TYPO3 Core

<?php

// Make sure that we are executed only from the inside of TYPO3

if (!defined ('TYPO3_MODE')) {

die ('Access denied.');

}

/**

* Adds the definition of new fields to the pallete for the given field. If

* palette does not exist for the field, it is created.

*

* @param string $tableName Table name where to add/modify new fields

* @param string $fieldName Field name to add/modify pallete for

* @param string $newFields Definition for new fields

* @return void

*/

function tx_openid_addToPalette($tableName, $fieldName, $newFields) {

t3lib_div::loadTCA($tableName);

if (!isset($GLOBALS['TCA'][$tableName]['columns'][$fieldName])) {

die('No field named \'' . $fieldName . '\' found in $TCA for the table named \'' . $tableName . '\'');

} else {

// Process all definitions

foreach ($GLOBALS['TCA'][$tableName]['types'] as $typeCode => $typeDefinition) {

$fieldDefinitionModified = false;

// Expand comma-separated list of values

$fields = t3lib_div::trimExplode(',', $typeDefinition['showitem'], true);

foreach ($fields as &$field) {

// $code1 to $code4 are subcodes separated by a semicolon.

// We are not interested here in their values

list($currentFieldName, $code1, $palleteCode, $code3, $code4) = explode(';', $field, 5);

if (trim($currentFieldName) === $fieldName) {

// Found the field, now look if it already has palettes.

// If there is no palette, create a new one and reassemble

// field definition

if (!$palleteCode) {

// If palettes do not exist, create them

if (!isset($GLOBALS['TCA'][$tableName]['palettes'])) {

$GLOBALS['TCA'][$tableName]['palettes'] = array();

}

// Now find the next free palette number

// This loop does not have limitation because number of palletes is

// limited anyway. It will stop eventially

for ($palleteCode = 1; isset($GLOBALS['TCA'][$tableName]['palettes'][$palleteCode]); $palleteCode++) {

// Empty loop. We simply need to increase counter until we found a free number

}

// Put field definition back. Note that it will create the full field definition

// (with all four semicolons) even if original had only some semicolons

$field = $currentFieldName . ';' . $code1 . ';' . $palleteCode . ';' . $code3 . ';' . $code4;

$fieldDefinitionModified = true;

}

// Now we check if palette already contains anything

if ($GLOBALS['TCA'][$tableName]['palettes'][$palleteCode]['showitem']) {

$GLOBALS['TCA'][$tableName]['palettes'][$palleteCode]['showitem'] .= ',';

}

$GLOBALS['TCA'][$tableName]['palettes'][$palleteCode]['showitem'] .= $newFields;

// We processed the field, stop the loop

break;

}

}

// If we added a new palette, we need to put modified field definition back

if ($fieldDefinitionModified) {

$GLOBALS['TCA'][$tableName]['types'][$typeCode]['showitem'] = implode(',', $fields);

}

}

}

}

// Prepare new columns for be_users table

$tempColumns = array (

'tx_openid_openid' => array (

'exclude' => 0,

'label' => 'LLL:EXT:openid/locallang_db.xml:be_users.tx_openid_openid',

'config' => array (

'type' => 'input',

'size' => '30',

// Requirement: unique (BE users are unique in the whole system)

'eval' => 'trim,nospace,unique',

)

),

);

// Add new columns to be_users table

t3lib_div::loadTCA('be_users');

t3lib_extMgm::addTCAcolumns('be_users', $tempColumns, false);

t3lib_extMgm::addToAllTCAtypes('be_users','tx_openid_openid;;;;1-1-1', '', 'after:username');

t3lib_extMgm::addLLrefForTCAdescr('be_users', 'EXT:' . $_EXTKEY . '/locallang_csh.xml');

// Prepare new columns for fe_users table

$tempColumns = array (

'tx_openid_openid' => array (

'exclude' => 0,

'label' => 'LLL:EXT:openid/locallang_db.xml:fe_users.tx_openid_openid',

'config' => array (

'type' => 'input',

'size' => '30',

// Requirement: uniqueInPid (FE users are pid-specific)

'eval' => 'trim,nospace,uniqueInPid',

)

),

);

// Add new columns to fe_users table

t3lib_div::loadTCA('fe_users');

t3lib_extMgm::addTCAcolumns('fe_users', $tempColumns, false);

//t3lib_extMgm::addToAllTCAtypes('fe_users', 'tx_openid_openid;;;;1-1-1');

tx_openid_addToPalette('fe_users', 'username', 'tx_openid_openid');

t3lib_extMgm::addLLrefForTCAdescr('fe_users', 'EXT:' . $_EXTKEY . '/locallang_csh.xml');

