res['status'] == 'success')
+	    	{
+		        //lookup the user in the main database
+				$user_table = Database::get_main_table(TABLE_MAIN_USER);
+		        $sql = "SELECT user_id, username, password, auth_source, active, expiration_date
+		                FROM $user_table
+		                WHERE openid = '".Database::escape_string($res['openid.identity'])."'";
+		        $result = api_sql_query($sql);
+		        if($result !== false)
+		        {
+		        	if(Database::num_rows($result)>0)
+		        	{
+		        		//$row = Database::fetch_array($res);
+			            $uData = Database::fetch_array($result);
+			
+			            if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE)
+			            {
+			                //the authentification of this user is managed by Dokeos itself
+			
+		                	// check if the account is active (not locked)
+		                	if ($uData['active']=='1')
+		                	{
+		                		// check if the expiration date has not been reached
+		                		if ($uData['expiration_date']>date('Y-m-d H:i:s') OR $uData['expiration_date']=='0000-00-00 00:00:00')
+		                		{
+		                			
+									$_user['user_id'] = $uData['user_id'];
+									api_session_register('_user');
+									if(!function_exists('event_login')){
+										include(api_get_path(LIBRARY_PATH)."events.lib.inc.php");
+										event_login();
+									}
+		                		}
+		                		else
+		                		{
+									$loginFailed = true;
+									api_session_unregister('_uid');
+									header('Location: index.php?loginFailed=1&error=account_expired');
+									exit;
+		                		}
+		                	}
+		                	else
+		                	{
+								$loginFailed = true;
+								api_session_unregister('_uid');
+								header('Location: index.php?loginFailed=1&error=account_inactive');
+								exit;
+		                	}
+			
+			                if (isset($uData['creator_id']) && $_user['user_id'] != $uData['creator_id'])
+			                {
+			                    //first login for a not self registred
+			                    //e.g. registered by a teacher
+			                    //do nothing (code may be added later)
+			                }
+			            }
+		        	}
+		        	else
+		        	{
+		        		//Redirect to the subscription form
+		        		header('Location: '.api_get_path(WEB_CODE_PATH).'auth/inscription.php?username='.$res['openid.sreg.nickname'].'&email='.$res['openid.sreg.email'].'&openid='.$res['openid.identity'].'&openid_msg=idnotfound');
+		        		//$loginFailed = true;
+		        	}
+		        }
+		        else
+		        {
+		        	$loginFailed = true;
+		        }
+	    	}
+	    	else
+    		{
+    			$loginFailed = true;
+    		}
+    	}
+    }

    //    else {} => continue as anonymous user
    $uidReset = true;
--- a/main/install/dokeos_main.sql
+++ b/main/install/dokeos_main.sql
@ -521,7 +521,9 @@ INSERT INTO settings_current VALUES
 (113,'noreply_email_address', '', 'textfield', 'Platform', '', 
 'NoReplyEmailAddress', 'NoReplyEmailAddressComment', NULL, NULL),
 (114,'survey_email_sender_noreply', '', 'radio', 'Course', 'coach', 
-'SurveyEmailSenderNoReply', 'SurveyEmailSenderNoReplyComment', NULL, NULL);
+'SurveyEmailSenderNoReply', 'SurveyEmailSenderNoReplyComment', NULL, NULL),
+(115,'openid_authentication',NULL,'radio','Security','false','OpenIdAuthentication','OpenIdAuthenticationComment',NULL,NULL),
+(116,'profile','openid','checkbox','User','false','ProfileChangesTitle','ProfileChangesComment',NULL,'OpenIDURL');


