friendica/mod/openid.php

<?php
/**
 * @file mod/openid.php
 */

use Friendica\App;
use Friendica\Core\Config;
use Friendica\Core\L10n;
use Friendica\Core\System;
use Friendica\Database\DBA;

function openid_content(App $a) {

	$noid = Config::get('system','no_openid');
	if($noid)
		goaway(System::baseUrl());

	logger('mod_openid ' . print_r($_REQUEST,true), LOGGER_DATA);

	if((x($_GET,'openid_mode')) && (x($_SESSION,'openid'))) {

		$openid = new LightOpenID($a->get_hostname());

		if($openid->validate()) {

			$authid = $_REQUEST['openid_identity'];

			if(! strlen($authid)) {
				logger(L10n::t('OpenID protocol error. No ID returned.') . EOL);
				goaway(System::baseUrl());
			}

			// NOTE: we search both for normalised and non-normalised form of $authid
			//       because the normalization step was removed from setting
			//       mod/settings.php in 8367cad so it might have left mixed
			//       records in the user table
			//
			$r = q("SELECT *
				FROM `user`
				WHERE ( `openid` = '%s' OR `openid` = '%s' )
				AND `blocked` = 0 AND `account_expired` = 0
				AND `account_removed` = 0 AND `verified` = 1
				LIMIT 1",
				DBA::escape($authid), DBA::escape(normalise_openid($authid))
			);

			if (DBA::isResult($r)) {

				// successful OpenID login

				unset($_SESSION['openid']);

				require_once('include/security.php');
				authenticate_success($r[0],true,true);

				// just in case there was no return url set
				// and we fell through

				goaway(System::baseUrl());
			}

			// Successful OpenID login - but we can't match it to an existing account.
			// New registration?

			if (intval(Config::get('config', 'register_policy')) === REGISTER_CLOSED) {
				notice(L10n::t('Account not found and OpenID registration is not permitted on this site.') . EOL);
				goaway(System::baseUrl());
			}

			unset($_SESSION['register']);
			$args = '';
			$attr = $openid->getAttributes();
			if (is_array($attr) && count($attr)) {
				foreach ($attr as $k => $v) {
					if ($k === 'namePerson/friendly') {
						$nick = notags(trim($v));
					}
					if($k === 'namePerson/first') {
						$first = notags(trim($v));
					}
					if($k === 'namePerson') {
						$args .= '&username=' . urlencode(notags(trim($v)));
					}
					if ($k === 'contact/email') {
						$args .= '&email=' . urlencode(notags(trim($v)));
					}
					if ($k === 'media/image/aspect11') {
						$photosq = bin2hex(trim($v));
					}
					if ($k === 'media/image/default') {
						$photo = bin2hex(trim($v));
					}
				}
			}
			if ($nick) {
				$args .= '&nickname=' . urlencode($nick);
			}
			elseif ($first) {
				$args .= '&nickname=' . urlencode($first);
			}

			if ($photosq) {
				$args .= '&photo=' . urlencode($photosq);
			}
			elseif ($photo) {
				$args .= '&photo=' . urlencode($photo);
			}

			$args .= '&openid_url=' . urlencode(notags(trim($authid)));

			goaway(System::baseUrl() . '/register?' . $args);

			// NOTREACHED
		}
	}
	notice(L10n::t('Login failed.') . EOL);
	goaway(System::baseUrl());
	// NOTREACHED
}
openid logins working 2010-11-18 02:03:27 +01:00			`<?php`
Many t() calls modify many t() calls. 2018-01-21 19:33:59 +01:00			`/**`
			`* @file mod/openid.php`
			`*/`
Remove references to library/openid 2018-01-27 22:31:49 +01:00
Move App to src - Add `use Friendica\App;` wherever needed 2017-04-30 06:07:00 +02:00			`use Friendica\App;`
Issue-#3873 Replace deprecated functions with new syntax. 2017-11-07 03:22:52 +01:00			`use Friendica\Core\Config;`
Many t() calls modify many t() calls. 2018-01-21 19:33:59 +01:00			`use Friendica\Core\L10n;`
New class "System" 2017-08-26 08:04:21 +02:00			`use Friendica\Core\System;`
Rename DBM method calls to DBA method calls 2018-07-21 14:40:21 +02:00			`use Friendica\Database\DBA;`
Revert "Updated modules to allow for partial overrides without errors" This reverts commit db949bb802448184bfe5164d8d3dd86ddf51b187. 2016-02-07 15:11:34 +01:00
Normalize App parameter declaration (mod folder, 2 out of 3) 2017-01-09 13:14:25 +01:00			`function openid_content(App $a) {`
openid logins working 2010-11-18 02:03:27 +01:00
Issue-#3873 Replace deprecated functions with new syntax. 2017-11-07 03:22:52 +01:00			`$noid = Config::get('system','no_openid');`
Revert "Coding convention applied - part 1" 2017-03-21 17:02:59 +01:00			`if($noid)`
App::get_baseurl is now replaced with System::baseUrl 2017-08-26 09:32:10 +02:00			`goaway(System::baseUrl());`
localise login template, allow openid to be disabled 2010-11-29 05:58:23 +01:00
some openid fixes, use identity url from openid server and normalise it. 2012-03-19 14:48:11 +01:00			`logger('mod_openid ' . print_r($_REQUEST,true), LOGGER_DATA);`