?>

<?xml version="1.0" encoding="utf-8" standalone="yes" ?>

<T3locallang>

<meta type="array">

<type>database</type>

<description>Language labels for database tables/fields belonging to extension 'openid'</description>

</meta>

<data type="array">

<languageKey index="default" type="array">

<label index="be_users.tx_openid_openid">OpenID identifier:</label>

<label index="fe_users.tx_openid_openid">OpenID identifier:</label>

</languageKey>

</data>

</T3locallang>

<?php

/***************************************************************

* Copyright notice

*

* (c) 2008 Dmitry Dulepov <dmitry@typo3.org>

* All rights reserved

*

* This script is part of the TYPO3 project. The TYPO3 project is

* free software; you can redistribute it and/or modify

* it under the terms of the GNU General Public License as published by

* the Free Software Foundation; either version 2 of the License, or

* (at your option) any later version.

*

* The GNU General Public License can be found at

* http://www.gnu.org/copyleft/gpl.html.

*

* This script is distributed in the hope that it will be useful,

* but WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

* GNU General Public License for more details.

*

* This copyright notice MUST APPEAR in all copies of the script!

***************************************************************/

/**

* [CLASS/FUNCTION INDEX of SCRIPT]

*

*

*

* 59: class tx_openid_return

* 65: public function main()

*

* TOTAL FUNCTIONS: 1

* (This index is automatically created/updated by the extension "extdeveval")

*

*/

if (!$TYPO3_CONF_VARS['BE']['compressionLevel']) {

// We need to buffer output because we may need to redirect later.

// If we do not buffer, redirection may fail because output could be

// started in init.php

ob_start();

}

// Fix _GET/_POST values for authentication

if (isset($_GET['login_status'])) {

$_POST['login_status'] = $_GET['login_status'];

}

define('TYPO3_MOD_PATH', 'sysext/openid/');

require_once('../../init.php');

/**

* This class is the OpenID return script for the TYPO3 Backend.

*

* $Id: $

*

* @author Dmitry Dulepov <dmitry@typo3.org>

*/

class tx_openid_return {

/**

* Processed Backend session creation and redirect to backend.php

*

* @return void

*/

public function main() {

if ($GLOBALS['BE_USER']->user['uid']) {

@ob_end_clean();

header(t3lib_div::HTTP_STATUS_303);

$backendURL = t3lib_div::getIndpEnv('TYPO3_SITE_URL') . TYPO3_mainDir . 'backend.php';

header('Location: ' . $backendURL);

}

}

}

if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/openid/class.tx_openid_return.php']) {

include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/openid/class.tx_openid_return.php']);

}

$module = t3lib_div::makeInstance('tx_openid_return');

/* @var tx_openid_return $module */

$module->main();

?>

<?php

/***************************************************************

* Copyright notice

*

* (c) 2008 Dmitry Dulepov <dmitry@typo3.org>

* All rights reserved

*

* This script is part of the TYPO3 project. The TYPO3 project is

* free software; you can redistribute it and/or modify

* it under the terms of the GNU General Public License as published by

* the Free Software Foundation; either version 2 of the License, or

* (at your option) any later version.

*

* The GNU General Public License can be found at

* http://www.gnu.org/copyleft/gpl.html.

*

* This script is distributed in the hope that it will be useful,

* but WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

* GNU General Public License for more details.

*

* This copyright notice MUST APPEAR in all copies of the script!

***************************************************************/

/**

* [CLASS/FUNCTION INDEX of SCRIPT]

*

*

*

* 44: class tx_openid_eID

* 50: public function main()

*

* TOTAL FUNCTIONS: 1

* (This index is automatically created/updated by the extension "extdeveval")

*

*/

/**

* This class is the OpenID return script for the TYPO3 Frontend.

*

* $Id: $

*

* @author Dmitry Dulepov <dmitry@typo3.org>

*/

class tx_openid_eID {

/**

* Processes eID request.

*

* @return void

*/

public function main() {

// Due to the nature of OpenID (redrections, etc) we need to force user

// session fetching is there is no session around. This ensures that

// our service is called even if there no login data in the request.

// Inside the service we will process OpenID response and authenticate

// the user.

