diff options
author | Wojciech Polak <polak@gnu.org> | 2009-12-31 12:24:42 +0100 |
---|---|---|
committer | Wojciech Polak <polak@gnu.org> | 2009-12-31 12:24:42 +0100 |
commit | 3acbdb4120d11b1b83d43221b91bcfedd176c405 (patch) | |
tree | d4c63a78053ddfc136b2607c9f8016d3c7c7d002 /frontend/openid_manage.php | |
download | cheetah-3acbdb4120d11b1b83d43221b91bcfedd176c405.tar.gz cheetah-3acbdb4120d11b1b83d43221b91bcfedd176c405.tar.bz2 |
Initial commit "Better Late Than Never".
Diffstat (limited to 'frontend/openid_manage.php')
-rw-r--r-- | frontend/openid_manage.php | 182 |
1 files changed, 182 insertions, 0 deletions
diff --git a/frontend/openid_manage.php b/frontend/openid_manage.php new file mode 100644 index 0000000..698852c --- /dev/null +++ b/frontend/openid_manage.php @@ -0,0 +1,182 @@ +<?php + +/* + Cheetah News openid_manage.php + Copyright (C) 2008 Wojciech Polak. + + This program is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by the + Free Software Foundation; either version 3 of the License, or (at your + option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +require_once 'lib/include.php'; +require_once 'Auth/OpenID/Consumer.php'; +require_once 'Auth/OpenID/FileStore.php'; +require_once 'Auth/OpenID/SReg.php'; + +start_session (null, true); +$session->auth ('iflogged'); + +$qs = false; +$message = ''; + +postvars ('add'); +getvars ('remove'); +$add = trim (strip_tags ($add)); +$remove = trim (strip_tags ($remove)); + +if ($session->status['afterlogged'] != 'yes' || + $session->email == 'guest') +{ + $message = _('You are using a guest account. You must register in order to do this.'); + $qs = true; +} +else if (isset ($_GET['openid_mode']) && !empty ($_GET['openid_mode'])) +{ + $store = new Auth_OpenID_FileStore ($CONF['openIdStorePath']); + $consumer = new Auth_OpenID_Consumer ($store); + + $return_to = isset ($_GET['openid_return_to']) ? + $_GET['openid_return_to'] : ''; + $response = $consumer->complete ($return_to); + + if ($response->status == Auth_OpenID_CANCEL) { + $message = _('Verification cancelled.'); + } + else if ($response->status == Auth_OpenID_FAILURE) { + $message = sprintf (_('OpenID authentication failed: %s'), + $response->message); + } + else if ($response->status == Auth_OpenID_SUCCESS) + { + $identity = $response->identity_url; + if ($identity[strlen ($identity) - 1] == '/') + $identity = substr ($identity, 0, -1); + + $db = new Database (); + $db->query ("SELECT id FROM openid WHERE identity='". + $db->escape ($identity)."'"); + if ($db->next_record ()) { + $message = _('This OpenID is already attached.'); + } + else { + $db->query ("INSERT INTO openid SET userid='".$session->id. + "', identity='".$db->escape ($identity)."'"); + $message = _('Your OpenID has been successfully attached.'); + } + } +} +else if (!empty ($add)) +{ + $process_url = $CONF['secureProto'].'://'.$CONF['site'].'/openid_manage'; + $trust_root = $CONF['secureProto'].'://'.$CONF['site'].'/'; + + $store = new Auth_OpenID_FileStore ($CONF['openIdStorePath']); + $consumer = new Auth_OpenID_Consumer ($store); + $auth_request = $consumer->begin ($add); + + if (!$auth_request) { + $message = _('OpenID authentication failed.'); + } + else { + if (strpos ($add, 'http://') !== 0) + $add = 'http://'.$add; + if ($add[strlen ($add) - 1] == '/') + $add = substr ($add, 0, -1); + + $db = new Database (); + $db->query ("SELECT id FROM openid WHERE identity='".$db->escape ($add)."'"); + if (!$db->next_record ()) { + $sreg_request = Auth_OpenID_SRegRequest::build (null, null, + 'http://'.$CONF['site'].'/privacy'); + if ($sreg_request) + $auth_request->addExtension ($sreg_request); + + $redirect_url = $auth_request->redirectURL ($trust_root, $process_url); + redirect ($redirect_url); + } + else + $message = _('This OpenID is already attached.'); + } +} +else if (!empty ($remove)) { + $db = new Database (); + $db->query ("DELETE FROM openid WHERE userid='".$session->id. + "' AND identity='".$db->escape ($remove)."'"); + redirect ('openid_manage'); +} + +?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?=$CHEETAH_LANG?>" lang="<?=$CHEETAH_LANG?>"> +<head> +<title>Cheetah News</title> +<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> +<meta name="robots" content="noindex,nofollow" /> +<link rel="stylesheet" href="d?q=css.changepassword" type="text/css" /> +<link rel="icon" href="images/favicon.png" type="image/png" /> +</head> +<body> + +<?php + +if (!empty ($message)) { +?> +<div id="box"> + <h2><?php echo $message; ?></h2> +</div> +<p></p> +<?php +if ($qs) + exit (); +} +?> + +<?php + $db = new Database (); + $db->query ("SELECT * FROM openid WHERE userid='".$session->id."' ORDER BY identity"); +?> + +<div id="box"> +<h2>Cheetah: <?php echo _('Manage your OpenIDs'); ?></h2> +<form action="openid_manage" method="post"> + <table> +<?php + while ($db->next_record ()) { +?> + <tr> + <td align="left"><?php echo $db->f ('identity'); ?></td> + <td align="left"> + <a href="?remove=<?php echo urlencode ($db->f ('identity')); ?>" + onclick="return confirm ('<?php echo _('Are you sure you want to detach this OpenID?'); ?>');"> + <img src="images/16_delete.png" style="border:none" + alt="<?php echo _('Remove'); ?>" title="<?php echo _('Remove'); ?>" /> + </a> + </td> + </tr> +<?php + } +?> + <tr><td style="padding-top:10px"></td></tr> + <tr> + <td><input type="text" id="add_openid" name="add" size="30" maxlength="255" /></td> + <td align="left"> + <input type="submit" name="submit" value="<?php echo _('Attach new OpenID'); ?>" /> + </td> + </tr> + <tr><td></td></tr> + </table> +</form> +</div> + +</body> +</html> |