Revert "Coding convention applied - part 1" 2017-03-21 17:02:59 +01:00			`if((x($_GET,'openid_mode')) && (x($_SESSION,'openid'))) {`
cleanup after openid refactoring 2012-03-19 23:10:14 +01:00
OpenId possibly fixed: - The LightOpenId class' constructor now requires the hostname from where the requested started, added it now - sometimes need to invoke get_app() as $a was not around Signed-off-by: Roland Häder <roland@mxchange.org> 2018-05-17 00:21:06 +02:00			`$openid = new LightOpenID($a->get_hostname());`
openid logins working 2010-11-18 02:03:27 +01:00
Revert "Coding convention applied - part 1" 2017-03-21 17:02:59 +01:00			`if($openid->validate()) {`
openid logins working 2010-11-18 02:03:27 +01:00
Do not normalize openid url when logging in (since it isn't normalized when setting it via user settings) NOTE: this broke with 8367cad 2016-05-24 22:36:51 +02:00			`$authid = $_REQUEST['openid_identity'];`
some openid fixes, use identity url from openid server and normalise it. 2012-03-19 14:48:11 +01:00
Revert "Coding convention applied - part 1" 2017-03-21 17:02:59 +01:00			`if(! strlen($authid)) {`
More t() Update more t() calls 2018-01-22 13:29:50 +01:00			`logger(L10n::t('OpenID protocol error. No ID returned.') . EOL);`
App::get_baseurl is now replaced with System::baseUrl 2017-08-26 09:32:10 +02:00			`goaway(System::baseUrl());`
refactor openid logins/registrations 2012-03-19 23:03:09 +01:00			`}`
openid registration 2010-11-18 05:35:50 +01:00
Fix OpenID login The problem was that while openid was stored not-normalized in the database, the checking code was looking for a normalized form instead. The commit removing normalization step on saving user preferences was 8367cad, which might have left old users with normalized openid and new users with non-normalized one. This commit makes the checking code look for both normalized and not normalized form, to be backward compatible. 2016-05-25 12:43:26 +02:00			`// NOTE: we search both for normalised and non-normalised form of $authid`
			`// because the normalization step was removed from setting`
			`// mod/settings.php in 8367cad so it might have left mixed`
			`// records in the user table`
			`//`
Remove unused upubkey and uprvkey from queries - Switched queries to new dba::* functions 2017-11-26 20:55:47 +01:00			`$r = q("SELECT *`
			FROM `user`
Simplify openid query, and (needlessly) quote all fields Fields quoting was requested by rabuzarus 2016-05-25 16:06:16 +02:00			WHERE ( `openid` = '%s' OR `openid` = '%s' )
			AND `blocked` = 0 AND `account_expired` = 0
			AND `account_removed` = 0 AND `verified` = 1
			`LIMIT 1",`
Rename dbesc to DBA::escape 2018-07-21 15:10:13 +02:00			`DBA::escape($authid), DBA::escape(normalise_openid($authid))`
openid logins working 2010-11-18 02:03:27 +01:00			`);`
some openid fixes, use identity url from openid server and normalise it. 2012-03-19 14:48:11 +01:00
Rename DBA::is_result to DBA::isResult 2018-07-21 14:46:04 +02:00			`if (DBA::isResult($r)) {`
cleanup after openid refactoring 2012-03-19 23:10:14 +01:00
			`// successful OpenID login`

refactor openid logins/registrations 2012-03-19 23:03:09 +01:00			`unset($_SESSION['openid']);`

			`require_once('include/security.php');`
			`authenticate_success($r[0],true,true);`

Normalize App parameter declaration (mod folder, 2 out of 3) 2017-01-09 13:14:25 +01:00			`// just in case there was no return url set`
refactor openid logins/registrations 2012-03-19 23:03:09 +01:00			`// and we fell through`