$GLOBALS['TYPO3_CONF_VARS']['SVCONF']['auth']['FE_fetchUserIfNoSession'] = true;

// Initialize Frontend user

tslib_eidtools::connectDB();

tslib_eidtools::initFeUser();

// Redirect to the original location in any case (authenticated or not)

@ob_end_clean();

header(t3lib_div::HTTP_STATUS_303);

header('Location: ' . t3lib_div::locationHeaderUrl(t3lib_div::GPvar('tx_openid_location')));

exit;

}

}

if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/openid/class.tx_openid_eid.php']) {

include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/openid/class.tx_openid_eid.php']);

}

$module = t3lib_div::makeInstance('tx_openid_eID');

/* @var tx_openid_eID $module */

$module->main();

?>

<?php

// Make sure that we are executed only from the inside of TYPO3

if (!defined ('TYPO3_MODE')) {

die ('Access denied.');

}

// Register OpenID authentication service with TYPO3

t3lib_extMgm::addService($_EXTKEY, 'auth' /* sv type */, 'tx_openid_sv1' /* sv key */,

array(

'title' => 'OpenID Authentication',

'description' => 'OpenID authentication service for Frontend and Backend',

'subtype' => 'getUserFE,authUserFE,getUserBE,authUserBE',

'available' => true,

'priority' => 75, // Must be higher than for tx_sv_auth (50) or tx_sv_auth will deny request unconditionally

'quality' => 50,

'os' => '',

'exec' => '',

'classFile' => t3lib_extMgm::extPath($_EXTKEY).'sv1/class.tx_openid_sv1.php',

'className' => 'tx_openid_sv1',

)

);

// Register eID script that performs final FE user authentication. It will be called by the OpenID provider

$GLOBALS['TYPO3_CONF_VARS']['FE']['eID_include']['tx_openid'] = 'EXT:openid/class.tx_openid_eid.php';

?>

<?php

/**

* This is the PHP OpenID library by JanRain, Inc.

*

* This module contains core utility functionality used by the

* library. See Consumer.php and Server.php for the consumer and

* server implementations.

*

* PHP versions 4 and 5

*

* LICENSE: See the COPYING file included in this distribution.

*

* @package OpenID

* @author JanRain, Inc. <openid@janrain.com>

* @copyright 2005-2008 Janrain, Inc.

* @license http://www.apache.org/licenses/LICENSE-2.0 Apache

*/

/**

* The library version string

*/

define('Auth_OpenID_VERSION', '2.1.2');

/**

* Require the fetcher code.

*/

require_once "Auth/Yadis/PlainHTTPFetcher.php";

require_once "Auth/Yadis/ParanoidHTTPFetcher.php";

require_once "Auth/OpenID/BigMath.php";

require_once "Auth/OpenID/URINorm.php";

/**

* Status code returned by the server when the only option is to show

* an error page, since we do not have enough information to redirect

* back to the consumer. The associated value is an error message that

* should be displayed on an HTML error page.

*

* @see Auth_OpenID_Server

*/

define('Auth_OpenID_LOCAL_ERROR', 'local_error');

/**

* Status code returned when there is an error to return in key-value

* form to the consumer. The caller should return a 400 Bad Request

* response with content-type text/plain and the value as the body.

*

* @see Auth_OpenID_Server

*/

define('Auth_OpenID_REMOTE_ERROR', 'remote_error');

/**

* Status code returned when there is a key-value form OK response to

* the consumer. The value associated with this code is the

* response. The caller should return a 200 OK response with

* content-type text/plain and the value as the body.

*

* @see Auth_OpenID_Server

*/

define('Auth_OpenID_REMOTE_OK', 'remote_ok');

/**

* Status code returned when there is a redirect back to the

* consumer. The value is the URL to redirect back to. The caller

* should return a 302 Found redirect with a Location: header

* containing the URL.

*

* @see Auth_OpenID_Server

*/

define('Auth_OpenID_REDIRECT', 'redirect');

/**

* Status code returned when the caller needs to authenticate the

* user. The associated value is a {@link Auth_OpenID_ServerRequest}

* object that can be used to complete the authentication. If the user

* has taken some authentication action, use the retry() method of the

* {@link Auth_OpenID_ServerRequest} object to complete the request.

*

* @see Auth_OpenID_Server

*/

define('Auth_OpenID_DO_AUTH', 'do_auth');

/**

* Status code returned when there were no OpenID arguments

* passed. This code indicates that the caller should return a 200 OK

* response and display an HTML page that says that this is an OpenID

* server endpoint.

*

* @see Auth_OpenID_Server

*/

define('Auth_OpenID_DO_ABOUT', 'do_about');

/**

* Defines for regexes and format checking.

*/

define('Auth_OpenID_letters',

"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ");

define('Auth_OpenID_digits',

"0123456789");

define('Auth_OpenID_punct',

"!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~");

if (Auth_OpenID_getMathLib() === null) {

Auth_OpenID_setNoMathSupport();

}

/**

* The OpenID utility function class.

*

* @package OpenID

* @access private

*/

class Auth_OpenID {

/**

* Return true if $thing is an Auth_OpenID_FailureResponse object;

* false if not.