 UNLOCK TABLES;
@ -642,7 +644,9 @@ INSERT INTO settings_options VALUES
 (105, 'default_forum_view', 'threaded', 'Threaded'),
 (106, 'default_forum_view', 'nested', 'Nested'),
 (107, 'survey_email_sender_noreply', 'coach', 'CourseCoachEmailSender'),
-(108, 'survey_email_sender_noreply', 'noreply', 'NoReplyEmailSender');
+(108, 'survey_email_sender_noreply', 'noreply', 'NoReplyEmailSender'),
+(109, 'openid_authentication','true','Yes'),
+(110, 'openid_authentication','false','No');


 UNLOCK TABLES;
@ -711,6 +715,7 @@ CREATE TABLE user (
  registration_date datetime NOT NULL default '0000-00-00 00:00:00',
  expiration_date datetime NOT NULL default '0000-00-00 00:00:00',
  active tinyint unsigned NOT NULL default 1,
+  openid varchar(255) DEFAULT NULL,
  PRIMARY KEY  (user_id),
  UNIQUE KEY username (username)
 );
@ -791,11 +796,31 @@ CREATE TABLE shared_survey_question_option (
 -- 

 CREATE TABLE templates (
-  id int(11) NOT NULL auto_increment,
+  id int NOT NULL auto_increment,
  title varchar(100) NOT NULL,
  description varchar(250) NOT NULL,
  course_code varchar(40) NOT NULL,
-  user_id int(11) NOT NULL,
-  ref_doc int(11) NOT NULL,
+  user_id int NOT NULL,
+  ref_doc int NOT NULL,
+  PRIMARY KEY  (id)
+);
+
+-- 
+
+-- --------------------------------------------------------
+
+-- 
+-- Table structure of openid_association (keep info on openid servers)
+-- 
+
+CREATE TABLE IF NOT EXISTS openid_association (
+  id int NOT NULL auto_increment,
+  idp_endpoint_uri text NOT NULL,
+  session_type varchar(30) NOT NULL,
+  assoc_handle text NOT NULL,
+  assoc_type text NOT NULL,
+  expires_in bigint NOT NULL,
+  mac_key text NOT NULL,
+  created bigint NOT NULL,
  PRIMARY KEY  (id)
 );
--- a/main/install/migrate-db-1.8.4-1.8.5-pre.sql
+++ b/main/install/migrate-db-1.8.4-1.8.5-pre.sql
@ -26,7 +26,13 @@ INSERT INTO settings_options (variable, value, display_text) VALUES ('survey_ema
 INSERT INTO settings_options (variable, value, display_text) VALUES ('survey_email_sender_noreply', 'noreply', 'NoReplyEmailSender');
 DELETE FROM settings_current WHERE variable='show_student_view';
 DELETE FROM settings_options WHERE variable='show_student_view';
+INSERT INTO settings_current (variable, subkey, type, category, selected_value, title, comment, scope, subkeytext) VALUES ('openid_authentication', '', 'radio', 'Security', 'false', 'OpenIdAuthentication', 'OpenIdAuthenticationComment', NULL, NULL);
+INSERT INTO settings_options (variable, value, display_text) VALUES ('openid_authentication', 'true', 'Yes');
+INSERT INTO settings_options (variable, value, display_text) VALUES ('openid_authentication', 'false', 'No');
 CREATE TABLE templates (id int NOT NULL auto_increment, title varchar(100) NOT NULL, description varchar(250) NOT NULL, course_code varchar(40) NOT NULL, user_id int NOT NULL, ref_doc int NOT NULL, PRIMARY KEY (id));
+ALTER TABLE user ADD openid varchar(255) DEFAULT NULL;
+ALTER TABLE user ADD INDEX (openid(50));
+CREATE TABLE IF NOT EXISTS openid_association (id int NOT NULL auto_increment,idp_endpoint_uri text NOT NULL,session_type varchar(30) NOT NULL,assoc_handle text NOT NULL,assoc_type text NOT NULL,expires_in bigint NOT NULL,mac_key text NOT NULL,created bigint NOT NULL,PRIMARY KEY (id));

 -- xxSTATSxx
 ALTER TABLE track_e_downloads ADD INDEX (down_user_id);