App::get_baseurl is now replaced with System::baseUrl 2017-08-26 09:32:10 +02:00			`goaway(System::baseUrl());`
refactor openid logins/registrations 2012-03-19 23:03:09 +01:00			`}`

cleanup after openid refactoring 2012-03-19 23:10:14 +01:00			`// Successful OpenID login - but we can't match it to an existing account.`
			`// New registration?`
refactor openid logins/registrations 2012-03-19 23:03:09 +01:00
Enforce systen.register_policy value type 2018-07-15 21:04:48 +02:00			`if (intval(Config::get('config', 'register_policy')) === REGISTER_CLOSED) {`
Many t() calls modify many t() calls. 2018-01-21 19:33:59 +01:00			`notice(L10n::t('Account not found and OpenID registration is not permitted on this site.') . EOL);`
App::get_baseurl is now replaced with System::baseUrl 2017-08-26 09:32:10 +02:00			`goaway(System::baseUrl());`
refactor openid logins/registrations 2012-03-19 23:03:09 +01:00			`}`

			`unset($_SESSION['register']);`
			`$args = '';`
			`$attr = $openid->getAttributes();`
Continued with coding convention: - added curly braces around conditional code blocks - added space between if/foreach/... and brace - rewrote a code block so if dbm::is_result() fails it will abort, else the id is fetched from INSERT statement - made some SQL keywords upper-cased and added back-ticks to columns/table names Signed-off-by: Roland Haeder <roland@mxchange.org> 2016-12-20 21:15:53 +01:00			`if (is_array($attr) && count($attr)) {`
			`foreach ($attr as $k => $v) {`
			`if ($k === 'namePerson/friendly') {`
refactor openid logins/registrations 2012-03-19 23:03:09 +01:00			`$nick = notags(trim($v));`
Continued with coding convention: - added curly braces around conditional code blocks - added space between if/foreach/... and brace - rewrote a code block so if dbm::is_result() fails it will abort, else the id is fetched from INSERT statement - made some SQL keywords upper-cased and added back-ticks to columns/table names Signed-off-by: Roland Haeder <roland@mxchange.org> 2016-12-20 21:15:53 +01:00			`}`
Revert "Coding convention applied - part 1" 2017-03-21 17:02:59 +01:00			`if($k === 'namePerson/first') {`
refactor openid logins/registrations 2012-03-19 23:03:09 +01:00			`$first = notags(trim($v));`
Continued with coding convention: - added curly braces around conditional code blocks - added space between if/foreach/... and brace - rewrote a code block so if dbm::is_result() fails it will abort, else the id is fetched from INSERT statement - made some SQL keywords upper-cased and added back-ticks to columns/table names Signed-off-by: Roland Haeder <roland@mxchange.org> 2016-12-20 21:15:53 +01:00			`}`
Revert "Coding convention applied - part 1" 2017-03-21 17:02:59 +01:00			`if($k === 'namePerson') {`
Urlencode query parameters 2017-04-23 13:48:46 +02:00			`$args .= '&username=' . urlencode(notags(trim($v)));`
Continued with coding convention: - added curly braces around conditional code blocks - added space between if/foreach/... and brace - rewrote a code block so if dbm::is_result() fails it will abort, else the id is fetched from INSERT statement - made some SQL keywords upper-cased and added back-ticks to columns/table names Signed-off-by: Roland Haeder <roland@mxchange.org> 2016-12-20 21:15:53 +01:00			`}`
			`if ($k === 'contact/email') {`
Urlencode query parameters 2017-04-23 13:48:46 +02:00			`$args .= '&email=' . urlencode(notags(trim($v)));`
Continued with coding convention: - added curly braces around conditional code blocks - added space between if/foreach/... and brace - rewrote a code block so if dbm::is_result() fails it will abort, else the id is fetched from INSERT statement - made some SQL keywords upper-cased and added back-ticks to columns/table names Signed-off-by: Roland Haeder <roland@mxchange.org> 2016-12-20 21:15:53 +01:00			`}`
			`if ($k === 'media/image/aspect11') {`
refactor openid logins/registrations 2012-03-19 23:03:09 +01:00			`$photosq = bin2hex(trim($v));`
Continued with coding convention: - added curly braces around conditional code blocks - added space between if/foreach/... and brace - rewrote a code block so if dbm::is_result() fails it will abort, else the id is fetched from INSERT statement - made some SQL keywords upper-cased and added back-ticks to columns/table names Signed-off-by: Roland Haeder <roland@mxchange.org> 2016-12-20 21:15:53 +01:00			`}`
			`if ($k === 'media/image/default') {`
refactor openid logins/registrations 2012-03-19 23:03:09 +01:00			`$photo = bin2hex(trim($v));`