*

* @access private

*/

function isFailure($thing)

{

return is_a($thing, 'Auth_OpenID_FailureResponse');

}

/**

* Gets the query data from the server environment based on the

* request method used. If GET was used, this looks at

* $_SERVER['QUERY_STRING'] directly. If POST was used, this

* fetches data from the special php://input file stream.

*

* Returns an associative array of the query arguments.

*

* Skips invalid key/value pairs (i.e. keys with no '=value'

* portion).

*

* Returns an empty array if neither GET nor POST was used, or if

* POST was used but php://input cannot be opened.

*

* @access private

*/

function getQuery($query_str=null)

{

$data = array();

if ($query_str !== null) {

$data = Auth_OpenID::params_from_string($query_str);

} else if (!array_key_exists('REQUEST_METHOD', $_SERVER)) {

// Do nothing.

} else {

// XXX HACK FIXME HORRIBLE.

//

// POSTing to a URL with query parameters is acceptable, but

// we don't have a clean way to distinguish those parameters

// when we need to do things like return_to verification

// which only want to look at one kind of parameter. We're

// going to emulate the behavior of some other environments

// by defaulting to GET and overwriting with POST if POST

// data is available.

$data = Auth_OpenID::params_from_string($_SERVER['QUERY_STRING']);

if ($_SERVER['REQUEST_METHOD'] == 'POST') {

$str = file_get_contents('php://input');

if ($str === false) {

$post = array();

} else {

$post = Auth_OpenID::params_from_string($str);

}

$data = array_merge($data, $post);

}

}

return $data;

}

function params_from_string($str)

{

$chunks = explode("&", $str);

$data = array();

foreach ($chunks as $chunk) {

$parts = explode("=", $chunk, 2);

if (count($parts) != 2) {

continue;

}

list($k, $v) = $parts;

$data[$k] = urldecode($v);

}

return $data;

}

/**

* Create dir_name as a directory if it does not exist. If it

* exists, make sure that it is, in fact, a directory. Returns

* true if the operation succeeded; false if not.

*

* @access private

*/

function ensureDir($dir_name)

{

if (is_dir($dir_name) || @mkdir($dir_name)) {

return true;

} else {

$parent_dir = dirname($dir_name);

// Terminal case; there is no parent directory to create.

if ($parent_dir == $dir_name) {

return true;

}

return (Auth_OpenID::ensureDir($parent_dir) && @mkdir($dir_name));

}

}

/**

* Adds a string prefix to all values of an array. Returns a new

* array containing the prefixed values.

*

* @access private

*/

function addPrefix($values, $prefix)

{

$new_values = array();

foreach ($values as $s) {

$new_values[] = $prefix . $s;

}

return $new_values;

}

/**

* Convenience function for getting array values. Given an array

* $arr and a key $key, get the corresponding value from the array

* or return $default if the key is absent.

*

* @access private

*/

function arrayGet($arr, $key, $fallback = null)

{

if (is_array($arr)) {

if (array_key_exists($key, $arr)) {

return $arr[$key];

} else {

return $fallback;

}

} else {

trigger_error("Auth_OpenID::arrayGet (key = ".$key.") expected " .

"array as first parameter, got " .

gettype($arr), E_USER_WARNING);

return false;

}

}

/**

* Replacement for PHP's broken parse_str.

*/

function parse_str($query)

{

if ($query === null) {

return null;

}

$parts = explode('&', $query);

$new_parts = array();

for ($i = 0; $i < count($parts); $i++) {

$pair = explode('=', $parts[$i]);

if (count($pair) != 2) {

continue;

}

list($key, $value) = $pair;

$new_parts[$key] = urldecode($value);

}

return $new_parts;

}

/**

* Implements the PHP 5 'http_build_query' functionality.

*

* @access private

* @param array $data Either an array key/value pairs or an array

* of arrays, each of which holding two values: a key and a value,

* sequentially.

* @return string $result The result of url-encoding the key/value

* pairs from $data into a URL query string

* (e.g. "username=bob&id=56").

*/

function httpBuildQuery($data)

{

$pairs = array();

foreach ($data as $key => $value) {

if (is_array($value)) {

$pairs[] = urlencode($value[0])."=".urlencode($value[1]);

} else {

$pairs[] = urlencode($key)."=".urlencode($value);

}

}

return implode("&", $pairs);

}

/**

* "Appends" query arguments onto a URL. The URL may or may not

* already have arguments (following a question mark).

*

* @access private

* @param string $url A URL, which may or may not already have

* arguments.

* @param array $args Either an array key/value pairs or an array of

* arrays, each of which holding two values: a key and a value,

* sequentially. If $args is an ordinary key/value array, the

* parameters will be added to the URL in sorted alphabetical order;

* if $args is an array of arrays, their order will be preserved.

* @return string $url The original URL with the new parameters added.

*

*/

function appendArgs($url, $args)

{

if (count($args) == 0) {

return $url;

}

// Non-empty array; if it is an array of arrays, use

// multisort; otherwise use sort.

if (array_key_exists(0, $args) &&

is_array($args[0])) {

// Do nothing here.

} else {

$keys = array_keys($args);

sort($keys);

$new_args = array();

foreach ($keys as $key) {

$new_args[] = array($key, $args[$key]);

}

$args = $new_args;

}

$sep = '?';

if (strpos($url, '?') !== false) {

$sep = '&';

}

return $url . $sep . Auth_OpenID::httpBuildQuery($args);

}

/**

* Implements python's urlunparse, which is not available in PHP.

* Given the specified components of a URL, this function rebuilds

* and returns the URL.

*

* @access private

* @param string $scheme The scheme (e.g. 'http'). Defaults to 'http'.

* @param string $host The host. Required.

* @param string $port The port.

* @param string $path The path.

* @param string $query The query.

* @param string $fragment The fragment.

* @return string $url The URL resulting from assembling the

* specified components.

*/

function urlunparse($scheme, $host, $port = null, $path = '/',

$query = '', $fragment = '')

{

if (!$scheme) {

$scheme = 'http';

}

if (!$host) {

return false;

}

if (!$path) {

$path = '';

}

$result = $scheme . "://" . $host;

if ($port) {

$result .= ":" . $port;

}

$result .= $path;

if ($query) {

$result .= "?" . $query;

}

if ($fragment) {

$result .= "#" . $fragment;

}

return $result;

}

/**

* Given a URL, this "normalizes" it by adding a trailing slash

* and / or a leading http:// scheme where necessary. Returns

* null if the original URL is malformed and cannot be normalized.

*

* @access private

* @param string $url The URL to be normalized.

* @return mixed $new_url The URL after normalization, or null if

* $url was malformed.

*/

function normalizeUrl($url)

{

@$parsed = parse_url($url);

if (!$parsed) {

return null;

}

if (isset($parsed['scheme']) &&

isset($parsed['host'])) {

$scheme = strtolower($parsed['scheme']);

if (!in_array($scheme, array('http', 'https'))) {

return null;

}

} else {

$url = 'http://' . $url;

}

$normalized = Auth_OpenID_urinorm($url);

if ($normalized === null) {

return null;

}

list($defragged, $frag) = Auth_OpenID::urldefrag($normalized);

return $defragged;

}

/**

* Replacement (wrapper) for PHP's intval() because it's broken.

*

* @access private

*/

function intval($value)

{

$re = "/^\\d+$/";

if (!preg_match($re, $value)) {

return false;

}

return intval($value);

}

/**

* Count the number of bytes in a string independently of

* multibyte support conditions.

*

* @param string $str The string of bytes to count.

* @return int The number of bytes in $str.

*/

function bytes($str)

{

return strlen(bin2hex($str)) / 2;

}

/**

* Get the bytes in a string independently of multibyte support

* conditions.

*/

function toBytes($str)

{

$hex = bin2hex($str);

if (!$hex) {

return array();

}

$b = array();

for ($i = 0; $i < strlen($hex); $i += 2) {

$b[] = chr(base_convert(substr($hex, $i, 2), 16, 10));

}

return $b;

}

function urldefrag($url)

{

$parts = explode("#", $url, 2);

if (count($parts) == 1) {

return array($parts[0], "");

} else {

return $parts;

}

}

function filter($callback, &$sequence)

{

$result = array();

foreach ($sequence as $item) {

if (call_user_func_array($callback, array($item))) {

$result[] = $item;

}

}

return $result;

}

function update(&$dest, &$src)

{

foreach ($src as $k => $v) {

$dest[$k] = $v;

}

}

/**

* Wrap PHP's standard error_log functionality. Use this to

* perform all logging. It will interpolate any additional

* arguments into the format string before logging.

*

* @param string $format_string The sprintf format for the message

*/

function log($format_string)

{

$args = func_get_args();

$message = call_user_func_array('sprintf', $args);

error_log($message);

}

function autoSubmitHTML($form, $title="OpenId transaction in progress")

{

return("<html>".

"<head><title>".

$title .

"</title></head>".

"<body onload='document.forms[0].submit();'>".

$form .

"<script>".

"var elements = document.forms[0].elements;".

"for (var i = 0; i < elements.length; i++) {".

" elements[i].style.display = \"none\";".

"}".

"</script>".

"</body>".

"</html>");

}

}

?>

<?php

/**

* The core PHP Yadis implementation.

*

* PHP versions 4 and 5

*

* LICENSE: See the COPYING file included in this distribution.

*

* @package OpenID

* @author JanRain, Inc. <openid@janrain.com>

* @copyright 2005-2008 Janrain, Inc.