Continued with coding convention: - added curly braces around conditional code blocks - added space between if/foreach/... and brace - rewrote a code block so if dbm::is_result() fails it will abort, else the id is fetched from INSERT statement - made some SQL keywords upper-cased and added back-ticks to columns/table names Signed-off-by: Roland Haeder <roland@mxchange.org> 2016-12-20 21:15:53 +01:00			`}`
refactor openid logins/registrations 2012-03-19 23:03:09 +01:00			`}`
			`}`
Continued with coding convention: - added curly braces around conditional code blocks - added space between if/foreach/... and brace - rewrote a code block so if dbm::is_result() fails it will abort, else the id is fetched from INSERT statement - made some SQL keywords upper-cased and added back-ticks to columns/table names Signed-off-by: Roland Haeder <roland@mxchange.org> 2016-12-20 21:15:53 +01:00			`if ($nick) {`
Urlencode query parameters 2017-04-23 13:48:46 +02:00			`$args .= '&nickname=' . urlencode($nick);`
Continued with coding convention: - added curly braces around conditional code blocks - added space between if/foreach/... and brace - rewrote a code block so if dbm::is_result() fails it will abort, else the id is fetched from INSERT statement - made some SQL keywords upper-cased and added back-ticks to columns/table names Signed-off-by: Roland Haeder <roland@mxchange.org> 2016-12-20 21:15:53 +01:00			`}`
			`elseif ($first) {`
Urlencode query parameters 2017-04-23 13:48:46 +02:00			`$args .= '&nickname=' . urlencode($first);`
Continued with coding convention: - added curly braces around conditional code blocks - added space between if/foreach/... and brace - rewrote a code block so if dbm::is_result() fails it will abort, else the id is fetched from INSERT statement - made some SQL keywords upper-cased and added back-ticks to columns/table names Signed-off-by: Roland Haeder <roland@mxchange.org> 2016-12-20 21:15:53 +01:00			`}`
refactor openid logins/registrations 2012-03-19 23:03:09 +01:00
Continued with coding convention: - added curly braces around conditional code blocks - added space between if/foreach/... and brace - rewrote a code block so if dbm::is_result() fails it will abort, else the id is fetched from INSERT statement - made some SQL keywords upper-cased and added back-ticks to columns/table names Signed-off-by: Roland Haeder <roland@mxchange.org> 2016-12-20 21:15:53 +01:00			`if ($photosq) {`
Urlencode query parameters 2017-04-23 13:48:46 +02:00			`$args .= '&photo=' . urlencode($photosq);`
Continued with coding convention: - added curly braces around conditional code blocks - added space between if/foreach/... and brace - rewrote a code block so if dbm::is_result() fails it will abort, else the id is fetched from INSERT statement - made some SQL keywords upper-cased and added back-ticks to columns/table names Signed-off-by: Roland Haeder <roland@mxchange.org> 2016-12-20 21:15:53 +01:00			`}`
			`elseif ($photo) {`
Urlencode query parameters 2017-04-23 13:48:46 +02:00			`$args .= '&photo=' . urlencode($photo);`
Continued with coding convention: - added curly braces around conditional code blocks - added space between if/foreach/... and brace - rewrote a code block so if dbm::is_result() fails it will abort, else the id is fetched from INSERT statement - made some SQL keywords upper-cased and added back-ticks to columns/table names Signed-off-by: Roland Haeder <roland@mxchange.org> 2016-12-20 21:15:53 +01:00			`}`
openid logins working 2010-11-18 02:03:27 +01:00
Urlencode query parameters 2017-04-23 13:48:46 +02:00			`$args .= '&openid_url=' . urlencode(notags(trim($authid)));`
switch identities to manage pages 2011-03-02 05:18:47 +01:00
App::get_baseurl is now replaced with System::baseUrl 2017-08-26 09:32:10 +02:00			`goaway(System::baseUrl() . '/register?' . $args);`
register/login timestamps 2010-12-17 01:35:45 +01:00
refactor openid logins/registrations 2012-03-19 23:03:09 +01:00			`// NOTREACHED`
openid logins working 2010-11-18 02:03:27 +01:00			`}`
			`}`
Many t() calls modify many t() calls. 2018-01-21 19:33:59 +01:00			`notice(L10n::t('Login failed.') . EOL);`
App::get_baseurl is now replaced with System::baseUrl 2017-08-26 09:32:10 +02:00			`goaway(System::baseUrl());`
openid logins working 2010-11-18 02:03:27 +01:00			`// NOTREACHED`
add info() function. Works like notice() but show messages in a div with class info-message. update code to use info() instead of notice() when appropriate (non-error message) add info-message class style in themes 2011-05-23 11:39:57 +02:00			`}`