* @license http://www.apache.org/licenses/LICENSE-2.0 Apache

*/

/**

* Need both fetcher types so we can use the right one based on the

* presence or absence of CURL.

*/

require_once "Auth/Yadis/PlainHTTPFetcher.php";

require_once "Auth/Yadis/ParanoidHTTPFetcher.php";

/**

* Need this for parsing HTML (looking for META tags).

*/

require_once "Auth/Yadis/ParseHTML.php";

/**

* Need this to parse the XRDS document during Yadis discovery.

*/

require_once "Auth/Yadis/XRDS.php";

/**

* XRDS (yadis) content type

*/

define('Auth_Yadis_CONTENT_TYPE', 'application/xrds+xml');

/**

* Yadis header

*/

define('Auth_Yadis_HEADER_NAME', 'X-XRDS-Location');

/**

* Contains the result of performing Yadis discovery on a URI.

*

* @package OpenID

*/

class Auth_Yadis_DiscoveryResult {

// The URI that was passed to the fetcher

var $request_uri = null;

// The result of following redirects from the request_uri

var $normalized_uri = null;

// The URI from which the response text was returned (set to

// None if there was no XRDS document found)

var $xrds_uri = null;

var $xrds = null;

// The content-type returned with the response_text

var $content_type = null;

// The document returned from the xrds_uri

var $response_text = null;

// Did the discovery fail miserably?

var $failed = false;

function Auth_Yadis_DiscoveryResult($request_uri)

{

// Initialize the state of the object

// sets all attributes to None except the request_uri

$this->request_uri = $request_uri;

}

function fail()

{

$this->failed = true;

}

function isFailure()

{

return $this->failed;

}

/**

* Returns the list of service objects as described by the XRDS

* document, if this yadis object represents a successful Yadis

* discovery.

*

* @return array $services An array of {@link Auth_Yadis_Service}

* objects

*/

function services()

{

if ($this->xrds) {

return $this->xrds->services();

}

return null;

}

function usedYadisLocation()

{

// Was the Yadis protocol's indirection used?

return $this->normalized_uri != $this->xrds_uri;

}

function isXRDS()

{

// Is the response text supposed to be an XRDS document?

return ($this->usedYadisLocation() ||

$this->content_type == Auth_Yadis_CONTENT_TYPE);

}

}

/**

*

* Perform the Yadis protocol on the input URL and return an iterable

* of resulting endpoint objects.

*

* input_url: The URL on which to perform the Yadis protocol

*

* @return: The normalized identity URL and an iterable of endpoint

* objects generated by the filter function.

*

* xrds_parse_func: a callback which will take (uri, xrds_text) and

* return an array of service endpoint objects or null. Usually

* array('Auth_OpenID_ServiceEndpoint', 'fromXRDS').

*

* discover_func: if not null, a callback which should take (uri) and

* return an Auth_Yadis_Yadis object or null.

*/

function Auth_Yadis_getServiceEndpoints($input_url, $xrds_parse_func,

$discover_func=null, $fetcher=null)

{

if ($discover_func === null) {

$discover_function = array('Auth_Yadis_Yadis', 'discover');

}

$yadis_result = call_user_func_array($discover_func,

array($input_url, $fetcher));

if ($yadis_result === null) {

return array($input_url, array());

}

$endpoints = call_user_func_array($xrds_parse_func,

array($yadis_result->normalized_uri,

$yadis_result->response_text));

if ($endpoints === null) {

$endpoints = array();

}

return array($yadis_result->normalized_uri, $endpoints);

}

/**

* This is the core of the PHP Yadis library. This is the only class

* a user needs to use to perform Yadis discovery. This class

* performs the discovery AND stores the result of the discovery.

*

* First, require this library into your program source:

*

* <pre> require_once "Auth/Yadis/Yadis.php";</pre>

*

* To perform Yadis discovery, first call the "discover" method

* statically with a URI parameter:

*

* <pre> $http_response = array();

* $fetcher = Auth_Yadis_Yadis::getHTTPFetcher();

* $yadis_object = Auth_Yadis_Yadis::discover($uri,

* $http_response, $fetcher);</pre>

*

* If the discovery succeeds, $yadis_object will be an instance of

* {@link Auth_Yadis_Yadis}. If not, it will be null. The XRDS

* document found during discovery should have service descriptions,

* which can be accessed by calling

*

* <pre> $service_list = $yadis_object->services();</pre>

*

* which returns an array of objects which describe each service.

* These objects are instances of Auth_Yadis_Service. Each object

* describes exactly one whole Service element, complete with all of

* its Types and URIs (no expansion is performed). The common use

* case for using the service objects returned by services() is to

* write one or more filter functions and pass those to services():

*

* <pre> $service_list = $yadis_object->services(

* array("filterByURI",

* "filterByExtension"));</pre>

*

* The filter functions (whose names appear in the array passed to

* services()) take the following form:

*

* <pre> function myFilter(&$service) {

* // Query $service object here. Return true if the service

* // matches your query; false if not.

* }</pre>

*

* This is an example of a filter which uses a regular expression to

* match the content of URI tags (note that the Auth_Yadis_Service

* class provides a getURIs() method which you should use instead of

* this contrived example):

*

* <pre>

* function URIMatcher(&$service) {

* foreach ($service->getElements('xrd:URI') as $uri) {

* if (preg_match("/some_pattern/",

* $service->parser->content($uri))) {

* return true;

* }

* }

* return false;

* }</pre>

*

* The filter functions you pass will be called for each service

* object to determine which ones match the criteria your filters

* specify. The default behavior is that if a given service object

* matches ANY of the filters specified in the services() call, it

* will be returned. You can specify that a given service object will

* be returned ONLY if it matches ALL specified filters by changing

* the match mode of services():

*

* <pre> $yadis_object->services(array("filter1", "filter2"),

* SERVICES_YADIS_MATCH_ALL);</pre>

*

* See {@link SERVICES_YADIS_MATCH_ALL} and {@link

* SERVICES_YADIS_MATCH_ANY}.

*

* Services described in an XRDS should have a library which you'll

* probably be using. Those libraries are responsible for defining

* filters that can be used with the "services()" call. If you need

* to write your own filter, see the documentation for {@link

* Auth_Yadis_Service}.

*

* @package OpenID

*/

class Auth_Yadis_Yadis {

/**

* Returns an HTTP fetcher object. If the CURL extension is

* present, an instance of {@link Auth_Yadis_ParanoidHTTPFetcher}

* is returned. If not, an instance of

* {@link Auth_Yadis_PlainHTTPFetcher} is returned.

*

* If Auth_Yadis_CURL_OVERRIDE is defined, this method will always

* return a {@link Auth_Yadis_PlainHTTPFetcher}.

*/

function getHTTPFetcher($timeout = 20)

{

if (Auth_Yadis_Yadis::curlPresent() &&

(!defined('Auth_Yadis_CURL_OVERRIDE'))) {

$fetcher = new Auth_Yadis_ParanoidHTTPFetcher($timeout);

} else {

$fetcher = new Auth_Yadis_PlainHTTPFetcher($timeout);

}

return $fetcher;

}

function curlPresent()

{

return function_exists('curl_init');

}

/**

* @access private

*/

function _getHeader($header_list, $names)

{

foreach ($header_list as $name => $value) {

foreach ($names as $n) {

if (strtolower($name) == strtolower($n)) {

return $value;

}

}

}

return null;

}

/**

* @access private

*/

function _getContentType($content_type_header)

{

if ($content_type_header) {

$parts = explode(";", $content_type_header);

return strtolower($parts[0]);

}

}

/**

* This should be called statically and will build a Yadis

* instance if the discovery process succeeds. This implements

* Yadis discovery as specified in the Yadis specification.

*

* @param string $uri The URI on which to perform Yadis discovery.

*

* @param array $http_response An array reference where the HTTP

* response object will be stored (see {@link

* Auth_Yadis_HTTPResponse}.

*

* @param Auth_Yadis_HTTPFetcher $fetcher An instance of a

* Auth_Yadis_HTTPFetcher subclass.

*

* @param array $extra_ns_map An array which maps namespace names

* to namespace URIs to be used when parsing the Yadis XRDS

* document.

*

* @param integer $timeout An optional fetcher timeout, in seconds.

*

* @return mixed $obj Either null or an instance of

* Auth_Yadis_Yadis, depending on whether the discovery

* succeeded.

*/

function discover($uri, &$fetcher,

$extra_ns_map = null, $timeout = 20)

{

$result = new Auth_Yadis_DiscoveryResult($uri);

$request_uri = $uri;

$headers = array("Accept: " . Auth_Yadis_CONTENT_TYPE .

', text/html; q=0.3, application/xhtml+xml; q=0.5');

if ($fetcher === null) {

$fetcher = Auth_Yadis_Yadis::getHTTPFetcher($timeout);

}

$response = $fetcher->get($uri, $headers);

if (!$response || ($response->status != 200 and

$response->status != 206)) {

$result->fail();

return $result;

}

$result->normalized_uri = $response->final_url;

$result->content_type = Auth_Yadis_Yadis::_getHeader(

$response->headers,

array('content-type'));

if ($result->content_type &&

(Auth_Yadis_Yadis::_getContentType($result->content_type) ==

Auth_Yadis_CONTENT_TYPE)) {

$result->xrds_uri = $result->normalized_uri;

} else {

$yadis_location = Auth_Yadis_Yadis::_getHeader(

$response->headers,

array(Auth_Yadis_HEADER_NAME));

if (!$yadis_location) {

$parser = new Auth_Yadis_ParseHTML();

$yadis_location = $parser->getHTTPEquiv($response->body);

}

if ($yadis_location) {

$result->xrds_uri = $yadis_location;

$response = $fetcher->get($yadis_location);

if ((!$response) || ($response->status != 200 and

$response->status != 206)) {

$result->fail();

return $result;

}

$result->content_type = Auth_Yadis_Yadis::_getHeader(

$response->headers,

array('content-type'));

}

}

$result->response_text = $response->body;

return $result;

}

}

?>

<?php

/**

* Yadis service manager to be used during yadis-driven authentication

* attempts.

*

* @package OpenID

*/

/**

* The base session class used by the Auth_Yadis_Manager. This

* class wraps the default PHP session machinery and should be

* subclassed if your application doesn't use PHP sessioning.

*

* @package OpenID

*/

class Auth_Yadis_PHPSession {

/**

* Set a session key/value pair.

*

* @param string $name The name of the session key to add.

* @param string $value The value to add to the session.

*/

function set($name, $value)

{

$_SESSION[$name] = $value;

}

/**

* Get a key's value from the session.

*

* @param string $name The name of the key to retrieve.

* @param string $default The optional value to return if the key

* is not found in the session.

* @return string $result The key's value in the session or

* $default if it isn't found.

*/

function get($name, $default=null)

{

if (array_key_exists($name, $_SESSION)) {

return $_SESSION[$name];

} else {

return $default;

}

}

/**

* Remove a key/value pair from the session.

*

* @param string $name The name of the key to remove.

*/

function del($name)

{

unset($_SESSION[$name]);

}

/**

* Return the contents of the session in array form.

*/

function contents()

{

return $_SESSION;

}

}

/**

* A session helper class designed to translate between arrays and

* objects. Note that the class used must have a constructor that

* takes no parameters. This is not a general solution, but it works

* for dumb objects that just need to have attributes set. The idea

* is that you'll subclass this and override $this->check($data) ->

* bool to implement your own session data validation.

*

* @package OpenID

*/

class Auth_Yadis_SessionLoader {

/**

* Override this.

*

* @access private

*/

function check($data)

{

return true;

}

/**

* Given a session data value (an array), this creates an object

* (returned by $this->newObject()) whose attributes and values

* are those in $data. Returns null if $data lacks keys found in

* $this->requiredKeys(). Returns null if $this->check($data)

* evaluates to false. Returns null if $this->newObject()

* evaluates to false.

*

* @access private

*/

function fromSession($data)

{

if (!$data) {

return null;

}

$required = $this->requiredKeys();

foreach ($required as $k) {

if (!array_key_exists($k, $data)) {

return null;

}

}

if (!$this->check($data)) {

return null;

}

$data = array_merge($data, $this->prepareForLoad($data));

$obj = $this->newObject($data);

if (!$obj) {

return null;

}

foreach ($required as $k) {

$obj->$k = $data[$k];

}

return $obj;

}

/**

* Prepares the data array by making any necessary changes.

* Returns an array whose keys and values will be used to update

* the original data array before calling $this->newObject($data).

*

* @access private

*/

function prepareForLoad($data)

{

return array();

}

/**

* Returns a new instance of this loader's class, using the

* session data to construct it if necessary. The object need

* only be created; $this->fromSession() will take care of setting

* the object's attributes.

*

* @access private

*/

function newObject($data)

{

return null;

}

/**

* Returns an array of keys and values built from the attributes

* of $obj. If $this->prepareForSave($obj) returns an array, its keys

* and values are used to update the $data array of attributes

* from $obj.

*

* @access private

*/

function toSession($obj)

{

$data = array();

foreach ($obj as $k => $v) {

$data[$k] = $v;

}

$extra = $this->prepareForSave($obj);

if ($extra && is_array($extra)) {

foreach ($extra as $k => $v) {

$data[$k] = $v;

}

}

return $data;

}

/**

* Override this.

*

* @access private

*/

function prepareForSave($obj)

{

return array();

}

}

/**

* A concrete loader implementation for Auth_OpenID_ServiceEndpoints.

*

* @package OpenID

*/

class Auth_OpenID_ServiceEndpointLoader extends Auth_Yadis_SessionLoader {

function newObject($data)

{

return new Auth_OpenID_ServiceEndpoint();

}

function requiredKeys()

{

$obj = new Auth_OpenID_ServiceEndpoint();

$data = array();